diff options
author | Sebastien Pouliot <sebastien@ximian.com> | 2004-09-01 16:25:44 +0400 |
---|---|---|
committer | Sebastien Pouliot <sebastien@ximian.com> | 2004-09-01 16:25:44 +0400 |
commit | 198a381ea6a65f3a43886c7cf29ea7adfcd1fe6c (patch) | |
tree | e16dc9ee4dcb6054d4aac0d6609dad8475ed4fcc /mcs/class | |
parent | 7db07e84a1d7829f8ea01e27c2dfe5198fbd4145 (diff) |
2004-09-01 Sebastien Pouliot <sebastien@ximian.com>
* NamedPermissionSet.cs: FromXml now calls base class instead of an
internal method of PermissionSet. This should allow class to inherit
from NamedPermissionSet properly.
* PermissionSet.cs: Added an internal PolicyLevel property to allow
policy file class name resolution. Fixed IsEmpty to return true if
the list contains "empty" permissions. Fixed Copy to copy permissions
even for unrestricted sets (again because of IUnrestrictedPermission).
* SecurityManager.cs: Fixed Resolve(Evidence) because permission
classes Intersect methods can either return null or an empty
PermissionSet. Fixed ResolvePolicy(Evidence[]) for null (NET_2_0).
svn path=/trunk/mcs/; revision=33151
Diffstat (limited to 'mcs/class')
-rwxr-xr-x | mcs/class/corlib/System.Security/ChangeLog | 13 | ||||
-rw-r--r-- | mcs/class/corlib/System.Security/NamedPermissionSet.cs | 2 | ||||
-rw-r--r-- | mcs/class/corlib/System.Security/PermissionSet.cs | 72 | ||||
-rw-r--r-- | mcs/class/corlib/System.Security/SecurityManager.cs | 12 |
4 files changed, 75 insertions, 24 deletions
diff --git a/mcs/class/corlib/System.Security/ChangeLog b/mcs/class/corlib/System.Security/ChangeLog index 85dcde31b1b..51063f04d54 100755 --- a/mcs/class/corlib/System.Security/ChangeLog +++ b/mcs/class/corlib/System.Security/ChangeLog @@ -1,3 +1,16 @@ +2004-09-01 Sebastien Pouliot <sebastien@ximian.com> + + * NamedPermissionSet.cs: FromXml now calls base class instead of an + internal method of PermissionSet. This should allow class to inherit + from NamedPermissionSet properly. + * PermissionSet.cs: Added an internal PolicyLevel property to allow + policy file class name resolution. Fixed IsEmpty to return true if + the list contains "empty" permissions. Fixed Copy to copy permissions + even for unrestricted sets (again because of IUnrestrictedPermission). + * SecurityManager.cs: Fixed Resolve(Evidence) because permission + classes Intersect methods can either return null or an empty + PermissionSet. Fixed ResolvePolicy(Evidence[]) for null (NET_2_0). + 2004-08-31 Sebastien Pouliot <sebastien@ximian.com> * PermissionSet.cs: Fixed RemovePermission and Intersect (due to typos diff --git a/mcs/class/corlib/System.Security/NamedPermissionSet.cs b/mcs/class/corlib/System.Security/NamedPermissionSet.cs index f534b7fe64c..b1328cc75bf 100644 --- a/mcs/class/corlib/System.Security/NamedPermissionSet.cs +++ b/mcs/class/corlib/System.Security/NamedPermissionSet.cs @@ -102,7 +102,7 @@ namespace System.Security { public override void FromXml (SecurityElement e) { - FromXml (e, "NamedPermissionSet"); + base.FromXml (e); // strangely it can import a null Name (bypassing property setter) name = e.Attribute ("Name"); description = e.Attribute ("Description"); diff --git a/mcs/class/corlib/System.Security/PermissionSet.cs b/mcs/class/corlib/System.Security/PermissionSet.cs index 4ced2c6d255..b1c730c5de6 100644 --- a/mcs/class/corlib/System.Security/PermissionSet.cs +++ b/mcs/class/corlib/System.Security/PermissionSet.cs @@ -34,6 +34,7 @@ using System.Diagnostics; using System.Reflection; using System.Runtime.Serialization; using System.Security.Permissions; +using System.Security.Policy; namespace System.Security { @@ -46,6 +47,7 @@ namespace System.Security { private PermissionState state; private ArrayList list; private int _hashcode; + private PolicyLevel _policyLevel; // constructors @@ -188,8 +190,8 @@ namespace System.Security { { } - // to be re-used by NamedPermissionSet (and other derived classes) - internal void FromXml (SecurityElement et, string className) + [MonoTODO ("adjust class version with current runtime - unification")] + public virtual void FromXml (SecurityElement et) { if (et == null) throw new ArgumentNullException ("et"); @@ -197,33 +199,33 @@ namespace System.Security { string msg = String.Format ("Invalid tag {0} expected {1}", et.Tag, tagName); throw new ArgumentException (msg, "et"); } -// if (!et.Attribute ("class").EndsWith (className)) -// throw new ArgumentException ("not " + className); -// version isn't checked -// if (et.Attribute ("version") != "1") -// throw new ArgumentException ("wrong version"); if (CodeAccessPermission.IsUnrestricted (et)) state = PermissionState.Unrestricted; else state = PermissionState.None; - } - [MonoTODO ("adjust class version with current runtime")] - public virtual void FromXml (SecurityElement et) - { list.Clear (); - FromXml (et, tagName); if (et.Children != null) { foreach (SecurityElement se in et.Children) { string className = se.Attribute ("class"); - // TODO: adjust class version with current runtime + if (className == null) { + throw new ArgumentException (Locale.GetText ( + "No permission class is specified.")); + } + if (Resolver != null) { + // policy class names do not have to be fully qualified + className = Resolver.ResolveClassName (className); + } + // TODO: adjust class version with current runtime (unification) // http://blogs.msdn.com/shawnfa/archive/2004/08/05/209320.aspx Type classType = Type.GetType (className); - object [] psNone = new object [1] { PermissionState.None }; - IPermission p = (IPermission) Activator.CreateInstance (classType, psNone); - p.FromXml (se); - list.Add (p); + if (classType != null) { + object [] psNone = new object [1] { PermissionState.None }; + IPermission p = (IPermission) Activator.CreateInstance (classType, psNone); + p.FromXml (se); + list.Add (p); + } } } } @@ -370,7 +372,27 @@ namespace System.Security { // note: Unrestricted isn't empty if (state == PermissionState.Unrestricted) return false; - return ((list == null) || (list.Count == 0)); + if ((list == null) || (list.Count == 0)) + return true; + // the set may include some empty permissions + foreach (IPermission p in list) { + // an empty permission only has a class and/or version attributes + SecurityElement se = p.ToXml (); + int n = se.Attributes.Count; + if (n <= 2) { + if (se.Attribute ("class") != null) + n--; + if (se.Attribute ("version") != null) + n--; + if (n > 0) + return false; // not class or version - then not empty + } + else { + // too much attributes - then not empty + return false; + } + } + return true; } public virtual bool IsUnrestricted () @@ -415,9 +437,10 @@ namespace System.Security { se.AddAttribute ("version", version.ToString ()); if (state == PermissionState.Unrestricted) se.AddAttribute ("Unrestricted", "true"); - else { - foreach (IPermission p in list) - se.AddChild (p.ToXml ()); + + // required for permissions that do not implement IUnrestrictedPermission + foreach (IPermission p in list) { + se.AddChild (p.ToXml ()); } return se; } @@ -516,5 +539,12 @@ namespace System.Security { { } #endif + + // internal + + internal PolicyLevel Resolver { + get { return _policyLevel; } + set { _policyLevel = value; } + } } } diff --git a/mcs/class/corlib/System.Security/SecurityManager.cs b/mcs/class/corlib/System.Security/SecurityManager.cs index b568533c73d..4cc9a6f5d58 100644 --- a/mcs/class/corlib/System.Security/SecurityManager.cs +++ b/mcs/class/corlib/System.Security/SecurityManager.cs @@ -167,10 +167,15 @@ namespace System.Security { PolicyStatement pst = pl.Resolve (evidence); if (pst != null) { if (ps == null) - ps = pst.PermissionSet; + ps = pst.PermissionSet; // for first time only else ps = ps.Intersect (pst.PermissionSet); - + + // some permissions returns null, other returns an empty set + // sadly we must adjust for every variations :( + if (ps == null) + ps = new PermissionSet (PermissionState.None); + if ((pst.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal) break; } @@ -192,6 +197,9 @@ namespace System.Security { #if NET_2_0 public static PermissionSet ResolvePolicy (Evidence[] evidences) { + if (evidences == null) + throw new PermissionSet (PermissionState.None); + // probably not optimal PermissionSet ps = null; foreach (Evidence evidence in evidences) { |