static void
dump_public_key (MonoImage *m)
{
guint32 size;
const char *p;
p = mono_image_get_public_key (m, &size);
dump_blob ("\nPublic key:", p, size);
}
/*
* Ensure that the restrictions for partially trusted code are satisfied.
*
* @domain The current application domain
* @caller The method calling
* @callee The called method
* return value: TRUE if a security violation is detected, FALSE otherwise.
*
* If callee's assembly is strongnamed and doesn't have an
* [AllowPartiallyTrustedCallers] attribute then we must enforce a LinkDemand
* for FullTrust on all public/protected methods on public class.
*
* Note: APTC is only effective on stongnamed assemblies.
*/
static gboolean
mono_declsec_linkdemand_aptc (MonoDomain *domain, MonoMethod *caller, MonoMethod *callee)
{
MonoSecurityManager* secman = NULL;
MonoAssembly *assembly;
guint32 size = 0;
InterlockedIncrement (&mono_jit_stats.cas_linkdemand_aptc);
/* A - Applicable only if we're calling into *another* assembly */
if (caller->klass->image == callee->klass->image)
return FALSE;
/* B - Applicable if we're calling a public/protected method from a public class */
if (!(callee->klass->flags & TYPE_ATTRIBUTE_PUBLIC) || !(callee->flags & FIELD_ATTRIBUTE_PUBLIC))
return FALSE;
/* C - Applicable if the callee's assembly is strongnamed */
if ((mono_image_get_public_key (callee->klass->image, &size) == NULL) || (size < MONO_ECMA_KEY_LENGTH))
return FALSE;
/* D - the callee's assembly must have [AllowPartiallyTrustedCallers] */
assembly = mono_image_get_assembly (callee->klass->image);
if (!MONO_SECMAN_FLAG_INIT (assembly->aptc)) {
MonoCustomAttrInfo* cinfo = mono_custom_attrs_from_assembly (assembly);
gboolean result = FALSE;
secman = mono_security_manager_get_methods ();
if (secman && cinfo) {
/* look for AllowPartiallyTrustedCallersAttribute */
result = mono_custom_attrs_has_attr (cinfo, secman->allowpartiallytrustedcallers);
}
if (cinfo)
mono_custom_attrs_free (cinfo);
MONO_SECMAN_FLAG_SET_VALUE (assembly->aptc, result);
}
if (MONO_SECMAN_FLAG_GET_VALUE (assembly->aptc))
return FALSE;
/* E - the caller's assembly must have full trust permissions */
assembly = mono_image_get_assembly (caller->klass->image);
if (mono_declsec_is_assembly_fulltrust (domain, assembly))
return FALSE;
/* g_warning ("FAILURE *** JIT LinkDemand APTC check *** %s.%s calls into %s.%s",
caller->klass->name, caller->name, callee->klass->name, callee->name); */
return TRUE; /* i.e. throw new SecurityException(); */
}
/*
* Ensure that the restrictions for calling internal calls are satisfied.
*
* @domain The current application domain
* @caller The method calling
* @icall The internal call method
* return value: TRUE if a security violation is detected, FALSE otherwise.
*
* We can't trust the icall flags/iflags as it comes from the assembly
* that we may want to restrict and we do not have the public/restricted
* information about icalls in the runtime. Actually it is not so bad
* as the CLR 2.0 doesn't enforce that restriction anymore.
*
* So we'll limit the icalls to originate from ECMA signed assemblies
* (as this is required for partial trust scenarios) - or - assemblies that
* have FullTrust.
*/
static gboolean
mono_declsec_linkdemand_icall (MonoDomain *domain, MonoMethod *caller, MonoMethod *icall)
{
MonoAssembly *assembly;
InterlockedIncrement (&mono_jit_stats.cas_linkdemand_icall);
/* check if the _icall_ is defined inside an ECMA signed assembly */
assembly = mono_image_get_assembly (icall->klass->image);
if (!MONO_SECMAN_FLAG_INIT (assembly->ecma)) {
guint32 size = 0;
const char *pk = mono_image_get_public_key (icall->klass->image, &size);
MONO_SECMAN_FLAG_SET_VALUE (assembly->ecma, mono_is_ecma_key (pk, size));
}
if (MONO_SECMAN_FLAG_GET_VALUE (assembly->ecma))
return FALSE;
/* else check if the _calling_ assembly is running at FullTrust */
assembly = mono_image_get_assembly (caller->klass->image);
return !mono_declsec_is_assembly_fulltrust (domain, assembly);
}
