static void dump_public_key (MonoImage *m) { guint32 size; const char *p; p = mono_image_get_public_key (m, &size); dump_blob ("\nPublic key:", p, size); }
/* * Ensure that the restrictions for partially trusted code are satisfied. * * @domain The current application domain * @caller The method calling * @callee The called method * return value: TRUE if a security violation is detected, FALSE otherwise. * * If callee's assembly is strongnamed and doesn't have an * [AllowPartiallyTrustedCallers] attribute then we must enforce a LinkDemand * for FullTrust on all public/protected methods on public class. * * Note: APTC is only effective on stongnamed assemblies. */ static gboolean mono_declsec_linkdemand_aptc (MonoDomain *domain, MonoMethod *caller, MonoMethod *callee) { MonoSecurityManager* secman = NULL; MonoAssembly *assembly; guint32 size = 0; InterlockedIncrement (&mono_jit_stats.cas_linkdemand_aptc); /* A - Applicable only if we're calling into *another* assembly */ if (caller->klass->image == callee->klass->image) return FALSE; /* B - Applicable if we're calling a public/protected method from a public class */ if (!(callee->klass->flags & TYPE_ATTRIBUTE_PUBLIC) || !(callee->flags & FIELD_ATTRIBUTE_PUBLIC)) return FALSE; /* C - Applicable if the callee's assembly is strongnamed */ if ((mono_image_get_public_key (callee->klass->image, &size) == NULL) || (size < MONO_ECMA_KEY_LENGTH)) return FALSE; /* D - the callee's assembly must have [AllowPartiallyTrustedCallers] */ assembly = mono_image_get_assembly (callee->klass->image); if (!MONO_SECMAN_FLAG_INIT (assembly->aptc)) { MonoCustomAttrInfo* cinfo = mono_custom_attrs_from_assembly (assembly); gboolean result = FALSE; secman = mono_security_manager_get_methods (); if (secman && cinfo) { /* look for AllowPartiallyTrustedCallersAttribute */ result = mono_custom_attrs_has_attr (cinfo, secman->allowpartiallytrustedcallers); } if (cinfo) mono_custom_attrs_free (cinfo); MONO_SECMAN_FLAG_SET_VALUE (assembly->aptc, result); } if (MONO_SECMAN_FLAG_GET_VALUE (assembly->aptc)) return FALSE; /* E - the caller's assembly must have full trust permissions */ assembly = mono_image_get_assembly (caller->klass->image); if (mono_declsec_is_assembly_fulltrust (domain, assembly)) return FALSE; /* g_warning ("FAILURE *** JIT LinkDemand APTC check *** %s.%s calls into %s.%s", caller->klass->name, caller->name, callee->klass->name, callee->name); */ return TRUE; /* i.e. throw new SecurityException(); */ }
/* * Ensure that the restrictions for calling internal calls are satisfied. * * @domain The current application domain * @caller The method calling * @icall The internal call method * return value: TRUE if a security violation is detected, FALSE otherwise. * * We can't trust the icall flags/iflags as it comes from the assembly * that we may want to restrict and we do not have the public/restricted * information about icalls in the runtime. Actually it is not so bad * as the CLR 2.0 doesn't enforce that restriction anymore. * * So we'll limit the icalls to originate from ECMA signed assemblies * (as this is required for partial trust scenarios) - or - assemblies that * have FullTrust. */ static gboolean mono_declsec_linkdemand_icall (MonoDomain *domain, MonoMethod *caller, MonoMethod *icall) { MonoAssembly *assembly; InterlockedIncrement (&mono_jit_stats.cas_linkdemand_icall); /* check if the _icall_ is defined inside an ECMA signed assembly */ assembly = mono_image_get_assembly (icall->klass->image); if (!MONO_SECMAN_FLAG_INIT (assembly->ecma)) { guint32 size = 0; const char *pk = mono_image_get_public_key (icall->klass->image, &size); MONO_SECMAN_FLAG_SET_VALUE (assembly->ecma, mono_is_ecma_key (pk, size)); } if (MONO_SECMAN_FLAG_GET_VALUE (assembly->ecma)) return FALSE; /* else check if the _calling_ assembly is running at FullTrust */ assembly = mono_image_get_assembly (caller->klass->image); return !mono_declsec_is_assembly_fulltrust (domain, assembly); }