From a5c0b51e9b775fdea90f0ea19430018981b55566 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 14 Jun 2019 16:00:53 -0700 Subject: [PATCH 01/21] removed internal type dependance on s.s.permissions --- .../UserInitiatedNavigationPermission.cs | 30 +--- .../Permissions/InternalPermissions.cs | 163 ++---------------- .../src/Shared/MS/Internal/SecurityHelper.cs | 51 +----- .../Permissions/CompoundFileIOPermission.cs | 31 +--- .../Permissions/RightsManagementPermission.cs | 29 +--- .../UserInitiatedRoutedEventPermission.cs | 16 +- ...InitiatedRoutedEventPermissionAttribute.cs | 40 ----- .../src/WindowsBase/WindowsBase.csproj | 1 - 8 files changed, 25 insertions(+), 336 deletions(-) delete mode 100644 src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/UserInitiatedRoutedEventPermissionAttribute.cs diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/permissions/UserInitiatedNavigationPermission.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/permissions/UserInitiatedNavigationPermission.cs index 77f9c635cc1..1eac37ae835 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/permissions/UserInitiatedNavigationPermission.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/permissions/UserInitiatedNavigationPermission.cs @@ -2,51 +2,25 @@ // The .NET Foundation licenses this file to you under the MIT license. // See the LICENSE file in the project root for more information. - -// -// -// Description: Internal Permissions. -// These are classes for permissions that will be asserted/demanded internally. -// But will be granted in full-trust. -// Only internal avalon code will assert these permissions. -// -// Using them allows the following: -// We can have very specific targeted asserts. So for example instead of -// a blanket assert for Unmanaged code instead we can have very granular permissiosn. -// -// They are still available by default in full-trust. -// -// Currently the only way to detect User-Initiated actions is for commands. -// So by associating a custom permisison with a command we can very tightly scope -// the set of operations allowed. -// - - using System; using System.Security; using System.Security.Permissions; using System.Windows; using MS.Internal.Permissions; - namespace MS.Internal.Permissions { - [Serializable] internal class UserInitiatedNavigationPermission : InternalParameterlessPermissionBase { public UserInitiatedNavigationPermission() : this(PermissionState.Unrestricted) { } - public UserInitiatedNavigationPermission(PermissionState state): base(state) + public UserInitiatedNavigationPermission(PermissionState state): base() { } - public override IPermission Copy() - { - // copy is easy there is no state ! - return new UserInitiatedNavigationPermission(); - } + public IPermission Copy() { return default(IPermission); } } } diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/Permissions/InternalPermissions.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/Permissions/InternalPermissions.cs index 07769b1c96c..1d533d93f3d 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/Permissions/InternalPermissions.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/Permissions/InternalPermissions.cs @@ -2,43 +2,10 @@ // The .NET Foundation licenses this file to you under the MIT license. // See the LICENSE file in the project root for more information. -// -// -// -// Description: Internal Permissions. -// These are classes for permissions that will be asserted/demanded internally. -// But will be granted in full-trust. -// Only internal avalon code will assert these permissions. -// -// Using them allows the following: -// We can have very specific targeted asserts. So for example instead of -// a blanket assert for Unmanaged code instead we can have very granular permissiosn. -// -// They are still available by default in full-trust. -// -// Currently the only way to detect User-Initiated actions is for commands. -// So by associating a custom permisison with a command we can very tightly scope -// the set of operations allowed. -// -// From MSDN: -// -// When you inherit from CodeAccessPermission, you must also implement the IUnrestrictedPermission interface. -// The following CodeAccessPermission members must be overridden: Copy, Intersect, IsSubsetOf, ToXml, FromXml, and Union. -// You must also define a constructor that takes a PermissionState as its only parameter. -// You must apply the SerializableAttribute attribute to a class that inherits from CodeAccessPermission. -// -// InternalParameterlessPermissionBase is a base class that requires derived classes to only support one -// PermissionState (Unrestricted) and to have no parameters/properties/state. As above, derived classes must also be -// [Serializable] and have a public constructor that takes PermissionState. -// -// -// - using System; using System.Diagnostics; using System.Text; using System.Security; -using System.Security.Permissions; using System.Windows; #if WINDOWS_BASE @@ -47,124 +14,20 @@ namespace MS.Internal.Permissions { - // - // derive all InternalPermissions from this. - // Provides default implementations of several overridable methods on CodeAccessPermission - // [FriendAccessAllowed] - [Serializable] - internal abstract class InternalParameterlessPermissionBase : CodeAccessPermission, IUnrestrictedPermission - { - //------------------------------------------------------ - // - // Constructors - // - //------------------------------------------------------ - #region Constructor - - protected InternalParameterlessPermissionBase(PermissionState state) - { - Debug.Assert(GetType().IsSerializable); - - switch (state) - { - case PermissionState.Unrestricted: - break; - case PermissionState.None: - default: - throw new ArgumentException(SR.Get(SRID.InvalidPermissionStateValue, state), "state"); - } - } - - #endregion Constructor - - //------------------------------------------------------ - // - // Interface Methods - // - //------------------------------------------------------ - #region Interface Methods - - public bool IsUnrestricted() - { - return true; - } - - #endregion Interface Methods - - //------------------------------------------------------ - // - // Public Methods - // - //------------------------------------------------------ - - #region Public Methods - - public override SecurityElement ToXml() - { - SecurityElement element = new SecurityElement("IPermission"); - Type type = this.GetType(); - StringBuilder AssemblyName = new StringBuilder(type.Assembly.ToString()); - AssemblyName.Replace('\"', '\''); - element.AddAttribute("class", type.FullName + ", " + AssemblyName); - element.AddAttribute("version", "1"); - return element; - } - - public override void FromXml( SecurityElement elem) - { - // from XML is easy - there is no state. - } - - public override IPermission Intersect(IPermission target) - { - if(null == target) - { - return null; - } - - if ( target.GetType() != this.GetType() ) - { - throw new ArgumentException( SR.Get(SRID.InvalidPermissionType, this.GetType().FullName), "target"); - } - - // there is no state. The intersection of 2 permissions of the same type is the same permission. - return this.Copy(); - } - - public override bool IsSubsetOf(IPermission target) - { - if(null == target) - { - return false; - } - - if ( target.GetType() != this.GetType() ) - { - throw new ArgumentException( SR.Get(SRID.InvalidPermissionType, this.GetType().FullName), "target"); - } - - // there is no state. If you are the same type as me - you are a subset of me. - return true; - } - - public override IPermission Union(IPermission target) - { - if(null == target) - { - return null; - } - - if ( target.GetType() != this.GetType() ) - { - throw new ArgumentException( SR.Get(SRID.InvalidPermissionType, this.GetType().FullName), "target"); - } - - // there is no state. The union of 2 permissions of the same type is the same permission. - return this.Copy(); - } - - #endregion Public Methods + internal abstract class InternalParameterlessPermissionBase + { + protected InternalParameterlessPermissionBase() { } + public bool IsUnrestricted() { return true; } + public virtual SecurityElement ToXml() { return default(SecurityElement); } + public virtual void FromXml( SecurityElement elem) { } + public virtual IPermission Intersect(IPermission target) { return default(IPermission); } + public virtual bool IsSubsetOf(IPermission target) { return true; } + public virtual IPermission Union(IPermission target) { return default(IPermission); } + // Added hollow methods below that were originally part of 'CodeAccessPermission' which this class used to extend + public void Demand() { } + public void Assert() { } + public static void RevertAssert() { } } } diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index 7a63174909c..27776d0341f 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -112,32 +112,12 @@ internal static void DemandUnmanagedCode() /// Create a UserInitiatedRoutedEvent permission. /// Separate helper exists to make it easy to change what the permission is. /// - internal static CodeAccessPermission CreateUserInitiatedRoutedEventPermission() - { - if(_userInitiatedRoutedEventPermission == null) - { - _userInitiatedRoutedEventPermission = new UserInitiatedRoutedEventPermission(); - } - return _userInitiatedRoutedEventPermission; - } + internal static CodeAccessPermission CreateUserInitiatedRoutedEventPermission() { return default(CodeAccessPermission); } /// /// Check whether the call stack has the permissions needed for UserInitiated RoutedEvents. /// - internal static bool CallerHasUserInitiatedRoutedEventPermission() - { - try - { - CreateUserInitiatedRoutedEventPermission().Demand(); - } - catch (SecurityException) - { - return false; - } - return true; - } - - static UserInitiatedRoutedEventPermission _userInitiatedRoutedEventPermission = null; + internal static bool CallerHasUserInitiatedRoutedEventPermission() { return true; } #endif // PRESENTATION_CORE @@ -175,34 +155,14 @@ internal static WebBrowserPermission CachedWebBrowserPermission /// Check to see if we have User initiated navigation permission. /// /// true if call stack has UserInitiatedNavigation permission - internal static bool CallerHasUserInitiatedNavigationPermission() - { - try - { - CreateUserInitiatedNavigationPermission(); - _userInitiatedNavigationPermission.Demand(); - } - catch (SecurityException) - { - return false; - } - return true; - } + internal static bool CallerHasUserInitiatedNavigationPermission() { return true; } /// /// Create a UserInitiatedNavigation permission. /// Separate helper exists to make it easy to change what the permission is. /// - internal static CodeAccessPermission CreateUserInitiatedNavigationPermission() - { - if(_userInitiatedNavigationPermission == null) - { - _userInitiatedNavigationPermission = new UserInitiatedNavigationPermission(); - } - return _userInitiatedNavigationPermission; - } - static UserInitiatedNavigationPermission _userInitiatedNavigationPermission = null; + internal static CodeAccessPermission CreateUserInitiatedNavigationPermission() { return default(CodeAccessPermission); } /// /// Demands for permissions needed to construct the PrintDialog in @@ -606,9 +566,6 @@ internal static PermissionSet EnvelopePermissionSet private static PermissionSet CreateEnvelopePermissionSet() { PermissionSet permissionSet = new PermissionSet(PermissionState.None); - permissionSet.AddPermission(new RightsManagementPermission()); - permissionSet.AddPermission(new CompoundFileIOPermission()); - return permissionSet; } diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/CompoundFileIOPermission.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/CompoundFileIOPermission.cs index 5f41829c789..b905794d8c1 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/CompoundFileIOPermission.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/CompoundFileIOPermission.cs @@ -2,24 +2,6 @@ // The .NET Foundation licenses this file to you under the MIT license. // See the LICENSE file in the project root for more information. -// -// -// -// Description: CompoundFile IO Permission. -// It is a class for permission that will be asserted/demanded internally. -// Only XPSViewer (or Mongoose) code will assert this permission. -// -// Using it allows the following: -// We can have very specific targeted asserts for enabling EncryptedPackageEnevelope -// and CompoundFile IO APIs. -// This is to provide a granular permission for CompoundFile IO operations to be used -// by XPSViewer to enable Encrypted Documents scenarios in Partial Trust -// rather than asserting broader permission such as Unmanaged Code -// -// !!!! Warning !!!!: No code other than XPSViewer should assert this -// permission without agreement from this code owners. - - using System; using System.Text; using System.Security; @@ -29,25 +11,16 @@ namespace MS.Internal.Permissions { - // !!!! Warning !!!!: No code other than XPSViewer (or Mongoose) should assert this - // permission without agreement from this code owners. - [Serializable] [FriendAccessAllowed] internal class CompoundFileIOPermission : InternalParameterlessPermissionBase { public CompoundFileIOPermission() : this(PermissionState.Unrestricted) { } - - public CompoundFileIOPermission(PermissionState state): base(state) + public CompoundFileIOPermission(PermissionState state): base() { } - - public override IPermission Copy() - { - // There is no state: just return a new instance of CompoudFileIOPermission - return new CompoundFileIOPermission(); - } + public IPermission Copy() { return default(IPermission); } } } diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/RightsManagementPermission.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/RightsManagementPermission.cs index 3d2ff7d2ba6..917ca13e5e3 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/RightsManagementPermission.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/RightsManagementPermission.cs @@ -2,22 +2,6 @@ // The .NET Foundation licenses this file to you under the MIT license. // See the LICENSE file in the project root for more information. -// -// -// -// Description: Rights Managment Permission. -// It is a class for permission that will be asserted/demanded internally. -// Only DocumentApplication (or Mongoose) code will assert these permissions. -// -// Using it allows the following: -// We can have very specific targeted asserts for enabling Rights Management. -// This is to provide a granular permissio for Rights Management to be used -// by DocumentApplication to enable Encrypted Documents scenarios in Partial Trust -// rather than asserting broader permission such as Unmanaged Code -// -// !!!! Warning !!!!: No code other than DocumentApplication (or Mongoose) should assert this -// permission without agreement from this code owners. - using System; using System.Text; using System.Security; @@ -27,25 +11,16 @@ namespace MS.Internal.Permissions { - // !!!! Warning !!!!: No code other than DocumentApplication (or Mongoose) should assert this - // permission without agreement from this code owners. - [Serializable] [FriendAccessAllowed] internal class RightsManagementPermission : InternalParameterlessPermissionBase { public RightsManagementPermission() : this(PermissionState.Unrestricted) { } - - public RightsManagementPermission(PermissionState state): base(state) + public RightsManagementPermission(PermissionState state): base() { } - - public override IPermission Copy() - { - // There is no state: just return a new instance of RightsManagementPermission - return new RightsManagementPermission(); - } + public IPermission Copy() { return default(IPermission); } } } diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/UserInitiatedRoutedEventPermission.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/UserInitiatedRoutedEventPermission.cs index f1eea774aa6..105cc4d6994 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/UserInitiatedRoutedEventPermission.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/UserInitiatedRoutedEventPermission.cs @@ -13,26 +13,14 @@ namespace MS.Internal.Permissions { - // This permission was moved into WindowsBase from PresentationCore since its corresponding - // Attribute class must be defined in a seperate assembly from where it is used (PresentationCore). - // The reason for this is explained in the following connect article. The MSDN documentation has - // yet to be updated: - // https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=297627 - [Serializable] internal class UserInitiatedRoutedEventPermission : InternalParameterlessPermissionBase { public UserInitiatedRoutedEventPermission() : this(PermissionState.Unrestricted) { } - - public UserInitiatedRoutedEventPermission(PermissionState state): base(state) - { - } - - public override IPermission Copy() + public UserInitiatedRoutedEventPermission(PermissionState state): base() { - // copy is easy there is no state ! - return new UserInitiatedRoutedEventPermission(); } + public IPermission Copy() { return default(IPermission); } } } diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/UserInitiatedRoutedEventPermissionAttribute.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/UserInitiatedRoutedEventPermissionAttribute.cs deleted file mode 100644 index c26c338899d..00000000000 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/UserInitiatedRoutedEventPermissionAttribute.cs +++ /dev/null @@ -1,40 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// -// - -using System; -using System.Security; -using System.Security.Permissions; -using System.Windows; -using MS.Internal.Permissions; - -namespace MS.Internal.Permissions -{ - // This permission attribute was defined in WindowsBase since it must be defined in - // a seperate assembly from where it is used (PresentationCore). The reason for this is explained - // in the following connect article. The MSDN documentation has yet to be updated: - // https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=297627 - [Serializable] - [AttributeUsage(AttributeTargets.Method)] - sealed internal class UserInitiatedRoutedEventPermissionAttribute : CodeAccessSecurityAttribute - { - private static UserInitiatedRoutedEventPermission _perm; - - public UserInitiatedRoutedEventPermissionAttribute(SecurityAction action): base(action) - { - } - - public override IPermission CreatePermission() - { - if (_perm == null) - { - _perm = new UserInitiatedRoutedEventPermission(); - } - - return _perm; - } - } -} diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj b/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj index d73bc5bf9f9..21e9c65a064 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj @@ -140,7 +140,6 @@ - From 2f4109a4ec315a0b4f7e0d3c06475dd35395a2da Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Thu, 20 Jun 2019 18:14:58 -0700 Subject: [PATCH 02/21] deleted 3 internal permissions --- .../Internal/AppModel/AppSecurityManager.cs | 3 +- .../UserInitiatedNavigationPermission.cs | 26 ------- .../PresentationFramework.csproj | 1 - .../System/Windows/Documents/Hyperlink.cs | 10 --- .../src/Shared/MS/Internal/SecurityHelper.cs | 34 --------- .../Compoundfile/NativeCompoundFileAPIs.cs | 72 ------------------- .../Permissions/CompoundFileIOPermission.cs | 26 ------- .../Permissions/RightsManagementPermission.cs | 26 ------- .../InternalSafeNativeMethods.cs | 49 ------------- .../RightsManagement/CryptoProvider.cs | 8 --- .../System/Security/RightsManagement/Grant.cs | 5 -- .../LocalizedNameDescriptionPair.cs | 5 -- .../RightsManagement/PublishLicense.cs | 9 --- .../RightsManagement/SecureEnvironment.cs | 8 --- .../UnsignedPublishLicense.cs | 15 ---- .../Security/RightsManagement/UseLicense.cs | 8 --- .../System/Security/RightsManagement/User.cs | 8 --- .../src/WindowsBase/WindowsBase.csproj | 2 - 18 files changed, 1 insertion(+), 314 deletions(-) delete mode 100644 src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/permissions/UserInitiatedNavigationPermission.cs delete mode 100644 src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/CompoundFileIOPermission.cs delete mode 100644 src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/RightsManagementPermission.cs diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/AppSecurityManager.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/AppSecurityManager.cs index dc9185fe0b5..587c8546fc3 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/AppSecurityManager.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/AppSecurityManager.cs @@ -101,8 +101,7 @@ internal static LaunchResult SafeLaunchBrowserOnlyIfPossible(Uri originatingUri, // // The check of IsInitialViewerNavigation is necessary because viewer applications will probably // need to call Navigate on the URI they receive, but we want them to be able to do it in partial trust. - if ((!BrowserInteropHelper.IsInitialViewerNavigation && - MS.Internal.PresentationFramework.SecurityHelper.CallerHasUserInitiatedNavigationPermission()) && + if (!BrowserInteropHelper.IsInitialViewerNavigation && ((fIsTopLevel && isKnownScheme) || fIsMailTo)) { if (!isKnownScheme && fIsMailTo) // unnecessary if - but being paranoid. diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/permissions/UserInitiatedNavigationPermission.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/permissions/UserInitiatedNavigationPermission.cs deleted file mode 100644 index 1eac37ae835..00000000000 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/permissions/UserInitiatedNavigationPermission.cs +++ /dev/null @@ -1,26 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System; -using System.Security; -using System.Security.Permissions; -using System.Windows; -using MS.Internal.Permissions; - -namespace MS.Internal.Permissions -{ - internal class UserInitiatedNavigationPermission : InternalParameterlessPermissionBase - { - public UserInitiatedNavigationPermission() : this(PermissionState.Unrestricted) - { - } - - public UserInitiatedNavigationPermission(PermissionState state): base() - { - } - - public IPermission Copy() { return default(IPermission); } - } -} - diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/PresentationFramework.csproj b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/PresentationFramework.csproj index a61f3063baf..e160a86f085 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/PresentationFramework.csproj +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/PresentationFramework.csproj @@ -313,7 +313,6 @@ - diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Hyperlink.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Hyperlink.cs index a7f341b059c..3191016b06e 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Hyperlink.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Hyperlink.cs @@ -1086,17 +1086,7 @@ private static void OnMouseLeave(object sender, MouseEventArgs e) private static void DoUserInitiatedNavigation(object sender) { - CodeAccessPermission perm = SecurityHelper.CreateUserInitiatedNavigationPermission(); - perm.Assert(); - - try - { DispatchNavigation(sender); - } - finally - { - CodeAccessPermission.RevertAssert(); - } } private static void DoNonUserInitiatedNavigation(object sender) diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index 27776d0341f..f1be8d7ea1d 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -150,20 +150,6 @@ internal static WebBrowserPermission CachedWebBrowserPermission } static WebBrowserPermission _webBrowserPermission; - - /// - /// Check to see if we have User initiated navigation permission. - /// - /// true if call stack has UserInitiatedNavigation permission - internal static bool CallerHasUserInitiatedNavigationPermission() { return true; } - - - /// - /// Create a UserInitiatedNavigation permission. - /// Separate helper exists to make it easy to change what the permission is. - /// - internal static CodeAccessPermission CreateUserInitiatedNavigationPermission() { return default(CodeAccessPermission); } - /// /// Demands for permissions needed to construct the PrintDialog in /// full trust mode and/or access full trust properties from dialog. @@ -573,26 +559,6 @@ private static PermissionSet CreateEnvelopePermissionSet() #if WINDOWS_BASE - internal static void DemandRightsManagementPermission() - { - if(_rightsManagementPermission == null) - { - _rightsManagementPermission = new RightsManagementPermission(); - } - _rightsManagementPermission.Demand(); - } - static RightsManagementPermission _rightsManagementPermission = null; - - internal static void DemandCompoundFileIOPermission() - { - if(_compoundFileIOPermission == null) - { - _compoundFileIOPermission = new CompoundFileIOPermission(); - } - _compoundFileIOPermission.Demand(); - } - static CompoundFileIOPermission _compoundFileIOPermission = null; - internal static void DemandPathDiscovery(string path) { FileIOPermission permobj = new FileIOPermission(PermissionState.None); diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/IO/Packaging/Compoundfile/NativeCompoundFileAPIs.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/IO/Packaging/Compoundfile/NativeCompoundFileAPIs.cs index 9e5f0de32f2..1228d465233 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/IO/Packaging/Compoundfile/NativeCompoundFileAPIs.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/IO/Packaging/Compoundfile/NativeCompoundFileAPIs.cs @@ -67,7 +67,6 @@ internal static int SafeStgCreateDocfileOnStream( out IStorage ppstgOpen ) { - SecurityHelper.DemandCompoundFileIOPermission(); Invariant.Assert(s != null, "s cannot be null"); @@ -98,7 +97,6 @@ internal static int SafeStgOpenStorageOnStream( out IStorage ppstgOpen ) { - SecurityHelper.DemandCompoundFileIOPermission(); Invariant.Assert(s != null, "s cannot be null"); @@ -136,7 +134,6 @@ internal static int SafeStgCreateStorageEx( out IStorage ppObjectOpen //Pointer to an interface pointer ) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIStorage storage; int result; @@ -170,7 +167,6 @@ internal static int SafeStgOpenStorageEx( out IStorage ppObjectOpen //Pointer to an interface pointer ) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIStorage storage; int result; @@ -195,7 +191,6 @@ out IStorage ppObjectOpen //Pointer to an interface pointer internal static int SafePropVariantClear(ref PROPVARIANT pvar) { - SecurityHelper.DemandCompoundFileIOPermission(); return UnsafeNativeCompoundFileMethods.PropVariantClear(ref pvar); } @@ -210,7 +205,6 @@ internal SafeIStorageImplementation(UnsafeNativeCompoundFileMethods.UnsafeNative internal SafeIStorageImplementation(UnsafeNativeCompoundFileMethods.UnsafeNativeIStorage storage, UnsafeNativeCompoundFileMethods.UnsafeLockBytesOnStream lockBytesStream) { - SecurityHelper.DemandCompoundFileIOPermission(); if (storage == null) { @@ -224,7 +218,6 @@ internal SafeIStorageImplementation(UnsafeNativeCompoundFileMethods.UnsafeNative public void Dispose() { - SecurityHelper.DemandCompoundFileIOPermission(); Dispose(true); GC.SuppressFinalize(this); @@ -236,7 +229,6 @@ public void Dispose() /// protected virtual void Dispose(bool disposing) { - SecurityHelper.DemandCompoundFileIOPermission(); try { @@ -273,7 +265,6 @@ int IStorage.CreateStream( int reserved2, out IStream ppstm ) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIStream stream; int result; @@ -304,7 +295,6 @@ int IStorage.OpenStream( int reserved2, out IStream ppstm ) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIStream stream; int result; @@ -335,7 +325,6 @@ int IStorage.CreateStorage( int reserved2, out IStorage ppstg ) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIStorage storage; int result; @@ -367,7 +356,6 @@ int IStorage.OpenStorage( int reserved, out IStorage ppstg ) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIStorage storage; int result; @@ -398,7 +386,6 @@ void IStorage.CopyTo( IntPtr snbExclude, // Not properly translated, use NULL to avoid `blow-up IStorage ppstg ) { - SecurityHelper.DemandCompoundFileIOPermission(); Invariant.Assert(ppstg != null, "ppstg cannot be null"); @@ -415,7 +402,6 @@ void IStorage.MoveElementTo( string pwcsNewName, int grfFlags ) { - SecurityHelper.DemandCompoundFileIOPermission(); Invariant.Assert(pstgDest != null, "pstgDest cannot be null"); @@ -429,7 +415,6 @@ void IStorage.MoveElementTo( void IStorage.Commit( int grfCommitFlags ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeStorage.Commit( grfCommitFlags); @@ -437,7 +422,6 @@ void IStorage.Commit( void IStorage.Revert() { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeStorage.Revert(); } @@ -448,7 +432,6 @@ void IStorage.EnumElements( int reserved3, out IEnumSTATSTG ppEnum ) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIEnumSTATSTG enumSTATSTG; @@ -467,7 +450,6 @@ void IStorage.EnumElements( void IStorage.DestroyElement( string pwcsName ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeStorage.DestroyElement( pwcsName); @@ -477,7 +459,6 @@ void IStorage.RenameElement( string pwcsOldName, string pwcsNewName ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeStorage.RenameElement( pwcsOldName, @@ -490,7 +471,6 @@ void IStorage.SetElementTimes( System.Runtime.InteropServices.ComTypes.FILETIME patime, System.Runtime.InteropServices.ComTypes.FILETIME pmtime ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeStorage.SetElementTimes( pwcsName, @@ -502,7 +482,6 @@ void IStorage.SetElementTimes( void IStorage.SetClass( ref Guid clsid ) // Hopefully "ref" is how I tell it to use a pointer { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeStorage.SetClass( ref clsid ); @@ -512,7 +491,6 @@ void IStorage.SetStateBits( int grfStateBits, int grfMask ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeStorage.SetStateBits( grfStateBits, @@ -523,7 +501,6 @@ void IStorage.Stat( out System.Runtime.InteropServices.ComTypes.STATSTG pstatstg, int grfStatFlag ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeStorage.Stat( out pstatstg, @@ -538,7 +515,6 @@ void IPropertySetStorage.Create( out IPropertyStorage ppprstg ) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIPropertyStorage propertyStorage; @@ -562,7 +538,6 @@ int IPropertySetStorage.Open( out IPropertyStorage ppprstg ) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIPropertyStorage propertyStorage; @@ -584,7 +559,6 @@ void IPropertySetStorage.Delete( ref Guid rfmtid ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafePropertySetStorage.Delete( ref rfmtid @@ -595,7 +569,6 @@ void IPropertySetStorage.Enum( out IEnumSTATPROPSETSTG ppenum ) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIEnumSTATPROPSETSTG enumSTATPROPSETSTG; @@ -623,7 +596,6 @@ internal SafeIStreamImplementation(UnsafeNativeCompoundFileMethods.UnsafeNativeI public void Dispose() { - SecurityHelper.DemandCompoundFileIOPermission(); Dispose(true); GC.SuppressFinalize(this); @@ -631,7 +603,6 @@ public void Dispose() protected virtual void Dispose(bool disposing) { - SecurityHelper.DemandCompoundFileIOPermission(); try { @@ -651,7 +622,6 @@ protected virtual void Dispose(bool disposing) // void IStream.Read(Byte[] pv, int cb, out int pcbRead) { - SecurityHelper.DemandCompoundFileIOPermission(); if (cb < 0) { @@ -663,7 +633,6 @@ void IStream.Read(Byte[] pv, int cb, out int pcbRead) void IStream.Write(Byte[] pv, int cb, out int pcbWritten) { - SecurityHelper.DemandCompoundFileIOPermission(); if (cb < 0) { @@ -677,7 +646,6 @@ void IStream.Write(Byte[] pv, int cb, out int pcbWritten) // IStream portion void IStream.Seek(long dlibMove, int dwOrigin, out long plibNewPosition) { - SecurityHelper.DemandCompoundFileIOPermission(); if (dwOrigin < 0) { @@ -694,7 +662,6 @@ void IStream.Seek(long dlibMove, int dwOrigin, out long plibNewPosition) void IStream.SetSize(long libNewSize) { - SecurityHelper.DemandCompoundFileIOPermission(); if (libNewSize < 0) { @@ -706,7 +673,6 @@ void IStream.SetSize(long libNewSize) void IStream.CopyTo(IStream pstm, long cb, out long pcbRead, out long pcbWritten) { - SecurityHelper.DemandCompoundFileIOPermission(); Invariant.Assert(pstm != null, "pstm cannot be null"); @@ -720,21 +686,18 @@ void IStream.CopyTo(IStream pstm, long cb, out long pcbRead, out long pcbWritten void IStream.Commit(int grfCommitFlags) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeStream.Commit(grfCommitFlags); } void IStream.Revert() { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeStream.Revert(); } void IStream.LockRegion(long libOffset, long cb, int dwLockType) { - SecurityHelper.DemandCompoundFileIOPermission(); if (libOffset < 0) { @@ -750,7 +713,6 @@ void IStream.LockRegion(long libOffset, long cb, int dwLockType) void IStream.UnlockRegion(long libOffset, long cb, int dwLockType) { - SecurityHelper.DemandCompoundFileIOPermission(); if (libOffset < 0) { @@ -766,14 +728,12 @@ void IStream.UnlockRegion(long libOffset, long cb, int dwLockType) void IStream.Stat(out System.Runtime.InteropServices.ComTypes.STATSTG pstatstg, int grfStatFlag) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeStream.Stat(out pstatstg, grfStatFlag); } void IStream.Clone(out IStream ppstm) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIStream stream; @@ -801,7 +761,6 @@ internal SafeIEnumSTATPROPSETSTGImplementation(UnsafeNativeCompoundFileMethods.U public void Dispose() { - SecurityHelper.DemandCompoundFileIOPermission(); Dispose(true); GC.SuppressFinalize(this); @@ -813,7 +772,6 @@ public void Dispose() /// protected virtual void Dispose(bool disposing) { - SecurityHelper.DemandCompoundFileIOPermission(); try { @@ -842,7 +800,6 @@ protected virtual void Dispose(bool disposing) out UInt32 pceltFetched ) { - SecurityHelper.DemandCompoundFileIOPermission(); return _unsafeEnumSTATPROPSETSTG.Next( celt, @@ -853,21 +810,18 @@ out pceltFetched void IEnumSTATPROPSETSTG.Skip(UInt32 celt) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeEnumSTATPROPSETSTG.Skip(celt); } void IEnumSTATPROPSETSTG.Reset() { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeEnumSTATPROPSETSTG.Reset(); } void IEnumSTATPROPSETSTG.Clone(out IEnumSTATPROPSETSTG ppenum) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIEnumSTATPROPSETSTG enumSTATPROPSETSTG; @@ -891,7 +845,6 @@ internal SafeIPropertyStorageImplementation(UnsafeNativeCompoundFileMethods.Unsa public void Dispose() { - SecurityHelper.DemandCompoundFileIOPermission(); Dispose(true); GC.SuppressFinalize(this); @@ -903,7 +856,6 @@ public void Dispose() /// protected virtual void Dispose(bool disposing) { - SecurityHelper.DemandCompoundFileIOPermission(); try { @@ -929,7 +881,6 @@ int IPropertyStorage.ReadMultiple( PROPVARIANT[] rgpropvar ) { - SecurityHelper.DemandCompoundFileIOPermission(); return _unsafePropertyStorage.ReadMultiple( cpspec, @@ -945,7 +896,6 @@ void IPropertyStorage.WriteMultiple( uint propidNameFirst ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafePropertyStorage.WriteMultiple( cpspec, @@ -960,7 +910,6 @@ void IPropertyStorage.DeleteMultiple( PROPSPEC[] rgpspec ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafePropertyStorage.DeleteMultiple( cpspec, @@ -974,7 +923,6 @@ void IPropertyStorage.ReadPropertyNames( string[] rglpwstrName ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafePropertyStorage.ReadPropertyNames( cpropid, @@ -989,7 +937,6 @@ void IPropertyStorage.WritePropertyNames( string[] rglpwstrName ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafePropertyStorage.WritePropertyNames( cpropid, @@ -1003,7 +950,6 @@ void IPropertyStorage.DeletePropertyNames( UInt32[] rgpropid ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafePropertyStorage.DeletePropertyNames( cpropid, @@ -1015,7 +961,6 @@ void IPropertyStorage.Commit( UInt32 grfCommitFlags ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafePropertyStorage.Commit( grfCommitFlags @@ -1024,7 +969,6 @@ UInt32 grfCommitFlags void IPropertyStorage.Revert() { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafePropertyStorage.Revert(); } @@ -1033,7 +977,6 @@ void IPropertyStorage.Enum( out IEnumSTATPROPSTG ppenum ) { - SecurityHelper.DemandCompoundFileIOPermission(); #if Using_SafeIPropertyStorageImplementation_Enum @@ -1056,7 +999,6 @@ void IPropertyStorage.SetTimes( ref System.Runtime.InteropServices.ComTypes.FILETIME pmtime ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafePropertyStorage.SetTimes( ref pctime, @@ -1069,7 +1011,6 @@ void IPropertyStorage.SetClass( ref Guid clsid ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafePropertyStorage.SetClass( ref clsid @@ -1080,7 +1021,6 @@ void IPropertyStorage.Stat( out STATPROPSETSTG pstatpsstg ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafePropertyStorage.Stat( out pstatpsstg @@ -1100,7 +1040,6 @@ internal SafeIEnumSTATPROPSTGImplementation(UnsafeNativeCompoundFileMethods.Unsa public void Dispose() { - SecurityHelper.DemandCompoundFileIOPermission(); Dispose(true); GC.SuppressFinalize(this); @@ -1112,7 +1051,6 @@ public void Dispose() /// protected virtual void Dispose(bool disposing) { - SecurityHelper.DemandCompoundFileIOPermission(); try { @@ -1141,7 +1079,6 @@ protected virtual void Dispose(bool disposing) out UInt32 pceltFetched ) { - SecurityHelper.DemandCompoundFileIOPermission(); return _unsafeEnumSTATPROPSTG.Next( celt, @@ -1152,21 +1089,18 @@ out pceltFetched void IEnumSTATPROPSTG.Skip(UInt32 celt) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeEnumSTATPROPSTG.Skip(celt); } void IEnumSTATPROPSTG.Reset() { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeEnumSTATPROPSTG.Reset(); } void IEnumSTATPROPSTG.Clone(out IEnumSTATPROPSTG ppenum) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIEnumSTATPROPSTG enumSTATPROPSTG; @@ -1191,7 +1125,6 @@ internal SafeIEnumSTATSTGImplementation(UnsafeNativeCompoundFileMethods.UnsafeNa public void Dispose() { - SecurityHelper.DemandCompoundFileIOPermission(); Dispose(true); GC.SuppressFinalize(this); @@ -1203,7 +1136,6 @@ public void Dispose() /// protected virtual void Dispose(bool disposing) { - SecurityHelper.DemandCompoundFileIOPermission(); try { @@ -1224,7 +1156,6 @@ void IEnumSTATSTG.Next( // Because marshalling an array of structs that have pointers to strings are troublesome. out UInt32 pceltFetched ) { - SecurityHelper.DemandCompoundFileIOPermission(); if (celt != 1) { @@ -1240,7 +1171,6 @@ void IEnumSTATSTG.Next( void IEnumSTATSTG.Skip( UInt32 celt ) { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeEnumSTATSTG.Skip( celt ); @@ -1248,7 +1178,6 @@ void IEnumSTATSTG.Skip( void IEnumSTATSTG.Reset() { - SecurityHelper.DemandCompoundFileIOPermission(); _unsafeEnumSTATSTG.Reset(); } @@ -1256,7 +1185,6 @@ void IEnumSTATSTG.Reset() void IEnumSTATSTG.Clone( out IEnumSTATSTG ppenum ) { - SecurityHelper.DemandCompoundFileIOPermission(); UnsafeNativeCompoundFileMethods.UnsafeNativeIEnumSTATSTG enumSTATSTG; diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/CompoundFileIOPermission.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/CompoundFileIOPermission.cs deleted file mode 100644 index b905794d8c1..00000000000 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/CompoundFileIOPermission.cs +++ /dev/null @@ -1,26 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System; -using System.Text; -using System.Security; -using System.Security.Permissions; -using System.Windows; -using MS.Internal.WindowsBase; - -namespace MS.Internal.Permissions -{ - [FriendAccessAllowed] - internal class CompoundFileIOPermission : InternalParameterlessPermissionBase - { - public CompoundFileIOPermission() : this(PermissionState.Unrestricted) - { - } - public CompoundFileIOPermission(PermissionState state): base() - { - } - public IPermission Copy() { return default(IPermission); } - } -} - diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/RightsManagementPermission.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/RightsManagementPermission.cs deleted file mode 100644 index 917ca13e5e3..00000000000 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/RightsManagementPermission.cs +++ /dev/null @@ -1,26 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System; -using System.Text; -using System.Security; -using System.Security.Permissions; -using System.Windows; -using MS.Internal.WindowsBase; - -namespace MS.Internal.Permissions -{ - [FriendAccessAllowed] - internal class RightsManagementPermission : InternalParameterlessPermissionBase - { - public RightsManagementPermission() : this(PermissionState.Unrestricted) - { - } - public RightsManagementPermission(PermissionState state): base() - { - } - public IPermission Copy() { return default(IPermission); } - } -} - diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Security/RightsManagement/InternalSafeNativeMethods.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Security/RightsManagement/InternalSafeNativeMethods.cs index 817307a358f..f69eb24f890 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Security/RightsManagement/InternalSafeNativeMethods.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Security/RightsManagement/InternalSafeNativeMethods.cs @@ -32,7 +32,6 @@ internal static int DRMCreateClientSession( string GroupID, out SafeRightsManagementSessionHandle phSession) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMCreateClientSession( pfnCallback, uCallbackVersion, @@ -58,7 +57,6 @@ internal static int DRMCreateClientSession( internal static int DRMCloseSession( uint sessionHandle) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMCloseSession( sessionHandle); } @@ -70,7 +68,6 @@ internal static int DRMCloseSession( internal static int DRMCloseHandle( uint handle) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMCloseHandle( handle); } @@ -82,7 +79,6 @@ internal static int DRMCloseHandle( internal static int DRMCloseQueryHandle( uint queryHandle) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMCloseQueryHandle( queryHandle); } @@ -94,7 +90,6 @@ internal static int DRMCloseQueryHandle( internal static int DRMCloseEnvironmentHandle( uint envHandle) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMCloseEnvironmentHandle( envHandle); } @@ -108,7 +103,6 @@ internal static int DRMInitEnvironment( out SafeRightsManagementEnvironmentHandle environmentHandle, out SafeRightsManagementHandle defaultLibrary) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMInitEnvironment( eSecurityProviderType, eSpecification, @@ -140,7 +134,6 @@ internal static int DRMIsActivated( uint uFlags, ActivationServerInfo activationServerInfo) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMIsActivated( hSession, uFlags, @@ -155,7 +148,6 @@ internal static int DRMActivate( IntPtr context, IntPtr parentWindowHandle) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMActivate( hSession, uFlags, @@ -173,7 +165,6 @@ internal static int DRMCreateLicenseStorageSession( string IssuanceLicense, out SafeRightsManagementSessionHandle phLicenseStorageSession) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMCreateLicenseStorageSession( hEnv, hDefLib, @@ -202,7 +193,6 @@ internal static int DRMAcquireLicense( string url, IntPtr context) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMAcquireLicense( hSession, uFlags, @@ -221,7 +211,6 @@ internal static int DRMEnumerateLicense( ref uint puCertDataLen, StringBuilder wszCertificateData) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMEnumerateLicense( hSession, uFlags, @@ -239,7 +228,6 @@ internal static int DRMGetServiceLocation( ref uint serviceUrlLength, StringBuilder serviceUrl) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetServiceLocation( clientSessionHandle, serviceType, @@ -255,7 +243,6 @@ internal static int DRMDeconstructCertificateChain( ref uint certificateLength, StringBuilder certificate) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMDeconstructCertificateChain( chain, index, @@ -267,7 +254,6 @@ internal static int DRMParseUnboundLicense( string certificate, out SafeRightsManagementQueryHandle queryRootHandle) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMParseUnboundLicense( certificate, out queryRootHandle); @@ -288,7 +274,6 @@ internal static int DRMGetUnboundLicenseObjectCount( string subObjectType, out uint objectCount) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetUnboundLicenseObjectCount( queryRootHandle, subObjectType, @@ -301,7 +286,6 @@ internal static int DRMGetBoundLicenseObject( uint index, out SafeRightsManagementHandle subQueryHandle) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMGetBoundLicenseObject( queryRootHandle, subObjectType, @@ -325,7 +309,6 @@ internal static int DRMGetUnboundLicenseObject( uint index, out SafeRightsManagementQueryHandle subQueryHandle) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMGetUnboundLicenseObject( queryRootHandle, subObjectType, @@ -351,7 +334,6 @@ internal static int DRMGetUnboundLicenseAttribute( ref uint bufferSize, byte[] buffer) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetUnboundLicenseAttribute( queryRootHandle, attributeType, @@ -369,7 +351,6 @@ internal static int DRMGetBoundLicenseAttribute( ref uint bufferSize, byte[] buffer) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetBoundLicenseAttribute( queryRootHandle, attributeType, @@ -389,7 +370,6 @@ internal static int DRMCreateIssuanceLicense( SafeRightsManagementHandle boundLicenseHandle, out SafeRightsManagementPubHandle issuanceLicenseHandle) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMCreateIssuanceLicense( timeFrom, timeUntil, @@ -417,7 +397,6 @@ internal static int DRMCreateUser( string userIdType, out SafeRightsManagementPubHandle userHandle) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMCreateUser( userName, userId, @@ -440,7 +419,6 @@ internal static int DRMGetUsers( uint index, out SafeRightsManagementPubHandle userHandle) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMGetUsers( issuanceLicenseHandle, index, @@ -463,7 +441,6 @@ internal static int DRMGetUserRights( uint index, out SafeRightsManagementPubHandle rightHandle) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMGetUserRights( issuanceLicenseHandle, userHandle, @@ -490,7 +467,6 @@ internal static int DRMGetUserInfo( ref uint userIdTypeLength, StringBuilder userIdType) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetUserInfo( userHandle, ref userNameLength, @@ -508,7 +484,6 @@ internal static int DRMGetRightInfo( SystemTime timeFrom, SystemTime timeUntil) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetRightInfo( rightHandle, ref rightNameLength, @@ -526,7 +501,6 @@ internal static int DRMCreateRight( string[] extendedInfoValues, out SafeRightsManagementPubHandle rightHandle) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMCreateRight( rightName, timeFrom, @@ -551,7 +525,6 @@ internal static int DRMGetIssuanceLicenseTemplate( ref uint issuanceLicenseTemplateLength, StringBuilder issuanceLicenseTemplate) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetIssuanceLicenseTemplate( issuanceLicenseHandle, ref issuanceLicenseTemplateLength, @@ -565,7 +538,6 @@ internal static int DRMGetIssuanceLicenseTemplate( internal static int DRMClosePubHandle( uint pubHandle) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMClosePubHandle( pubHandle); } @@ -575,7 +547,6 @@ internal static int DRMAddRightWithUser( SafeRightsManagementPubHandle rightHandle, SafeRightsManagementPubHandle userHandle) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMAddRightWithUser( issuanceLicenseHandle, rightHandle, @@ -591,7 +562,6 @@ internal static int DRMSetMetaData( string contentType, string contentName) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMSetMetaData( issuanceLicenseHandle, contentId, @@ -614,7 +584,6 @@ internal static int DRMGetIssuanceLicenseInfo( out SafeRightsManagementPubHandle ownerHandle, out bool officialFlag) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMGetIssuanceLicenseInfo( issuanceLicenseHandle, timeFrom, @@ -644,7 +613,6 @@ internal static int DRMGetSecurityProvider( ref uint pathLength, StringBuilder path) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetSecurityProvider( flags, ref typeLength, @@ -657,7 +625,6 @@ internal static int DRMDeleteLicense( SafeRightsManagementSessionHandle hSession, string wszLicenseId) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMDeleteLicense( hSession, wszLicenseId); @@ -670,7 +637,6 @@ internal static int DRMSetNameAndDescription( string name, string description) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMSetNameAndDescription( issuanceLicenseHandle, flagDelete, @@ -689,7 +655,6 @@ internal static int DRMGetNameAndDescription( ref uint descriptionLength, StringBuilder description) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetNameAndDescription( issuanceLicenseHandle, uIndex, @@ -712,7 +677,6 @@ internal static int DRMGetSignedIssuanceLicense( string Url, uint context) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetSignedIssuanceLicense( environmentHandle, issuanceLicenseHandle, @@ -731,7 +695,6 @@ internal static int DRMGetOwnerLicense( ref uint ownerLicenseLength, StringBuilder ownerLicense) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetOwnerLicense( issuanceLicenseHandle, ref ownerLicenseLength, @@ -745,7 +708,6 @@ internal static int DRMCreateBoundLicense( out SafeRightsManagementHandle boundLicenseHandle, out uint errorLogHandle) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMCreateBoundLicense( environmentHandle, boundLicenseParams, @@ -770,7 +732,6 @@ internal static int DRMCreateEnablingBitsDecryptor( string auxPlugin, out SafeRightsManagementHandle decryptorHandle) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMCreateEnablingBitsDecryptor( boundLicenseHandle, right, @@ -795,7 +756,6 @@ internal static int DRMCreateEnablingBitsEncryptor( string auxPlugin, out SafeRightsManagementHandle encryptorHandle) { - SecurityHelper.DemandRightsManagementPermission(); int res = UnsafeNativeMethods.DRMCreateEnablingBitsEncryptor( boundLicenseHandle, right, @@ -821,7 +781,6 @@ internal static int DRMDecrypt( ref uint outputByteCount, byte[] outputBuffer) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMDecrypt( cryptoProvHandle, position, @@ -839,7 +798,6 @@ internal static int DRMEncrypt( ref uint outputByteCount, byte[] outputBuffer) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMEncrypt( cryptoProvHandle, position, @@ -856,7 +814,6 @@ internal static int DRMGetInfo( ref uint outputByteCount, byte[] outputBuffer) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetInfo( handle, attributeType, @@ -873,7 +830,6 @@ internal static int DRMGetApplicationSpecificData( ref uint valueLength, StringBuilder value) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetApplicationSpecificData( issuanceLicenseHandle, index, @@ -889,7 +845,6 @@ internal static int DRMSetApplicationSpecificData( string name, string value) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMSetApplicationSpecificData( issuanceLicenseHandle, flagDelete, @@ -901,7 +856,6 @@ internal static int DRMGetIntervalTime( SafeRightsManagementPubHandle issuanceLicenseHandle, ref uint days) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetIntervalTime( issuanceLicenseHandle, ref days); @@ -911,7 +865,6 @@ internal static int DRMSetIntervalTime( SafeRightsManagementPubHandle issuanceLicenseHandle, uint days) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMSetIntervalTime( issuanceLicenseHandle, days); @@ -931,7 +884,6 @@ internal static int DRMGetRevocationPoint( ref uint publicKeyLength, StringBuilder publicKey) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMGetRevocationPoint( issuanceLicenseHandle, ref idLength, @@ -958,7 +910,6 @@ internal static int DRMSetRevocationPoint( string name, string publicKey) { - SecurityHelper.DemandRightsManagementPermission(); return UnsafeNativeMethods.DRMSetRevocationPoint( issuanceLicenseHandle, flagDelete, diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/CryptoProvider.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/CryptoProvider.cs index e7b0c3eb1b6..6f63d4d1356 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/CryptoProvider.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/CryptoProvider.cs @@ -54,7 +54,6 @@ public class CryptoProvider : IDisposable /// public void Dispose() { - SecurityHelper.DemandRightsManagementPermission(); Dispose(true); GC.SuppressFinalize(this); } @@ -72,7 +71,6 @@ public void Dispose() /// public byte[] Encrypt(byte[] clearText) { - SecurityHelper.DemandRightsManagementPermission(); CheckDisposed(); if (clearText == null) @@ -132,7 +130,6 @@ public byte[] Encrypt(byte[] clearText) /// public byte[] Decrypt(byte[] cryptoText) { - SecurityHelper.DemandRightsManagementPermission(); CheckDisposed(); if (cryptoText == null) @@ -245,7 +242,6 @@ public int BlockSize { get { - SecurityHelper.DemandRightsManagementPermission(); CheckDisposed(); if (_blockSize ==0) @@ -264,7 +260,6 @@ public bool CanMergeBlocks { get { - SecurityHelper.DemandRightsManagementPermission(); CheckDisposed(); // convention is to return 1 for stream ciphers @@ -285,7 +280,6 @@ public ReadOnlyCollection BoundGrants { get { - SecurityHelper.DemandRightsManagementPermission(); CheckDisposed(); if (_boundGrantReadOnlyCollection == null) @@ -319,7 +313,6 @@ public bool CanEncrypt { get { - SecurityHelper.DemandRightsManagementPermission(); CheckDisposed(); return (!EncryptorHandle.IsInvalid); @@ -335,7 +328,6 @@ public bool CanDecrypt { get { - SecurityHelper.DemandRightsManagementPermission(); CheckDisposed(); return (!DecryptorHandle.IsInvalid); diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/Grant.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/Grant.cs index 5e95a4a2188..c48534fd168 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/Grant.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/Grant.cs @@ -40,7 +40,6 @@ public ContentGrant(ContentUser user, ContentRight right) /// public ContentGrant(ContentUser user, ContentRight right, DateTime validFrom, DateTime validUntil) { - SecurityHelper.DemandRightsManagementPermission(); // Add validation here if (user == null) @@ -86,7 +85,6 @@ public ContentUser User { get { - SecurityHelper.DemandRightsManagementPermission(); return _user; } } @@ -98,7 +96,6 @@ public ContentRight Right { get { - SecurityHelper.DemandRightsManagementPermission(); return _right; } } @@ -110,7 +107,6 @@ public DateTime ValidFrom { get { - SecurityHelper.DemandRightsManagementPermission(); return _validFrom; } @@ -123,7 +119,6 @@ public DateTime ValidUntil { get { - SecurityHelper.DemandRightsManagementPermission(); return _validUntil; } diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/LocalizedNameDescriptionPair.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/LocalizedNameDescriptionPair.cs index 1eda1d572bf..c39b5403c29 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/LocalizedNameDescriptionPair.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/LocalizedNameDescriptionPair.cs @@ -39,7 +39,6 @@ public class LocalizedNameDescriptionPair /// public LocalizedNameDescriptionPair(string name, string description) { - SecurityHelper.DemandRightsManagementPermission(); if (name == null) { @@ -62,7 +61,6 @@ public string Name { get { - SecurityHelper.DemandRightsManagementPermission(); return _name; } @@ -75,7 +73,6 @@ public string Description { get { - SecurityHelper.DemandRightsManagementPermission(); return _description; } @@ -86,7 +83,6 @@ public string Description /// public override bool Equals(object obj) { - SecurityHelper.DemandRightsManagementPermission(); if ((obj == null) || (obj.GetType() != GetType())) { @@ -109,7 +105,6 @@ public override bool Equals(object obj) /// public override int GetHashCode() { - SecurityHelper.DemandRightsManagementPermission(); return Name.GetHashCode() ^ Description.GetHashCode(); } diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/PublishLicense.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/PublishLicense.cs index a893027c802..32cb804a516 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/PublishLicense.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/PublishLicense.cs @@ -43,7 +43,6 @@ public class PublishLicense /// public PublishLicense(string signedPublishLicense) { - SecurityHelper.DemandRightsManagementPermission(); if (signedPublishLicense == null) { @@ -93,7 +92,6 @@ public PublishLicense(string signedPublishLicense) /// public UnsignedPublishLicense DecryptUnsignedPublishLicense(CryptoProvider cryptoProvider ) { - SecurityHelper.DemandRightsManagementPermission(); if (cryptoProvider == null) { @@ -113,7 +111,6 @@ public string ReferralInfoName { get { - SecurityHelper.DemandRightsManagementPermission(); return _referralInfoName; } @@ -129,7 +126,6 @@ public Uri ReferralInfoUri { get { - SecurityHelper.DemandRightsManagementPermission(); return _referralInfoUri; } @@ -142,7 +138,6 @@ public Guid ContentId { get { - SecurityHelper.DemandRightsManagementPermission(); return _contentId; } @@ -155,7 +150,6 @@ public Uri UseLicenseAcquisitionUrl { get { - SecurityHelper.DemandRightsManagementPermission(); return _useLicenseAcquisitionUriFromPublishLicense; } @@ -166,7 +160,6 @@ public Uri UseLicenseAcquisitionUrl /// public override string ToString() { - SecurityHelper.DemandRightsManagementPermission(); return _serializedPublishLicense; } @@ -176,7 +169,6 @@ public override string ToString() /// public UseLicense AcquireUseLicense(SecureEnvironment secureEnvironment) { - SecurityHelper.DemandRightsManagementPermission(); if (secureEnvironment == null) { @@ -199,7 +191,6 @@ public UseLicense AcquireUseLicense(SecureEnvironment secureEnvironment) /// public UseLicense AcquireUseLicenseNoUI(SecureEnvironment secureEnvironment) { - SecurityHelper.DemandRightsManagementPermission(); if (secureEnvironment == null) { diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/SecureEnvironment.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/SecureEnvironment.cs index 9402b0a1b88..f0be52567ba 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/SecureEnvironment.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/SecureEnvironment.cs @@ -41,7 +41,6 @@ public class SecureEnvironment : IDisposable public static SecureEnvironment Create(string applicationManifest, ContentUser user) { - SecurityHelper.DemandRightsManagementPermission(); return CriticalCreate(applicationManifest, user); } @@ -64,7 +63,6 @@ public static SecureEnvironment Create(string applicationManifest, AuthenticationType authentication, UserActivationMode userActivationMode) { - SecurityHelper.DemandRightsManagementPermission(); return CriticalCreate(applicationManifest, authentication, @@ -77,7 +75,6 @@ public static SecureEnvironment Create(string applicationManifest, /// public static bool IsUserActivated(ContentUser user) { - SecurityHelper.DemandRightsManagementPermission(); if (user == null) { @@ -103,7 +100,6 @@ public static bool IsUserActivated(ContentUser user) /// public static void RemoveActivatedUser(ContentUser user) { - SecurityHelper.DemandRightsManagementPermission(); if (user == null) { @@ -147,7 +143,6 @@ public static void RemoveActivatedUser(ContentUser user) /// static public ReadOnlyCollection GetActivatedUsers() { - SecurityHelper.DemandRightsManagementPermission(); //build user with the default authentication type and a default name // neither name not authentication type is important in this case @@ -196,7 +191,6 @@ static public ReadOnlyCollection GetActivatedUsers() /// public void Dispose() { - SecurityHelper.DemandRightsManagementPermission(); Dispose(true); GC.SuppressFinalize(this); @@ -209,7 +203,6 @@ public ContentUser User { get { - SecurityHelper.DemandRightsManagementPermission(); CheckDisposed(); return _user; @@ -223,7 +216,6 @@ public string ApplicationManifest { get { - SecurityHelper.DemandRightsManagementPermission(); CheckDisposed(); return _applicationManifest; diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/UnsignedPublishLicense.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/UnsignedPublishLicense.cs index 2574520d24a..9b6967e7064 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/UnsignedPublishLicense.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/UnsignedPublishLicense.cs @@ -40,7 +40,6 @@ public class UnsignedPublishLicense /// public UnsignedPublishLicense() { - SecurityHelper.DemandRightsManagementPermission(); _grantCollection = new Collection(); _contentId = Guid.NewGuid(); @@ -52,7 +51,6 @@ public UnsignedPublishLicense() /// public UnsignedPublishLicense(string publishLicenseTemplate) :this () { - SecurityHelper.DemandRightsManagementPermission(); if (publishLicenseTemplate == null) { @@ -85,7 +83,6 @@ public UnsignedPublishLicense(string publishLicenseTemplate) :this () /// public PublishLicense Sign(SecureEnvironment secureEnvironment, out UseLicense authorUseLicense) { - SecurityHelper.DemandRightsManagementPermission(); if (secureEnvironment == null) { @@ -137,13 +134,11 @@ public ContentUser Owner { get { - SecurityHelper.DemandRightsManagementPermission(); return _owner; } set { - SecurityHelper.DemandRightsManagementPermission(); _owner = value; } @@ -157,13 +152,11 @@ public string ReferralInfoName { get { - SecurityHelper.DemandRightsManagementPermission(); return _referralInfoName; } set { - SecurityHelper.DemandRightsManagementPermission(); _referralInfoName = value; } @@ -177,13 +170,11 @@ public Uri ReferralInfoUri { get { - SecurityHelper.DemandRightsManagementPermission(); return _referralInfoUri; } set { - SecurityHelper.DemandRightsManagementPermission(); _referralInfoUri = value; } @@ -197,13 +188,11 @@ public Guid ContentId { get { - SecurityHelper.DemandRightsManagementPermission(); return _contentId; } set { - SecurityHelper.DemandRightsManagementPermission(); // Guid is a value type, so it can never be null; therefore, there is no nreed to check this _contentId = value; @@ -217,7 +206,6 @@ public ICollection Grants { get { - SecurityHelper.DemandRightsManagementPermission(); return _grantCollection; } @@ -231,7 +219,6 @@ public ICollection Grants { get { - SecurityHelper.DemandRightsManagementPermission(); if (_localizedNameDescriptionDictionary == null) { @@ -248,7 +235,6 @@ public ICollection Grants /// override public string ToString() { - SecurityHelper.DemandRightsManagementPermission(); using(IssuanceLicense issuanceLicense = new IssuanceLicense( DateTime.MinValue, @@ -324,7 +310,6 @@ internal int RightValidityIntervalDays { get { - SecurityHelper.DemandRightsManagementPermission(); if (_applicationSpecificDataDictionary == null) { diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/UseLicense.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/UseLicense.cs index eb8f8f99458..afc53c8066a 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/UseLicense.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/UseLicense.cs @@ -39,7 +39,6 @@ public class UseLicense /// public UseLicense(string useLicense) { - SecurityHelper.DemandRightsManagementPermission(); if (useLicense == null) { @@ -83,7 +82,6 @@ public ContentUser Owner { get { - SecurityHelper.DemandRightsManagementPermission(); return _owner; } @@ -96,7 +94,6 @@ public Guid ContentId { get { - SecurityHelper.DemandRightsManagementPermission(); return _contentId; } @@ -107,7 +104,6 @@ public Guid ContentId /// public override string ToString() { - SecurityHelper.DemandRightsManagementPermission(); return _serializedUseLicense; } @@ -118,7 +114,6 @@ public override string ToString() /// public CryptoProvider Bind (SecureEnvironment secureEnvironment) { - SecurityHelper.DemandRightsManagementPermission(); if (secureEnvironment == null) { @@ -144,7 +139,6 @@ public IDictionary ApplicationData { get { - SecurityHelper.DemandRightsManagementPermission(); return _applicationSpecificDataDictionary; } @@ -155,7 +149,6 @@ public IDictionary ApplicationData /// public override bool Equals(object x) { - SecurityHelper.DemandRightsManagementPermission(); if (x == null) return false; // Standard behavior. @@ -173,7 +166,6 @@ public override bool Equals(object x) /// public override int GetHashCode() { - SecurityHelper.DemandRightsManagementPermission(); return _serializedUseLicense.GetHashCode(); } diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/User.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/User.cs index 9ea7074d5cf..4c1506b4982 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/User.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Security/RightsManagement/User.cs @@ -38,7 +38,6 @@ public class ContentUser /// public ContentUser(string name, AuthenticationType authenticationType) { - SecurityHelper.DemandRightsManagementPermission(); if (name == null) { @@ -79,7 +78,6 @@ public AuthenticationType AuthenticationType { get { - SecurityHelper.DemandRightsManagementPermission(); return _authenticationType; } @@ -92,7 +90,6 @@ public string Name { get { - SecurityHelper.DemandRightsManagementPermission(); return _name; } @@ -107,7 +104,6 @@ public string Name /// public bool IsAuthenticated() { - SecurityHelper.DemandRightsManagementPermission(); // we can only have activated Windows or Passport users // undefined authentication type can only be used for building a UnsignedPublishLicense @@ -130,7 +126,6 @@ public bool IsAuthenticated() /// public override bool Equals(object obj) { - SecurityHelper.DemandRightsManagementPermission(); if (obj == null) return false; // Standard behavior. @@ -155,7 +150,6 @@ public static ContentUser AnyoneUser { get { - SecurityHelper.DemandRightsManagementPermission(); if (_anyoneUser == null) { @@ -175,7 +169,6 @@ public static ContentUser OwnerUser { get { - SecurityHelper.DemandRightsManagementPermission(); if (_ownerUser == null) { @@ -190,7 +183,6 @@ public static ContentUser OwnerUser /// public override int GetHashCode() { - SecurityHelper.DemandRightsManagementPermission(); if (!hashCalcIsDone) { diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj b/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj index 21e9c65a064..8262ec6b133 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj @@ -137,8 +137,6 @@ - - From 353bc2388e3e22a9a21fec32c0f6a9439f471daf Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 07:40:32 -0700 Subject: [PATCH 03/21] removed userinitiatedroutedeventpermission --- .../System/Windows/RoutedEventArgs.cs | 2 +- .../src/Shared/MS/Internal/SecurityHelper.cs | 15 ----------- .../UserInitiatedRoutedEventPermission.cs | 26 ------------------- .../src/WindowsBase/WindowsBase.csproj | 1 - 4 files changed, 1 insertion(+), 43 deletions(-) delete mode 100644 src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/UserInitiatedRoutedEventPermission.cs diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/RoutedEventArgs.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/RoutedEventArgs.cs index 4ecab818a56..21763d90a96 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/RoutedEventArgs.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/RoutedEventArgs.cs @@ -348,7 +348,7 @@ internal bool UserInitiated { if (_flags [UserInitiatedIndex]) { - return SecurityHelper.CallerHasUserInitiatedRoutedEventPermission(); + return true; } return false; } diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index f1be8d7ea1d..9021f945400 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -106,21 +106,6 @@ internal static void DemandUnmanagedCode() static SecurityPermission _unmanagedCodePermission = null; #endif // !PBTCOMPILER -#if PRESENTATION_CORE - - /// - /// Create a UserInitiatedRoutedEvent permission. - /// Separate helper exists to make it easy to change what the permission is. - /// - internal static CodeAccessPermission CreateUserInitiatedRoutedEventPermission() { return default(CodeAccessPermission); } - - /// - /// Check whether the call stack has the permissions needed for UserInitiated RoutedEvents. - /// - internal static bool CallerHasUserInitiatedRoutedEventPermission() { return true; } - -#endif // PRESENTATION_CORE - #if PRESENTATIONFRAMEWORK internal static void ThrowExceptionIfSettingTrueInPartialTrust(ref bool value) diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/UserInitiatedRoutedEventPermission.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/UserInitiatedRoutedEventPermission.cs deleted file mode 100644 index 105cc4d6994..00000000000 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Permissions/UserInitiatedRoutedEventPermission.cs +++ /dev/null @@ -1,26 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// -// - -using System; -using System.Security; -using System.Security.Permissions; -using System.Windows; -using MS.Internal.Permissions; - -namespace MS.Internal.Permissions -{ - internal class UserInitiatedRoutedEventPermission : InternalParameterlessPermissionBase - { - public UserInitiatedRoutedEventPermission() : this(PermissionState.Unrestricted) - { - } - public UserInitiatedRoutedEventPermission(PermissionState state): base() - { - } - public IPermission Copy() { return default(IPermission); } - } -} diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj b/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj index 8262ec6b133..9fd6806ca2e 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj @@ -137,7 +137,6 @@ - From 9218587b8d2057f6183640382a3577c331f7e3e1 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 07:52:29 -0700 Subject: [PATCH 04/21] deleted rest of internal permissions --- .../Permissions/InternalPermissions.cs | 33 ------------------- .../src/Shared/MS/Internal/SecurityHelper.cs | 5 --- .../InternalSafeNativeMethods.cs | 1 - .../src/WindowsBase/WindowsBase.csproj | 1 - 4 files changed, 40 deletions(-) delete mode 100644 src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/Permissions/InternalPermissions.cs diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/Permissions/InternalPermissions.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/Permissions/InternalPermissions.cs deleted file mode 100644 index 1d533d93f3d..00000000000 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/Permissions/InternalPermissions.cs +++ /dev/null @@ -1,33 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System; -using System.Diagnostics; -using System.Text; -using System.Security; -using System.Windows; - -#if WINDOWS_BASE -using MS.Internal.WindowsBase; -#endif - -namespace MS.Internal.Permissions -{ - [FriendAccessAllowed] - internal abstract class InternalParameterlessPermissionBase - { - protected InternalParameterlessPermissionBase() { } - public bool IsUnrestricted() { return true; } - public virtual SecurityElement ToXml() { return default(SecurityElement); } - public virtual void FromXml( SecurityElement elem) { } - public virtual IPermission Intersect(IPermission target) { return default(IPermission); } - public virtual bool IsSubsetOf(IPermission target) { return true; } - public virtual IPermission Union(IPermission target) { return default(IPermission); } - // Added hollow methods below that were originally part of 'CodeAccessPermission' which this class used to extend - public void Demand() { } - public void Assert() { } - public static void RevertAssert() { } - } -} - diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index 9021f945400..751b753f925 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -46,16 +46,11 @@ namespace MS.Internal.Drt using System.IO.Packaging; #endif -#if WINDOWS_BASE || PRESENTATIONUI - using MS.Internal.Permissions; -#endif #if PRESENTATION_CORE using MS.Internal.AppModel; -using MS.Internal.Permissions; #endif #if PRESENTATIONFRAMEWORK_ONLY - using MS.Internal.Permissions ; using System.Diagnostics; using System.Windows; using MS.Internal.Utility; // BindUriHelper diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Security/RightsManagement/InternalSafeNativeMethods.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Security/RightsManagement/InternalSafeNativeMethods.cs index f69eb24f890..9f886402b8d 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Security/RightsManagement/InternalSafeNativeMethods.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/MS/Internal/Security/RightsManagement/InternalSafeNativeMethods.cs @@ -18,7 +18,6 @@ using System.Text; using System.Security; using System.Security.Permissions; -using MS.Internal.Permissions; using SecurityHelper = MS.Internal.WindowsBase.SecurityHelper; namespace MS.Internal.Security.RightsManagement diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj b/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj index 9fd6806ca2e..c16ae3920d6 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/WindowsBase.csproj @@ -41,7 +41,6 @@ - From 8226a8dce882fee8ef428af6785e9634be4ab9b3 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 08:23:06 -0700 Subject: [PATCH 05/21] removed method from security helper --- .../MS/internal/FontFace/FontDriver.cs | 2 - .../System/Windows/DragDrop.cs | 4 +- .../System/Windows/dataobject.cs | 56 ++++++------------- .../Internal/AppModel/AppSecurityManager.cs | 21 +------ .../MS/Internal/Ink/ClipboardProcessor.cs | 10 ---- .../System/Windows/Documents/Speller.cs | 12 +--- .../Windows/Documents/TextEditorCopyPaste.cs | 34 +++-------- .../Windows/Documents/TextEditorDragDrop.cs | 5 +- .../System/Windows/Documents/TextRangeBase.cs | 14 ++--- .../Documents/TextRangeSerialization.cs | 13 ----- .../TextTreeDeleteContentUndoUnit.cs | 16 +----- .../Windows/Navigation/NavigationService.cs | 5 -- .../src/Shared/MS/Internal/SecurityHelper.cs | 19 +------ 13 files changed, 42 insertions(+), 169 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontFace/FontDriver.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontFace/FontDriver.cs index 0df54c73fb4..fcfd2318393 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontFace/FontDriver.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontFace/FontDriver.cs @@ -258,8 +258,6 @@ private Uri SourceUri /// internal byte[] ComputeFontSubset(ICollection glyphs) { - SecurityHelper.DemandUnmanagedCode(); - int fileSize = _fileStream.Size; unsafe { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/DragDrop.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/DragDrop.cs index 710aa5d43ae..e97ec0e519d 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/DragDrop.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/DragDrop.cs @@ -464,7 +464,7 @@ public static DragDropEffects DoDragDrop(DependencyObject dragSource, object dat /// internal static void RegisterDropTarget(IntPtr windowHandle) { - if (SecurityHelper.CheckUnmanagedCodePermission() && windowHandle != IntPtr.Zero) + if (windowHandle != IntPtr.Zero) { // Create OleDragSource and call Ole DoDragDrop for starting DragDrop. OleDropTarget oleDropTarget = new OleDropTarget(windowHandle); @@ -485,7 +485,7 @@ internal static void RegisterDropTarget(IntPtr windowHandle) /// internal static void RevokeDropTarget(IntPtr windowHandle) { - if (SecurityHelper.CheckUnmanagedCodePermission() && windowHandle != IntPtr.Zero) + if (windowHandle != IntPtr.Zero) { // Call OLE RevokeDragDrop to revoke the droppable target window. OleServicesContext.CurrentOleServicesContext.OleRevokeDragDrop( diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs index d48577f7c02..1ac5551cdaf 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs @@ -760,30 +760,22 @@ void IComDataObject.GetData(ref FORMATETC formatetc, out STGMEDIUM medium) } else if ( ( formatetc.tymed & TYMED.TYMED_ISTREAM ) != 0 ) { - // Checking for the unmanaged code permission. - if ( SecurityHelper.CheckUnmanagedCodePermission() ) - { - medium.tymed = TYMED.TYMED_ISTREAM; + medium.tymed = TYMED.TYMED_ISTREAM; - IStream istream = null; - hr = Win32CreateStreamOnHGlobal(IntPtr.Zero, true /*deleteOnRelease*/, ref istream); - if ( NativeMethods.Succeeded(hr) ) - { - medium.unionmember = Marshal.GetComInterfaceForObject(istream, typeof(IStream)); - Marshal.ReleaseComObject(istream); + IStream istream = null; + hr = Win32CreateStreamOnHGlobal(IntPtr.Zero, true /*deleteOnRelease*/, ref istream); + if ( NativeMethods.Succeeded(hr) ) + { + medium.unionmember = Marshal.GetComInterfaceForObject(istream, typeof(IStream)); + Marshal.ReleaseComObject(istream); - hr = OleGetDataUnrestricted(ref formatetc, ref medium, false /* doNotReallocate */); + hr = OleGetDataUnrestricted(ref formatetc, ref medium, false /* doNotReallocate */); - if ( NativeMethods.Failed(hr) ) - { - Marshal.Release(medium.unionmember); - } + if ( NativeMethods.Failed(hr) ) + { + Marshal.Release(medium.unionmember); } } - else - { - hr = NativeMethods.E_FAIL; - } } else { @@ -1286,25 +1278,13 @@ internal static string[] GetMappedFormats(string format) || IsFormatEqual(format, DataFormats.StringFormat)) { string[] arrayFormats; - // we do this to block copy of the string synonym in partial trust because that - // requires elevations. This is more of a resource issue than anything else at this point. - // We might consider doing this in V2. - // Also we want to avoid making the serialization code non transparent. - if (SecurityHelper.CheckUnmanagedCodePermission()) - { - arrayFormats = new string[] { - DataFormats.Text, - DataFormats.UnicodeText, - DataFormats.StringFormat, - }; - } - else - { - arrayFormats = new string[] { - DataFormats.Text, - DataFormats.UnicodeText, - }; - } + + arrayFormats = new string[] { + DataFormats.Text, + DataFormats.UnicodeText, + DataFormats.StringFormat, + }; + return arrayFormats; } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/AppSecurityManager.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/AppSecurityManager.cs index 587c8546fc3..0926293c442 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/AppSecurityManager.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/AppSecurityManager.cs @@ -238,26 +238,7 @@ private static LaunchResult CanNavigateToUrlWithZoneCheck(Uri originatingUri, Ur // // For a - we will say there is no cross-domain check. // b - we'll assume InternetZone, and use Source. - - bool fTrusted = SecurityHelper.CheckUnmanagedCodePermission(); - - if (fTrusted) - { - return LaunchResult.Launched; - } - else - { - // - // If we didn't get a SourceUri, we'll assume internet zone. - // And use Source for the uri of origin. - // - // This isn't quite right - but the sourceUri is only used to show a message to the user. - // Worse case is confusing user experience. ( this uri is not used in the elevation determination). - // - - sourceZone = NativeMethods.URLZONE_INTERNET; - sourceUri = originatingUri; - } + return LaunchResult.Launched; } // diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Ink/ClipboardProcessor.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Ink/ClipboardProcessor.cs index 1eea3a7e6ce..9477c68ea05 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Ink/ClipboardProcessor.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Ink/ClipboardProcessor.cs @@ -323,15 +323,6 @@ internal IEnumerable PreferredFormats /// True if the copy is succeeded private bool CopySelectionInXAML(IDataObject dataObject, StrokeCollection strokes, List elements, Matrix transform, Size size) { - //NOTE: after meeting with the partial trust team, we have - //collectively decided to only allow copy / cut of XAML if the caller - //has unmanagedcode permission, else we silently ignore the XAML - if (!SecurityHelper.CheckUnmanagedCodePermission()) - { - return false; - } - else - { InkCanvas inkCanvas = new InkCanvas(); // NOTICE-2005/12/06-WAYNEZEN, @@ -397,7 +388,6 @@ private bool CopySelectionInXAML(IDataObject dataObject, StrokeCollection stroke } return inkCanvas != null; - } } private void TearDownInkCanvasContainer(InkCanvas rootInkCanvas, ref StrokeCollection newStrokes, ref List newElements) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Speller.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Speller.cs index ddb85b9555c..eb9f1615923 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Speller.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Speller.cs @@ -378,11 +378,7 @@ internal void OnDictionaryUriRemoved(Uri uri) } catch(Exception e) { - // we're catching exception only to dump debug data, then rethrow. - if (SecurityHelper.CheckUnmanagedCodePermission())//we're in full trust - { - System.Diagnostics.Trace.Write(string.Format(CultureInfo.InvariantCulture, "Unloading dictionary failed. Original Uri:{0}, file Uri:{1}, exception:{2}", uri.ToString(), info.PathUri.ToString(), e.ToString())); - } + System.Diagnostics.Trace.Write(string.Format(CultureInfo.InvariantCulture, "Unloading dictionary failed. Original Uri:{0}, file Uri:{1}, exception:{2}", uri.ToString(), info.PathUri.ToString(), e.ToString())); throw; } UriMap.Remove(uri); @@ -1616,11 +1612,7 @@ private void CleanupDictionaryTempFile(Uri tempLocationUri) } catch (Exception e) { - // we're catching exception only to dump debug data, then rethrow. - if (SecurityHelper.CheckUnmanagedCodePermission())//we're in full trust - { - System.Diagnostics.Trace.Write(string.Format(CultureInfo.InvariantCulture, "Failure to delete temporary file with custom dictionary data. file Uri:{0},exception:{1}", tempLocationUri.ToString(), e.ToString())); - } + System.Diagnostics.Trace.Write(string.Format(CultureInfo.InvariantCulture, "Failure to delete temporary file with custom dictionary data. file Uri:{0},exception:{1}", tempLocationUri.ToString(), e.ToString())); throw; } finally diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs index f12680b68dd..f0606a3820e 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs @@ -124,14 +124,6 @@ internal static DataObject _CreateDataObject(TextEditor This, bool isDragDrop) // We do this only if our content is rich if (This.AcceptsRichContent) { - // This ensures that in the confines of partial trust RTF is not enabled. - // We use unmanaged code permission over clipboard permission since - // the latter is available in intranet zone and this is something that will - // fail in intranet too. - if (SecurityHelper.CheckUnmanagedCodePermission()) - { - // In FullTrust we allow all rich formats on the clipboard - Stream wpfContainerMemory = null; // null wpfContainerMemory on entry means that container is optional // and will be not created when there is no images in the range. @@ -158,7 +150,6 @@ internal static DataObject _CreateDataObject(TextEditor This, bool isDragDrop) dataObject.SetData(DataFormats.Rtf, rtfText, true); } } - } // Add a CF_BITMAP if we have only one image selected. Image image = This.Selection.GetUIElementSelected() as Image; @@ -277,13 +268,10 @@ internal static string GetPasteApplyFormat(TextEditor This, IDataObject dataObje { string formatToApply; - // Currently we won't allow DataFormats.Xaml on the partial trust. // GetDataPresent(DataFormats.Xaml)have a chance to register Xaml format // by calling the unmanaged code which is RegisterClipboardFormat. - bool hasUnmanagedCodePermission = SecurityHelper.CheckUnmanagedCodePermission(); - - if (This.AcceptsRichContent && hasUnmanagedCodePermission && dataObject.GetDataPresent(DataFormats.XamlPackage)) + if (This.AcceptsRichContent && dataObject.GetDataPresent(DataFormats.XamlPackage)) { formatToApply = DataFormats.XamlPackage; } @@ -291,7 +279,7 @@ internal static string GetPasteApplyFormat(TextEditor This, IDataObject dataObje { formatToApply = DataFormats.Xaml; } - else if (This.AcceptsRichContent && hasUnmanagedCodePermission && dataObject.GetDataPresent(DataFormats.Rtf)) + else if (This.AcceptsRichContent && dataObject.GetDataPresent(DataFormats.Rtf)) { formatToApply = DataFormats.Rtf; } @@ -303,7 +291,7 @@ internal static string GetPasteApplyFormat(TextEditor This, IDataObject dataObje { formatToApply = DataFormats.Text; } - else if (This.AcceptsRichContent && hasUnmanagedCodePermission && dataObject is DataObject && ((DataObject)dataObject).ContainsImage()) + else if (This.AcceptsRichContent && dataObject is DataObject && ((DataObject)dataObject).ContainsImage()) { formatToApply = DataFormats.Bitmap; } @@ -790,12 +778,9 @@ private static bool PasteContentData(TextEditor This, IDataObject dataObject, ID // CF_BITMAP - pasting a single image. if (formatToApply == DataFormats.Bitmap && dataObjectToApply is DataObject) { - // This demand is present to explicitly disable RTF independant of any - // asserts in the confines of partial trust // We check unmanaged code instead of all clipboard because in paste // there is a high level assert for all clipboard in commandmanager.cs - if (This.AcceptsRichContent && This.Selection is TextSelection && - SecurityHelper.CheckUnmanagedCodePermission()) + if (This.AcceptsRichContent && This.Selection is TextSelection) { System.Windows.Media.Imaging.BitmapSource bitmapSource = GetPasteData(dataObjectToApply, DataFormats.Bitmap) as System.Windows.Media.Imaging.BitmapSource; @@ -814,12 +799,9 @@ private static bool PasteContentData(TextEditor This, IDataObject dataObject, ID if (formatToApply == DataFormats.XamlPackage) { - // This demand is present to explicitly disable RTF independant of any - // asserts in the confines of partial trust // We check unmanaged code instead of all clipboard because in paste // there is a high level assert for all clipboard in commandmanager.cs - if (This.AcceptsRichContent && This.Selection is TextSelection && - SecurityHelper.CheckUnmanagedCodePermission()) + if (This.AcceptsRichContent && This.Selection is TextSelection) { object pastedData = GetPasteData(dataObjectToApply, DataFormats.XamlPackage); @@ -845,7 +827,7 @@ private static bool PasteContentData(TextEditor This, IDataObject dataObject, ID { formatToApply = DataFormats.Xaml; } - else if (SecurityHelper.CheckUnmanagedCodePermission() && dataObjectToApply.GetDataPresent(DataFormats.Rtf)) + else if (dataObjectToApply.GetDataPresent(DataFormats.Rtf)) { formatToApply = DataFormats.Rtf; } @@ -873,7 +855,7 @@ private static bool PasteContentData(TextEditor This, IDataObject dataObject, ID // Fall to Rtf: dataObjectToApply = dataObject; // go back to source data object - if (SecurityHelper.CheckUnmanagedCodePermission() && dataObjectToApply.GetDataPresent(DataFormats.Rtf)) + if (dataObjectToApply.GetDataPresent(DataFormats.Rtf)) { formatToApply = DataFormats.Rtf; } @@ -893,7 +875,7 @@ private static bool PasteContentData(TextEditor This, IDataObject dataObject, ID // asserts in the confines of partial trust // We check unmanaged code instead of all clipboard because in paste // there is a high level assert for all clipboard in commandmanager.cs - if (This.AcceptsRichContent && SecurityHelper.CheckUnmanagedCodePermission()) + if (This.AcceptsRichContent) { object pastedData = GetPasteData(dataObjectToApply, DataFormats.Rtf); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorDragDrop.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorDragDrop.cs index 5d1e6919a63..395e9bc6e7d 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorDragDrop.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorDragDrop.cs @@ -157,10 +157,7 @@ internal void DoMouseLeftButtonUp(MouseButtonEventArgs e) // Returns true if drag is in progress internal bool SourceOnMouseMove(Point mouseMovePoint) { - // Not allow the initiating DragDrop operation without the unmanaged code permission. - // We chose to use this over clipboard because this was causing issues in LocalIntranet - // which has similar restrictions as internet but has clipboard permission - if (!_dragStarted || !SecurityHelper.CheckUnmanagedCodePermission()) + if (!_dragStarted) { return false; // false means that drag is not involved at all - selection extension should continue } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextRangeBase.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextRangeBase.cs index c39d5b54e5b..ffc27de86f1 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextRangeBase.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextRangeBase.cs @@ -1488,8 +1488,7 @@ internal static bool CanSave(ITextRange thisRange, string dataFormat) bool canSave = ( dataFormat == DataFormats.Text || dataFormat == DataFormats.Xaml || - (SecurityHelper.CheckUnmanagedCodePermission() && ( - dataFormat == DataFormats.XamlPackage || + ((dataFormat == DataFormats.XamlPackage || dataFormat == DataFormats.Rtf))); return canSave; @@ -1502,8 +1501,7 @@ internal static bool CanLoad(ITextRange thisRange, string dataFormat) bool canLoad = ( dataFormat == DataFormats.Text || dataFormat == DataFormats.Xaml || - (SecurityHelper.CheckUnmanagedCodePermission() && ( - dataFormat == DataFormats.XamlPackage || + ((dataFormat == DataFormats.XamlPackage || dataFormat == DataFormats.Rtf))); return canLoad; @@ -1538,13 +1536,13 @@ internal static void Save(ITextRange thisRange, Stream stream, string dataFormat TextRangeSerialization.WriteXaml(xamlXmlWriter, thisRange, /*useFlowDocumentAsRoot:*/false, /*wpfPayload:*/null, preserveTextElements); xamlXmlWriter.Flush(); } - else if (dataFormat == DataFormats.XamlPackage && SecurityHelper.CheckUnmanagedCodePermission()) + else if (dataFormat == DataFormats.XamlPackage) { // Non-null stream here means unconditional request to create a WPF package for the range // independently whether there are images in it or not. WpfPayload.SaveRange(thisRange, ref stream, /*useFlowDocumentAsRoot:*/false, preserveTextElements); } - else if (dataFormat == DataFormats.Rtf && SecurityHelper.CheckUnmanagedCodePermission()) + else if (dataFormat == DataFormats.Rtf) { Stream wpfPayloadMemory = null; // Passing null as a wpfPayloadStream we allow to not create wpf package @@ -1594,7 +1592,7 @@ internal static void Load(TextRange thisRange, Stream stream, string dataFormat) string xamlText = xamlStreamReader.ReadToEnd(); thisRange.Xml = xamlText; } - else if (dataFormat == DataFormats.XamlPackage && SecurityHelper.CheckUnmanagedCodePermission()) + else if (dataFormat == DataFormats.XamlPackage) { object element = WpfPayload.LoadElement(stream); if (!(element is Section) && !(element is Span)) @@ -1603,7 +1601,7 @@ internal static void Load(TextRange thisRange, Stream stream, string dataFormat) } thisRange.SetXmlVirtual((TextElement)element); } - else if (dataFormat == DataFormats.Rtf && SecurityHelper.CheckUnmanagedCodePermission()) + else if (dataFormat == DataFormats.Rtf) { // Need to use streams instead of intrermediate strings StreamReader rtfStreamReader = new StreamReader(stream); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextRangeSerialization.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextRangeSerialization.cs index 73b9a2cb0a0..8204a6ded3a 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextRangeSerialization.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextRangeSerialization.cs @@ -1063,19 +1063,6 @@ private static bool IsPropertyKnown(DependencyProperty propertyToTest, Dependenc /// private static void WriteComplexProperties(XmlWriter xmlWriter, DependencyObject complexProperties, Type elementType) { - if (!SecurityHelper.CheckUnmanagedCodePermission()) - { - // In partial trust, we cannot serialize any complex properties because - // XamlWriter.Save demands UnmanagedCodePermission. - // - // If we're in PT, drop the properties. - // - // If you're here debugging a lost complex property, consider adding - // code to DPTypeDescriptorContext to convert the complex property - // into a non-complex property, or consider modifying XamlWriter.Save. - return; - } - LocalValueEnumerator properties = complexProperties.GetLocalValueEnumerator(); properties.Reset(); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextTreeDeleteContentUndoUnit.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextTreeDeleteContentUndoUnit.cs index e007ddc2289..e4a53e13d70 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextTreeDeleteContentUndoUnit.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextTreeDeleteContentUndoUnit.cs @@ -255,21 +255,11 @@ private TextTreeNode CopyTextNode(TextTreeTextNode textNode, TextTreeNode haltNo /// private TextTreeNode CopyObjectNode(TextTreeObjectNode objectNode, out ContentContainer container) { - // XamlWriter.Save demands unmanaged code permission. Since it's not safe to assert - // here as custom type converters and value serializers can potentially execute - // arbitrary code, we block the call to XamlWriter.Save in partial trust. - if (SecurityHelper.CheckUnmanagedCodePermission()) - { - string xml; + string xml; - xml = XamlWriter.Save(objectNode.EmbeddedElement); + xml = XamlWriter.Save(objectNode.EmbeddedElement); - container = new ObjectContentContainer(xml, objectNode.EmbeddedElement); - } - else - { - container = new ObjectContentContainer(null, null); - } + container = new ObjectContentContainer(xml, objectNode.EmbeddedElement); return (TextTreeNode)objectNode.GetNextNode(); } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Navigation/NavigationService.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Navigation/NavigationService.cs index 16b6b7200bb..09e2ee15321 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Navigation/NavigationService.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Navigation/NavigationService.cs @@ -2967,11 +2967,6 @@ private void GetObjectFromResponse(WebRequest request, WebResponse response, Uri NavigateInfo navigateInfo = navState as NavigateInfo; bool sandBoxContent = SandboxExternalContent && (! BaseUriHelper.IsPackApplicationUri(destinationUri)) && MimeTypeMapper.XamlMime.AreTypeAndSubTypeEqual(contentType); - // this code path is disabled in partial trust because it currently violates P3P - if (sandBoxContent == true && !SecurityHelper.CheckUnmanagedCodePermission()) - { - sandBoxContent = false; - } // BindStream overrides Read() and calls icc.OnNavigationProgress every 1k byte read BindStream bindStream = new BindStream(s, contentLength, cleanSource, (IContentContainer)this, Dispatcher.CurrentDispatcher); diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index 751b753f925..004be4d5995 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -76,19 +76,6 @@ internal static class SecurityHelper #if REACHFRAMEWORK #else #endif - internal static bool CheckUnmanagedCodePermission() - { - try - { - SecurityHelper.DemandUnmanagedCode(); - } - catch(SecurityException ) - { - return false ; - } - - return true; - } internal static void DemandUnmanagedCode() { @@ -105,11 +92,7 @@ internal static void DemandUnmanagedCode() internal static void ThrowExceptionIfSettingTrueInPartialTrust(ref bool value) { - if (value == true && !SecurityHelper.CheckUnmanagedCodePermission()) - { - value = false; - throw new SecurityException(SR.Get(SRID.SecurityExceptionForSettingSandboxExternalToTrue)); - } + } internal static void DemandWebBrowserPermission() From f2b483d60a3c205dc62354cc900e2ce3068bcd0d Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 08:44:28 -0700 Subject: [PATCH 06/21] removed SecurityHelper.DemandUnmanagedCode --- .../MS/internal/MediaTrace.cs | 6 ---- .../System/Windows/DataFormats.cs | 3 -- .../System/Windows/DragDrop.cs | 3 -- .../System/Windows/Ink/GestureRecognizer.cs | 6 ---- .../System/Windows/Input/DefaultTextStore.cs | 2 -- .../System/Windows/Input/InputMethod.cs | 1 - .../Input/Stylus/Common/RawStylusInput.cs | 5 +--- .../System/Windows/InterOp/D3DImage.cs | 3 -- .../Windows/InterOp/HwndMouseInputProvider.cs | 1 - .../System/Windows/InterOp/HwndSource.cs | 5 ---- .../System/Windows/InterOp/Imaging.cs | 3 -- .../System/Windows/Media/GlyphTypeface.cs | 1 - .../Windows/Media/Imaging/BitmapDecoder.cs | 15 ---------- .../Windows/Media/Imaging/BitmapSource.cs | 1 - .../Media/Imaging/InteropBitmapSource.cs | 4 --- .../Windows/Media/Imaging/WriteableBitmap.cs | 3 -- .../System/Windows/clipboard.cs | 1 - .../System/Windows/dataobject.cs | 4 --- .../Internal/AppModel/AppSecurityManager.cs | 1 - .../MS/Internal/AppModel/XappLauncher.cs | 2 -- .../MS/Internal/IO/Packaging/ManagedFilter.cs | 1 - .../System/Windows/Application.cs | 1 - .../Windows/Controls/Primitives/Popup.cs | 3 -- .../System/Windows/Controls/WebBrowser.cs | 1 - .../System/Windows/Documents/TextStore.cs | 2 -- .../Windows/Interop/BrowserInteropHelper.cs | 1 - .../System/Windows/Interop/HwndHost.cs | 4 --- .../Markup/Primitives/ElementMarkupObject.cs | 5 ---- .../System/Windows/Markup/XamlWriter.cs | 25 ++++------------ .../System/Windows/MessageBox.cs | 4 --- .../System/Windows/SystemParameters.cs | 30 ------------------- .../System/Windows/Window.cs | 4 --- .../Serialization/VisualTreeFlattener.cs | 1 - .../src/Shared/MS/Internal/SecurityHelper.cs | 16 ---------- .../Shared/MS/Win32/ManagedWndProcTracker.cs | 2 -- .../src/Shared/MS/Win32/SafeSystemMetrics.cs | 2 -- 36 files changed, 6 insertions(+), 166 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/MediaTrace.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/MediaTrace.cs index b1122e6d5e4..abfd20083f9 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/MediaTrace.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/MediaTrace.cs @@ -65,12 +65,6 @@ static MediaTrace() // QueueItems.Enable(); Statistics.Enable(); -#if !DEBUG - // if somehow this code gets enabled in retail. Do a demand. - // - SecurityHelper.DemandUnmanagedCode(); -#endif - #if DEBUG // // We are asserting on startup path. Very bad from a perf perspective. diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/DataFormats.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/DataFormats.cs index 5e258a99778..281d75c367f 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/DataFormats.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/DataFormats.cs @@ -101,9 +101,6 @@ public static DataFormat GetDataFormat(string format) } } - // In the most cases the default formats return earlier. If we got here - // then this is an attempt to register a new format which is not ok in partial trust. - SecurityHelper.DemandUnmanagedCode(); // Reigster the this format string. formatId = UnsafeNativeMethods.RegisterClipboardFormat(format); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/DragDrop.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/DragDrop.cs index e97ec0e519d..5219d343b6e 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/DragDrop.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/DragDrop.cs @@ -379,9 +379,6 @@ public static DragDropEffects DoDragDrop(DependencyObject dragSource, object dat { DataObject dataObject; - // Demand the unmanaged code permission to initiate DragDrop operation. - SecurityHelper.DemandUnmanagedCode(); - if (dragSource == null) { throw new ArgumentNullException("dragSource"); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Ink/GestureRecognizer.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Ink/GestureRecognizer.cs index e9a480ebb98..8243929f74c 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Ink/GestureRecognizer.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Ink/GestureRecognizer.cs @@ -149,12 +149,6 @@ public ReadOnlyCollection GetEnabledGestures() /// Callers must have UnmanagedCode permission to call this API. public ReadOnlyCollection Recognize(StrokeCollection strokes) { - // - // due to possible exploits in the Tablet PC Gesture recognizer's Recognize method, - // we demand unmanaged code. - // - SecurityHelper.DemandUnmanagedCode(); - return RecognizeImpl(strokes); } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/DefaultTextStore.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/DefaultTextStore.cs index 7a17e6b5bce..a8ca5a188a9 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/DefaultTextStore.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/DefaultTextStore.cs @@ -134,7 +134,6 @@ public void OnEndComposition(UnsafeNativeMethods.ITfCompositionView view) // This is the notification of the changes of the result string and the composition string. public void OnTransitoryExtensionUpdated(UnsafeNativeMethods.ITfContext context, int ecReadOnly, UnsafeNativeMethods.ITfRange rangeResult, UnsafeNativeMethods.ITfRange rangeComposition, out bool fDeleteResultRange) { - SecurityHelper.DemandUnmanagedCode(); fDeleteResultRange = true; @@ -273,7 +272,6 @@ internal UnsafeNativeMethods.ITfDocumentMgr TransitoryDocumentManager { get { - SecurityHelper.DemandUnmanagedCode(); UnsafeNativeMethods.ITfDocumentMgr doc; UnsafeNativeMethods.ITfCompartmentMgr compartmentMgr; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputMethod.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputMethod.cs index d0504310a3a..42374eeed72 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputMethod.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputMethod.cs @@ -1696,7 +1696,6 @@ private static IntPtr HwndFromInputElement(IInputElement element) /// private UnsafeNativeMethods.ITfFunctionProvider GetFunctionPrvForCurrentKeyboardTIP(out UnsafeNativeMethods.TF_LANGUAGEPROFILE tf_profile) { - SecurityHelper.DemandUnmanagedCode(); // Get the profile info structre of the current active keyboard TIP. tf_profile = GetCurrentKeybordTipProfile(); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Stylus/Common/RawStylusInput.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Stylus/Common/RawStylusInput.cs index f79b2fd3b2d..75747e95572 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Stylus/Common/RawStylusInput.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Stylus/Common/RawStylusInput.cs @@ -107,10 +107,7 @@ internal StylusPointCollection GetStylusPoints(GeneralTransform transform) /// /// stylusPoints public void SetStylusPoints(StylusPointCollection stylusPoints) - { - // To modify the points we require Unmanaged code permission. - SecurityHelper.DemandUnmanagedCode(); - + { if (null == stylusPoints) { throw new ArgumentNullException("stylusPoints"); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/D3DImage.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/D3DImage.cs index 5aa8315ba89..ebafd061dde 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/D3DImage.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/D3DImage.cs @@ -69,7 +69,6 @@ public D3DImage() : this(96.0, 96.0) /// public D3DImage(double dpiX, double dpiY) { - SecurityHelper.DemandUnmanagedCode(); if (dpiX < 0) { @@ -144,7 +143,6 @@ public void SetBackBuffer(D3DResourceType backBufferType, IntPtr backBuffer) /// public void SetBackBuffer(D3DResourceType backBufferType, IntPtr backBuffer, bool enableSoftwareFallback) { - SecurityHelper.DemandUnmanagedCode(); WritePreamble(); @@ -537,7 +535,6 @@ protected override void GetCurrentValueAsFrozenCore(Freezable sourceFreezable) /// protected internal virtual BitmapSource CopyBackBuffer() { - SecurityHelper.DemandUnmanagedCode(); BitmapSource copy = null; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/HwndMouseInputProvider.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/HwndMouseInputProvider.cs index 71b2ba26e9e..b6620415d79 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/HwndMouseInputProvider.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/HwndMouseInputProvider.cs @@ -222,7 +222,6 @@ void IMouseInputProvider.ReleaseMouseCapture() /// Count of points if succeeded , -1 if error int IMouseInputProvider.GetIntermediatePoints(IInputElement relativeTo, Point[] points) { - SecurityHelper.DemandUnmanagedCode(); int cpt = -1; try diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/HwndSource.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/HwndSource.cs index 08b13f63f12..7cc407beec7 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/HwndSource.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/HwndSource.cs @@ -1967,7 +1967,6 @@ IKeyboardInputSite IKeyboardInputSink.RegisterKeyboardInputSink(IKeyboardInputSi /// protected virtual bool TranslateAcceleratorCore(ref MSG msg, ModifierKeys modifiers) { - SecurityHelper.DemandUnmanagedCode(); // VerifyAccess(); return CriticalTranslateAccelerator(ref msg, modifiers); @@ -2033,13 +2032,11 @@ protected IKeyboardInputSite KeyboardInputSiteCore { get { - SecurityHelper.DemandUnmanagedCode(); return _keyboardInputSite; } set { - SecurityHelper.DemandUnmanagedCode(); _keyboardInputSite = value; } @@ -2069,7 +2066,6 @@ IKeyboardInputSite IKeyboardInputSink.KeyboardInputSite protected virtual bool OnMnemonicCore(ref MSG msg, ModifierKeys modifiers) { // VerifyAccess(); - SecurityHelper.DemandUnmanagedCode(); switch((WindowMessage)msg.message) { case WindowMessage.WM_SYSCHAR: @@ -2160,7 +2156,6 @@ bool IKeyboardInputSink.OnMnemonic(ref MSG msg, ModifierKeys modifiers) /// protected virtual bool TranslateCharCore(ref MSG msg, ModifierKeys modifiers) { - SecurityHelper.DemandUnmanagedCode(); if(HasFocus || IsInExclusiveMenuMode) return false; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/Imaging.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/Imaging.cs index b787883fe12..598e80e4b7f 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/Imaging.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/Imaging.cs @@ -39,7 +39,6 @@ unsafe public static BitmapSource CreateBitmapSourceFromHBitmap( Int32Rect sourceRect, BitmapSizeOptions sizeOptions) { - SecurityHelper.DemandUnmanagedCode(); return CriticalCreateBitmapSourceFromHBitmap(bitmap, palette, sourceRect, sizeOptions, WICBitmapAlphaChannelOption.WICBitmapUseAlpha); } @@ -81,7 +80,6 @@ unsafe public static BitmapSource CreateBitmapSourceFromHIcon( Int32Rect sourceRect, BitmapSizeOptions sizeOptions) { - SecurityHelper.DemandUnmanagedCode(); if (icon == IntPtr.Zero) { @@ -111,7 +109,6 @@ unsafe public static BitmapSource CreateBitmapSourceFromMemorySection( int stride, int offset) { - SecurityHelper.DemandUnmanagedCode(); if (section == IntPtr.Zero) { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/GlyphTypeface.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/GlyphTypeface.cs index 2c8dabb84c3..8f4244a3dd6 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/GlyphTypeface.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/GlyphTypeface.cs @@ -251,7 +251,6 @@ public Geometry GetGlyphOutline(ushort glyphIndex, double renderingEmSize, doubl [CLSCompliant(false)] public byte[] ComputeSubset(ICollection glyphs) { - SecurityHelper.DemandUnmanagedCode(); DemandPermissionsForFontInformation(); CheckInitialized(); // This can only be called on fully initialized GlyphTypeface diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs index d0347b28a49..e25c1ac699b 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs @@ -1253,21 +1253,6 @@ out decoder string decoderMimeTypes; clsId = GetCLSIDFromDecoder(decoderHandle, out decoderMimeTypes); - // If the mime type of the file does not match the associated decoder, - // and if we are in a Partial trust scenario, throw! - if ((mimeType != String.Empty) && - (decoderMimeTypes.IndexOf(mimeType, StringComparison.OrdinalIgnoreCase) == -1)) - { - try - { - SecurityHelper.DemandUnmanagedCode(); - } - catch(SecurityException) - { - throw new ArgumentException(SR.Get(SRID.Image_ContentTypeDoesNotMatchDecoder)); - } - } - return decoderHandle; } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapSource.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapSource.cs index 634e62fabe1..4ffca56222f 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapSource.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapSource.cs @@ -97,7 +97,6 @@ unsafe public static BitmapSource Create( int stride ) { - SecurityHelper.DemandUnmanagedCode(); return new CachedBitmap( pixelWidth, pixelHeight, diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/InteropBitmapSource.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/InteropBitmapSource.cs index 7f76c07e26e..a34c942df2f 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/InteropBitmapSource.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/InteropBitmapSource.cs @@ -41,7 +41,6 @@ public sealed class InteropBitmap : BitmapSource /// private InteropBitmap() : base(true) { - SecurityHelper.DemandUnmanagedCode(); } /// @@ -87,7 +86,6 @@ internal InteropBitmap(IntPtr hbitmap, IntPtr hpalette, Int32Rect sourceRect, Bi internal InteropBitmap(IntPtr hicon, Int32Rect sourceRect, BitmapSizeOptions sizeOptions) : base(true) // Use virtuals { - SecurityHelper.DemandUnmanagedCode(); _bitmapInit.BeginInit(); @@ -128,7 +126,6 @@ internal InteropBitmap( int offset) : base(true) // Use virtuals { - SecurityHelper.DemandUnmanagedCode(); _bitmapInit.BeginInit(); if (pixelWidth <= 0) @@ -284,7 +281,6 @@ public void Invalidate() /// public void Invalidate(Int32Rect? dirtyRect) { - SecurityHelper.DemandUnmanagedCode(); // A null dirty rect indicates the entire bitmap should be // invalidated, while a value indicates that only a dirty rect diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/WriteableBitmap.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/WriteableBitmap.cs index af1c1da48c0..0f187288c31 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/WriteableBitmap.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/WriteableBitmap.cs @@ -374,7 +374,6 @@ public void WritePixels( int destinationY ) { - SecurityHelper.DemandUnmanagedCode(); WritePreamble(); WritePixelsImpl(sourceRect, @@ -455,7 +454,6 @@ public unsafe void WritePixels( int stride ) { - SecurityHelper.DemandUnmanagedCode(); WritePreamble(); if (bufferSize < 1) @@ -1465,7 +1463,6 @@ public IntPtr BackBuffer { get { - SecurityHelper.DemandUnmanagedCode(); ReadPreamble(); return _backBuffer; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs index 263e78d3411..0d329032b91 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs @@ -531,7 +531,6 @@ internal static void CriticalSetDataObject(object data, bool copy) } else if (data is IComDataObject) { - SecurityHelper.DemandUnmanagedCode(); dataObject = (IComDataObject)data; } else diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs index 1ac5551cdaf..4e3ace68f34 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs @@ -1187,7 +1187,6 @@ internal static IntPtr Win32SelectObject(HandleRef handleDC, IntPtr handleObject /// internal static void Win32DeleteObject(HandleRef handleDC) { - SecurityHelper.DemandUnmanagedCode(); UnsafeNativeMethods.DeleteObject(handleDC); } @@ -1409,7 +1408,6 @@ private bool GetTymedUseable(TYMED tymed) private IntPtr GetCompatibleBitmap(object data) { - SecurityHelper.DemandUnmanagedCode(); IntPtr hBitmap; IntPtr hBitmapNew; @@ -2267,7 +2265,6 @@ private static object EnsureBitmapDataFromFormat(string format, bool autoConvert // Data is BitmapSource, but have the mismatched System.Drawing.Bitmap format if (autoConvert) { - SecurityHelper.DemandUnmanagedCode(); // Convert data from BitmapSource to SystemDrawingBitmap bitmapData = SystemDrawingHelper.GetBitmap(data); @@ -2672,7 +2669,6 @@ public IComDataObject OleDataObject { get { - SecurityHelper.DemandUnmanagedCode(); return _innerData; } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/AppSecurityManager.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/AppSecurityManager.cs index 0926293c442..d8c6e1c4e69 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/AppSecurityManager.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/AppSecurityManager.cs @@ -58,7 +58,6 @@ internal static void SafeLaunchBrowserDemandWhenUnsafe(Uri originatingUri, Uri d launched = SafeLaunchBrowserOnlyIfPossible(originatingUri, destinationUri, fIsTopLevel); if (launched == LaunchResult.NotLaunched) { - SecurityHelper.DemandUnmanagedCode(); UnsafeLaunchBrowser(destinationUri); } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/XappLauncher.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/XappLauncher.cs index 01dbfe32b45..d5ee241d13a 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/XappLauncher.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/XappLauncher.cs @@ -274,7 +274,6 @@ private object DoDirectActivation(object unused) private bool ExecuteDirectApplication() { - SecurityHelper.DemandUnmanagedCode(); _runApplication = false; try @@ -1010,7 +1009,6 @@ private object GetWinFX(object unused) { bool frameworkActivated = false; - SecurityHelper.DemandUnmanagedCode(); // Order matters newer OS versions should be tested before older OS versions if (OperatingSystemVersionCheck.IsVersionOrLater(OperatingSystemVersion.Windows8)) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/IO/Packaging/ManagedFilter.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/IO/Packaging/ManagedFilter.cs index d38c60df2eb..f15044234a1 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/IO/Packaging/ManagedFilter.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/IO/Packaging/ManagedFilter.cs @@ -117,7 +117,6 @@ internal ManagedPropSpec(uint id) /// internal ManagedPropSpec(PROPSPEC propSpec) { - SecurityHelper.DemandUnmanagedCode(); // Assign to properties rather than fields to ensure consistency through side-effects. switch ((PropSpecType)propSpec.propType) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Application.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Application.cs index 191b943c75e..ca3e331ebbd 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Application.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Application.cs @@ -2131,7 +2131,6 @@ private bool WmQueryEndSession(IntPtr lParam, ref IntPtr refInt) } else { - SecurityHelper.DemandUnmanagedCode(); refInt = IntPtr.Zero; // we have handled the event DefWndProc will not be called for this msg diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/Primitives/Popup.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/Primitives/Popup.cs index 247a1be5c22..7c73e6cf136 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/Primitives/Popup.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/Primitives/Popup.cs @@ -3203,9 +3203,6 @@ private IntPtr GetLastWebOCHwnd() internal void SetHitTestable(bool hitTestable) { - // demands unmanaged code permission. it's risky to take this demand out. - if (! IsChildPopup) - SecurityHelper.DemandUnmanagedCode(); // get the window handle IntPtr handle = Handle; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs index 307728b1157..e04f53ad1c3 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs @@ -497,7 +497,6 @@ public object Document { VerifyAccess(); - SecurityHelper.DemandUnmanagedCode(); return AxIWebBrowser2.Document; } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextStore.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextStore.cs index 50e98e9b0c5..891147d08d4 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextStore.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextStore.cs @@ -780,7 +780,6 @@ public void GetActiveView(out int viewCookie) // See msdn's ITextStoreACP documentation for a full description. public void GetACPFromPoint(int viewCookie, ref UnsafeNativeMethods.POINT tsfPoint, UnsafeNativeMethods.GetPositionFromPointFlags flags, out int positionCP) { - SecurityHelper.DemandUnmanagedCode(); PresentationSource source; IWin32Window win32Window; @@ -2371,7 +2370,6 @@ private static UnsafeNativeMethods.RECT TransformRootRectToScreenCoordinates(Poi // Insert InkInteropObject at the position. private void InsertEmbeddedAtPosition(TextPointer position, IComDataObject data, out UnsafeNativeMethods.TS_TEXTCHANGE change) { - SecurityHelper.DemandUnmanagedCode(); ITextContainer container; // Get enhanced metafile handle from IOleDataObject. diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/BrowserInteropHelper.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/BrowserInteropHelper.cs index b8bea5c7c05..ee6c21d47d2 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/BrowserInteropHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/BrowserInteropHelper.cs @@ -46,7 +46,6 @@ public static object ClientSite { get { - SecurityHelper.DemandUnmanagedCode(); object oleClientSite = null; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/HwndHost.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/HwndHost.cs index 4fb3dbf76a2..cab1c0666b2 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/HwndHost.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/HwndHost.cs @@ -79,7 +79,6 @@ public IntPtr Handle { get { - SecurityHelper.DemandUnmanagedCode(); return CriticalHandle; } @@ -93,7 +92,6 @@ public event HwndSourceHook MessageHook { add { - SecurityHelper.DemandUnmanagedCode(); if(_hooks == null) { @@ -105,7 +103,6 @@ public event HwndSourceHook MessageHook remove { - SecurityHelper.DemandUnmanagedCode(); if(_hooks != null) { @@ -854,7 +851,6 @@ private void DemandIfUntrusted() { if ( ! _fTrusted.Value ) { - SecurityHelper.DemandUnmanagedCode(); } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/Primitives/ElementMarkupObject.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/Primitives/ElementMarkupObject.cs index c710af3aace..0b77e4e4603 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/Primitives/ElementMarkupObject.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/Primitives/ElementMarkupObject.cs @@ -362,11 +362,6 @@ private static void CacheShouldSerializeMethod(ShouldSerializeKey key, MethodInf private bool TryGetConstructorInfoArguments(object instance, out ParameterInfo[] parameters, out ICollection arguments) { - // InstanceDescriptor and ConstructorInfo are protected from use in partial trust by a link demand - // Accessing it from a non private method defeats this protection so we trigger a full demand - // for Unmanaged Code which we consider an equivalent privilage level to full trust - MS.Internal.SecurityHelper.DemandUnmanagedCode(); - // Detect if the instance should be constructed using constructor parameters by // seeing if it can be converted to an instance descriptor that uses a constructor. TypeConverter converter = TypeDescriptor.GetConverter(instance); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlWriter.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlWriter.cs index 804470afea3..c3416404ae0 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlWriter.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlWriter.cs @@ -52,10 +52,7 @@ public static class XamlWriter /// This API requires unmanaged code permission /// public static string Save(object obj) - { - // Must be in full trust - SecurityHelper.DemandUnmanagedCode(); - + { // Validate input arguments if (obj == null) { @@ -93,10 +90,7 @@ public static string Save(object obj) /// This API requires unmanaged code permission /// public static void Save(object obj, TextWriter writer) - { - // Must be in full trust - SecurityHelper.DemandUnmanagedCode(); - + { // Validate input arguments if (obj == null) { @@ -127,10 +121,7 @@ public static void Save(object obj, TextWriter writer) /// This API requires unmanaged code permission /// public static void Save(object obj, Stream stream) - { - // Must be in full trust - SecurityHelper.DemandUnmanagedCode(); - + { // Validate input arguments if (obj == null) { @@ -163,10 +154,7 @@ public static void Save(object obj, Stream stream) /// This API requires unmanaged code permission /// public static void Save(object obj, XmlWriter xmlWriter) - { - // Must be in full trust - SecurityHelper.DemandUnmanagedCode(); - + { // Validate input arguments if (obj == null) { @@ -202,10 +190,7 @@ public static void Save(object obj, XmlWriter xmlWriter) /// This API requires unmanaged code permission /// public static void Save(object obj, XamlDesignerSerializationManager manager) - { - // Must be in full trust - SecurityHelper.DemandUnmanagedCode(); - + { // Validate input arguments if (obj == null) { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/MessageBox.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/MessageBox.cs index ec188b24323..b6a7a62728c 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/MessageBox.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/MessageBox.cs @@ -378,10 +378,6 @@ internal static MessageBoxResult ShowCore( if ( (options & (MessageBoxOptions.ServiceNotification | MessageBoxOptions.DefaultDesktopOnly)) != 0) { - // Demand UnmangedCode permissions if using ServiceNotification/DefaultDesktopOnly. - // Details in DevDiv 163043. - SecurityHelper.DemandUnmanagedCode(); - if (owner != IntPtr.Zero) { throw new ArgumentException(SR.Get(SRID.CantShowMBServiceWithOwner)); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/SystemParameters.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/SystemParameters.cs index d3605bfdae1..737830af14b 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/SystemParameters.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/SystemParameters.cs @@ -2527,7 +2527,6 @@ public static double FullPrimaryScreenWidth { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.FullPrimaryScreenWidth]) @@ -2551,7 +2550,6 @@ public static double FullPrimaryScreenHeight { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.FullPrimaryScreenHeight]) @@ -2715,7 +2713,6 @@ public static double MaximizedPrimaryScreenWidth { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.MaximizedPrimaryScreenWidth]) @@ -2739,7 +2736,6 @@ public static double MaximizedPrimaryScreenHeight { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.MaximizedPrimaryScreenHeight]) @@ -2763,7 +2759,6 @@ public static double MaximumWindowTrackWidth { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.MaximumWindowTrackWidth]) @@ -2787,7 +2782,6 @@ public static double MaximumWindowTrackHeight { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.MaximumWindowTrackHeight]) @@ -2891,7 +2885,6 @@ public static double MinimumWindowWidth { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.MinimumWindowWidth]) @@ -2915,7 +2908,6 @@ public static double MinimumWindowHeight { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.MinimumWindowHeight]) @@ -2939,7 +2931,6 @@ public static double MinimizedWindowWidth { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.MinimizedWindowWidth]) @@ -2963,7 +2954,6 @@ public static double MinimizedWindowHeight { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.MinimizedWindowHeight]) @@ -3027,7 +3017,6 @@ public static double MinimumWindowTrackWidth { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.MinimumWindowTrackWidth]) @@ -3051,7 +3040,6 @@ public static double MinimumWindowTrackHeight { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.MinimumWindowTrackHeight]) @@ -3116,7 +3104,6 @@ public static double WindowCaptionButtonWidth { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.WindowCaptionButtonWidth]) @@ -3281,7 +3268,6 @@ public static double VirtualScreenWidth { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.VirtualScreenWidth]) @@ -3305,7 +3291,6 @@ public static double VirtualScreenHeight { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.VirtualScreenHeight]) @@ -3370,7 +3355,6 @@ public static double WindowCaptionHeight { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.WindowCaptionHeight]) @@ -3395,7 +3379,6 @@ public static double KanjiWindowHeight { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.KanjiWindowHeight]) @@ -3419,7 +3402,6 @@ public static double MenuBarHeight { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.MenuBarHeight]) @@ -3463,7 +3445,6 @@ public static bool IsImmEnabled { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.IsImmEnabled]) @@ -3488,7 +3469,6 @@ public static bool IsMediaCenter { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.IsMediaCenter]) @@ -3532,7 +3512,6 @@ public static bool IsMiddleEastEnabled { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.IsMiddleEastEnabled]) @@ -3596,7 +3575,6 @@ public static bool IsPenWindows { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.IsPenWindows]) @@ -3620,7 +3598,6 @@ public static bool IsRemotelyControlled { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.IsRemotelyControlled]) @@ -3644,7 +3621,6 @@ public static bool IsRemoteSession { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.IsRemoteSession]) @@ -3668,7 +3644,6 @@ public static bool ShowSounds { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.ShowSounds]) @@ -3692,7 +3667,6 @@ public static bool IsSlowMachine { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.IsSlowMachine]) @@ -3716,7 +3690,6 @@ public static bool SwapButtons { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.SwapButtons]) @@ -3740,7 +3713,6 @@ public static bool IsTabletPC { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.IsTabletPC]) @@ -3764,7 +3736,6 @@ public static double VirtualScreenLeft { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.VirtualScreenLeft]) @@ -3788,7 +3759,6 @@ public static double VirtualScreenTop { get { - SecurityHelper.DemandUnmanagedCode(); lock (_cacheValid) { while (!_cacheValid[(int)CacheSlot.VirtualScreenTop]) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Window.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Window.cs index 2827287db43..5f2eba1f0e1 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Window.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Window.cs @@ -123,7 +123,6 @@ static Window() /// public Window() { - SecurityHelper.DemandUnmanagedCode(); _inTrustedSubWindow = false; Initialize(); } @@ -152,7 +151,6 @@ internal Window(bool inRbw):base() else { _inTrustedSubWindow = false; - SecurityHelper.DemandUnmanagedCode(); } Initialize(); } @@ -3610,7 +3608,6 @@ private void SetIWindowService() IntPtr GetCurrentMonitorFromMousePosition() { - SecurityHelper.DemandUnmanagedCode(); // center on the screen on which the mouse is on NativeMethods.POINT pt = new NativeMethods.POINT(); @@ -4299,7 +4296,6 @@ private bool ShouldCloseWindow(bool cancelled) private void DoDialogHide() { - SecurityHelper.DemandUnmanagedCode(); Debug.Assert(_showingAsDialog == true, "_showingAsDialog must be true when DoDialogHide is called"); diff --git a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/VisualTreeFlattener.cs b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/VisualTreeFlattener.cs index e675b30d1f7..1e1c630227d 100644 --- a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/VisualTreeFlattener.cs +++ b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/VisualTreeFlattener.cs @@ -81,7 +81,6 @@ public LooseImageSourceTypeConverter(String mainFile) Type destinationType ) { - SecurityHelper.DemandUnmanagedCode(); string bitmapName = "bitmap" + m_bitmapId; diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index 004be4d5995..8fc9407bd3d 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -72,22 +72,6 @@ namespace MS.Internal.Drt internal static class SecurityHelper { -#if !PBTCOMPILER -#if REACHFRAMEWORK -#else -#endif - - internal static void DemandUnmanagedCode() - { - if(_unmanagedCodePermission == null) - { - _unmanagedCodePermission = new SecurityPermission(SecurityPermissionFlag.UnmanagedCode); - } - _unmanagedCodePermission.Demand(); - } - static SecurityPermission _unmanagedCodePermission = null; -#endif // !PBTCOMPILER - #if PRESENTATIONFRAMEWORK internal static void ThrowExceptionIfSettingTrueInPartialTrust(ref bool value) diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/ManagedWndProcTracker.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/ManagedWndProcTracker.cs index b021e6bb3b7..0c677ff4f9e 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/ManagedWndProcTracker.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/ManagedWndProcTracker.cs @@ -128,7 +128,6 @@ private static void OnAppDomainProcessExit() private static void HookUpDefWindowProc(IntPtr hwnd) { - SecurityHelper.DemandUnmanagedCode(); #if LOGGING LogFinishHWND(hwnd, "Core HookUpDWP"); @@ -197,7 +196,6 @@ private static IntPtr GetDefWindowProcAddress(IntPtr hwnd) private static IntPtr GetUser32ProcAddress(string export) { - SecurityHelper.DemandUnmanagedCode(); IntPtr hModule = UnsafeNativeMethods.GetModuleHandle(ExternDll.User32); diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/SafeSystemMetrics.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/SafeSystemMetrics.cs index 9f73bd3f9aa..947d1670408 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/SafeSystemMetrics.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/SafeSystemMetrics.cs @@ -44,7 +44,6 @@ internal static int VirtualScreenWidth { get { - SecurityHelper.DemandUnmanagedCode(); return UnsafeNativeMethods.GetSystemMetrics(SM.CXVIRTUALSCREEN); } @@ -57,7 +56,6 @@ internal static int VirtualScreenHeight { get { - SecurityHelper.DemandUnmanagedCode(); return UnsafeNativeMethods.GetSystemMetrics(SM.CYVIRTUALSCREEN); } } From 085dc6d6b738f78d2ee48194f8e1a1b3dee462a8 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 09:13:00 -0700 Subject: [PATCH 07/21] removed more SecurityHelper methods --- .../CPP/DWriteWrapper/Common.h | 9 +- .../System/Windows/Controls/Frame.cs | 10 -- .../System/Windows/Controls/PrintDialog.cs | 33 ----- .../System/Windows/Controls/WebBrowser.cs | 12 +- .../Windows/Interop/BrowserInteropHelper.cs | 12 +- .../System/Windows/Markup/XamlTypeMapper.cs | 123 +++--------------- .../Windows/Navigation/NavigationWindow.cs | 6 - .../src/Shared/MS/Internal/SecurityHelper.cs | 63 --------- 8 files changed, 19 insertions(+), 249 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Common.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Common.h index 3fb2bd79087..1e80384f25e 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Common.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Common.h @@ -85,14 +85,7 @@ private ref class Util sealed System::Exception^ e = System::Runtime::InteropServices::Marshal::GetExceptionForHR(hr); if (dynamic_cast(e) != nullptr) { - if (IsFullTrustCaller()) - { - throw e;//rethrow original exception for full trust case. - } - else - { - throw gcnew System::Net::WebException();// throw sanitized exception - } + throw e; } } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/Frame.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/Frame.cs index b117afe9d9e..81f0014f0b3 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/Frame.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/Frame.cs @@ -377,9 +377,7 @@ public bool SandboxExternalContent get { return (bool) GetValue(SandboxExternalContentProperty); } set { - // This feature is disabled in partial trust due to a P3P violation bool fSandBox = (bool)value; - SecurityHelper.ThrowExceptionIfSettingTrueInPartialTrust(ref fSandBox); SetValue(SandboxExternalContentProperty, fSandBox); } } @@ -391,11 +389,7 @@ public bool SandboxExternalContent private static void OnSandboxExternalContentPropertyChanged(DependencyObject d, DependencyPropertyChangedEventArgs e) { Frame frame = (Frame)d; - // we do not want an individual to be able to set this property to true - // in partial trust - // This feature is disabled in partial trust due to a P3P violation bool fSandBox = (bool)e.NewValue; - SecurityHelper.ThrowExceptionIfSettingTrueInPartialTrust(ref fSandBox); if (fSandBox && !(bool)e.OldValue) { frame.NavigationService.Refresh(); @@ -404,11 +398,7 @@ private static void OnSandboxExternalContentPropertyChanged(DependencyObject d, private static object CoerceSandBoxExternalContentValue(DependencyObject d, object value) { - // we do not want an individual to be able to set this property to true - // in partial trust - // This feature is disabled in partial trust due to a P3P violation bool fSandBox = (bool)value; - SecurityHelper.ThrowExceptionIfSettingTrueInPartialTrust(ref fSandBox); return fSandBox; } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/PrintDialog.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/PrintDialog.cs index c3f7ecb80a1..67bc0bb3311 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/PrintDialog.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/PrintDialog.cs @@ -46,7 +46,6 @@ public class PrintDialog PrintDialog( ) { - _dialogInvoked = false; _printQueue = null; _printTicket = null; @@ -207,7 +206,6 @@ public PrintQueue PrintQueue { get { - SecurityHelper.DemandPrintDialogPermissions(); if (_printQueue == null) { @@ -218,7 +216,6 @@ public PrintQueue PrintQueue } set { - SecurityHelper.DemandPrintDialogPermissions(); _printQueue = value; } @@ -231,7 +228,6 @@ public PrintTicket PrintTicket { get { - SecurityHelper.DemandPrintDialogPermissions(); if (_printTicket == null) { @@ -242,7 +238,6 @@ public PrintTicket PrintTicket } set { - SecurityHelper.DemandPrintDialogPermissions(); _printTicket = value; } @@ -303,10 +298,6 @@ public PrintTicket PrintTicket Nullable ShowDialog() { - // - // Reset this flag as we have not displayed the dialog yet. - // - _dialogInvoked = false; Win32PrintDialog dlg = new Win32PrintDialog(); @@ -338,7 +329,6 @@ public PrintTicket PrintTicket _printQueue = dlg.PrintQueue; _pageRange = dlg.PageRange; _pageRangeSelection = dlg.PageRangeSelection; - _dialogInvoked = true; } return (dialogResult == MS.Internal.Printing.NativeMethods.PD_RESULT_PRINT); @@ -373,7 +363,6 @@ String description _printableAreaHeight = 0; _isPrintableAreaWidthUpdated = false; _isPrintableAreaHeightUpdated = false; - _dialogInvoked = false; } @@ -406,7 +395,6 @@ String description _printableAreaHeight = 0; _isPrintableAreaWidthUpdated = false; _isPrintableAreaHeightUpdated = false; - _dialogInvoked = false; } #endregion Public methods @@ -596,24 +584,6 @@ String description ref PrintTicket printTicket ) { - if (_dialogInvoked == false) - { - // - // If the dialog has not been invoked then the user needs printing permissions. - // If the demand succeeds then they can print. If the demand fails, then we - // tell them that the print dialog must be displayed first by throwing a dialog - // exception. - // - try - { - SecurityHelper.DemandPrintDialogPermissions(); - } - catch (SecurityException) - { - throw new PrintDialogException(SR.Get(SRID.PartialTrustPrintDialogMustBeInvoked)); - } - } - // // If the default print queue and print ticket have not already // been selected then update them now since we need them. @@ -651,9 +621,6 @@ ref PrintTicket printTicket private PrintQueue _printQueue; - private - bool _dialogInvoked; - private PageRangeSelection _pageRangeSelection; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs index e04f53ad1c3..ccc0632bb26 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs @@ -89,17 +89,7 @@ static WebBrowser() public WebBrowser() : base(new Guid(CLSID.WebBrowser), true ) { - // Check whether feature is disabled - if (SafeSecurityHelper.IsFeatureDisabled(SafeSecurityHelper.KeyToRead.WebBrowserDisable)) - { - // in case the registry key is '1' then demand unrestricted WebBrowserPermission to create it - SecurityHelperPF.DemandWebBrowserPermission(); - } - else - { - // Feature is enabled - demand Safe level to create this object, granted in Partial Trust by default - (new WebBrowserPermission(WebBrowserPermissionLevel.Safe)).Demand(); - } + (new WebBrowserPermission(WebBrowserPermissionLevel.Safe)).Demand(); _hostingAdaptor = new WebOCHostingAdaptor(this); } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/BrowserInteropHelper.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/BrowserInteropHelper.cs index ee6c21d47d2..0bbd00faa98 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/BrowserInteropHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/BrowserInteropHelper.cs @@ -240,17 +240,7 @@ private static void EnsureScriptInteropAllowed() _isScriptInteropDisabled.Value = SafeSecurityHelper.IsFeatureDisabled(SafeSecurityHelper.KeyToRead.ScriptInteropDisable); } - // Similar approach as with WebBrowser.cs. - if (_isScriptInteropDisabled.Value.Value) - { - // Feature is disabled - demand unrestricted WebBrowserPermission to hand out the script object. - MS.Internal.PresentationFramework.SecurityHelper.DemandWebBrowserPermission(); - } - else - { - // Feature is enabled - demand Safe level to hand out the script object, granted in Partial Trust by default. - (new WebBrowserPermission(WebBrowserPermissionLevel.Safe)).Demand(); - } + (new WebBrowserPermission(WebBrowserPermissionLevel.Safe)).Demand(); } private static SecurityCriticalDataForSet _hostingFlags; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlTypeMapper.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlTypeMapper.cs index 7223ad334ac..5b7671c6ede 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlTypeMapper.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlTypeMapper.cs @@ -1193,9 +1193,9 @@ protected virtual bool AllowInternalType(Type type) private bool IsInternalTypeAllowedInFullTrust(Type type) { bool isAllowed = false; - // If caller has Full Trust and the type is internal, then allow them to participate + // If the type is internal, then allow them to participate // in deciding if that internal type should be accessible. - if (ReflectionHelper.IsInternalType(type) && MS.Internal.SecurityHelper.IsFullTrustCaller()) + if (ReflectionHelper.IsInternalType(type)) { isAllowed = AllowInternalType(type); } @@ -2763,32 +2763,14 @@ private static InternalTypeHelper GetInternalTypeHelperFromAssembly(ParserContex internal static object CreateInternalInstance(ParserContext pc, Type type) { object instance = null; - // if caller has member access reflection permission, use reflection directly - if (SecurityHelper.CallerHasMemberAccessReflectionPermission()) - { - instance = Activator.CreateInstance(type, - BindingFlags.Public | - BindingFlags.NonPublic | - BindingFlags.Instance | - BindingFlags.CreateInstance, - null, - null, - TypeConverterHelper.InvariantEnglishUS); - } - else - { - // else this must be an accessible internal type in PT --- call the generated InternalTypeHelper - // in the caller's secuirty context. - - // In this case pc.StreamCreatedAssembly is guaranteed to be the assembly from which the current - // stream being read was created from. So even if the internal type were not legitimate, the call - // to create it via ith.CreateInstance would fail in PT. - InternalTypeHelper ith = XamlTypeMapper.GetInternalTypeHelperFromAssembly(pc); - if (ith != null) - { - instance = ith.CreateInstance(type, TypeConverterHelper.InvariantEnglishUS); - } - } + instance = Activator.CreateInstance(type, + BindingFlags.Public | + BindingFlags.NonPublic | + BindingFlags.Instance | + BindingFlags.CreateInstance, + null, + null, + TypeConverterHelper.InvariantEnglishUS); return instance; } @@ -2802,25 +2784,7 @@ internal static object GetInternalPropertyValue(ParserContext pc, object rootEle if (isAllowedProperty) { - // if public getter on internal type or caller has member access permission, use reflection directly - if (isPublicProperty || SecurityHelper.CallerHasMemberAccessReflectionPermission()) - { - propValue = pi.GetValue(target, BindingFlags.Default, null, null, TypeConverterHelper.InvariantEnglishUS); - } - else - { - // else this must be an internal property getter on an accessible internal or public type --- call - // the generated helper in caller's secuirty context. - - // In this case pc.StreamCreatedAssembly is guaranteed to be the assembly from which the current stream - // being read was created from. So even if the internal property were not legitimate, the call - // to access it via ith.GetPropertyValue would fail in PT. - InternalTypeHelper ith = GetInternalTypeHelperFromAssembly(pc); - if (ith != null) - { - propValue = ith.GetPropertyValue(pi, target, TypeConverterHelper.InvariantEnglishUS); - } - } + propValue = pi.GetValue(target, BindingFlags.Default, null, null, TypeConverterHelper.InvariantEnglishUS); } return propValue; @@ -2834,27 +2798,8 @@ internal static bool SetInternalPropertyValue(ParserContext pc, object rootEleme if (isAllowedProperty) { - // if public setter on internal type or caller has member access permission, use reflection directly - if (isPublicProperty || SecurityHelper.CallerHasMemberAccessReflectionPermission()) - { - pi.SetValue(target, value, BindingFlags.Default, null, null, TypeConverterHelper.InvariantEnglishUS); - return true; - } - else - { - // else this must be an internal property setter on an accessible internal or public type --- call - // the generated helper in caller's secuirty context. - - // In this case pc.StreamCreatedAssembly is guaranteed to be the assembly from which the current stream - // being read was created from. So even if the internal property were not legitimate, the call - // to set it via ith.SetPropertyValue would fail in PT. - InternalTypeHelper ith = GetInternalTypeHelperFromAssembly(pc); - if (ith != null) - { - ith.SetPropertyValue(pi, target, value, TypeConverterHelper.InvariantEnglishUS); - return true; - } - } + pi.SetValue(target, value, BindingFlags.Default, null, null, TypeConverterHelper.InvariantEnglishUS); + return true; } return false; @@ -2867,24 +2812,7 @@ internal static Delegate CreateDelegate(ParserContext pc, Type delegateType, obj if (isAllowedDelegateType) { - if (SecurityHelper.CallerHasMemberAccessReflectionPermission()) - { - d = Delegate.CreateDelegate(delegateType, target, handler); - } - else - { - // target is always the root generated element. Check to see if it is in the - // same assembly as the one from which the currently processed stream was created, - // as an added precaution. - if (target.GetType().Assembly == pc.StreamCreatedAssembly) - { - InternalTypeHelper ith = GetInternalTypeHelperFromAssembly(pc); - if (ith != null) - { - d = ith.CreateDelegate(delegateType, target, handler); - } - } - } + d = Delegate.CreateDelegate(delegateType, target, handler); } return d; @@ -2898,27 +2826,8 @@ internal static bool AddInternalEventHandler(ParserContext pc, object rootElemen if (isAllowedEvent) { - // if public event on internal type or caller has member access permission, use reflection directly - if (isPublicEvent || SecurityHelper.CallerHasMemberAccessReflectionPermission()) - { - eventInfo.AddEventHandler(target, handler); - return true; - } - else - { - // else this must be an internal event on an accessible internal or public type --- call - // the generated helper in caller's secuirty context. - - // In this case pc.StreamCreatedAssembly is guaranteed to be the assembly from which the current - // stream being read was created from. So even if the internal event ere not legitimate, the call - // to add a handler to it via ith.AddEventHandler would fail in PT. - InternalTypeHelper ith = GetInternalTypeHelperFromAssembly(pc); - if (ith != null) - { - ith.AddEventHandler(eventInfo, target, handler); - return true; - } - } + eventInfo.AddEventHandler(target, handler); + return true; } return false; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Navigation/NavigationWindow.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Navigation/NavigationWindow.cs index c4e2f2088b8..9828885ddeb 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Navigation/NavigationWindow.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Navigation/NavigationWindow.cs @@ -71,9 +71,7 @@ public bool SandboxExternalContent get { return (bool) GetValue(SandboxExternalContentProperty); } set { - // This feature is disabled in partial trust due to a P3P violation bool fSandBox = (bool)value; - SecurityHelper.ThrowExceptionIfSettingTrueInPartialTrust(ref fSandBox); SetValue(SandboxExternalContentProperty, fSandBox); } } @@ -87,9 +85,7 @@ private static void OnSandboxExternalContentPropertyChanged(DependencyObject d, { NavigationWindow window = (NavigationWindow)d; - // This feature is disabled in partial trust due to a P3P violation bool fSandBox = (bool)e.NewValue; - SecurityHelper.ThrowExceptionIfSettingTrueInPartialTrust(ref fSandBox); if (fSandBox && !(bool)e.OldValue) { window.NavigationService.Refresh(); @@ -99,9 +95,7 @@ private static void OnSandboxExternalContentPropertyChanged(DependencyObject d, private static object CoerceSandBoxExternalContentValue(DependencyObject d, object value) { - // This feature is disabled in partial trust due to a P3P violation bool fSandBox = (bool)value; - SecurityHelper.ThrowExceptionIfSettingTrueInPartialTrust(ref fSandBox); return fSandBox; } diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index 8fc9407bd3d..4b106ccb67f 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -72,69 +72,6 @@ namespace MS.Internal.Drt internal static class SecurityHelper { -#if PRESENTATIONFRAMEWORK - - internal static void ThrowExceptionIfSettingTrueInPartialTrust(ref bool value) - { - - } - - internal static void DemandWebBrowserPermission() - { - CachedWebBrowserPermission.Demand(); - } - - internal static WebBrowserPermission CachedWebBrowserPermission - { - get - { - if (_webBrowserPermission == null) - { - _webBrowserPermission = new WebBrowserPermission(PermissionState.Unrestricted); - } - return _webBrowserPermission; - } - } - static WebBrowserPermission _webBrowserPermission; - - /// - /// Demands for permissions needed to construct the PrintDialog in - /// full trust mode and/or access full trust properties from dialog. - /// - internal static void DemandPrintDialogPermissions() - { - if(_defaultPrintingPermission == null) - { - _defaultPrintingPermission = SystemDrawingHelper.NewDefaultPrintingPermission(); - } - _defaultPrintingPermission.Demand(); - } - static CodeAccessPermission _defaultPrintingPermission = null; - - /// - /// Check to see if we have Reflection permission to create types and access members. - /// - /// true if call stack has Reflection permission - internal static bool CallerHasMemberAccessReflectionPermission() - { - try - { - if (_reflectionPermission == null) - { - _reflectionPermission = new ReflectionPermission(ReflectionPermissionFlag.MemberAccess); - } - _reflectionPermission.Demand(); - } - catch (SecurityException) - { - return false; - } - - return true; - } - static ReflectionPermission _reflectionPermission = null; - -#endif #if PRESENTATION_CORE From ef9a889d5545e418764642da0eff9883294e388f Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 09:40:03 -0700 Subject: [PATCH 08/21] revmoed more methods --- .../System/Windows/clipboard.cs | 8 -- .../System/Windows/dataobject.cs | 3 - .../FrameworkCompatibilityPreferences.cs | 1 - .../src/Shared/MS/Internal/SecurityHelper.cs | 75 +------------------ 4 files changed, 2 insertions(+), 85 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs index 0d329032b91..268fa89838e 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs @@ -690,14 +690,6 @@ private static bool IsDataObjectFromLessPriviligedApplicationDomain(IDataObject // whatever is more secure return true; } - - //extract permission set for the current appdomain which is target - PermissionSet permissionSetDestination = SecurityHelper.ExtractAppDomainPermissionSetMinusSiteOfOrigin(); - //Compare permissions sets - if (!permissionSetDestination.IsSubsetOf(permissionSetSource)) - { - retVal = true; // in case target is not subset of source revert to unicode or text - } } return retVal; } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs index 4e3ace68f34..60d8f24c078 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs @@ -2890,17 +2890,14 @@ private object GetDataFromHGLOBAL(string format, IntPtr hglobal) } else if (IsFormatEqual(format, DataFormats.FileDrop)) { - SecurityHelper.DemandFilePathDiscoveryWriteRead(); data = (object)ReadFileListFromHandle(hglobal); } else if (IsFormatEqual(format, DataFormats.FileName)) { - SecurityHelper.DemandFilePathDiscoveryWriteRead(); data = new string[] { ReadStringFromHandle(hglobal, false) }; } else if (IsFormatEqual(format, DataFormats.FileNameW)) { - SecurityHelper.DemandFilePathDiscoveryWriteRead(); data = new string[] { ReadStringFromHandle(hglobal, true) }; } else if (IsFormatEqual(format, typeof(BitmapSource).FullName)) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/FrameworkCompatibilityPreferences.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/FrameworkCompatibilityPreferences.cs index a177cdb814e..7bf3491ce18 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/FrameworkCompatibilityPreferences.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/FrameworkCompatibilityPreferences.cs @@ -192,7 +192,6 @@ internal enum HandleBindingOptions // .NET Core -> Allow (compat with 4.5RTM) #if NETFX && !NETCOREAPP private static HandleBindingOptions _handleTwoWayBindingToPropertyWithNonPublicSetter = - !MS.Internal.SecurityHelper.IsFullTrustCaller() ? HandleBindingOptions.Throw : BinaryCompatibility.AppWasBuiltForFramework != TargetFrameworkId.NetFramework ? HandleBindingOptions.Disallow : BinaryCompatibility.AppWasBuiltForVersion == 40500 ? HandleBindingOptions.Allow : /* else */ HandleBindingOptions.Throw; diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index 4b106ccb67f..a27a9514b2e 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -75,42 +75,10 @@ internal static class SecurityHelper #if PRESENTATION_CORE - /// - /// Check to see if the caller is fully trusted. - /// - /// true if call stack has unrestricted permission - internal static bool IsFullTrustCaller() - { - try - { - if (_fullTrustPermissionSet == null) - { - _fullTrustPermissionSet = new PermissionSet(PermissionState.Unrestricted); - } - _fullTrustPermissionSet.Demand(); - } - catch (SecurityException) - { - return false; - } - - return true; - } - static PermissionSet _fullTrustPermissionSet = null; - - internal static Uri GetBaseDirectory(AppDomain domain) { Uri appBase = null; - new FileIOPermission(PermissionState.Unrestricted).Assert();// BlessedAssert - try - { - appBase = new Uri(domain.BaseDirectory); - } - finally - { - FileIOPermission.RevertAssert(); - } + appBase = new Uri(domain.BaseDirectory); return( appBase ); } @@ -211,48 +179,9 @@ internal static int MapUrlToZoneWrapper(Uri uri) return targetZone; } - internal static void DemandFilePathDiscoveryWriteRead() - { - FileIOPermission permobj = new FileIOPermission(PermissionState.None); - permobj.AllFiles = FileIOPermissionAccess.Write|FileIOPermissionAccess.Read |FileIOPermissionAccess.PathDiscovery; - permobj.Demand(); - } - internal static PermissionSet ExtractAppDomainPermissionSetMinusSiteOfOrigin() { - PermissionSet permissionSetAppDomain = new PermissionSet(PermissionState.Unrestricted); - - // Ensure we remove the FileIO read permission to site of origin. - // We choose to use unrestricted here because it does not matter - // matter which specific variant of Fileio/Web permission we use - // since we are using an overload to check and remove permission - // that works on type. There is not a way to remove some - // part of a permission, although we could remove this and add - // back the delta if the existing permission set had more than the ones - // we care about but it is really the path we are targeting here since - // that is what causes the delta and hence we are removing it all together. - Uri siteOfOrigin = SiteOfOriginContainer.SiteOfOrigin; - CodeAccessPermission siteOfOriginReadPermission = null; - if (siteOfOrigin.Scheme == Uri.UriSchemeFile) - { - siteOfOriginReadPermission = new FileIOPermission(PermissionState.Unrestricted); - } - else if (siteOfOrigin.Scheme == Uri.UriSchemeHttp) - { - siteOfOriginReadPermission = new WebPermission(PermissionState.Unrestricted); - } - - if (siteOfOriginReadPermission != null) - { - if (permissionSetAppDomain.GetPermission(siteOfOriginReadPermission.GetType()) != null) - { - permissionSetAppDomain.RemovePermission(siteOfOriginReadPermission.GetType()); - // Failing on a ReadOnlyPermissionSet here? - // (Ctrl+X to cut text in RichTextBox - // in an XBAP throws InvalidOperationException) - } - } - return permissionSetAppDomain; + return new PermissionSet(PermissionState.Unrestricted); } #endif From 2bed6061b3c9c20b63664b828437aa4854a21d47 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 11:09:21 -0700 Subject: [PATCH 09/21] removed more securityhelper usage --- .../MS/internal/FontCache/FamilyCollection.cs | 11 +- .../MS/internal/FontCache/FontCacheUtil.cs | 13 -- .../MS/internal/FontCache/FontSource.cs | 18 -- .../System/IO/Packaging/PackageStore.cs | 18 -- .../System/Windows/Media/ColorContext.cs | 5 +- .../System/Windows/Media/GlyphTypeface.cs | 35 ---- .../Windows/Navigation/BaseUriHelper.cs | 14 -- .../System/Windows/clipboard.cs | 4 - .../System/Windows/dataobject.cs | 35 +--- .../documents/DocumentGridContextMenu.cs | 7 - .../System/Windows/Controls/DataGrid.cs | 6 - .../System/Windows/Controls/InkCanvas.cs | 6 - .../System/Windows/Controls/StickyNote.cs | 31 +-- .../System/Windows/Documents/FixedDocument.cs | 5 +- .../Documents/TextEditorContextMenu.cs | 13 -- .../Windows/Documents/TextEditorCopyPaste.cs | 32 +-- .../ReachFramework/AlphaFlattener/Utility.cs | 19 +- .../Serialization/VisualSerializer.cs | 20 +- .../Serialization/XpsFontSubsetter.cs | 147 +------------- .../src/Shared/MS/Internal/SecurityHelper.cs | 191 ------------------ 20 files changed, 19 insertions(+), 611 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontCache/FamilyCollection.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontCache/FamilyCollection.cs index 1b302eae9a3..e5803048b73 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontCache/FamilyCollection.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontCache/FamilyCollection.cs @@ -125,15 +125,7 @@ internal static Text.TextInterface.FontCollection LegacyArabicFontCollection if (_legacyArabicFontCollection == null) { Uri criticalSxSFontsLocation = new Uri(FamilyCollection.SxSFontsResourcePrefix); - SecurityHelper.CreateUriDiscoveryPermission(criticalSxSFontsLocation).Assert(); - try - { - _legacyArabicFontCollection = DWriteFactory.GetFontCollectionFromFolder(criticalSxSFontsLocation); - } - finally - { - CodeAccessPermission.RevertAssert(); - } + _legacyArabicFontCollection = DWriteFactory.GetFontCollectionFromFolder(criticalSxSFontsLocation); } } } @@ -312,7 +304,6 @@ private FamilyCollection(Uri folderUri, MS.Internal.Text.TextInterface.FontColle /// Absolute Uri of a folder internal static FamilyCollection FromUri(Uri folderUri) { - SecurityHelper.DemandUriReadPermission(folderUri); return new FamilyCollection(folderUri, DWriteFactory.GetFontCollectionFromFolder(folderUri)); } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontCache/FontCacheUtil.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontCache/FontCacheUtil.cs index 01cc5f08189..792e91f7eb0 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontCache/FontCacheUtil.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontCache/FontCacheUtil.cs @@ -767,16 +767,6 @@ private static int CompareOrdinalIgnoreCase(char a, char b) return ca - cb; } - // Makes sure the caller has path discovery permission for full fileName path. - private static void ValidateFileNamePermissions(ref string fileName) - { - if (!SecurityHelper.CallerHasPathDiscoveryPermission(fileName)) - { - // If the caller didn't have path discovery permission for fileName, we can still give out relative file name. - fileName = Path.GetFileName(fileName); - } - } - /// /// This function performs job similar to CLR's internal __Error.WinIOError function: /// it maps win32 errors from file I/O to CLR exceptions and includes string where possible. @@ -786,8 +776,6 @@ private static void ValidateFileNamePermissions(ref string fileName) /// File name string. internal static void ThrowWin32Exception(int errorCode, string fileName) { - ValidateFileNamePermissions(ref fileName); - switch (errorCode) { case NativeMethods.ERROR_FILE_NOT_FOUND: @@ -813,7 +801,6 @@ internal static Exception ConvertInPageException(FontSource fontSource, SEHExcep if (fontSource.IsFile) { fileName = fontSource.Uri.LocalPath; - ValidateFileNamePermissions(ref fileName); } else { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontCache/FontSource.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontCache/FontSource.cs index b3d70a661dd..1267f283bc4 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontCache/FontSource.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/FontCache/FontSource.cs @@ -187,8 +187,6 @@ public UnmanagedMemoryStream GetUnmanagedStream() { FileMapping fileMapping = new FileMapping(); - DemandFileIOPermission(); - fileMapping.OpenFile(_fontUri.LocalPath); return fileMapping; } @@ -251,8 +249,6 @@ public void TestFileOpenable() { FileMapping fileMapping = new FileMapping(); - DemandFileIOPermission(); - fileMapping.OpenFile(_fontUri.LocalPath); fileMapping.Close(); } @@ -264,8 +260,6 @@ public Stream GetStream() { FileMapping fileMapping = new FileMapping(); - DemandFileIOPermission(); - fileMapping.OpenFile(_fontUri.LocalPath); return fileMapping; } @@ -381,18 +375,6 @@ private static byte [] StreamToByteArray(Stream fontStream) return memoryFont; } - /// - /// Demand read permissions for all fonts except system ones. - /// - private void DemandFileIOPermission() - { - // Demand FileIORead permission for any non-system fonts. - if (!_skipDemand) - { - SecurityHelper.DemandUriReadPermission(_fontUri); - } - } - /// /// Retrieves internal CompositeFont resources from the appropriate DLL resources. /// diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/IO/Packaging/PackageStore.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/IO/Packaging/PackageStore.cs index 239d92419b2..0d56d508d21 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/IO/Packaging/PackageStore.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/IO/Packaging/PackageStore.cs @@ -68,7 +68,6 @@ public static Package GetPackage(Uri uri) if (_packages != null && _packages.Contains(uri)) { package = (Package) _packages[uri]; - DemandSecurityPermissionIfCustomPackage(package); } return package; @@ -87,10 +86,6 @@ public static Package GetPackage(Uri uri) /// public static void AddPackage(Uri uri, Package package) { - // Allow well known platform Package to be added into PackageStore under Partial Trust. - // Otherwise, demand Environment Permission to make sure only Full Trust app can add a custom Package - DemandSecurityPermissionIfCustomPackage(package); - ValidatePackageUri(uri); // There are well-known package types that are only for internal use (for resource loading) @@ -144,8 +139,6 @@ public static void RemovePackage(Uri uri) { if (_packages != null) { - DemandSecurityPermissionIfCustomPackage((Package) _packages[uri]); - // If the key doesn't exist, it is no op _packages.Remove(uri); } @@ -168,17 +161,6 @@ private static void ValidatePackageUri(Uri uri) throw new ArgumentException(SR.Get(SRID.UriMustBeAbsolute), "uri"); } } - - private static void DemandSecurityPermissionIfCustomPackage(Package package) - { - // Although ZipPackage is sealed and cannot be subclassed, we shouldn't depend on - // the "sealedness" of ZipPackage. Checking the object type is more reliable way - // than using "as" or "is" operator. - if (package != null && package.GetType() != typeof(ZipPackage)) - { - SecurityHelper.DemandEnvironmentPermission(); - } - } #endregion Private Methods diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/ColorContext.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/ColorContext.cs index f7207ff29ad..035c8a2c91e 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/ColorContext.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/ColorContext.cs @@ -261,15 +261,12 @@ public Uri ProfileUri Uri uri = _profileUri.Value; // - // We don't need to demand permission if the user gave us the uri because the user - // already knows the value. If the user didn't give us the value, then the uri has + // If the user didn't give us the uri value, then the uri has // to be a file path because we got it from GetStandardColorSpaceProfile // if (_isProfileUriNotFromUser.Value) { Invariant.Assert(uri.IsFile); - - SecurityHelper.DemandPathDiscovery(uri.LocalPath); } return uri; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/GlyphTypeface.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/GlyphTypeface.cs index 8f4244a3dd6..0f288711a50 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/GlyphTypeface.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/GlyphTypeface.cs @@ -103,9 +103,6 @@ internal GlyphTypeface(MS.Internal.Text.TextInterface.Font font) } Uri typefaceSource = new Uri(uriPath); - _fileIOPermObj = new SecurityCriticalDataForSet( - SecurityHelper.CreateUriReadPermission(typefaceSource) - ); _fontFace = new FontFaceLayoutInfo(font); // We skip permission demands for FontSource because the above line already demands them for the right callers. @@ -137,10 +134,6 @@ private void Initialize(Uri typefaceSource, StyleSimulations styleSimulations) int faceIndex; Util.SplitFontFaceIndex(typefaceSource, out fontSourceUri, out faceIndex); - _fileIOPermObj = new SecurityCriticalDataForSet( - SecurityHelper.CreateUriReadPermission(fontSourceUri) - ); - // This permission demand is here so that untrusted callers are unable to check for file existence using GlyphTypeface ctor. // Sensitive font data is protected by demands as the user tries to access it. DemandPermissionsForFontInformation(); @@ -166,7 +159,6 @@ private void Initialize(Uri typefaceSource, StyleSimulations styleSimulations) { try { - SecurityHelper.DemandUriDiscoveryPermission(typefaceSource); throw new System.IO.FileFormatException(typefaceSource); } catch(SecurityException) @@ -293,32 +285,6 @@ public Stream GetFontStream() return FontSource.GetStream(); } - /// - /// Exposed to allow printing code to access GetFontStream() in partial trust - /// - [FriendAccessAllowed] - internal CodeAccessPermission CriticalFileReadPermission - { - get - { - CheckInitialized(); - return _fileIOPermObj.Value; - } - } - - /// - /// Exposed to allow printing code to access FontUri in partial trust - /// - [FriendAccessAllowed] - internal CodeAccessPermission CriticalUriDiscoveryPermission - { - get - { - CheckInitialized(); - return SecurityHelper.CreateUriDiscoveryPermission(_originalUri.Value); - } - } - #endregion Public Methods //------------------------------------------------------ @@ -341,7 +307,6 @@ public Uri FontUri get { CheckInitialized(); // This can only be called on fully initialized GlyphTypeface - SecurityHelper.DemandUriDiscoveryPermission(_originalUri.Value); return _originalUri.Value; } set diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Navigation/BaseUriHelper.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Navigation/BaseUriHelper.cs index 98ab286704a..a2bd2085477 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Navigation/BaseUriHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Navigation/BaseUriHelper.cs @@ -555,8 +555,6 @@ internal static Uri GetBaseUriCore(DependencyObject element) throw new ArgumentNullException("element"); } - try - { // // Search the tree to find the closest parent which implements // IUriContext or have set value for BaseUri property. @@ -625,18 +623,6 @@ internal static Uri GetBaseUriCore(DependencyObject element) } } } - } - finally - { - // - // Putting the permission demand in finally block can prevent from exposing a bogus - // and dangerous uri to the code in upper frame. - // - if (baseUri != null) - { - SecurityHelper.DemandUriDiscoveryPermission(baseUri); - } - } return baseUri; } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs index 268fa89838e..b5319b4450d 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs @@ -387,7 +387,6 @@ public static void SetText(string text, TextDataFormat format) /// public static IDataObject GetDataObject() { - SecurityHelper.DemandAllClipboardPermission(); return GetDataObjectInternal(); } @@ -455,7 +454,6 @@ public static bool IsCurrent(IDataObject data) /// public static void SetDataObject(object data) { - SecurityHelper.DemandAllClipboardPermission(); if (data == null) { @@ -480,7 +478,6 @@ public static void SetDataObject(object data) /// public static void SetDataObject(object data, bool copy) { - SecurityHelper.DemandAllClipboardPermission(); CriticalSetDataObject(data,copy); } @@ -762,7 +759,6 @@ private static IDataObject GetDataObjectInternal() /// private static bool ContainsDataInternal(string format) { - SecurityHelper.DemandAllClipboardPermission(); bool isFormatAvailable = false; if (IsDataFormatAutoConvert(format)) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs index 60d8f24c078..08219df967d 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs @@ -61,7 +61,6 @@ public sealed class DataObject : IDataObject, IComDataObject /// public DataObject() { - SecurityHelper.DemandAllClipboardPermission(); _innerData = new DataStore(); } @@ -70,7 +69,6 @@ public DataObject() /// public DataObject(object data) { - SecurityHelper.DemandAllClipboardPermission(); if (data == null) { throw new ArgumentNullException("data"); @@ -104,7 +102,6 @@ public DataObject(object data) /// public DataObject(string format, object data) { - SecurityHelper.DemandAllClipboardPermission(); if (format == null) { throw new ArgumentNullException("format"); @@ -130,7 +127,6 @@ public DataObject(string format, object data) /// public DataObject(Type format, object data) { - SecurityHelper.DemandAllClipboardPermission(); if (format == null) { throw new ArgumentNullException("format"); @@ -149,7 +145,6 @@ public DataObject(Type format, object data) /// public DataObject(string format, object data, bool autoConvert) { - SecurityHelper.DemandAllClipboardPermission(); if (format == null) { throw new ArgumentNullException("format"); @@ -343,7 +338,6 @@ public string[] GetFormats() /// public void SetData(object data) { - SecurityHelper.DemandAllClipboardPermission(); if (data == null) { throw new ArgumentNullException("data"); @@ -357,7 +351,6 @@ public void SetData(object data) /// public void SetData(string format, object data) { - SecurityHelper.DemandAllClipboardPermission(); if (format == null) { throw new ArgumentNullException("format"); @@ -382,7 +375,6 @@ public void SetData(string format, object data) /// public void SetData(Type format, object data) { - SecurityHelper.DemandAllClipboardPermission(); if (format == null) { throw new ArgumentNullException("format"); @@ -406,7 +398,6 @@ public void SetData(Type format, object data) /// public void SetData(string format, Object data, bool autoConvert) { - SecurityHelper.DemandAllClipboardPermission(); if (format == null) { throw new ArgumentNullException("format"); @@ -858,7 +849,6 @@ int IComDataObject.QueryGetData(ref FORMATETC formatetc) /// void IComDataObject.SetData(ref FORMATETC pFormatetcIn, ref STGMEDIUM pmedium, bool fRelease) { - SecurityHelper.DemandAllClipboardPermission(); if (_innerData is OleConverter) { ((OleConverter)_innerData).OleDataObject.SetData(ref pFormatetcIn, ref pmedium, fRelease); @@ -2573,7 +2563,6 @@ public void SetData(Object data) public string[] GetFormats(bool autoConvert) { - SecurityHelper.DemandAllClipboardPermission(); IEnumFORMATETC enumFORMATETC; ArrayList formats; @@ -2697,7 +2686,6 @@ public IComDataObject OleDataObject private Object GetData(string format, bool autoConvert, DVASPECT aspect, int index) { - SecurityHelper.DemandAllClipboardPermission(); Object baseVar; Object original; @@ -2747,7 +2735,6 @@ private Object GetData(string format, bool autoConvert, DVASPECT aspect, int ind private bool GetDataPresent(string format, bool autoConvert, DVASPECT aspect, int index) { - SecurityHelper.DemandAllClipboardPermission(); bool baseVar; @@ -3532,12 +3519,7 @@ public string[] GetFormats(bool autoConvert) { if (DataObject.IsFormatAndDataSerializable(cur[mappedFormatIndex], entries[dataStoreIndex].Data)) { - // We only call CallerHasSerializationPermission once per method call - // to avoid the perf hit, and debugging nightmare of m*n exceptions - // getting thrown on copy - // - if (serializationCheckFailedForThisFunction - || !SecurityHelper.CallerHasSerializationPermission()) + if (serializationCheckFailedForThisFunction) { serializationCheckFailedForThisFunction = true; anySerializationFailure = true; @@ -3553,21 +3535,6 @@ public string[] GetFormats(bool autoConvert) else { bool anySerializationFailure = serializationCheckFailedForThisFunction; - for (int dataStoreIndex = 0; - !anySerializationFailure - && - dataStoreIndex < entries.Length; - dataStoreIndex++) - { - if (DataObject.IsFormatAndDataSerializable(baseVar[baseFormatIndex], entries[dataStoreIndex].Data)) - { - if (!SecurityHelper.CallerHasSerializationPermission()) - { - serializationCheckFailedForThisFunction = true; - anySerializationFailure = true; - } - } - } if (!anySerializationFailure) { formats.Add(baseVar[baseFormatIndex]); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/documents/DocumentGridContextMenu.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/documents/DocumentGridContextMenu.cs index e995607e21e..f74ba090768 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/documents/DocumentGridContextMenu.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/documents/DocumentGridContextMenu.cs @@ -149,13 +149,6 @@ private class ViewerContextMenu : ContextMenu // Creates a new instance. internal void AddMenuItems(DocumentGrid dg, bool userInitiated) { - // create a special menu item for paste which only works for user initiated copy - // within the confines of partial trust this cannot be done programmatically - if (userInitiated == false) - { - SecurityHelper.DemandAllClipboardPermission(); - } - this.Name = "ViewerContextMenu"; SetMenuProperties(new EditorMenuItem(), dg, ApplicationCommands.Copy); // Copy will be marked as user initiated diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs index cca6d96a70e..7012431fb91 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs @@ -8330,12 +8330,7 @@ protected virtual void OnExecutedCopy(ExecutedRoutedEventArgs args) DataGridClipboardHelper.GetClipboardContentForHtml(dataGridStringBuilders[DataFormats.Html]); DataObject dataObject; - bool hasPerms = SecurityHelper.CallerHasAllClipboardPermission() && SecurityHelper.CallerHasSerializationPermission(); - // Copy unconditionally in full trust. - // Only copy in partial trust if user initiated. - if (hasPerms || args.UserInitiated ) - { (new UIPermission(UIPermissionClipboard.AllClipboard)).Assert(); try { @@ -8361,7 +8356,6 @@ protected virtual void OnExecutedCopy(ExecutedRoutedEventArgs args) { SecurityPermission.RevertAll(); } - } } /// diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/InkCanvas.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/InkCanvas.cs index 8b78476bad8..112bb54b0e7 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/InkCanvas.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/InkCanvas.cs @@ -1942,12 +1942,6 @@ public bool CanPaste() return false; } - // Check whether the caller has the clipboard permission. - if ( !SecurityHelper.CallerHasAllClipboardPermission() ) - { - return false; - } - ret = PrivateCanPaste(); return ret; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/StickyNote.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/StickyNote.cs index 6f8432ec911..fe1b6b58a2a 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/StickyNote.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/StickyNote.cs @@ -1681,44 +1681,17 @@ private void SetupMenu() eraseMenuItem.SetBinding(MenuItem.IsCheckedProperty, checkedBind); } - // Copy and Paste menu items (and their separator) are removed if - // we don't have Clipboard permissions. - bool hasClipboardPermission = SecurityHelper.CallerHasAllClipboardPermission(); - // Set the target for the Copy/Paste commands to our inner control MenuItem copyMenuItem = GetCopyMenuItem(); if (copyMenuItem != null) { - if (hasClipboardPermission) - { - copyMenuItem.CommandTarget = Content.InnerControl; - } - else - { - copyMenuItem.Visibility = Visibility.Collapsed; - } + copyMenuItem.CommandTarget = Content.InnerControl; } MenuItem pasteMenuItem = GetPasteMenuItem(); if (pasteMenuItem != null) { - if (hasClipboardPermission) - { - pasteMenuItem.CommandTarget = Content.InnerControl; - } - else - { - pasteMenuItem.Visibility = Visibility.Collapsed; - } - } - - Separator clipboardSeparator = GetClipboardSeparator(); - if (clipboardSeparator != null) - { - if (!hasClipboardPermission) - { - clipboardSeparator.Visibility = Visibility.Collapsed; - } + pasteMenuItem.CommandTarget = Content.InnerControl; } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/FixedDocument.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/FixedDocument.cs index 862802861b7..4133c9ffa15 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/FixedDocument.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/FixedDocument.cs @@ -1003,10 +1003,7 @@ static private Uri GetStructureUriFromRelationship(Uri contentUri, string relati if (package == null) { - if (SecurityHelper.CheckEnvironmentPermission()) - { - package = PackageStore.GetPackage(packageUri); - } + package = PackageStore.GetPackage(packageUri); } if (package != null) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorContextMenu.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorContextMenu.cs index 84e2f6151cd..1a8dd47cd67 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorContextMenu.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorContextMenu.cs @@ -433,13 +433,6 @@ private class EditorContextMenu : ContextMenu // Creates a new instance. internal void AddMenuItems(TextEditor textEditor, bool userInitiated) { - // create a special menu item for paste which only works for user initiated paste - // within the confines of partial trust this cannot be done programmatically - if (userInitiated == false) - { - SecurityHelper.DemandAllClipboardPermission(); - } - if (!textEditor.IsReadOnly) { if (AddReconversionItems(textEditor)) @@ -619,12 +612,6 @@ private bool AddClipboardItems(TextEditor textEditor, bool userInitiated) menuItem.Command = ApplicationCommands.Copy; this.Items.Add(menuItem); - // create a special menu item for paste which only works for user initiated paste - // within the confines of partial trust this cannot be done programmatically - if (userInitiated == false) - { - SecurityHelper.DemandAllClipboardPermission(); - } menuItem = new EditorMenuItem(); menuItem.Header = SR.Get(SRID.TextBox_ContextMenu_Paste); menuItem.CommandTarget = textEditor.UiScope; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs index f0606a3820e..83f7cf1b5f7 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs @@ -211,9 +211,6 @@ internal static DataObject _CreateDataObject(TextEditor This, bool isDragDrop) /// internal static bool _DoPaste(TextEditor This, IDataObject dataObject, bool isDragDrop) { - // Don't try anything if the caller doesn't have the rights to read from the clipboard... - // - if (!SecurityHelper.CallerHasAllClipboardPermission()) return false; Invariant.Assert(dataObject != null); @@ -323,11 +320,6 @@ internal static void Cut(TextEditor This, bool userInitiated) return; } } - else if (!SecurityHelper.CallerHasAllClipboardPermission()) - { - // Fail silently if we don't have clipboard permission. - return; - } TextEditorTyping._FlushPendingInputItems(This); @@ -389,11 +381,6 @@ internal static void Copy(TextEditor This, bool userInitiated) return; } } - else if (!SecurityHelper.CallerHasAllClipboardPermission()) - { - // Fail silently if we don't have clipboard permission. - return; - } TextEditorTyping._FlushPendingInputItems(This); @@ -429,11 +416,6 @@ internal static void Copy(TextEditor This, bool userInitiated) /// internal static void Paste(TextEditor This) { - // Don't try anything if the caller doesn't have the rights to read from the clipboard... - if (!SecurityHelper.CallerHasAllClipboardPermission()) - { - return; - } if (This.Selection.IsTableCellRange) { @@ -661,18 +643,10 @@ private static void OnQueryStatusPaste(object target, CanExecuteRoutedEventArgs try { - if (SecurityHelper.CallerHasAllClipboardPermission()) - { - // Define what format our paste mechanism recognizes on the clipbord appropriate for this selection - string formatToApply = GetPasteApplyFormat(This, Clipboard.GetDataObject()); + // Define what format our paste mechanism recognizes on the clipbord appropriate for this selection + string formatToApply = GetPasteApplyFormat(This, Clipboard.GetDataObject()); - args.CanExecute = formatToApply.Length > 0; - } - else - { - // Simplified version of clipboard sniffing for partial trust - args.CanExecute = Clipboard.IsClipboardPopulated(); - } + args.CanExecute = formatToApply.Length > 0; } catch (ExternalException) { diff --git a/src/Microsoft.DotNet.Wpf/src/ReachFramework/AlphaFlattener/Utility.cs b/src/Microsoft.DotNet.Wpf/src/ReachFramework/AlphaFlattener/Utility.cs index 133637f2b27..a94f996ed29 100644 --- a/src/Microsoft.DotNet.Wpf/src/ReachFramework/AlphaFlattener/Utility.cs +++ b/src/Microsoft.DotNet.Wpf/src/ReachFramework/AlphaFlattener/Utility.cs @@ -1779,24 +1779,7 @@ public static Matrix CreateViewboxToViewportTransform(TileBrush brush, Rect boun [FriendAccessAllowed] public static Uri GetFontUri(GlyphTypeface typeface) { - CodeAccessPermission discoveryPermission = typeface.CriticalUriDiscoveryPermission; - - if (discoveryPermission != null) - { - discoveryPermission.Assert(); // BlessedAssert - } - - try - { - return typeface.FontUri; - } - finally - { - if (discoveryPermission != null) - { - CodeAccessPermission.RevertAssert(); - } - } + return typeface.FontUri; } #endregion diff --git a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/VisualSerializer.cs b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/VisualSerializer.cs index 1848b6b05a5..246ce844c93 100644 --- a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/VisualSerializer.cs +++ b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/VisualSerializer.cs @@ -2026,27 +2026,9 @@ out bitmapToDrawingTransform private static bool EmbeddingAllowed(GlyphTypeface typeface) { - CodeAccessPermission fontReadPermission = typeface.CriticalFileReadPermission; - FontEmbeddingRight embeddingRights = FontEmbeddingRight.Installable; - - if (fontReadPermission != null) - { - fontReadPermission.Assert(); // Blessed assert - } - - try - { - embeddingRights = typeface.EmbeddingRights; - } - finally - { - if (fontReadPermission != null) - { - CodeAccessPermission.RevertAssert(); - } - } + embeddingRights = typeface.EmbeddingRights; return (XpsFontSubsetter.DetermineEmbeddingAction(embeddingRights) != FontEmbeddingAction.ImageOnlyFont); } diff --git a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/XpsFontSubsetter.cs b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/XpsFontSubsetter.cs index 27a5654ec75..564db44139f 100644 --- a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/XpsFontSubsetter.cs +++ b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/XpsFontSubsetter.cs @@ -144,24 +144,7 @@ GlyphRun glyphRun Uri fontUri = null; - CodeAccessPermission fontReadPermission = glyphRun.GlyphTypeface.CriticalFileReadPermission; - - if (fontReadPermission != null) - { - fontReadPermission.Assert(); - } - - try - { - embeddingRights = glyphRun.GlyphTypeface.EmbeddingRights; - } - finally - { - if (fontReadPermission != null) - { - CodeAccessPermission.RevertAssert(); - } - } + embeddingRights = glyphRun.GlyphTypeface.EmbeddingRights; if (DetermineEmbeddingAction(embeddingRights) == FontEmbeddingAction.ImageOnlyFont) @@ -290,24 +273,9 @@ FontSubsetterCommitPolicies signal DetermineEmbeddingAction(GlyphTypeface glyphTypeface) { FontEmbeddingRight fsType = FontEmbeddingRight.RestrictedLicense; - CodeAccessPermission fontReadPermission = glyphTypeface.CriticalFileReadPermission; - if (fontReadPermission != null) - { - fontReadPermission.Assert(); - } + fsType = glyphTypeface.EmbeddingRights; - try - { - fsType = glyphTypeface.EmbeddingRights; - } - finally - { - if (fontReadPermission != null) - { - CodeAccessPermission.RevertAssert(); - } - } return DetermineEmbeddingAction(fsType); } /// @@ -360,24 +328,9 @@ FontEmbeddingRight fsType IsRestrictedFont(GlyphTypeface glyphTypeface) { FontEmbeddingRight fsType = FontEmbeddingRight.RestrictedLicense; - CodeAccessPermission fontReadPermission = glyphTypeface.CriticalFileReadPermission; - if (fontReadPermission != null) - { - fontReadPermission.Assert(); - } + fsType = glyphTypeface.EmbeddingRights; - try - { - fsType = glyphTypeface.EmbeddingRights; - } - finally - { - if (fontReadPermission != null) - { - CodeAccessPermission.RevertAssert(); - } - } return IsRestrictedFont(fsType); } /// @@ -468,24 +421,8 @@ GlyphTypeface glyphTypeface { FEMCacheItem manager = null; Uri fontUri; - CodeAccessPermission uriDiscoveryPermission = glyphTypeface.CriticalUriDiscoveryPermission; - - if (uriDiscoveryPermission != null) - { - uriDiscoveryPermission.Assert(); - } - try - { - fontUri = glyphTypeface.FontUri; - } - finally - { - if (uriDiscoveryPermission != null) - { - CodeAccessPermission.RevertAssert(); - } - } + fontUri = glyphTypeface.FontUri; if (!_fontEmbeddingManagerCache.TryGetValue(fontUri, out manager)) { @@ -543,25 +480,7 @@ BasePackagingPolicy packagingPolicy // _fontEmbeddingManager = new FontEmbeddingManager(); _glyphTypeface = glyphTypeface; - - CodeAccessPermission uriDiscoveryPermission = glyphTypeface.CriticalUriDiscoveryPermission; - - if (uriDiscoveryPermission != null) - { - uriDiscoveryPermission.Assert(); - } - - try - { - _fontUri = glyphTypeface.FontUri; - } - finally - { - if (uriDiscoveryPermission != null) - { - CodeAccessPermission.RevertAssert(); - } - } + _fontUri = glyphTypeface.FontUri; Uri fontUri = new Uri(_fontUri.GetComponents(UriComponents.SerializationInfoString, UriFormat.SafeUnescaped), UriKind.RelativeOrAbsolute); string fontUriAsString = fontUri.GetComponents(UriComponents.SerializationInfoString, UriFormat.UriEscaped); @@ -612,25 +531,7 @@ GlyphRun glyphRun break; case FontEmbeddingAction.ObfuscateSubsetFont: - CodeAccessPermission uriDiscoveryPermission = glyphRun.GlyphTypeface.CriticalUriDiscoveryPermission; - - if (uriDiscoveryPermission != null) - { - uriDiscoveryPermission.Assert(); - } - - try - { - _fontEmbeddingManager.RecordUsage(glyphRun); - } - finally - { - if (uriDiscoveryPermission != null) - { - CodeAccessPermission.RevertAssert(); - } - } - + _fontEmbeddingManager.RecordUsage(glyphRun); fontUri = _fontResourceStream.Uri; break; } @@ -722,23 +623,7 @@ Stream stream { byte[] fontData; - PermissionSet permissions = new PermissionSet(null); - permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)); - CodeAccessPermission criticalFileReadPermission = _glyphTypeface.CriticalFileReadPermission; - if (criticalFileReadPermission != null) - { - permissions.AddPermission(criticalFileReadPermission); - } - - permissions.Assert(); - try - { - fontData = _glyphTypeface.ComputeSubset(glyphs); - } - finally - { - CodeAccessPermission.RevertAssert(); - } + fontData = _glyphTypeface.ComputeSubset(glyphs); Guid guid = ParseGuidFromUri(_fontResourceStream.Uri); ObfuscateData(fontData, guid); @@ -762,24 +647,8 @@ Stream stream Stream sourceStream = null; byte [] memoryFont; GlyphTypeface glyphTypeface = new GlyphTypeface(sourceUri); - CodeAccessPermission fontReadPermission = glyphTypeface.CriticalFileReadPermission; - if (fontReadPermission != null) - { - fontReadPermission.Assert(); - } - - try - { - sourceStream = glyphTypeface.GetFontStream(); - } - finally - { - if (fontReadPermission != null) - { - CodeAccessPermission.RevertAssert(); - } - } + sourceStream = glyphTypeface.GetFontStream(); memoryFont = new byte[_readBlockSize]; Guid guid = ParseGuidFromUri(destUri); diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index a27a9514b2e..7eb2a146b1b 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -186,199 +186,8 @@ internal static PermissionSet ExtractAppDomainPermissionSetMinusSiteOfOrigin() #endif -#if PRESENTATION_CORE - /// - /// determines if the current call stack has the serialization formatter - /// permission. This is one of the few CLR checks that doesn't have a - /// bool version - you have to let the check fail and catch the exception. - /// - /// Because this is a check *at that point*, you may not cache this value. - /// - /// true if call stack has the serialization permission - internal static bool CallerHasSerializationPermission() - { - try - { - if(_serializationSecurityPermission == null) - { - _serializationSecurityPermission = new SecurityPermission(SecurityPermissionFlag.SerializationFormatter); - } - _serializationSecurityPermission.Demand(); - } - catch (SecurityException) - { - return false; - } - return true; - } - static SecurityPermission _serializationSecurityPermission = null; - - /// - /// determines if the current call stack has the all clipboard - /// permission. This is one of the few CLR checks that doesn't have a - /// bool version - you have to let the check fail and catch the exception. - /// - /// Because this is a check *at that point*, you may not cache this value. - /// - /// true if call stack has the all clipboard - internal static bool CallerHasAllClipboardPermission() - { - try - { - SecurityHelper.DemandAllClipboardPermission(); - } - catch (SecurityException) - { - return false; - } - return true; - } - - internal static void DemandAllClipboardPermission() - { - if(_uiPermissionAllClipboard == null) - { - _uiPermissionAllClipboard = new UIPermission(UIPermissionClipboard.AllClipboard); - } - _uiPermissionAllClipboard.Demand(); - } - static UIPermission _uiPermissionAllClipboard = null; - - internal static void DemandPathDiscovery(string path) - { - new FileIOPermission(FileIOPermissionAccess.PathDiscovery, path).Demand(); - } - - internal static bool CheckEnvironmentPermission() - { - try - { - SecurityHelper.DemandEnvironmentPermission(); - } - catch (SecurityException) - { - return false ; - } - - return true; - } - - internal static void DemandEnvironmentPermission() - { - if(_unrestrictedEnvironmentPermission == null) - { - _unrestrictedEnvironmentPermission = new EnvironmentPermission(PermissionState.Unrestricted); - } - _unrestrictedEnvironmentPermission.Demand(); - } - static EnvironmentPermission _unrestrictedEnvironmentPermission = null; - - internal static void DemandUriDiscoveryPermission(Uri uri) - { - CodeAccessPermission permission = CreateUriDiscoveryPermission(uri); - if (permission != null) - permission.Demand(); - } - - internal static CodeAccessPermission CreateUriDiscoveryPermission(Uri uri) - { - // explicitly disallow sub-classed Uris to guard against - // exploits where we "lie" about some of the properties on the Uri. - // and then later change the value returned - // ( e.g. supply a different uri from what checked here) - if (uri.GetType().IsSubclassOf(typeof(Uri))) - { - DemandInfrastructurePermission(); - } - - if (uri.IsFile) - return new FileIOPermission(FileIOPermissionAccess.PathDiscovery, uri.LocalPath); - - // Add appropriate demands for other Uri types here. - return null; - } - - internal static CodeAccessPermission CreateUriReadPermission(Uri uri) - { - // explicitly disallow sub-classed Uris to guard against - // exploits where we "lie" about some of the properties on the Uri. - // and then later change the value returned - // ( e.g. supply a different uri from what checked here) - if (uri.GetType().IsSubclassOf(typeof(Uri))) - { - DemandInfrastructurePermission(); - } - - if (uri.IsFile) - return new FileIOPermission(FileIOPermissionAccess.Read, uri.LocalPath); - - // Add appropriate demands for other Uri types here. - return null; - } - - internal static void DemandUriReadPermission(Uri uri) - { - CodeAccessPermission permission = CreateUriReadPermission(uri); - if (permission != null) - permission.Demand(); - } - - /// - /// Checks whether the caller has path discovery permission for the input path. - /// - /// Full path to a file or a directory. - /// true if the caller has the discovery permission, false otherwise. - internal static bool CallerHasPathDiscoveryPermission(string path) - { - try - { - DemandPathDiscovery(path); - return true; - } - catch (SecurityException) - { - return false; - } - } - - /// - /// The permission set required to use encrypted package envelopes - /// - internal static PermissionSet EnvelopePermissionSet - { - get - { - if (_envelopePermissionSet == null) - { - _envelopePermissionSet = CreateEnvelopePermissionSet(); - } - return _envelopePermissionSet; - } - } - private static PermissionSet _envelopePermissionSet = null; - - /// - /// Creates a permission set that includes all permissions necessary to - /// use EncryptedPackageEnvelope. - /// - /// The appropriate permission set - private static PermissionSet CreateEnvelopePermissionSet() - { - PermissionSet permissionSet = new PermissionSet(PermissionState.None); - return permissionSet; - } - -#endif - #if WINDOWS_BASE - internal static void DemandPathDiscovery(string path) - { - FileIOPermission permobj = new FileIOPermission(PermissionState.None); - permobj.AddPathList(FileIOPermissionAccess.PathDiscovery, path); - permobj.Demand(); - } - internal static void RunClassConstructor(Type t) { System.Runtime.CompilerServices.RuntimeHelpers.RunClassConstructor(t.TypeHandle); From 25f06558afad741dea1b7ddfae36f70d49bae2d4 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 11:58:17 -0700 Subject: [PATCH 10/21] removed more securityhelper logic --- .../Windows/Input/ManipulationDevice.cs | 1 - .../System/Windows/Input/MouseDevice.cs | 1 - .../Input/Stylus/Wisp/WispTabletDevice.cs | 1 - .../System/Windows/Input/TouchDevice.cs | 1 - .../Windows/InterOp/CursorInteropHelper.cs | 1 - .../System/Windows/InterOp/HwndSource.cs | 7 --- .../Media/Effects/BevelBitmapEffect.cs | 1 - .../Windows/Media/Effects/BitmapEffect.cs | 11 +--- .../Windows/Media/Effects/BlurBitmapEffect.cs | 1 - .../Media/Effects/DropShadowBitmapEffect.cs | 1 - .../System/Windows/Media/Effects/Effect.cs | 4 -- .../Media/Effects/OuterGlowBitmapEffect.cs | 1 - .../Windows/Media/Effects/PixelShader.cs | 1 - .../Media/Effects/embossbitmapeffect.cs | 1 - .../Windows/Media/Imaging/BitmapCodecInfo.cs | 12 ----- .../Media/Imaging/LateBoundBitmapDecoder.cs | 1 - .../System/Windows/PresentationSource.cs | 3 -- .../System/Windows/SourceChangedEventArgs.cs | 2 - .../MS/Internal/AppModel/IconHelper.cs | 1 - .../MS/Internal/AppModel/XappLauncher.cs | 6 --- .../Microsoft/Win32/CommonDialog.cs | 1 - .../Microsoft/Win32/SaveFileDialog.cs | 5 -- .../System/Windows/Application.cs | 1 - .../Windows/Controls/Primitives/Popup.cs | 4 -- .../Windows/Input/KeyboardNavigation.cs | 1 - .../System/Windows/Interop/HwndHost.cs | 3 -- .../Windows/Interop/WindowInteropHelper.cs | 4 -- .../System/Windows/Window.cs | 50 ------------------- .../src/Shared/MS/Internal/SecurityHelper.cs | 23 --------- .../src/Shared/MS/Win32/HwndSubclass.cs | 4 -- 30 files changed, 1 insertion(+), 153 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/ManipulationDevice.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/ManipulationDevice.cs index f75891c6978..d83fdd9aa71 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/ManipulationDevice.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/ManipulationDevice.cs @@ -61,7 +61,6 @@ public override PresentationSource ActiveSource { get { - SecurityHelper.DemandUIWindowPermission(); return _activeSource; } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/MouseDevice.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/MouseDevice.cs index 5fabfb9859c..e0c57b0b931 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/MouseDevice.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/MouseDevice.cs @@ -214,7 +214,6 @@ public override PresentationSource ActiveSource { get { - SecurityHelper.DemandUIWindowPermission(); if (_inputSource != null) { return _inputSource.Value; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Stylus/Wisp/WispTabletDevice.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Stylus/Wisp/WispTabletDevice.cs index 0c4c8084b0c..8ba1a831adf 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Stylus/Wisp/WispTabletDevice.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Stylus/Wisp/WispTabletDevice.cs @@ -156,7 +156,6 @@ internal override PresentationSource ActiveSource { get { - SecurityHelper.DemandUIWindowPermission(); VerifyAccess(); StylusDevice stylusDevice = Stylus.CurrentStylusDevice; if (stylusDevice == null) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/TouchDevice.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/TouchDevice.cs index 9f9a2ff0944..d922758975b 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/TouchDevice.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/TouchDevice.cs @@ -124,7 +124,6 @@ public sealed override PresentationSource ActiveSource { get { - SecurityHelper.DemandUIWindowPermission(); return _activeSource; } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/CursorInteropHelper.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/CursorInteropHelper.cs index 043041a1c06..63acad2fb35 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/CursorInteropHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/CursorInteropHelper.cs @@ -43,7 +43,6 @@ public static class CursorInteropHelper /// public static Cursor Create(SafeHandle cursorHandle) { - SecurityHelper.DemandUIWindowPermission(); return CriticalCreate(cursorHandle); } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/HwndSource.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/HwndSource.cs index 7cc407beec7..d21f71e01a2 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/HwndSource.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/InterOp/HwndSource.cs @@ -78,7 +78,6 @@ public HwndSource( string name, IntPtr parent) { - SecurityHelper.DemandUIWindowPermission(); HwndSourceParameters param = new HwndSourceParameters(name); param.WindowClassStyle = classStyle; @@ -138,7 +137,6 @@ public HwndSource(int classStyle, IntPtr parent, bool adjustSizingForNonClientArea) { - SecurityHelper.DemandUIWindowPermission(); HwndSourceParameters parameters = new HwndSourceParameters(name, width, height); parameters.WindowClassStyle = classStyle; @@ -195,7 +193,6 @@ public HwndSource( string name, IntPtr parent) { - SecurityHelper.DemandUIWindowPermission(); HwndSourceParameters parameters = new HwndSourceParameters(name, width, height); parameters.WindowClassStyle = classStyle; @@ -372,7 +369,6 @@ public void Dispose() /// public void AddHook(HwndSourceHook hook) { - SecurityHelper.DemandUIWindowPermission(); Verify.IsNotNull(hook, "hook"); CheckDisposed(true); @@ -395,7 +391,6 @@ public void AddHook(HwndSourceHook hook) /// public void RemoveHook(HwndSourceHook hook) { - SecurityHelper.DemandUIWindowPermission(); //this.VerifyAccess(); @@ -681,7 +676,6 @@ public IEnumerable ChildKeyboardInputSinks /// public static HwndSource FromHwnd(IntPtr hwnd) { - SecurityHelper.DemandUIWindowPermission(); return CriticalFromHwnd(hwnd); } @@ -940,7 +934,6 @@ public IntPtr Handle { get { - SecurityHelper.DemandUIWindowPermission(); return CriticalHandle; } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/BevelBitmapEffect.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/BevelBitmapEffect.cs index bb1a63d592c..b8caf9e3b3a 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/BevelBitmapEffect.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/BevelBitmapEffect.cs @@ -50,7 +50,6 @@ unsafe protected override SafeHandle CreateUnmanagedEffect() [Obsolete(MS.Internal.Media.VisualTreeUtils.BitmapEffectObsoleteMessage)] protected override void UpdateUnmanagedPropertyState(SafeHandle unmanagedEffect) { - SecurityHelper.DemandUIWindowPermission(); } } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/BitmapEffect.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/BitmapEffect.cs index 67588c28d77..03c15afe621 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/BitmapEffect.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/BitmapEffect.cs @@ -39,13 +39,7 @@ public abstract partial class BitmapEffect /// Constructor /// protected BitmapEffect() - { - // Even though BitmapEffects are obsolete, to preserve compat they are - // still never allowed in partial trust scenarios. The previous BitmapEffects - // would create a native COM object in the constructor, which would demand. - // So, demand UIWindow permission immediately in the ctor. - SecurityHelper.DemandUIWindowPermission(); - + { // STA Requirement // // Avalon doesn't necessarily require STA, but many components do. Examples @@ -85,7 +79,6 @@ protected BitmapEffect() [Obsolete(MS.Internal.Media.VisualTreeUtils.BitmapEffectObsoleteMessage)] unsafe static protected void SetValue(SafeHandle effect, string propertyName, object value) { - SecurityHelper.DemandUIWindowPermission(); } /// @@ -95,7 +88,6 @@ unsafe static protected void SetValue(SafeHandle effect, string propertyName, ob [Obsolete(MS.Internal.Media.VisualTreeUtils.BitmapEffectObsoleteMessage)] unsafe static protected SafeHandle /* IMILBitmapEffect */ CreateBitmapEffectOuter() { - SecurityHelper.DemandUIWindowPermission(); return null; } @@ -108,7 +100,6 @@ unsafe static protected void SetValue(SafeHandle effect, string propertyName, ob unsafe static protected void InitializeBitmapEffect(SafeHandle /*IMILBitmapEffect */ outerObject, SafeHandle/* IMILBitmapEffectPrimitive */ innerObject) { - SecurityHelper.DemandUIWindowPermission(); } #endregion diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/BlurBitmapEffect.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/BlurBitmapEffect.cs index 6a6a97e8913..a2874528f15 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/BlurBitmapEffect.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/BlurBitmapEffect.cs @@ -50,7 +50,6 @@ unsafe protected override SafeHandle CreateUnmanagedEffect() [Obsolete(MS.Internal.Media.VisualTreeUtils.BitmapEffectObsoleteMessage)] protected override void UpdateUnmanagedPropertyState(SafeHandle unmanagedEffect) { - SecurityHelper.DemandUIWindowPermission(); } /// diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/DropShadowBitmapEffect.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/DropShadowBitmapEffect.cs index 25e811ea591..613cf410f52 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/DropShadowBitmapEffect.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/DropShadowBitmapEffect.cs @@ -44,7 +44,6 @@ unsafe protected override SafeHandle CreateUnmanagedEffect() [Obsolete(MS.Internal.Media.VisualTreeUtils.BitmapEffectObsoleteMessage)] protected override void UpdateUnmanagedPropertyState(SafeHandle unmanagedEffect) { - SecurityHelper.DemandUIWindowPermission(); } /// diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/Effect.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/Effect.cs index d73da6fcc26..5c52ed0ab0b 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/Effect.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/Effect.cs @@ -52,10 +52,6 @@ public static Brush ImplicitInput /// protected Effect() { - // Effects are never allowed in partial trust scenarios. So demand - // UIWindow permission immediately in the ctor and get it - // over with. - SecurityHelper.DemandUIWindowPermission(); } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/OuterGlowBitmapEffect.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/OuterGlowBitmapEffect.cs index c591a863bc5..2f4af4b6457 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/OuterGlowBitmapEffect.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/OuterGlowBitmapEffect.cs @@ -50,7 +50,6 @@ unsafe protected override SafeHandle CreateUnmanagedEffect() [Obsolete(MS.Internal.Media.VisualTreeUtils.BitmapEffectObsoleteMessage)] protected override void UpdateUnmanagedPropertyState(SafeHandle unmanagedEffect) { - SecurityHelper.DemandUIWindowPermission(); } } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/PixelShader.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/PixelShader.cs index 10ac99bd871..83ede498e7b 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/PixelShader.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/PixelShader.cs @@ -134,7 +134,6 @@ private void UriSourcePropertyChangedHook(DependencyPropertyChangedEventArgs e) /// private void LoadPixelShaderFromStreamIntoMemory(Stream source) { - SecurityHelper.DemandUIWindowPermission(); _shaderBytecode = new SecurityCriticalData(null); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/embossbitmapeffect.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/embossbitmapeffect.cs index 96f1f70f314..4a5414932c9 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/embossbitmapeffect.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Effects/embossbitmapeffect.cs @@ -44,7 +44,6 @@ unsafe protected override SafeHandle CreateUnmanagedEffect() [Obsolete(MS.Internal.Media.VisualTreeUtils.BitmapEffectObsoleteMessage)] protected override void UpdateUnmanagedPropertyState(SafeHandle unmanagedEffect) { - SecurityHelper.DemandUIWindowPermission(); } } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapCodecInfo.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapCodecInfo.cs index e841ecbf43c..a704e589151 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapCodecInfo.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapCodecInfo.cs @@ -66,7 +66,6 @@ public virtual Guid ContainerFormat { get { - SecurityHelper.DemandRegistryPermission(); EnsureBuiltIn(); @@ -91,7 +90,6 @@ public virtual string Author { get { - SecurityHelper.DemandRegistryPermission(); EnsureBuiltIn(); @@ -138,7 +136,6 @@ public virtual System.Version Version { get { - SecurityHelper.DemandRegistryPermission(); EnsureBuiltIn(); @@ -185,7 +182,6 @@ public virtual Version SpecificationVersion { get { - SecurityHelper.DemandRegistryPermission(); EnsureBuiltIn(); @@ -232,7 +228,6 @@ public virtual string FriendlyName { get { - SecurityHelper.DemandRegistryPermission(); EnsureBuiltIn(); @@ -279,7 +274,6 @@ public virtual string DeviceManufacturer { get { - SecurityHelper.DemandRegistryPermission(); EnsureBuiltIn(); @@ -326,7 +320,6 @@ public virtual string DeviceModels { get { - SecurityHelper.DemandRegistryPermission(); EnsureBuiltIn(); @@ -373,7 +366,6 @@ public virtual string MimeTypes { get { - SecurityHelper.DemandRegistryPermission(); EnsureBuiltIn(); @@ -420,7 +412,6 @@ public virtual string FileExtensions { get { - SecurityHelper.DemandRegistryPermission(); EnsureBuiltIn(); @@ -467,7 +458,6 @@ public virtual bool SupportsAnimation { get { - SecurityHelper.DemandRegistryPermission(); EnsureBuiltIn(); @@ -492,7 +482,6 @@ public virtual bool SupportsLossless { get { - SecurityHelper.DemandRegistryPermission(); EnsureBuiltIn(); @@ -517,7 +506,6 @@ public virtual bool SupportsMultipleFrames { get { - SecurityHelper.DemandRegistryPermission(); EnsureBuiltIn(); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/LateBoundBitmapDecoder.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/LateBoundBitmapDecoder.cs index 42240e0816a..ec93a1b044d 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/LateBoundBitmapDecoder.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/LateBoundBitmapDecoder.cs @@ -164,7 +164,6 @@ public override BitmapCodecInfo CodecInfo { VerifyAccess(); - SecurityHelper.DemandRegistryPermission(); if (_isDownloading) { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/PresentationSource.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/PresentationSource.cs index 5a0b62c0a62..28843303108 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/PresentationSource.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/PresentationSource.cs @@ -92,7 +92,6 @@ internal virtual IInputProvider GetInputProvider(Type inputDevice) /// public static PresentationSource FromVisual(Visual visual) { - SecurityHelper.DemandUIWindowPermission(); return CriticalFromVisual(visual); } @@ -107,7 +106,6 @@ public static PresentationSource FromVisual(Visual visual) /// public static PresentationSource FromDependencyObject(DependencyObject dependencyObject) { - SecurityHelper.DemandUIWindowPermission(); return CriticalFromVisual(dependencyObject); } @@ -389,7 +387,6 @@ public static IEnumerable CurrentSources { get { - SecurityHelper.DemandUIWindowPermission(); return CriticalCurrentSources; } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/SourceChangedEventArgs.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/SourceChangedEventArgs.cs index d43385011e3..7c4680606e9 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/SourceChangedEventArgs.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/SourceChangedEventArgs.cs @@ -68,7 +68,6 @@ public PresentationSource OldSource { get { - SecurityHelper.DemandUIWindowPermission(); return _oldSource.Value; } } @@ -83,7 +82,6 @@ public PresentationSource NewSource { get { - SecurityHelper.DemandUIWindowPermission(); return _newSource.Value; } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/IconHelper.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/IconHelper.cs index 77ea2354301..10f30d9eafe 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/IconHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/IconHelper.cs @@ -78,7 +78,6 @@ public static void GetDefaultIconHandles(out NativeMethods.IconHandle largeIconH largeIconHandle = null; smallIconHandle = null; - SecurityHelper.DemandUIWindowPermission(); // Get the handle of the module that created the running process. string iconModuleFile = UnsafeNativeMethods.GetModuleFileName(new HandleRef()); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/XappLauncher.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/XappLauncher.cs index d5ee241d13a..9bd06c8edea 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/XappLauncher.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/AppModel/XappLauncher.cs @@ -111,7 +111,6 @@ void XappLauncherApp_Navigated(object sender, NavigationEventArgs e) MainWindow.CommandBindings.Add(new CommandBinding(NavigationCommands.Refresh, new ExecutedRoutedEventHandler(OnCommandRefresh))); } - SecurityHelper.DemandUIWindowPermission(); NavigationWindow navWin = GetAppWindow(); Invariant.Assert(navWin != null, "A RootBrowserWindow should have been created."); while (navWin.CanGoBack) @@ -569,7 +568,6 @@ object AssertApplicationRequirementsAsync(object unused) /// private void DoDownloadUI() { - SecurityHelper.DemandUIWindowPermission(); // ASSUMES ALREADY IN CORRECT CONTEXT // Note: The custom progress page support was provided for Media Center. Since MC has @@ -612,7 +610,6 @@ private void DoDownloadUI() private void HandleError(Exception exception, string logFilePath, Uri supportUri, string requiredWpfVersion) { - SecurityHelper.DemandUIWindowPermission(); ClearAsynchronousOperationStatus(); @@ -712,7 +709,6 @@ private void HandleError(Exception exception, string logFilePath, Uri supportUri private void HandleCancel() { - SecurityHelper.DemandUIWindowPermission(); // After _runApplication is set to true, we no longer allow canceling deployment. if (_cancelHandled || _runApplication) @@ -784,7 +780,6 @@ private object DoDownloadProgressChanged(object unused) return null; Debug.Assert(!_canceled); - SecurityHelper.DemandUIWindowPermission(); if (_progressPage != null) { @@ -951,7 +946,6 @@ private RootBrowserWindow BrowserWindow { get { - SecurityHelper.DemandUIWindowPermission(); RootBrowserWindow rbw = (RootBrowserWindow)GetAppWindow(); Invariant.Assert(rbw != null, "Should have instantiated RBW if it wasn't already there"); rbw.ShowsNavigationUI = false; // not needed and not RightToLeft-enabled in this context diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/CommonDialog.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/CommonDialog.cs index 9b2ce99e726..92862d46448 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/CommonDialog.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/CommonDialog.cs @@ -265,7 +265,6 @@ protected virtual void CheckPermissionsToShowDialog() throw new InvalidOperationException(SR.Get(SRID.CantShowOnDifferentThread)); } - SecurityHelper.DemandUIWindowPermission(); } #endregion Protected Methods diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/SaveFileDialog.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/SaveFileDialog.cs index 7f91bf190c8..f6f301c04a6 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/SaveFileDialog.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/SaveFileDialog.cs @@ -73,7 +73,6 @@ public SaveFileDialog() /// public Stream OpenFile() { - SecurityHelper.DemandUIWindowPermission(); // Extract the first filename from the FileNamesInternal list. // We can do this safely because FileNamesInternal never returns @@ -107,7 +106,6 @@ public Stream OpenFile() /// public override void Reset() { - SecurityHelper.DemandUIWindowPermission(); // it is VERY important that the base.reset() call remain here // and be located at the top of this function. @@ -150,7 +148,6 @@ public bool CreatePrompt } set { - SecurityHelper.DemandUIWindowPermission(); SetOption(NativeMethods.OFN_CREATEPROMPT, value); } @@ -175,7 +172,6 @@ public bool OverwritePrompt } set { - SecurityHelper.DemandUIWindowPermission(); SetOption(NativeMethods.OFN_OVERWRITEPROMPT, value); } @@ -355,7 +351,6 @@ internal override string[] ProcessVistaFiles(IFileDialog dialog) internal override IFileDialog CreateVistaDialog() { - SecurityHelper.DemandUIWindowPermission(); new SecurityPermission(PermissionState.Unrestricted).Assert(); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Application.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Application.cs index ca3e331ebbd..b795dcb3f44 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Application.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Application.cs @@ -272,7 +272,6 @@ public void Shutdown() /// returned to the Application.Run() method. Typically this will be returned to the OS public void Shutdown(int exitCode) { - SecurityHelper.DemandUIWindowPermission(); CriticalShutdown(exitCode); } internal void CriticalShutdown(int exitCode) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/Primitives/Popup.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/Primitives/Popup.cs index 7c73e6cf136..8b8afe182d9 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/Primitives/Popup.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/Primitives/Popup.cs @@ -3317,10 +3317,6 @@ internal void BuildWindow(int x, int y, Visual placementTarget, { param.ParentWindow = parent; } - else - { - SecurityHelper.DemandUIWindowPermission(); - } } else { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Input/KeyboardNavigation.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Input/KeyboardNavigation.cs index 7097d0f532e..38259ff8cc4 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Input/KeyboardNavigation.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Input/KeyboardNavigation.cs @@ -3378,7 +3378,6 @@ internal event EnterMenuModeEventHandler EnterMenuMode { add { - SecurityHelper.DemandUIWindowPermission(); if (_weakEnterMenuModeHandlers == null) _weakEnterMenuModeHandlers = new WeakReferenceList(); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/HwndHost.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/HwndHost.cs index cab1c0666b2..0daa966a587 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/HwndHost.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/HwndHost.cs @@ -733,9 +733,6 @@ internal override Rect GetContentBounds() private DrawingGroup GetDrawingHelper() { - // Printing an HWND requires UIPermissionWindow.AllWindows to give out its pixels. - SecurityHelper.DemandUIWindowPermission(); - DrawingGroup drawingGroup = null; if(_hwnd.Handle != IntPtr.Zero && UnsafeNativeMethods.IsWindow(_hwnd)) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/WindowInteropHelper.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/WindowInteropHelper.cs index 0d459f41532..2f24030f6d9 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/WindowInteropHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Interop/WindowInteropHelper.cs @@ -64,7 +64,6 @@ public IntPtr Handle { get { - SecurityHelper.DemandUIWindowPermission(); return CriticalHandle; } } @@ -88,13 +87,11 @@ public IntPtr Owner { get { - SecurityHelper.DemandUIWindowPermission(); Debug.Assert(_window != null, "Cannot be null since we verify in the constructor"); return _window.OwnerHandle; } set { - SecurityHelper.DemandUIWindowPermission(); Debug.Assert(_window != null, "Cannot be null since we verify in the constructor"); // error checking done in Window _window.OwnerHandle = value; @@ -115,7 +112,6 @@ public IntPtr Owner /// public IntPtr EnsureHandle() { - SecurityHelper.DemandUIWindowPermission(); if (CriticalHandle == IntPtr.Zero) { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Window.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Window.cs index 5f2eba1f0e1..a6543e45018 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Window.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Window.cs @@ -229,7 +229,6 @@ public void Close() // this call ends up throwing an exception if Close // is not allowed VerifyApiSupported(); - SecurityHelper.DemandUIWindowPermission(); VerifyContextAndObjectState(); InternalClose(false, false); } @@ -247,7 +246,6 @@ public void DragMove() // this call ends up throwing an exception if dragmove // is not allowed VerifyApiSupported(); - SecurityHelper.DemandUIWindowPermission(); VerifyContextAndObjectState(); VerifyHwndCreateShowState(); @@ -507,11 +505,6 @@ public bool Activate() // this call ends up throwing an exception if Activate // is not allowed VerifyApiSupported(); - // - // Demand AllWindows code permission. - // There be a more appropriate less-restrictive permission - but this should suffice for now. - // - SecurityHelper.DemandUIWindowPermission(); VerifyContextAndObjectState(); VerifyHwndCreateShowState(); @@ -848,7 +841,6 @@ public ImageSource Icon // this call ends up throwing an exception if accessing // Icon is not allowed VerifyApiSupported(); - SecurityHelper.DemandUIWindowPermission(); VerifyContextAndObjectState(); SetValue(IconProperty, value); @@ -1031,11 +1023,6 @@ public Rect RestoreBounds // is not allowed VerifyApiSupported(); - if (!_inTrustedSubWindow) - { - SecurityHelper.DemandUIWindowPermission(); - } - // either before calling show or after closing AND // Adding check for IsCompositionTargetInvalid if (IsSourceWindowNull || IsCompositionTargetInvalid) @@ -1188,7 +1175,6 @@ public Window Owner // this call ends up throwing an exception if accessing Owner // is not allowed VerifyApiSupported(); - SecurityHelper.DemandUIWindowPermission(); VerifyContextAndObjectState(); return _ownerWindow; } @@ -1197,7 +1183,6 @@ public Window Owner // this call ends up throwing an exception if accessing Owner // is not allowed VerifyApiSupported(); - SecurityHelper.DemandUIWindowPermission(); VerifyContextAndObjectState(); if (value == this) { @@ -2258,7 +2243,6 @@ internal HwndSource HwndSourceWindow { get { - SecurityHelper.DemandUIWindowPermission(); if ( _swh != null ) return _swh.HwndSourceWindow; @@ -2925,7 +2909,6 @@ private void UpdateHwndSizeOnWidthHeightChange(double widthLogicalUnits, double { if (!_inTrustedSubWindow) { - SecurityHelper.DemandUIWindowPermission(); } Debug.Assert( IsSourceWindowNull == false , "IsSourceWindowNull cannot be true when calling this function"); @@ -3084,14 +3067,12 @@ internal IntPtr OwnerHandle { get { - SecurityHelper.DemandUIWindowPermission(); VerifyContextAndObjectState(); return _ownerHandle; } set { - SecurityHelper.DemandUIWindowPermission(); VerifyContextAndObjectState(); @@ -3144,7 +3125,6 @@ internal int _Style } set { - SecurityHelper.DemandUIWindowPermission(); _styleDoNotUse= new SecurityCriticalDataForSet(value); Manager.Dirty = true; } @@ -3169,7 +3149,6 @@ internal int _StyleEx } set { - SecurityHelper.DemandUIWindowPermission(); _styleExDoNotUse= new SecurityCriticalDataForSet((int)value); Manager.Dirty = true; } @@ -4665,11 +4644,6 @@ private bool WmMoveChanged() return false; } - if (!_inTrustedSubWindow) - { - SecurityHelper.DemandUIWindowPermission(); - } - // the input lparam gives the client location, // so just call GetWindowRect for Left and Top. NativeMethods.RECT rc = WindowBounds; @@ -4989,11 +4963,6 @@ private static void _OnShowInTaskbarChanged(DependencyObject d, DependencyProper private void OnShowInTaskbarChanged() { - if (!_inTrustedSubWindow) - { - SecurityHelper.DemandUIWindowPermission(); - } - // this call ends up throwing an exception if accessing // ShowInTaskbar is not allowed VerifyApiSupported(); @@ -5054,7 +5023,6 @@ private static void _OnWindowStateChanged(DependencyObject d, DependencyProperty private void OnWindowStateChanged(WindowState windowState) { - SecurityHelper.DemandUIWindowPermission(); // WCP: Window.Visible.Set : Make sure that window updates the styles // when set while window is hidden @@ -5213,7 +5181,6 @@ private static void _OnTopmostChanged(DependencyObject d, DependencyPropertyChan private void OnTopmostChanged(bool topmost) { - SecurityHelper.DemandUIWindowPermission(); // Demand UI permission for topmost. // this call ends up throwing an exception if accessing // Topmost is not allowed @@ -5286,11 +5253,6 @@ private void SafeCreateWindowDuringShow() //this is true the first time the window is created if (IsSourceWindowNull == true) { - //this is true only if called via RBW - if (!_inTrustedSubWindow) - { - SecurityHelper.DemandUIWindowPermission(); - } // _isVisible is false at this moment. Thus CreateAllStyle // called by CreateSourceWindow does not set WS_VISIBLE style @@ -5394,11 +5356,6 @@ private object ShowHelper(object booleanBox) } else { - //demand in case you are trying to hide this window - if (!_inTrustedSubWindow) - { - SecurityHelper.DemandUIWindowPermission(); - } ClearShowKeyboardCueState(); @@ -5817,7 +5774,6 @@ private void OnMaxWidthChanged(double maxWidth) // OR-ing of BoundsSpecified enum is not supported. private void UpdateHwndRestoreBounds(double newValue, BoundsSpecified specifiedRestoreBounds) { - SecurityHelper.DemandUIWindowPermission(); NativeMethods.WINDOWPLACEMENT wp = new NativeMethods.WINDOWPLACEMENT(); wp.length = Marshal.SizeOf(typeof(NativeMethods.WINDOWPLACEMENT)); @@ -5897,10 +5853,6 @@ private Point TransformWorkAreaScreenArea(Point pt, TransformType transformType) int deltaX = 0; int deltaY = 0; Point retPt; - if (!_inTrustedSubWindow) - { - SecurityHelper.DemandUIWindowPermission(); - } // First we get the monitor on which the window is on. [Get/Set]WindowPlacement // co-ods are dependent on the monitor on which the window is on. @@ -6143,7 +6095,6 @@ private void OnLeftChanged(double newLeft) private void UpdateHwndPositionOnTopLeftChange(double leftLogicalUnits, double topLogicalUnits) { Debug.Assert( IsSourceWindowNull == false , "IsSourceWindowNull cannot be true when calling this function"); - SecurityHelper.DemandUIWindowPermission(); Point ptDeviceUnits = LogicalToDeviceUnits(new Point(leftLogicalUnits, topLogicalUnits)); @@ -6285,7 +6236,6 @@ private void SetTaskbarStatus() { // To remove the taskbar button for this window it needs to have a non-null parent // (we'll create a hidden window for this purpose) and not have WS_EX_APPWINDOW - SecurityHelper.DemandUIWindowPermission(); // Create this now, even if we're not currently going to parent it. // If the Owner changes, we'll need to switch to this. diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index 7eb2a146b1b..04a4de2c3f8 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -244,29 +244,6 @@ internal static int GetHRForException(Exception exception) #endif -#if PRESENTATION_CORE - internal static void DemandRegistryPermission() - { - if(_unrestrictedRegistryPermission == null) - { - _unrestrictedRegistryPermission = new RegistryPermission(PermissionState.Unrestricted); - } - _unrestrictedRegistryPermission.Demand(); - } - static RegistryPermission _unrestrictedRegistryPermission = null; -#endif // PRESENTATION_CORE - -#if !PBTCOMPILER - internal static void DemandUIWindowPermission() - { - if(_allWindowsUIPermission == null) - { - _allWindowsUIPermission = new UIPermission(UIPermissionWindow.AllWindows); - } - _allWindowsUIPermission.Demand(); - } - static UIPermission _allWindowsUIPermission = null; -#endif #if PRESENTATION_CORE internal static void DemandInfrastructurePermission() { diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/HwndSubclass.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/HwndSubclass.cs index e555b49c950..8cad5b49ed5 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/HwndSubclass.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/HwndSubclass.cs @@ -115,7 +115,6 @@ internal HwndSubclass(HwndWrapperHook hook) public virtual void Dispose() { - SecurityHelper.DemandUIWindowPermission(); DisposeImpl(false); } @@ -141,7 +140,6 @@ private bool DisposeImpl(bool forceUnhook) /// internal IntPtr Attach(IntPtr hwnd) { - SecurityHelper.DemandUIWindowPermission(); if (_bond != Bond.Unattached) throw new InvalidOperationException(SR.Get(SRID.HwndSubclassMultipleAttach)); @@ -169,7 +167,6 @@ internal IntPtr Attach(IntPtr hwnd) /// internal bool Detach(bool force) { - SecurityHelper.DemandUIWindowPermission(); return CriticalDetach(force); } @@ -246,7 +243,6 @@ internal void RequestDetach(bool force) /// internal static void RequestDetach(IntPtr hwnd, IntPtr subclass, bool force) { - SecurityHelper.DemandUIWindowPermission(); if(hwnd == IntPtr.Zero) { throw new ArgumentNullException("hwnd"); From 415b1488d302ce292078c550d24a2bd679cfdc1c Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 12:16:13 -0700 Subject: [PATCH 11/21] more securityhelper removals --- .../Windows/Media/Imaging/BitmapDecoder.cs | 75 +------------------ .../Windows/Media/Imaging/BitmapDownload.cs | 32 +------- .../System/Windows/Media/MediaPlayerState.cs | 38 +--------- .../src/Shared/MS/Internal/SecurityHelper.cs | 51 ------------- 4 files changed, 6 insertions(+), 190 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs index e25c1ac699b..660fe9f2c72 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs @@ -1039,20 +1039,6 @@ private static void DemandIfImageBlocked() isImageDisabled = new SecurityCriticalDataForSet(SafeSecurityHelper.IsFeatureDisabled(SafeSecurityHelper.KeyToRead.MediaImageDisable)); isImageDisabledInitialized = true; } - if (isImageDisabled.Value) - { - // in case the registry key is '1' then demand MediaPermissionImage.AllImage - not granted in Partial Trust - SecurityHelper.DemandMediaPermission(MediaPermissionAudio.NoAudio, - MediaPermissionVideo.NoVideo, - MediaPermissionImage.AllImage); - } - else - { - // Images are enabled. Then, demand permissions for safe imaging - granted in Partial Trust by default - SecurityHelper.DemandMediaPermission(MediaPermissionAudio.NoAudio, - MediaPermissionVideo.NoVideo, - MediaPermissionImage.SafeImage); - } } internal static SafeMILHandle SetupDecoderFromUriOrStream( @@ -1089,11 +1075,6 @@ out SafeFileHandle safeFilehandle { if (uri.IsAbsoluteUri) { - // In this case we first check to see if the consumer has media permissions for - // safe media (Site of Origin + Cross domain) - SecurityHelper.DemandMediaPermission(MediaPermissionAudio.NoAudio, - MediaPermissionVideo.NoVideo, - MediaPermissionImage.SiteOfOriginImage) ; // This code path executes only for pack web requests if (String.Compare(uri.Scheme, PackUriHelper.UriSchemePack, StringComparison.OrdinalIgnoreCase) == 0) { @@ -1294,32 +1275,7 @@ private static Stream ProcessHttpFiles(Uri uri, Stream stream) // Download only if this content is not already downloaded or stream is not seekable if (bitmapStream == null || !bitmapStream.CanSeek) { - // In this case we first check to see if the consumer has media permissions for - // safe media (Site of Origin + Cross domain), if it - // does we assert and run the code that requires the assert - bool fElevate = false; - if (SecurityHelper.CallerHasMediaPermission(MediaPermissionAudio.NoAudio, - MediaPermissionVideo.NoVideo, - MediaPermissionImage.SafeImage)) - { - fElevate = true; - } - - if (fElevate) - { - (new WebPermission(NetworkAccess.Connect, BindUriHelper.UriToString(uri))).Assert(); // BlessedAssert - } - try - { - request = WpfWebRequestHelper.CreateRequest(uri); - } - finally - { - if (fElevate) - { - WebPermission.RevertAssert(); - } - } + request = WpfWebRequestHelper.CreateRequest(uri); // Download only if this content is not already downloaded or stream is not seekable bitmapStream = WpfWebRequestHelper.GetResponseStream(request); @@ -1334,35 +1290,8 @@ private static Stream ProcessUncFiles(Uri uri) // perform checks for UNC content SecurityHelper.EnforceUncContentAccessRules(uri); - // In this case we first check to see if the consumer has media permissions for - // safe media (Site of Origin + Cross domain), if it - // does then we assert else we run the code without the assert - bool fElevate = false; - if (SecurityHelper.CallerHasMediaPermission(MediaPermissionAudio.NoAudio, - MediaPermissionVideo.NoVideo, - MediaPermissionImage.SafeImage)) - { - fElevate = true; - } + bitmapStream = new System.IO.FileStream(uri.LocalPath, FileMode.Open, FileAccess.Read, FileShare.Read); - if(fElevate) - { - // since the code above ensures that safe image permission is granted we - // can now do an assert to allow cross domain web request - (new FileIOPermission(FileIOPermissionAccess.Read, uri.LocalPath)).Assert(); // BlessedAssert - } - try - { - // FileStream does a demand for us, so no need to do a demand - bitmapStream = new System.IO.FileStream(uri.LocalPath, FileMode.Open, FileAccess.Read, FileShare.Read); - } - finally - { - if(fElevate) - { - FileIOPermission.RevertAssert(); - } - } return bitmapStream; } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDownload.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDownload.cs index ab693984ba9..51c52edf60c 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDownload.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDownload.cs @@ -199,41 +199,15 @@ Stream stream if (stream == null) { - bool fElevate = false; if (uri.Scheme == Uri.UriSchemeHttp || uri.Scheme == Uri.UriSchemeHttps) { SecurityHelper.BlockCrossDomainForHttpsApps(uri); - - // In this case we first check to see if the consumer has media permissions for - // safe media (Site of Origin + Cross domain), if it - // does we assert and run the code that requires the assert - if (SecurityHelper.CallerHasMediaPermission(MediaPermissionAudio.NoAudio, - MediaPermissionVideo.NoVideo, - MediaPermissionImage.SafeImage)) - { - fElevate = true; - } } - // This is the case where we are accessing an http image from an http site and we have media permission - if (fElevate) - { - (new WebPermission(NetworkAccess.Connect, BindUriHelper.UriToString(uri))).Assert(); // BlessedAssert - } - try + entry.webRequest = WpfWebRequestHelper.CreateRequest(uri); + if (uriCachePolicy != null) { - entry.webRequest = WpfWebRequestHelper.CreateRequest(uri); - if (uriCachePolicy != null) - { - entry.webRequest.CachePolicy = uriCachePolicy; - } - } - finally - { - if(fElevate) - { - WebPermission.RevertAssert(); - } + entry.webRequest.CachePolicy = uriCachePolicy; } entry.webRequest.BeginGetResponse(_responseCallback, entry); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/MediaPlayerState.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/MediaPlayerState.cs index 04d321dd693..9d58bf21d6e 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/MediaPlayerState.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/MediaPlayerState.cs @@ -807,8 +807,6 @@ bool notifyUceDirectly /// private void CreateMedia(MediaPlayer mediaPlayer) { - CheckMediaDisabledFlags(); - SafeMILHandle unmanagedProxy = null; MediaEventsHelper.CreateMediaEventsHelper(mediaPlayer, out _mediaEventsHelper, out unmanagedProxy); try @@ -818,7 +816,7 @@ private void CreateMedia(MediaPlayer mediaPlayer) HRESULT.Check(UnsafeNativeMethods.MILFactory2.CreateMediaPlayer( myFactory.FactoryPtr, unmanagedProxy, - SecurityHelper.CallerHasMediaPermission(MediaPermissionAudio.AllAudio, MediaPermissionVideo.AllVideo, MediaPermissionImage.NoImage), + true, out _nativeMedia )); } @@ -913,19 +911,6 @@ private void OpenMedia(Uri source) HRESULT.Check(MILMedia.Open(_nativeMedia, toOpen)); } - private void CheckMediaDisabledFlags() - { - if (SafeSecurityHelper.IsFeatureDisabled(SafeSecurityHelper.KeyToRead.MediaAudioOrVideoDisable)) - { - // in case the registry key is '1' then demand - //Demand media permission here for Video or Audio - // Issue: 1232606 need to fix once clr has the media permissions - SecurityHelper.DemandMediaPermission(MediaPermissionAudio.AllAudio, - MediaPermissionVideo.AllVideo, - MediaPermissionImage.NoImage); - } - } - private Uri ResolveUri(Uri uri, Uri appBase) { if (uri.IsAbsoluteUri) @@ -965,16 +950,6 @@ private string DemandPermissions(Uri absoluteUri) { // perform checks for UNC content SecurityHelper.EnforceUncContentAccessRules(absoluteUri); - - // In this case we first check to see if the consumer has media permissions for - // safe media (Site of Origin + Cross domain). - if (!SecurityHelper.CallerHasMediaPermission(MediaPermissionAudio.SafeAudio, - MediaPermissionVideo.SafeVideo, - MediaPermissionImage.NoImage)) - { - // if he does not then we demand web permission to allow access only to site of origin - (new FileIOPermission(FileIOPermissionAccess.Read, toOpen)).Demand(); - } } else // Any other path { @@ -984,17 +959,6 @@ private string DemandPermissions(Uri absoluteUri) { //accessing non https content from an https app is disallowed SecurityHelper.BlockCrossDomainForHttpsApps(absoluteUri); - if (!SecurityHelper.CallerHasMediaPermission(MediaPermissionAudio.SafeAudio, - MediaPermissionVideo.SafeVideo, - MediaPermissionImage.NoImage)) - { - // if he does not then we demand web permission to allow access only to site of origin - (new WebPermission(NetworkAccess.Connect, toOpen)).Demand(); - } - } - else// This is the case where target content is HTTPS - { - (new WebPermission(NetworkAccess.Connect, toOpen)).Demand(); } } } diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index 04a4de2c3f8..b4c1493ef96 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -244,57 +244,6 @@ internal static int GetHRForException(Exception exception) #endif -#if PRESENTATION_CORE - internal static void DemandInfrastructurePermission() - { - if(_infrastructurePermission == null) - { - _infrastructurePermission = new SecurityPermission( SecurityPermissionFlag.Infrastructure ); - } - _infrastructurePermission.Demand(); - } - static SecurityPermission _infrastructurePermission = null; - -#endif - -#if PRESENTATION_CORE || REACHFRAMEWORK - - internal static void DemandMediaPermission(MediaPermissionAudio audioPermissionToDemand, - MediaPermissionVideo videoPermissionToDemand, - MediaPermissionImage imagePermissionToDemand) - { - // Demand the appropriate permission - (new MediaPermission(audioPermissionToDemand, - videoPermissionToDemand, - imagePermissionToDemand )).Demand(); - } - - - /// - /// Check whether the call stack has the permissions needed for safe media. - /// - /// -#if REACHFRAMEWORK -#else -#endif - internal static bool CallerHasMediaPermission(MediaPermissionAudio audioPermissionToDemand, - MediaPermissionVideo videoPermissionToDemand, - MediaPermissionImage imagePermissionToDemand) - { - try - { - (new MediaPermission(audioPermissionToDemand,videoPermissionToDemand,imagePermissionToDemand)).Demand(); - return true; - } - catch(SecurityException) - { - return false; - } - } -#endif - - - // don't include this in the compiler - avoid compiler changes when we can. #if !PBTCOMPILER internal static void DemandUnrestrictedUIPermission() From 749216816c4b24c839b8eeaa19911981344ce4e5 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 13:11:33 -0700 Subject: [PATCH 12/21] more securityhelper removals --- .../Windows/Input/Command/CommandDevice.cs | 1 - .../System/Windows/Input/Cursor.cs | 2 - .../System/Windows/Input/InputManager.cs | 2 - .../System/Windows/Input/InputMethod.cs | 4 -- .../System/Windows/Input/InputProviderSite.cs | 1 - .../System/Windows/Input/KeyEventArgs.cs | 1 - .../System/Windows/Input/KeyboardDevice.cs | 3 -- .../Windows/Input/NotifyInputEventArgs.cs | 1 - .../Windows/Input/ProcessInputEventArgs.cs | 2 - .../Microsoft/Win32/FileDialog.cs | 12 ----- .../Microsoft/Win32/OpenFileDialog.cs | 17 +----- .../System/Windows/Window.cs | 1 - .../src/Shared/MS/Internal/SecurityHelper.cs | 52 ------------------- .../Windows/Interop/ComponentDispatcher.cs | 12 ----- .../WindowsBase/System/Windows/Interop/MSG.cs | 7 --- .../System/Windows/Threading/Dispatcher.cs | 6 --- 16 files changed, 1 insertion(+), 123 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Command/CommandDevice.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Command/CommandDevice.cs index 68e33eb53af..048001c5047 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Command/CommandDevice.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Command/CommandDevice.cs @@ -49,7 +49,6 @@ public override PresentationSource ActiveSource { get { - SecurityHelper.DemandUnrestrictedUIPermission(); return null; } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Cursor.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Cursor.cs index 8e7567f4956..460a81bd638 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Cursor.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/Cursor.cs @@ -180,8 +180,6 @@ internal String FileName private void LoadFromFile(string fileName) { - SecurityHelper.DemandFileIOReadPermission(fileName); - // Load a Custom Cursor _cursorHandle = UnsafeNativeMethods.LoadImageCursor(IntPtr.Zero, fileName, diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputManager.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputManager.cs index c195b3c958a..15754dbd060 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputManager.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputManager.cs @@ -283,7 +283,6 @@ internal void RaiseTranslateAccelerator(KeyEventArgs e) /// internal InputProviderSite RegisterInputProvider(IInputProvider inputProvider) { - SecurityHelper.DemandUnrestrictedUIPermission(); // VerifyAccess(); @@ -309,7 +308,6 @@ public ICollection InputProviders { get { - SecurityHelper.DemandUnrestrictedUIPermission(); return UnsecureInputProviders; } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputMethod.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputMethod.cs index 42374eeed72..082c1efe81c 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputMethod.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputMethod.cs @@ -663,7 +663,6 @@ public InputMethodState MicrophoneState set { - SecurityHelper.DemandUnrestrictedUIPermission(); Debug.Assert(value != InputMethodState.DoNotCare); @@ -742,7 +741,6 @@ public SpeechMode SpeechMode set { - SecurityHelper.DemandUnrestrictedUIPermission(); TextServicesCompartment compartment; compartment = TextServicesCompartmentContext.Current.GetCompartment(InputMethodStateType.SpeechMode); @@ -1547,7 +1545,6 @@ private void UninitializeCompartmentEventSink() /// private bool _ShowConfigureUI(UIElement element, bool fShow) { - SecurityHelper.DemandUnrestrictedUIPermission(); bool bCanShown = false; IntPtr hkl = SafeNativeMethods.GetKeyboardLayout(0); @@ -1601,7 +1598,6 @@ private bool _ShowConfigureUI(UIElement element, bool fShow) /// private bool _ShowRegisterWordUI(UIElement element, bool fShow, string strRegister) { - SecurityHelper.DemandUnrestrictedUIPermission(); bool bCanShown = false; IntPtr hkl = SafeNativeMethods.GetKeyboardLayout(0); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputProviderSite.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputProviderSite.cs index 82ab9a864d1..a67793485bd 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputProviderSite.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputProviderSite.cs @@ -34,7 +34,6 @@ public InputManager InputManager { get { - SecurityHelper.DemandUnrestrictedUIPermission(); return CriticalInputManager; } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/KeyEventArgs.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/KeyEventArgs.cs index d3e28d2531b..eaa7584ce3e 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/KeyEventArgs.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/KeyEventArgs.cs @@ -58,7 +58,6 @@ public PresentationSource InputSource { get { - SecurityHelper.DemandUnrestrictedUIPermission(); return UnsafeInputSource; } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/KeyboardDevice.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/KeyboardDevice.cs index 8dbd5202acc..76aa87f8e74 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/KeyboardDevice.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/KeyboardDevice.cs @@ -97,7 +97,6 @@ public override PresentationSource ActiveSource { get { - SecurityHelper.DemandUnrestrictedUIPermission(); //VerifyAccess(); if (_activeSource != null) @@ -292,7 +291,6 @@ internal TextServicesManager TextServicesManager { get { - SecurityHelper.DemandUnrestrictedUIPermission(); return _TsfManager.Value; } } @@ -302,7 +300,6 @@ internal TextCompositionManager TextCompositionManager { get { - SecurityHelper.DemandUnrestrictedUIPermission(); return _textcompositionManager.Value; } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/NotifyInputEventArgs.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/NotifyInputEventArgs.cs index b8f912bfff5..588b830d725 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/NotifyInputEventArgs.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/NotifyInputEventArgs.cs @@ -48,7 +48,6 @@ public InputManager InputManager { get { - SecurityHelper.DemandUnrestrictedUIPermission(); return _inputManager; } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/ProcessInputEventArgs.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/ProcessInputEventArgs.cs index 92b207e7690..a7d878f854d 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/ProcessInputEventArgs.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/ProcessInputEventArgs.cs @@ -100,7 +100,6 @@ public StagingAreaInputItem PushInput(StagingAreaInputItem input) /// public StagingAreaInputItem PopInput() { - SecurityHelper.DemandUnrestrictedUIPermission(); if(!_allowAccessToStagingArea) { @@ -122,7 +121,6 @@ public StagingAreaInputItem PopInput() /// public StagingAreaInputItem PeekInput() { - SecurityHelper.DemandUnrestrictedUIPermission(); if(!_allowAccessToStagingArea) { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/FileDialog.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/FileDialog.cs index d9793dca6fc..30bb8f78d7e 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/FileDialog.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/FileDialog.cs @@ -94,7 +94,6 @@ protected FileDialog() /// public override void Reset() { - SecurityHelper.DemandUnrestrictedFileIOPermission(); Initialize(); } @@ -149,7 +148,6 @@ public bool AddExtension } set { - SecurityHelper.DemandUnrestrictedFileIOPermission(); SetOption(OPTION_ADDEXTENSION, value); } @@ -178,7 +176,6 @@ public virtual bool CheckFileExists } set { - SecurityHelper.DemandUnrestrictedFileIOPermission(); SetOption(NativeMethods.OFN_FILEMUSTEXIST, value); } @@ -201,7 +198,6 @@ public bool CheckPathExists } set { - SecurityHelper.DemandUnrestrictedFileIOPermission(); SetOption(NativeMethods.OFN_PATHMUSTEXIST, value); } @@ -261,7 +257,6 @@ public bool DereferenceLinks } set { - SecurityHelper.DemandUnrestrictedFileIOPermission(); SetOption(NativeMethods.OFN_NODEREFERENCELINKS, !value); } @@ -340,12 +335,10 @@ public string FileName { get { - SecurityHelper.DemandUnrestrictedFileIOPermission(); return CriticalFileName; } set { - SecurityHelper.DemandUnrestrictedFileIOPermission(); // Allow users to set a filename to stored in _fileNames. // If null is passed in, we clear the entire list. @@ -375,7 +368,6 @@ public string[] FileNames { get { - SecurityHelper.DemandUnrestrictedFileIOPermission(); // FileNamesInternal is a property we use to clone // the string array before returning it. @@ -487,7 +479,6 @@ public string InitialDirectory } set { - SecurityHelper.DemandUnrestrictedFileIOPermission(); _initialDirectory.Value = value; } @@ -511,7 +502,6 @@ public bool RestoreDirectory } set { - SecurityHelper.DemandUnrestrictedFileIOPermission(); SetOption(NativeMethods.OFN_NOCHANGEDIR, value); } @@ -534,7 +524,6 @@ public string Title } set { - SecurityHelper.DemandUnrestrictedFileIOPermission(); _title.Value = value; } @@ -559,7 +548,6 @@ public bool ValidateNames } set { - SecurityHelper.DemandUnrestrictedFileIOPermission(); SetOption(NativeMethods.OFN_NOVALIDATE, !value); } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/OpenFileDialog.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/OpenFileDialog.cs index 26eb74fa23e..7d94ba12f93 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/OpenFileDialog.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/Microsoft/Win32/OpenFileDialog.cs @@ -73,8 +73,6 @@ public OpenFileDialog() : base() /// public Stream OpenFile() { - SecurityHelper.DemandFileDialogOpenPermission(); - string filename = null; // FileNamesInternal never returns null. @@ -119,8 +117,6 @@ public Stream OpenFile() /// public Stream[] OpenFiles() { - SecurityHelper.DemandFileDialogOpenPermission(); - // Cache FileNamesInternal to avoid perf issues as per // FxCop #CA1817 String[] cachedFileNames = FileNamesInternal; @@ -171,7 +167,6 @@ public Stream[] OpenFiles() /// public override void Reset() { - SecurityHelper.DemandUnrestrictedFileIOPermission(); // it is VERY important that the base.reset() call remain here // and be located at the top of this function. @@ -283,17 +278,7 @@ public bool ShowReadOnly /// protected override void CheckPermissionsToShowDialog() { - SecurityHelper.DemandFileDialogOpenPermission(); - - new UIPermission(UIPermissionWindow.AllWindows).Assert(); - try - { - base.CheckPermissionsToShowDialog(); - } - finally - { - SecurityPermission.RevertAssert(); - } + base.CheckPermissionsToShowDialog(); } #endregion Protected Methods diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Window.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Window.cs index a6543e45018..43beae28a56 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Window.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Window.cs @@ -288,7 +288,6 @@ public Nullable ShowDialog() // this call ends up throwing an exception if ShowDialog // is not allowed VerifyApiSupported(); - SecurityHelper.DemandUnrestrictedUIPermission(); VerifyContextAndObjectState(); VerifyCanShow(); VerifyNotClosing(); diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index b4c1493ef96..65ae6314dee 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -244,60 +244,8 @@ internal static int GetHRForException(Exception exception) #endif - // don't include this in the compiler - avoid compiler changes when we can. -#if !PBTCOMPILER - internal static void DemandUnrestrictedUIPermission() - { - if(_unrestrictedUIPermission == null) - { - _unrestrictedUIPermission = new UIPermission(PermissionState.Unrestricted); - } - _unrestrictedUIPermission.Demand(); - } - static UIPermission _unrestrictedUIPermission = null; -#endif - -#if PRESENTATION_CORE - internal static void DemandFileIOReadPermission(string fileName) - { - new FileIOPermission(FileIOPermissionAccess.Read, fileName).Demand(); - } -#endif - -#if NEVER - internal static void DemandFileDialogSavePermission() - { - if(_fileDialogSavePermission == null) - { - _fileDialogSavePermission = new FileDialogPermission(FileDialogPermissionAccess.Save); - } - _fileDialogSavePermission.Demand(); - } - static FileDialogPermission _fileDialogSavePermission = null; -#endif - #if PRESENTATIONFRAMEWORK - internal static void DemandUnrestrictedFileIOPermission() - { - if(_unrestrictedFileIOPermission == null) - { - _unrestrictedFileIOPermission = new FileIOPermission(PermissionState.Unrestricted); - } - _unrestrictedFileIOPermission.Demand(); - } - static FileIOPermission _unrestrictedFileIOPermission = null; - - internal static void DemandFileDialogOpenPermission() - { - if(_fileDialogOpenPermission == null) - { - _fileDialogOpenPermission = new FileDialogPermission(FileDialogPermissionAccess.Open); - } - _fileDialogOpenPermission.Demand(); - } - static FileDialogPermission _fileDialogOpenPermission = null; - /// /// A helper method to do the necessary work to display a standard MessageBox. This method performs /// and necessary elevations to make the dialog work as well. diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Windows/Interop/ComponentDispatcher.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Windows/Interop/ComponentDispatcher.cs index d74794838c1..157b18230a9 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Windows/Interop/ComponentDispatcher.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Windows/Interop/ComponentDispatcher.cs @@ -69,7 +69,6 @@ public static bool IsThreadModal { get { - SecurityHelper.DemandUnrestrictedUIPermission(); ComponentDispatcherThread data = ComponentDispatcher.CurrentThreadData; return data.IsThreadModal; } @@ -85,7 +84,6 @@ public static MSG CurrentKeyboardMessage { get { - SecurityHelper.DemandUnrestrictedUIPermission(); return ComponentDispatcher.CurrentThreadData.CurrentKeyboardMessage; } } @@ -118,7 +116,6 @@ internal static MSG UnsecureCurrentKeyboardMessage /// public static void PushModal() { - SecurityHelper.DemandUnrestrictedUIPermission(); CriticalPushModal(); } @@ -139,7 +136,6 @@ internal static void CriticalPushModal() /// public static void PopModal() { - SecurityHelper.DemandUnrestrictedUIPermission(); CriticalPopModal(); } @@ -191,11 +187,9 @@ public static bool RaiseThreadMessage(ref MSG msg) public static event EventHandler ThreadIdle { add { - SecurityHelper.DemandUnrestrictedUIPermission(); ComponentDispatcher.CurrentThreadData.ThreadIdle += value; } remove { - SecurityHelper.DemandUnrestrictedUIPermission(); ComponentDispatcher.CurrentThreadData.ThreadIdle -= value; } } @@ -211,11 +205,9 @@ public static event EventHandler ThreadIdle public static event ThreadMessageEventHandler ThreadFilterMessage { add { - SecurityHelper.DemandUnrestrictedUIPermission(); ComponentDispatcher.CurrentThreadData.ThreadFilterMessage += value; } remove { - SecurityHelper.DemandUnrestrictedUIPermission(); ComponentDispatcher.CurrentThreadData.ThreadFilterMessage -= value; } } @@ -267,11 +259,9 @@ internal static void CriticalRemoveThreadPreprocessMessageHandlerFirst(ThreadMes public static event EventHandler EnterThreadModal { add { - SecurityHelper.DemandUnrestrictedUIPermission(); ComponentDispatcher.CurrentThreadData.EnterThreadModal += value; } remove { - SecurityHelper.DemandUnrestrictedUIPermission(); ComponentDispatcher.CurrentThreadData.EnterThreadModal -= value; } } @@ -287,11 +277,9 @@ public static event EventHandler LeaveThreadModal { add { - SecurityHelper.DemandUnrestrictedUIPermission(); ComponentDispatcher.CurrentThreadData.LeaveThreadModal += value; } remove { - SecurityHelper.DemandUnrestrictedUIPermission(); ComponentDispatcher.CurrentThreadData.LeaveThreadModal -= value; } } diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Windows/Interop/MSG.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Windows/Interop/MSG.cs index 701af46c866..5272b59e109 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Windows/Interop/MSG.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Windows/Interop/MSG.cs @@ -71,7 +71,6 @@ public IntPtr hwnd } set { - SecurityHelper.DemandUnrestrictedUIPermission(); _hwnd = value; } } @@ -87,7 +86,6 @@ public int message } set { - SecurityHelper.DemandUnrestrictedUIPermission(); _message = value; } } @@ -106,7 +104,6 @@ public IntPtr wParam } set { - SecurityHelper.DemandUnrestrictedUIPermission(); _wParam = value; } } @@ -125,7 +122,6 @@ public IntPtr lParam } set { - SecurityHelper.DemandUnrestrictedUIPermission(); _lParam = value; } } @@ -141,7 +137,6 @@ public int time } set { - SecurityHelper.DemandUnrestrictedUIPermission(); _time = value; } } @@ -160,7 +155,6 @@ public int pt_x } set { - SecurityHelper.DemandUnrestrictedUIPermission(); _pt_x = value; } } @@ -178,7 +172,6 @@ public int pt_y } set { - SecurityHelper.DemandUnrestrictedUIPermission(); _pt_y = value; } } diff --git a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Windows/Threading/Dispatcher.cs b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Windows/Threading/Dispatcher.cs index c4baf034aac..d1b4bb5b646 100644 --- a/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Windows/Threading/Dispatcher.cs +++ b/src/Microsoft.DotNet.Wpf/src/WindowsBase/System/Windows/Threading/Dispatcher.cs @@ -237,8 +237,6 @@ public void VerifyAccess() /// public void BeginInvokeShutdown(DispatcherPriority priority) // NOTE: should be Priority { - // We didn't want to enable quitting in the SEE - SecurityHelper.DemandUnrestrictedUIPermission(); BeginInvoke(priority, new ShutdownCallback(ShutdownCallbackInternal)); } @@ -251,8 +249,6 @@ public void BeginInvokeShutdown(DispatcherPriority priority) // NOTE: should be /// public void InvokeShutdown() { - // We didn't want to enable quitting in the SEE - SecurityHelper.DemandUnrestrictedUIPermission(); CriticalInvokeShutdown(); } @@ -350,8 +346,6 @@ public static void PushFrame(DispatcherFrame frame) /// public static void ExitAllFrames() { - // We didn't want to enable exiting all frames in the SEE - SecurityHelper.DemandUnrestrictedUIPermission(); Dispatcher dispatcher = Dispatcher.CurrentDispatcher; if(dispatcher._frameDepth > 0) From 7c75e7065ec7e91bd28a14c57235983d04161459 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 14:35:40 -0700 Subject: [PATCH 13/21] securityhelper removal --- .../SystemDrawingExtension.cs | 26 +--- .../MS/internal/AppModel/CookieHandler.cs | 5 - .../Windows/Media/Imaging/BitmapDecoder.cs | 1 - .../Windows/Media/Imaging/BitmapSource.cs | 1 - .../MS/Internal/Controls/WebBrowserEvent.cs | 54 +++---- .../System/Windows/Controls/WebBrowser.cs | 61 +------- .../System/Windows/Documents/FixedPage.cs | 21 +-- .../System/Windows/Documents/Hyperlink.cs | 11 +- .../Windows/Documents/RubberbandSelector.cs | 75 +-------- .../Serialization/SerializerDescriptor.cs | 3 - .../Serialization/SerializerProvider.cs | 5 - .../Serialization/ImageSourceTypeConverter.cs | 54 ++----- .../src/Shared/MS/Internal/SecurityHelper.cs | 143 +----------------- 13 files changed, 56 insertions(+), 404 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/Extensions/PresentationFramework-SystemDrawing/SystemDrawingExtension.cs b/src/Microsoft.DotNet.Wpf/src/Extensions/PresentationFramework-SystemDrawing/SystemDrawingExtension.cs index 65500921e02..a382b090d48 100644 --- a/src/Microsoft.DotNet.Wpf/src/Extensions/PresentationFramework-SystemDrawing/SystemDrawingExtension.cs +++ b/src/Microsoft.DotNet.Wpf/src/Extensions/PresentationFramework-SystemDrawing/SystemDrawingExtension.cs @@ -191,27 +191,11 @@ internal override object GetBitmapFromBitmapSource(object source) formatConverter.DestinationFormat = System.Windows.Media.PixelFormats.Bgr32; formatConverter.EndInit(); - CodeAccessPermission mediaAccessPermission = SecurityHelper.CreateMediaAccessPermission(null); - - if (mediaAccessPermission != null) - { - mediaAccessPermission.Assert(); //BlessedAssert - } - try - { - formatConverter.CopyPixels( - new Int32Rect(0, 0, imageWidth, imageHeight), - bmData.Scan0, - bmData.Stride * (bmData.Height - 1) + (bmData.Width * 4), - bmData.Stride); - } - finally - { - if (mediaAccessPermission != null) - { - CodeAccessPermission.RevertAssert(); - } - } + formatConverter.CopyPixels( + new Int32Rect(0, 0, imageWidth, imageHeight), + bmData.Scan0, + bmData.Stride * (bmData.Height - 1) + (bmData.Width * 4), + bmData.Stride); bitmapFinal.UnlockBits(bmData); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/AppModel/CookieHandler.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/AppModel/CookieHandler.cs index 47de3120127..8f117a38fe7 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/AppModel/CookieHandler.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/AppModel/CookieHandler.cs @@ -109,9 +109,6 @@ internal static void HandleWebResponse(WebResponse response) Justification="It's okay now. Be careful on change.")] internal static string GetCookie(Uri uri, bool throwIfNoCookie) { - // Always demand in order to prevent any cross-domain information leak. - SecurityHelper.DemandWebPermission(uri); - UInt32 size = 0; string uriString = BindUriHelper.UriToString(uri); if (UnsafeNativeMethods.InternetGetCookieEx(uriString, null, null, ref size, 0, IntPtr.Zero)) @@ -134,8 +131,6 @@ internal static string GetCookie(Uri uri, bool throwIfNoCookie) [FriendAccessAllowed] // called by PF.Application.SetCookie() internal static bool SetCookie(Uri uri, string cookieData) { - SecurityHelper.DemandWebPermission(uri); - return SetCookieUnsafe(uri, cookieData, null); } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs index 660fe9f2c72..da15e5257da 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs @@ -1309,7 +1309,6 @@ void CheckIfSiteOfOrigin() uri = ToString(); } - SecurityHelper.DemandMediaAccessPermission(uri); } /// Returns the decoder's CLSID diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapSource.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapSource.cs index 4ffca56222f..92eed7c2d4c 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapSource.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapSource.cs @@ -783,7 +783,6 @@ protected void CheckIfSiteOfOrigin() uri = ConvertToString(null, null); } - SecurityHelper.DemandMediaAccessPermission(uri); } /// diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Controls/WebBrowserEvent.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Controls/WebBrowserEvent.cs index 25d869a07e5..b836287af35 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Controls/WebBrowserEvent.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Controls/WebBrowserEvent.cs @@ -91,46 +91,34 @@ public void BeforeNavigate2(object pDisp, ref object url, ref object flags, ref _parent.NavigatingToAboutBlank = false; } - // Site locking for top level WebOC navigation - // "about:blank is not enabled in partial trust publicly. - // We enable it internally to navigate to null. - if ((!_parent.NavigatingToAboutBlank) && - !SecurityHelper.CallerHasWebPermission(source) && - !IsAllowedScriptScheme(source)) + // When source set to null or navigating to stream/string, we navigate to "about:blank" + // internally. Make sure we pass null in the event args. + if (_parent.NavigatingToAboutBlank) { - cancelRequested = true; + source = null; } - else - { - // When source set to null or navigating to stream/string, we navigate to "about:blank" - // internally. Make sure we pass null in the event args. - if (_parent.NavigatingToAboutBlank) - { - source = null; - } - NavigatingCancelEventArgs e = new NavigatingCancelEventArgs(source, - null, null, null, NavigationMode.New, null, null, true); + NavigatingCancelEventArgs e = new NavigatingCancelEventArgs(source, + null, null, null, NavigationMode.New, null, null, true); - // Launching a navigation from the Navigating event handler causes reentrancy. - // For more info, see WebBrowser.LastNavigation. This is a point of possible reentrancy. Whenever - // a new navigation is started during the call to the Navigating event handler, we need to cancel - // out the current navigation. - Guid lastNavigation = _parent.LastNavigation; + // Launching a navigation from the Navigating event handler causes reentrancy. + // For more info, see WebBrowser.LastNavigation. This is a point of possible reentrancy. Whenever + // a new navigation is started during the call to the Navigating event handler, we need to cancel + // out the current navigation. + Guid lastNavigation = _parent.LastNavigation; - // Fire navigating event. Events are only fired for top level navigation. - _parent.OnNavigating(e); + // Fire navigating event. Events are only fired for top level navigation. + _parent.OnNavigating(e); - // Launching a navigation from the Navigating event handler causes reentrancy. - // For more info, see WebBrowser.LastNavigation. If _lastNavigation has changed during the call to - // the event handlers for Navigating, we know a new navigation has been initialized. - if (_parent.LastNavigation != lastNavigation) - { - newNavigationInitiated = true; - } - - cancelRequested = e.Cancel; + // Launching a navigation from the Navigating event handler causes reentrancy. + // For more info, see WebBrowser.LastNavigation. If _lastNavigation has changed during the call to + // the event handlers for Navigating, we know a new navigation has been initialized. + if (_parent.LastNavigation != lastNavigation) + { + newNavigationInitiated = true; } + + cancelRequested = e.Cancel; } } // We disable this to suppress FXCop warning since in this case we really want to catch all exceptions diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs index ccc0632bb26..ba716a34b38 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs @@ -286,31 +286,6 @@ public object InvokeScript(string scriptName, params object[] args) // (In IE 7 it is blocked by turning on the DOCHOSTUIFLAG.ENABLE_REDIRECT_NOTIFICATION flag so that // the additional BeforeNavigate2 event is fired for server side redirect.) - // If it is our internal navigation to blank for navigating to null or load stream, - // or before any navigation has happened, Source will be null. - Uri currentSource = Source; - if (currentSource != null) - { - SecurityHelper.DemandWebPermission(currentSource); - } - // Unfortunately, IWebBrowser2::CurrentURL does not always give us the full truth. It is not updated - // when the browser navigates to an error page. Then, supposedly, it points to the "intended - // destination". (But on canceled navigation the previous URL may stay.) We don't want to allow - // running script from the built-in error pages as they are privileged. - // See http://support.microsoft.com/kb/272095. Contrary to what the KB article - // suggests, document.location.href is not good either. But document.URL seems to be. - if (htmlDocument != null) - { - string innerURL = htmlDocument.GetUrl(); - // Again, in the special case we've deliberately navigated to about:blank we don't want to - // demand. But NavigatingToAboutBlank may not be true anymore, so it's not used as a condition. - // In that case the two URL properties should match. If not, we'll demand to be safe. - if (string.CompareOrdinal(innerURL, AxIWebBrowser2.LocationURL) != 0) - { - SecurityHelper.DemandWebPermission(new Uri(innerURL, UriKind.Absolute)); - } - } - object retVal = null; if (scriptObjectEx != null) { @@ -644,17 +619,7 @@ internal override ActiveXSite CreateActiveXSite() /// internal override System.Windows.Media.DrawingGroup GetDrawing() { - // SecurityHelper.DemandWebPermission(_source.Value); // _source is null by now... - - (new UIPermission(UIPermissionWindow.AllWindows)).Assert(); // Blessed assert - try - { - return base.GetDrawing(); - } - finally - { - UIPermission.RevertAssert(); - } + return base.GetDrawing(); } /// @@ -934,30 +899,6 @@ private void DoNavigate(Uri source, ref object targetFrameName, ref object postD source = BaseUriHelper.ConvertPackUriToAbsoluteExternallyVisibleUri(source); } - // Block popup window. We attempted to use the default popup Manager to block pup-up windows, - // by passing the BrowserNavConstants.NewWindowsManaged flag to WebBrowser - // But it did not work. New browser windows still can be opened with "_blank" in Internet zone. - // So demand unrestricted WebPermission until we figure out a better solution. - if (!string.IsNullOrEmpty((string)targetFrameName)) - { - (new System.Net.WebPermission(PermissionState.Unrestricted)).Demand(); - } - else - { - // site locking. - // Note: navigation to "about:blank" is not enabled in partial trust. If we are navigating to - // "about:blank" internally as a result of setting source to null or navigating to stream/string, - // do not demand WebPermission. - if (!NavigatingToAboutBlank) - { - // we currently demand for both top level and subframe navigations. - // If we allow sub frames to navigate out of site of origin programmtically, we must block cross domain communication - // of all kinds, so demand when additional headers and postData are set for sub frame navigation. - // The headers can be used to spoof referer headers. - SecurityHelper.DemandWebPermission(source); - } - } - // figure out why BrowserNavConstants.NewWindowsManaged does not work. object flags = (object)null; // UnsafeNativeMethods.BrowserNavConstants.NewWindowsManaged; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/FixedPage.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/FixedPage.cs index 616e227f301..ac580a2350f 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/FixedPage.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/FixedPage.cs @@ -609,32 +609,13 @@ private static object CoerceFlowDirection(DependencyObject page, Object flowDire return FlowDirection.LeftToRight; } - internal static bool CanNavigateToUri(Uri uri) - { - // Is http:, https:, mailto:, or file:? - if (!uri.IsAbsoluteUri || - uri.IsUnc || - uri.Scheme == Uri.UriSchemeHttp || - uri.Scheme == Uri.UriSchemeHttps || - uri.Scheme == Uri.UriSchemeMailto || // Automation will request navigation to pack Uris when automating links withing a document - (uri.Scheme == PackUriHelper.UriSchemePack && !String.IsNullOrEmpty(uri.Fragment))) - { - return true; - } - else - { - return SecurityHelper.CallerHasWebPermission(uri); - } - } - internal static Uri GetLinkUri(IInputElement element, Uri inputUri) { DependencyObject dpo = element as DependencyObject; Debug.Assert(dpo != null, "GetLinkUri shouldn't be called for non-DependencyObjects."); if (inputUri != null && - (CanNavigateToUri(inputUri) || - (inputUri.Scheme == PackUriHelper.UriSchemePack && !String.IsNullOrEmpty(inputUri.Fragment)))) + (inputUri.Scheme == PackUriHelper.UriSchemePack && !String.IsNullOrEmpty(inputUri.Fragment))) // We want to allow navigation to pack:// Uris as we may get these from automation, but we // wouldn't support this if an actual Uri were given as a pack:// Uri { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Hyperlink.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Hyperlink.cs index 3191016b06e..ebd0313f398 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Hyperlink.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Hyperlink.cs @@ -896,15 +896,8 @@ internal static void OnNavigateUriChanged(DependencyObject d, DependencyProperty if (fe != null && ((fe is Path) || (fe is Canvas) || (fe is Glyphs) || (fe is FixedPage))) { - if (FixedPage.CanNavigateToUri(navigateUri)) - { - SetUpNavigationEventHandlers(element); - fe.Cursor = Cursors.Hand; - } - else - { - fe.Cursor = Cursors.No; - } + SetUpNavigationEventHandlers(element); + fe.Cursor = Cursors.Hand; } else { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/RubberbandSelector.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/RubberbandSelector.cs index 64384a49717..dff3f2a1053 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/RubberbandSelector.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/RubberbandSelector.cs @@ -164,21 +164,6 @@ private void UpdateHighlightVisual(FixedPage page) } } - private bool HasRubberBandCopyPermissions() - { - try - { - (new SecurityPermission(SecurityPermissionFlag.SerializationFormatter | SecurityPermissionFlag.UnmanagedCode)).Demand(); - CodeAccessPermission mediaAccessPermission = SecurityHelper.CreateMediaAccessPermission(null); - mediaAccessPermission.Demand(); - return true; - } - catch (SecurityException) - { - return false; - } - } - private void OnCopy(object sender, ExecutedRoutedEventArgs e) { if (HasSelection && _selectionRect.Width > 0 && _selectionRect.Height > 0) @@ -188,59 +173,17 @@ private void OnCopy(object sender, ExecutedRoutedEventArgs e) string textString = GetText(); object bmp = null; - bool supportImageCopy = false; - - if (_scope is DocumentGrid && ((DocumentGrid)_scope).DocumentViewerOwner is DocumentApplicationDocumentViewer) - { - // This is XPSViewer, make sure it is user initiated - if (!e.UserInitiated && !HasRubberBandCopyPermissions()) - { - return; - } - supportImageCopy = true; - } - else - { - //Outside of XPSViewer, support image copy in full trust only - supportImageCopy = HasRubberBandCopyPermissions(); - } + bmp = SystemDrawingHelper.GetBitmapFromBitmapSource(GetImage()); - if (supportImageCopy) + dataObject = new DataObject(); + // Order of data is irrelevant, the pasting application will determine format + dataObject.SetData(DataFormats.Text, textString, true); + dataObject.SetData(DataFormats.UnicodeText, textString, true); + if (bmp != null) { - bmp = SystemDrawingHelper.GetBitmapFromBitmapSource(GetImage()); + dataObject.SetData(DataFormats.Bitmap, bmp, true); } - (new UIPermission(UIPermissionClipboard.AllClipboard)).Assert();//BlessedAssert - try - { - dataObject = new DataObject(); - // Order of data is irrelevant, the pasting application will determine format - dataObject.SetData(DataFormats.Text, textString, true); - dataObject.SetData(DataFormats.UnicodeText, textString, true); - if (bmp != null) - { - dataObject.SetData(DataFormats.Bitmap, bmp, true); - } - } - finally - { - UIPermission.RevertAssert(); - } - - - PermissionSet ps = new PermissionSet(PermissionState.None); - ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter)); - ps.AddPermission(new UIPermission(UIPermissionClipboard.AllClipboard)); - ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)); - - if (supportImageCopy) - { - CodeAccessPermission mediaAccessPermission = SecurityHelper.CreateMediaAccessPermission(null); - ps.AddPermission(mediaAccessPermission); - } - - ps.Assert(); // BlessedAssert - try { Clipboard.SetDataObject(dataObject, true); @@ -250,10 +193,6 @@ private void OnCopy(object sender, ExecutedRoutedEventArgs e) // Clipboard is failed to set the data object. return; } - finally - { - SecurityPermission.RevertAssert(); - } } } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Serialization/SerializerDescriptor.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Serialization/SerializerDescriptor.cs index f7fd6f5b88c..af37631a227 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Serialization/SerializerDescriptor.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Serialization/SerializerDescriptor.cs @@ -66,7 +66,6 @@ public static SerializerDescriptor CreateFromFactoryInstance( ISerializerFactory factoryInstance ) { - SecurityHelper.DemandPlugInSerializerPermissions(); if (factoryInstance == null) { @@ -121,7 +120,6 @@ ISerializerFactory factoryInstance [SuppressMessage("Microsoft.Security", "CA2001:AvoidCallingProblematicMethods")] internal ISerializerFactory CreateSerializerFactory() { - SecurityHelper.DemandPlugInSerializerPermissions(); string assemblyPath = AssemblyPath; @@ -161,7 +159,6 @@ internal void WriteToRegistryKey(RegistryKey key) /// internal static SerializerDescriptor CreateFromRegistry(RegistryKey plugIns, string keyName) { - SecurityHelper.DemandPlugInSerializerPermissions(); SerializerDescriptor sd = new SerializerDescriptor(); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Serialization/SerializerProvider.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Serialization/SerializerProvider.cs index 1d63a5684ec..366fb2fe99a 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Serialization/SerializerProvider.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Serialization/SerializerProvider.cs @@ -44,7 +44,6 @@ public sealed class SerializerProvider /// public SerializerProvider() { - SecurityHelper.DemandPlugInSerializerPermissions(); SerializerDescriptor sd = null; @@ -85,7 +84,6 @@ public SerializerProvider() /// public static void RegisterSerializer(SerializerDescriptor serializerDescriptor, bool overwrite) { - SecurityHelper.DemandPlugInSerializerPermissions(); if (serializerDescriptor == null) { @@ -115,7 +113,6 @@ public static void RegisterSerializer(SerializerDescriptor serializerDescriptor, /// public static void UnregisterSerializer(SerializerDescriptor serializerDescriptor) { - SecurityHelper.DemandPlugInSerializerPermissions(); if (serializerDescriptor == null) { @@ -144,7 +141,6 @@ public static void UnregisterSerializer(SerializerDescriptor serializerDescripto /// public SerializerWriter CreateSerializerWriter(SerializerDescriptor serializerDescriptor, Stream stream) { - SecurityHelper.DemandPlugInSerializerPermissions(); SerializerWriter serializerWriter = null; @@ -221,7 +217,6 @@ public SerializerWriter CreateSerializerWriter(SerializerDescriptor serializerDe [SuppressMessage("Microsoft.Security", "CA2116:AptcaMethodsShouldOnlyCallAptcaMethods")] private SerializerDescriptor CreateSystemSerializerDescriptor() { - SecurityHelper.DemandPlugInSerializerPermissions(); SerializerDescriptor serializerDescriptor = null; diff --git a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/ImageSourceTypeConverter.cs b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/ImageSourceTypeConverter.cs index 101ef978b9c..ff07a86bd48 100644 --- a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/ImageSourceTypeConverter.cs +++ b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/ImageSourceTypeConverter.cs @@ -370,54 +370,24 @@ Type type // The uri the BitmapFrame.Create will use is null since it is accessing metadata at // construction and its uri is still null // - CodeAccessPermission mediaAccessPermission = SecurityHelper.CreateMediaAccessPermission(null); - if (mediaAccessPermission != null) + // DevDiv bug 213320 + // If bitmapSource is indexed, has a color palette and transparency (e.g. transparent GIF) + // PNG conversion may lose color or transparency or both information + // To avoid this we convert all paletted bitmapSources to the 32 bit per pixel bgra format + if (bitmapSource != null + && bitmapSource.Palette != null + && bitmapSource.Palette.Colors != null + && bitmapSource.Palette.Colors.Count > 0) { - mediaAccessPermission.Assert(); //BlessedAssert + bitmapSource = new FormatConvertedBitmap(bitmapSource, PixelFormats.Bgra32, null, 0.0); } - try - { - // DevDiv bug 213320 - // If bitmapSource is indexed, has a color palette and transparency (e.g. transparent GIF) - // PNG conversion may lose color or transparency or both information - // To avoid this we convert all paletted bitmapSources to the 32 bit per pixel bgra format - if (bitmapSource != null - && bitmapSource.Palette != null - && bitmapSource.Palette.Colors != null - && bitmapSource.Palette.Colors.Count > 0) - { - bitmapSource = new FormatConvertedBitmap(bitmapSource, PixelFormats.Bgra32, null, 0.0); - } - - bitmapFrame = BitmapFrame.Create(bitmapSource); - } - finally - { - if (mediaAccessPermission != null) - { - CodeAccessPermission.RevertAssert(); - } - } - encoder.Frames.Add(bitmapFrame); + bitmapFrame = BitmapFrame.Create(bitmapSource); - if (mediaAccessPermission != null) - { - mediaAccessPermission.Assert(); //BlessedAssert - } - try - { - encoder.Save(stream); - } - finally - { - if (mediaAccessPermission != null) - { - CodeAccessPermission.RevertAssert(); - } - } + encoder.Frames.Add(bitmapFrame); + encoder.Save(stream); } /// diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index 65ae6314dee..356bb0c319c 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -261,22 +261,14 @@ internal static int GetHRForException(Exception exception) System.Windows.MessageBoxImage image ) { - (new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)).Assert(); - try + // if we have a known parent window set, let's use it when alerting the user. + if (parent != null) { - // if we have a known parent window set, let's use it when alerting the user. - if (parent != null) - { - System.Windows.MessageBox.Show(parent, text, title, buttons, image); - } - else - { - System.Windows.MessageBox.Show(text, title, buttons, image); - } + System.Windows.MessageBox.Show(parent, text, title, buttons, image); } - finally + else { - SecurityPermission.RevertAssert(); + System.Windows.MessageBox.Show(text, title, buttons, image); } } /// @@ -294,132 +286,11 @@ System.Windows.MessageBoxImage image System.Windows.MessageBoxImage image ) { - (new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)).Assert(); - try - { - // NOTE: the last param must always be MessageBoxOptions.None for this to be considered TreatAsSafe - System.Windows.MessageBox.ShowCore(parentHwnd, text, title, buttons, image, MessageBoxResult.None, MessageBoxOptions.None); - } - finally - { - SecurityPermission.RevertAssert(); - } - } -#endif - - -#if PRESENTATION_CORE || REACHFRAMEWORK - internal static void DemandMediaAccessPermission(String uri) - { - CodeAccessPermission casPermission= SecurityHelper.CreateMediaAccessPermission(uri); - if(casPermission != null) - { - casPermission.Demand(); - } + // NOTE: the last param must always be MessageBoxOptions.None for this to be considered TreatAsSafe + System.Windows.MessageBox.ShowCore(parentHwnd, text, title, buttons, image, MessageBoxResult.None, MessageBoxOptions.None); } #endif -#if PRESENTATION_CORE || REACHFRAMEWORK - internal - static - CodeAccessPermission - CreateMediaAccessPermission(String uri) - { - CodeAccessPermission codeAccessPermission = null; - if (uri != null) - { - // do a Case invariant dotnet culture specific string compare - if (String.Compare(SafeSecurityHelper.IMAGE, uri, true/*Ignore case*/, System.Windows.Markup.TypeConverterHelper.InvariantEnglishUS ) == 0) - { - codeAccessPermission = new MediaPermission(MediaPermissionAudio.NoAudio, - MediaPermissionVideo.NoVideo, - MediaPermissionImage.AllImage); - } - else - { - // we allow access to pack: bits so assuming scheme is not pack: we demand - if (String.Compare((System.Windows.Navigation.BaseUriHelper.GetResolvedUri(System.Windows.Navigation.BaseUriHelper.BaseUri, new Uri(uri, UriKind.RelativeOrAbsolute))).Scheme, - PackUriHelper.UriSchemePack, true /* ignore case */, - System.Windows.Markup.TypeConverterHelper.InvariantEnglishUS) != 0) - { - // Creating a URI is fine it is going the other way that is risky - if(!SecurityHelper.CallerHasWebPermission(new Uri(uri,UriKind.RelativeOrAbsolute))) - { - codeAccessPermission = new MediaPermission(MediaPermissionAudio.NoAudio, - MediaPermissionVideo.NoVideo, - MediaPermissionImage.AllImage); - } - - } - } - } - else - { - codeAccessPermission = new MediaPermission(MediaPermissionAudio.NoAudio, - MediaPermissionVideo.NoVideo, - MediaPermissionImage.AllImage); - } - return codeAccessPermission; - } - - /// - /// Check caller has web-permission. for a given Uri. - /// -#if REACHFRAMEWORK -#else -#endif - internal static bool CallerHasWebPermission( Uri uri ) - { - try - { - SecurityHelper.DemandWebPermission(uri); - return true; - } - catch ( SecurityException ) - { - return false ; - } - } - - internal static void DemandWebPermission( Uri uri ) - { - // We do this first as a security measure since the call below - // checks for derivatives. Please note we need to extract the - // string to call into WebPermission anyways, the only thing that - // doing this early gains us is a defense in depth measure. The call - // is required nevertheless. - string finalUri = BindUriHelper.UriToString( uri ); - - if (uri.IsFile) - { - // If the scheme is file: demand file io - string toOpen = uri.LocalPath; - (new FileIOPermission(FileIOPermissionAccess.Read, toOpen)).Demand(); - } - else - { - // else demand web permissions - new WebPermission(NetworkAccess.Connect, finalUri).Demand(); - } - } - -#endif //PRESENTATIONCORE||REACHFRAMEWORK - -#if PRESENTATION_CORE || PRESENTATIONFRAMEWORK || REACHFRAMEWORK - /// - /// By default none of the plug-in serializer code must succeed for partially trusted callers - /// - internal static void DemandPlugInSerializerPermissions() - { - if(_plugInSerializerPermissions == null) - { - _plugInSerializerPermissions = new PermissionSet(PermissionState.Unrestricted); - } - _plugInSerializerPermissions.Demand(); - } - static PermissionSet _plugInSerializerPermissions = null; -#endif //PRESENTATIONFRAMEWORK - #if PRESENTATION_CORE || PRESENTATIONFRAMEWORK || WINDOWS_BASE internal static bool AreStringTypesEqual(string m1, string m2) From 6a2df971513eb87116503ebf3bad57f80e89ab0b Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 15:11:45 -0700 Subject: [PATCH 14/21] removed securityhelper methods --- .../Windows/Media/Imaging/BitmapDecoder.cs | 18 +---- .../Windows/Media/Imaging/BitmapDownload.cs | 5 -- .../System/Windows/Media/MediaPlayerState.cs | 62 +-------------- .../src/Shared/MS/Internal/SecurityHelper.cs | 77 ++----------------- 4 files changed, 7 insertions(+), 155 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs index da15e5257da..0de3eb0cdc7 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs @@ -1248,19 +1248,7 @@ private static Stream ProcessHttpsFiles(Uri uri, Stream stream) { WebRequest request = null; - // Block XDomain from apps deployed over HTTPS (For HTTP, LMZ and UNC apps, is ok to access images through HTTPS) - SecurityHelper.BlockCrossDomainForHttpsApps(uri); - - // now, we can Assert permissions because we ensured that only apps deployed through non-HTTPS can access XDomain images - (new WebPermission(NetworkAccess.Connect, BindUriHelper.UriToString(uri))).Assert(); // BlessedAssert - try - { - request = WpfWebRequestHelper.CreateRequest(uri); - } - finally - { - WebPermission.RevertAssert(); - } + request = WpfWebRequestHelper.CreateRequest(uri); bitmapStream = WpfWebRequestHelper.GetResponseStream(request); } @@ -1271,7 +1259,6 @@ private static Stream ProcessHttpFiles(Uri uri, Stream stream) { WebRequest request = null; Stream bitmapStream = stream; - SecurityHelper.BlockCrossDomainForHttpsApps(uri); // Download only if this content is not already downloaded or stream is not seekable if (bitmapStream == null || !bitmapStream.CanSeek) { @@ -1287,9 +1274,6 @@ private static Stream ProcessUncFiles(Uri uri) { Stream bitmapStream = null; - // perform checks for UNC content - SecurityHelper.EnforceUncContentAccessRules(uri); - bitmapStream = new System.IO.FileStream(uri.LocalPath, FileMode.Open, FileAccess.Read, FileShare.Read); return bitmapStream; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDownload.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDownload.cs index 51c52edf60c..8dbf8d05542 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDownload.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDownload.cs @@ -199,11 +199,6 @@ Stream stream if (stream == null) { - if (uri.Scheme == Uri.UriSchemeHttp || uri.Scheme == Uri.UriSchemeHttps) - { - SecurityHelper.BlockCrossDomainForHttpsApps(uri); - } - entry.webRequest = WpfWebRequestHelper.CreateRequest(uri); if (uriCachePolicy != null) { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/MediaPlayerState.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/MediaPlayerState.cs index 9d58bf21d6e..46809a94010 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/MediaPlayerState.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/MediaPlayerState.cs @@ -858,48 +858,11 @@ private void OpenMedia(Uri source) // Setting a null source effectively disconects the MediaElement. if (source != null) { - // keep whether we asserted permissions or not - bool elevated = false; - // get the base directory of the application; never expose this Uri appBase = SecurityHelper.GetBaseDirectory(AppDomain.CurrentDomain); - // this extracts the URI to open Uri uriToOpen = ResolveUri(source, appBase); - - // access is allowed in the following cases (only 1 & 2 require elevation): - // 1) to any HTTPS media if app is NOT coming from HTTPS - // 2) to URI in the current directory of the fusion cache - // 3) to site of origin media - if (SecurityHelper.AreStringTypesEqual(uriToOpen.Scheme, Uri.UriSchemeHttps)) - { - // target is HTTPS. Then, elevate ONLY if we are NOT coming from HTTPS (=XDomain HTTPS app to HTTPS media disallowed) - Uri appDeploymentUri = SecurityHelper.ExtractUriForClickOnceDeployedApp(); - if (!SecurityHelper.AreStringTypesEqual(appDeploymentUri.Scheme, Uri.UriSchemeHttps)) - { - new WebPermission(NetworkAccess.Connect, BindUriHelper.UriToString(uriToOpen)).Assert(); - elevated = true; - } - } - else - { - // elevate to allow access to media in the app's directory in the fusion cache. - new FileIOPermission(FileIOPermissionAccess.Read, appBase.LocalPath).Assert();// BlessedAssert - elevated = true; - } - - // demand permissions. if demands succeds, it means we are in one of the cases above. - try - { - toOpen = DemandPermissions(uriToOpen); - } - finally - { - if (elevated) - { - CodeAccessPermission.RevertAssert(); - } - } + toOpen = DemandPermissions(uriToOpen); } else { @@ -936,32 +899,9 @@ private string DemandPermissions(Uri absoluteUri) // go here only for files and not for UNC if (absoluteUri.IsFile) { - // Please note this pattern is unique and NEEDS TO EXIST , it prevents - // access to any folder but the one where the app is running from. - // PLEASE DO NOT REMOVE THIS DEMAND AND THE ASSERT IN THE CALLING CODE toOpen = absoluteUri.LocalPath; - (new FileIOPermission(FileIOPermissionAccess.Read, toOpen)).Demand(); } } - else //Any other zone - { - // UNC path pointing to a file (We filter for `http://intranet) - if (absoluteUri.IsFile && absoluteUri.IsUnc) - { - // perform checks for UNC content - SecurityHelper.EnforceUncContentAccessRules(absoluteUri); -} - else // Any other path - { - // In this case we first check to see if the consumer has media permissions for - // safe media (Site of Origin + Cross domain). - if (absoluteUri.Scheme != Uri.UriSchemeHttps) - { - //accessing non https content from an https app is disallowed - SecurityHelper.BlockCrossDomainForHttpsApps(absoluteUri); - } -} - } return toOpen; } diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index 356bb0c319c..4a523b17636 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -33,7 +33,6 @@ namespace MS.Internal.Drt using System.Globalization; // CultureInfo using System.Security; using System.Security.Permissions; - using System.Net; // WebPermission. using System.ComponentModel; using System.Security.Policy; using System.Runtime.InteropServices; @@ -82,64 +81,6 @@ internal static Uri GetBaseDirectory(AppDomain domain) return( appBase ); } - //This code path is only executed if we are trying to get to http content from https - internal static Uri ExtractUriForClickOnceDeployedApp() - { - // This api returns the location from where an app was deployed. In case of browser hosted apps - // there are no elevations and this information is safe to return. - // In case of non browserhosted scenarios this will trigger a demand since we do not assert to get - // this information in the code below - return SiteOfOriginContainer.SiteOfOriginForClickOnceApp; - } - - //This code path is only executed if we are trying to get to http content from https - internal static void BlockCrossDomainForHttpsApps(Uri uri) - { - // if app is HTTPS, no cross domain allowed - Uri appDeploymentUri = ExtractUriForClickOnceDeployedApp(); - if (appDeploymentUri != null && appDeploymentUri.Scheme == Uri.UriSchemeHttps) - { - // demand - if (uri.IsUnc || uri.IsFile) - { - (new FileIOPermission(FileIOPermissionAccess.Read, uri.LocalPath)).Demand(); - } - else - { - (new WebPermission(NetworkAccess.Connect, BindUriHelper.UriToString(uri))).Demand(); - } - } - } - - // EnforceUncContentAccessRules implements UNC media & imaging access rules - internal static void EnforceUncContentAccessRules(Uri contentUri) - { - // this should be called only for UNC content - Invariant.Assert(contentUri.IsUnc); - - // get app zone and scheme - Uri appUri = SecurityHelper.ExtractUriForClickOnceDeployedApp(); - if( appUri == null ) - { - // we are not in a browser hosted app; we are not in partial trust, so don't block - return; - } - - // get app's zone - int appZone = SecurityHelper.MapUrlToZoneWrapper(appUri); - - // demand if - // 1) app comes from Internet or a more untrusted zone, or - // 2) app comes from Intranet and scheme is HTTPS - bool isInternetOrLessTrustedApp = (appZone >= MS.Win32.NativeMethods.URLZONE_INTERNET); - bool isIntranetHttpsApp = (appZone == MS.Win32.NativeMethods.URLZONE_INTRANET && appUri.Scheme == Uri.UriSchemeHttps); - if (isInternetOrLessTrustedApp || isIntranetHttpsApp) - { - // demand appropriate permission - we already know that contentUri is Unc - (new FileIOPermission(FileIOPermissionAccess.Read, contentUri.LocalPath)).Demand(); - } - } - internal static int MapUrlToZoneWrapper(Uri uri) { int targetZone = NativeMethods.URLZONE_LOCAL_MACHINE ; // fail securely this is the most priveleged zone @@ -308,25 +249,17 @@ static internal object ReadRegistryValue( RegistryKey baseRegistryKey, string ke { object value = null; - new RegistryPermission(RegistryPermissionAccess.Read, baseRegistryKey.Name + @"\" + keyName).Assert(); - try + RegistryKey key = baseRegistryKey.OpenSubKey(keyName); + if (key != null) { - RegistryKey key = baseRegistryKey.OpenSubKey(keyName); - if (key != null) + using( key ) { - using( key ) - { - value = key.GetValue(valueName); - } + value = key.GetValue(valueName); } } - finally - { - RegistryPermission.RevertAssert(); - } return value; -} + } #endif // WINDOWS_BASE } } From d22376f43d856edf9d5e80a6229a4132367fdc20 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Fri, 21 Jun 2019 15:53:39 -0700 Subject: [PATCH 15/21] permission removals --- .../System/Windows/Controls/DataGrid.cs | 30 +++++-------------- .../System/Windows/Controls/WebBrowser.cs | 2 -- 2 files changed, 7 insertions(+), 25 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs index 7012431fb91..6e38b70401b 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs @@ -8331,31 +8331,15 @@ protected virtual void OnExecutedCopy(ExecutedRoutedEventArgs args) DataObject dataObject; - (new UIPermission(UIPermissionClipboard.AllClipboard)).Assert(); - try - { - dataObject = new DataObject(); - } - finally - { - UIPermission.RevertAssert(); - } + dataObject = new DataObject(); - foreach (string format in formats) - { - dataObject.CriticalSetData(format, dataGridStringBuilders[format].ToString(), false /*autoConvert*/); - } + foreach (string format in formats) + { + dataObject.CriticalSetData(format, dataGridStringBuilders[format].ToString(), false /*autoConvert*/); + } + + Clipboard.CriticalSetDataObject(dataObject, true /* Copy */); - // This assert is there for an OLE Callback to register CSV type for the clipboard - (new SecurityPermission(SecurityPermissionFlag.SerializationFormatter | SecurityPermissionFlag.UnmanagedCode)).Assert(); - try - { - Clipboard.CriticalSetDataObject(dataObject, true /* Copy */); - } - finally - { - SecurityPermission.RevertAll(); - } } /// diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs index ba716a34b38..8335895d06e 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/WebBrowser.cs @@ -89,8 +89,6 @@ static WebBrowser() public WebBrowser() : base(new Guid(CLSID.WebBrowser), true ) { - (new WebBrowserPermission(WebBrowserPermissionLevel.Safe)).Demand(); - _hostingAdaptor = new WebOCHostingAdaptor(this); } From 9697777f120bd866d2e382f32852fd342e8d045a Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Sun, 23 Jun 2019 23:04:35 -0700 Subject: [PATCH 16/21] Apply suggestions from code review Co-Authored-By: Steven Kirbach --- .../System/Windows/Media/Imaging/BitmapDecoder.cs | 4 +--- .../src/PresentationCore/System/Windows/dataobject.cs | 3 +-- .../PresentationFramework/System/Windows/Controls/DataGrid.cs | 3 +-- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs index 0de3eb0cdc7..4e356854986 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs @@ -1272,11 +1272,9 @@ private static Stream ProcessHttpFiles(Uri uri, Stream stream) private static Stream ProcessUncFiles(Uri uri) { - Stream bitmapStream = null; - bitmapStream = new System.IO.FileStream(uri.LocalPath, FileMode.Open, FileAccess.Read, FileShare.Read); - return bitmapStream; + return new System.IO.FileStream(uri.LocalPath, FileMode.Open, FileAccess.Read, FileShare.Read); } void CheckIfSiteOfOrigin() diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs index 08219df967d..f6f4bc59dd8 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs @@ -3534,8 +3534,7 @@ public string[] GetFormats(bool autoConvert) } else { - bool anySerializationFailure = serializationCheckFailedForThisFunction; - if (!anySerializationFailure) + if (!serializationCheckFailedForThisFunction) { formats.Add(baseVar[baseFormatIndex]); } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs index 6e38b70401b..8d731f0eab7 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs @@ -8329,9 +8329,8 @@ protected virtual void OnExecutedCopy(ExecutedRoutedEventArgs args) DataGridClipboardHelper.GetClipboardContentForHtml(dataGridStringBuilders[DataFormats.Html]); - DataObject dataObject; + DataObject dataObject = new DataObject(); - dataObject = new DataObject(); foreach (string format in formats) { From 9bdeb0b0fc8972b5744f75c2a21db528fd9d524f Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Sun, 23 Jun 2019 23:08:06 -0700 Subject: [PATCH 17/21] Apply suggestions from code review Co-Authored-By: Steven Kirbach --- .../System/Windows/Documents/TextTreeDeleteContentUndoUnit.cs | 3 +-- .../System/Windows/Markup/XamlTypeMapper.cs | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextTreeDeleteContentUndoUnit.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextTreeDeleteContentUndoUnit.cs index e4a53e13d70..d1fbcd7c4c5 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextTreeDeleteContentUndoUnit.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextTreeDeleteContentUndoUnit.cs @@ -255,9 +255,8 @@ private TextTreeNode CopyTextNode(TextTreeTextNode textNode, TextTreeNode haltNo /// private TextTreeNode CopyObjectNode(TextTreeObjectNode objectNode, out ContentContainer container) { - string xml; - xml = XamlWriter.Save(objectNode.EmbeddedElement); + string xml = XamlWriter.Save(objectNode.EmbeddedElement); container = new ObjectContentContainer(xml, objectNode.EmbeddedElement); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlTypeMapper.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlTypeMapper.cs index 5b7671c6ede..c8eaa39b56c 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlTypeMapper.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Markup/XamlTypeMapper.cs @@ -2762,8 +2762,7 @@ private static InternalTypeHelper GetInternalTypeHelperFromAssembly(ParserContex internal static object CreateInternalInstance(ParserContext pc, Type type) { - object instance = null; - instance = Activator.CreateInstance(type, + object instance = Activator.CreateInstance(type, BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | From a4193cb70a6677613f4dd4c7b684be815ac02b77 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Sun, 23 Jun 2019 23:58:49 -0700 Subject: [PATCH 18/21] addressed comments --- .../Windows/Media/Imaging/BitmapDecoder.cs | 48 ++----------------- .../MS/Internal/Ink/ClipboardProcessor.cs | 1 - .../Serialization/SerializerProvider.cs | 3 -- .../Documents/TextEditorContextMenu.cs | 8 ++-- .../Serialization/ImageSourceTypeConverter.cs | 1 - .../Serialization/VisualSerializer.cs | 6 +-- .../Serialization/XpsFontSubsetter.cs | 24 ++-------- 7 files changed, 13 insertions(+), 78 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs index 4e356854986..7a2bdb29d0b 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Media/Imaging/BitmapDecoder.cs @@ -51,7 +51,6 @@ public abstract class BitmapDecoder : DispatcherObject static BitmapDecoder() { - isImageDisabledInitialized = false; } /// /// Default constructor @@ -267,9 +266,6 @@ bool insertInDecoderCache UnmanagedMemoryStream unmanagedMemoryStream = null; SafeFileHandle safeFilehandle = null; - // check to ensure that images are allowed in partial trust - DemandIfImageBlocked(); - if (uri != null) { finalUri = (baseUri != null) ? @@ -664,9 +660,6 @@ public virtual BitmapMetadata Metadata VerifyAccess(); EnsureBuiltInDecoder(); - // Demand Site Of origin on the URI if it passes then this information is ok to expose - CheckIfSiteOfOrigin(); - if (!_isMetadataCached) { IntPtr /* IWICMetadataQueryReader */ metadata = IntPtr.Zero; @@ -897,9 +890,6 @@ public virtual InPlaceBitmapMetadataWriter CreateInPlaceBitmapMetadataWriter() CheckOriginalWritable(); - // Demand Site Of origin on the URI if it passes then this information is ok to expose - CheckIfSiteOfOrigin(); - return InPlaceBitmapMetadataWriter.CreateFromDecoder(_decoderHandle, _syncObject); } @@ -1031,15 +1021,6 @@ internal void CheckOriginalWritable() #endregion #region Internal/Private Methods - private static void DemandIfImageBlocked() - { - if(!isImageDisabledInitialized) - { - // a performance optimization to ensure we hit the registry only once in the lifetime of the application - isImageDisabled = new SecurityCriticalDataForSet(SafeSecurityHelper.IsFeatureDisabled(SafeSecurityHelper.KeyToRead.MediaImageDisable)); - isImageDisabledInitialized = true; - } - } internal static SafeMILHandle SetupDecoderFromUriOrStream( Uri uri, @@ -1056,8 +1037,6 @@ out SafeFileHandle safeFilehandle IntPtr decoder = IntPtr.Zero; System.IO.Stream bitmapStream = null; string mimeType = String.Empty; - // check to ensure that images are allowed in partial trust NOP in full trust - DemandIfImageBlocked(); unmanagedMemoryStream = null; safeFilehandle = null; isOriginalWritable = false; @@ -1277,22 +1256,6 @@ private static Stream ProcessUncFiles(Uri uri) return new System.IO.FileStream(uri.LocalPath, FileMode.Open, FileAccess.Read, FileShare.Read); } - void CheckIfSiteOfOrigin() - { - string uri = null; - - if (CanConvertToString()) - { - // This call returns the URI either as an absolute URI which the user - // passed in, in the first place or as the string "image" - // we only allow this code to succeed in the case of Uri and if it is site of - // origin or pack:. In all other conditions we fail - - uri = ToString(); - } - - } - /// Returns the decoder's CLSID private static Guid GetCLSIDFromDecoder(SafeMILHandle decoderHandle, out string decoderMimeTypes) { @@ -1626,9 +1589,9 @@ private static IntPtr GetIStreamFromStream(ref System.IO.Stream bitmapStream) } return comStream; - } - - + } + + /// Returns whether decoder can be converted to a string internal bool CanConvertToString() { @@ -1729,11 +1692,6 @@ internal bool CanConvertToString() /// SyncObject private object _syncObject = new Object(); - // this is data that we cache as a performance optimization. It is ok to do so since we do not want to - // handle this key change in the lifetime of this app. - private static SecurityCriticalDataForSet isImageDisabled; - private static bool isImageDisabledInitialized; - // For UnmanagedMemoryStream we want to make sure that buffer // its pointing to is not getting release until decoder is alive private UnmanagedMemoryStream _unmanagedMemoryStream; diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Ink/ClipboardProcessor.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Ink/ClipboardProcessor.cs index 9477c68ea05..3bdb3bff03f 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Ink/ClipboardProcessor.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Ink/ClipboardProcessor.cs @@ -325,7 +325,6 @@ private bool CopySelectionInXAML(IDataObject dataObject, StrokeCollection stroke { InkCanvas inkCanvas = new InkCanvas(); - // NOTICE-2005/12/06-WAYNEZEN, // We already transform the Strokes in CopySelectedData. if (strokes.Count != 0) { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Serialization/SerializerProvider.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Serialization/SerializerProvider.cs index 366fb2fe99a..dcb10dd901a 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Serialization/SerializerProvider.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/Serialization/SerializerProvider.cs @@ -210,11 +210,8 @@ public SerializerWriter CreateSerializerWriter(SerializerDescriptor serializerDe /// /// /// Creates the Xps default serializer - /// - /// This method currently requires full trust to run. /// /// SerializerDescriptor for new serializer - [SuppressMessage("Microsoft.Security", "CA2116:AptcaMethodsShouldOnlyCallAptcaMethods")] private SerializerDescriptor CreateSystemSerializerDescriptor() { diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorContextMenu.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorContextMenu.cs index 1a8dd47cd67..8188c08fe25 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorContextMenu.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorContextMenu.cs @@ -164,7 +164,7 @@ internal static void OnContextMenuOpening(object sender, ContextMenuEventArgs e) { // It's a default null, so spin up a temporary ContextMenu now. contextMenu = new EditorContextMenu(); - ((EditorContextMenu)contextMenu).AddMenuItems(This, e.UserInitiated); + ((EditorContextMenu)contextMenu).AddMenuItems(This); } contextMenu.Placement = PlacementMode.RelativePoint; contextMenu.PlacementTarget = This.UiScope; @@ -431,7 +431,7 @@ private class EditorContextMenu : ContextMenu { // Initialize the context menu. // Creates a new instance. - internal void AddMenuItems(TextEditor textEditor, bool userInitiated) + internal void AddMenuItems(TextEditor textEditor) { if (!textEditor.IsReadOnly) { @@ -445,7 +445,7 @@ internal void AddMenuItems(TextEditor textEditor, bool userInitiated) { AddSeparator(); } - AddClipboardItems(textEditor, userInitiated); + AddClipboardItems(textEditor); } // Finalizer release the candidate list if it remains. ~EditorContextMenu() @@ -596,7 +596,7 @@ private bool AddReconversionItems(TextEditor textEditor) // Appends clipboard related items. // Returns false if no items are added. - private bool AddClipboardItems(TextEditor textEditor, bool userInitiated) + private bool AddClipboardItems(TextEditor textEditor) { MenuItem menuItem; diff --git a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/ImageSourceTypeConverter.cs b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/ImageSourceTypeConverter.cs index ff07a86bd48..2f586799267 100644 --- a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/ImageSourceTypeConverter.cs +++ b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/ImageSourceTypeConverter.cs @@ -371,7 +371,6 @@ Type type // construction and its uri is still null // - // DevDiv bug 213320 // If bitmapSource is indexed, has a color palette and transparency (e.g. transparent GIF) // PNG conversion may lose color or transparency or both information // To avoid this we convert all paletted bitmapSources to the 32 bit per pixel bgra format diff --git a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/VisualSerializer.cs b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/VisualSerializer.cs index 246ce844c93..937d385651a 100644 --- a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/VisualSerializer.cs +++ b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/VisualSerializer.cs @@ -2026,11 +2026,7 @@ out bitmapToDrawingTransform private static bool EmbeddingAllowed(GlyphTypeface typeface) { - FontEmbeddingRight embeddingRights = FontEmbeddingRight.Installable; - - embeddingRights = typeface.EmbeddingRights; - - return (XpsFontSubsetter.DetermineEmbeddingAction(embeddingRights) != FontEmbeddingAction.ImageOnlyFont); + return (XpsFontSubsetter.DetermineEmbeddingAction(typeface.EmbeddingRights) != FontEmbeddingAction.ImageOnlyFont); } /// diff --git a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/XpsFontSubsetter.cs b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/XpsFontSubsetter.cs index 564db44139f..f4918aa8355 100644 --- a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/XpsFontSubsetter.cs +++ b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/XpsFontSubsetter.cs @@ -136,7 +136,7 @@ BasePackagingPolicy packagingPolicy GlyphRun glyphRun ) { - FontEmbeddingRight embeddingRights = FontEmbeddingRight.RestrictedLicense; + FontEmbeddingRight embeddingRights = glyphRun.GlyphTypeface.EmbeddingRights; if (null == glyphRun) { throw new ArgumentNullException("glyphRun"); @@ -144,8 +144,6 @@ GlyphRun glyphRun Uri fontUri = null; - embeddingRights = glyphRun.GlyphTypeface.EmbeddingRights; - if (DetermineEmbeddingAction(embeddingRights) == FontEmbeddingAction.ImageOnlyFont) { @@ -272,11 +270,7 @@ FontSubsetterCommitPolicies signal FontEmbeddingAction DetermineEmbeddingAction(GlyphTypeface glyphTypeface) { - FontEmbeddingRight fsType = FontEmbeddingRight.RestrictedLicense; - - fsType = glyphTypeface.EmbeddingRights; - - return DetermineEmbeddingAction(fsType); + return DetermineEmbeddingAction(glyphTypeface.EmbeddingRights); } /// /// Determines Embedding action based @@ -327,11 +321,7 @@ FontEmbeddingRight fsType bool IsRestrictedFont(GlyphTypeface glyphTypeface) { - FontEmbeddingRight fsType = FontEmbeddingRight.RestrictedLicense; - - fsType = glyphTypeface.EmbeddingRights; - - return IsRestrictedFont(fsType); + return IsRestrictedFont(glyphTypeface.EmbeddingRights); } /// /// Determines Embedding action based @@ -420,9 +410,7 @@ GlyphTypeface glyphTypeface ) { FEMCacheItem manager = null; - Uri fontUri; - - fontUri = glyphTypeface.FontUri; + Uri fontUri = glyphTypeface.FontUri; if (!_fontEmbeddingManagerCache.TryGetValue(fontUri, out manager)) { @@ -621,9 +609,7 @@ GlyphRun glyphRun Stream stream ) { - byte[] fontData; - - fontData = _glyphTypeface.ComputeSubset(glyphs); + byte[] fontData = _glyphTypeface.ComputeSubset(glyphs); Guid guid = ParseGuidFromUri(_fontResourceStream.Uri); ObfuscateData(fontData, guid); From 8866bbde5caf4893ab22d4cd22d2b4e68cb614a2 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Mon, 24 Jun 2019 11:01:31 -0700 Subject: [PATCH 19/21] addressed comment --- .../src/ReachFramework/Serialization/XpsFontSubsetter.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/XpsFontSubsetter.cs b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/XpsFontSubsetter.cs index f4918aa8355..5b23874a80e 100644 --- a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/XpsFontSubsetter.cs +++ b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/XpsFontSubsetter.cs @@ -136,12 +136,13 @@ BasePackagingPolicy packagingPolicy GlyphRun glyphRun ) { - FontEmbeddingRight embeddingRights = glyphRun.GlyphTypeface.EmbeddingRights; if (null == glyphRun) { throw new ArgumentNullException("glyphRun"); } + FontEmbeddingRight embeddingRights = glyphRun.GlyphTypeface.EmbeddingRights; + Uri fontUri = null; if (DetermineEmbeddingAction(embeddingRights) == From fe294b2129c091fbd5921169addbb30bfaa41cee Mon Sep 17 00:00:00 2001 From: Vatsan Madhavan Date: Mon, 24 Jun 2019 13:09:16 -0700 Subject: [PATCH 20/21] Remove ExtractAppDomainPermissionSetMinusSiteOfOrigin and dependencies --- .../MS/internal/ConstrainedDataObject.cs | 282 ------------------ .../PresentationCore/PresentationCore.csproj | 1 - .../System/Windows/clipboard.cs | 58 +--- .../System/Windows/dataobject.cs | 37 +-- .../MS/Internal/Ink/XamlClipboardData.cs | 11 +- .../System/Windows/Controls/DataGrid.cs | 2 +- .../Windows/Documents/TextEditorCopyPaste.cs | 30 +- .../src/Shared/MS/Internal/SecurityHelper.cs | 6 - 8 files changed, 11 insertions(+), 416 deletions(-) delete mode 100644 src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/ConstrainedDataObject.cs diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/ConstrainedDataObject.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/ConstrainedDataObject.cs deleted file mode 100644 index 2de31018e34..00000000000 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/ConstrainedDataObject.cs +++ /dev/null @@ -1,282 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// -// -// -// Description: Internal class implemented to primarily disable the XAML cut and paste of content from a -// partial trust source to a full trust target -// -// See spec at Rich%20Clipboard%20in%20Sandbox%20Spec.doc -// -// - -namespace MS.Internal -{ - using System; - using System.Collections.Generic; - using System.Security; - using System.Security.Permissions; - using System.Windows; - - // PreSharp uses message numbers that the C# compiler doesn't know about. - // Disable the C# complaints, per the PreSharp documentation. -#pragma warning disable 1634, 1691 - #region ConstrainedDataObject Class - /// - /// Implements a wrapper class the helps prevent the copy paste of xaml content from partial trust to full trust - /// This class is instantiated and returned in the case of copy from a partial trust source to a full trust or >partial trust - /// target. The core functionality here is to strip and deny any requests for XAML content or ApplicationTrust Content in a DataObject - /// Please note it is by intent that we create a blocked list versus an allowed list of allowed types so as to not block of scenarios like - /// inking from getting their content in a full trust application if they want to. - /// - internal sealed class ConstrainedDataObject : System.Windows.IDataObject - { - //------------------------------------------------------ - // - // Constructors - // - //------------------------------------------------------ - - #region Constructors - - - /// - /// Initializes a new instance of the class, containing the specified data. - /// - internal ConstrainedDataObject(System.Windows.IDataObject data) - { - // This check guarantees us that we can never create a Constrained data Object with a null dataobject - Invariant.Assert(data != null); - _innerData = data; - } - - #endregion Constructors - - //------------------------------------------------------ - // - // Public Methods - // - //------------------------------------------------------ - - #region Public Methods - - /// - /// Retrieves the data associated with the specified data - /// format, using an automated conversion parameter to determine whether to convert - /// the data to the format. - /// - public object GetData(string format, bool autoConvert) - { - if (format == null) - { - throw new ArgumentNullException("format"); - } - if (IsCriticalFormat(format)) - { - return null; - } - return _innerData.GetData(format, autoConvert); - } - - /// - /// Retrieves the data associated with the specified data - /// format. - /// - public object GetData(string format) - { - if (format == null) - { - throw new ArgumentNullException("format"); - } - return GetData(format, true); - } - - /// - /// Retrieves the data associated with the specified class - /// type format. - /// - public object GetData(Type format) - { - if (format == null) - { - throw new ArgumentNullException("format"); - } - return GetData(format.FullName); - } - - /// - /// Determines whether data stored in this instance is - /// associated with, or can be converted to, the specified - /// format. - /// - public bool GetDataPresent(Type format) - { - if (format == null) - { - throw new ArgumentNullException("format"); - } - return (GetDataPresent(format.FullName)); - } - - /// - /// Determines whether data stored in this instance is - /// associated with the specified format, using an automatic conversion - /// parameter to determine whether to convert the data to the format. - /// - public bool GetDataPresent(string format, bool autoConvert) - { - bool dataPresent = false; - - if (format == null) - { - throw new ArgumentNullException("format"); - } - if (!IsCriticalFormat(format)) - { - dataPresent = _innerData.GetDataPresent(format, autoConvert); - } - return dataPresent; - } - - /// - /// Determines whether data stored in this instance is - /// associated with, or can be converted to, the specified - /// format. - /// - public bool GetDataPresent(string format) - { - if (format == null) - { - throw new ArgumentNullException("format"); - } - return GetDataPresent(format, true);; - } - - /// - /// Gets a list of all formats that data stored in this - /// instance is associated with or can be converted to, using an automatic - /// conversion parameter to - /// determine whether to retrieve all formats that the data can be converted to or - /// only native data formats. - /// - public string[] GetFormats(bool autoConvert) - { - string[] formats = _innerData.GetFormats(autoConvert); - if (formats != null) - { - StripCriticalFormats(formats); - } - return formats; -} - - /// - /// Gets a list of all formats that data stored in this instance is associated - /// with or can be converted to. - /// - public string[] GetFormats() - { - return GetFormats(true); - } - - /// - /// Stores the specified data in - /// this instance, using the class of the data for the format. - /// - public void SetData(object data) - { - _innerData.SetData(data); - } - - /// - /// Stores the specified data and its associated format in this - /// instance. - /// - public void SetData(string format, object data) - { - _innerData.SetData(format, data); - } - - /// - /// Stores the specified data and - /// its associated class type in this instance. - /// - public void SetData(Type format, object data) - { - _innerData.SetData(format, data); - } - - /// - /// Stores the specified data and its associated format in - /// this instance, using the automatic conversion parameter - /// to specify whether the - /// data can be converted to another format. - /// - public void SetData(string format, Object data, bool autoConvert) - { - _innerData.SetData(format, data, autoConvert); - } - - - - #endregion Public Methods - - //------------------------------------------------------ - // - // Internal Methods - // - //------------------------------------------------------ - - #region Internal Methods - - /// - /// Return true if the format string are equal(Case-senstive). - /// - private static bool IsFormatEqual(string format1, string format2) - { - return (String.CompareOrdinal(format1, format2) == 0); - } - - - /// - /// This code looks for Xaml and ApplicationTrust strings in an array of strings and removed them. The reason for that is - /// that since the only scenario this class is used in is when the target application has more permissions than the source then - /// we want to ensure that the target application cannot get to xaml and application trust formats if they come out of a partial trust source. - /// - private string[] StripCriticalFormats(string[] formats) - { - List resultList = new List(); - for (uint currentFormat = 0; currentFormat < formats.Length; currentFormat++) - { - if (!IsCriticalFormat(formats[currentFormat])) - { - resultList.Add(formats[currentFormat]); - } - } - return resultList.ToArray(); - } - - /// - private bool IsCriticalFormat(string format) - { - return (IsFormatEqual(format, DataFormats.Xaml) || - IsFormatEqual(format, DataFormats.ApplicationTrust)); - } - #endregion Private Methods - - //------------------------------------------------------ - // - // Private Fields - // - //------------------------------------------------------ - - #region Private Fields - // Inner data object of IDataObject. - private System.Windows.IDataObject _innerData; - #endregion Private Fields - - - } - #endregion ConstrainedDataObject Class -} diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/PresentationCore.csproj b/src/Microsoft.DotNet.Wpf/src/PresentationCore/PresentationCore.csproj index e226a12a9ba..aa256622722 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/PresentationCore.csproj +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/PresentationCore.csproj @@ -108,7 +108,6 @@ - diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs index b5319b4450d..bac56863b94 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/clipboard.cs @@ -651,46 +651,6 @@ private static bool IsDynamicCodePolicyEnabled() return isEnabled; } - private static bool IsDataObjectFromLessPriviligedApplicationDomain(IDataObject dataObjectToApply) - { - bool retVal = false; - object applicationTrust = null; - // Extract the permission set in case of xaml cut and paste - // extract permission set if it exists if not data came from full trust app and we do not care - bool isApplicationTrustFormatPresent = false; - isApplicationTrustFormatPresent = dataObjectToApply.GetDataPresent(DataFormats.ApplicationTrust, /*autoConvert:*/false); - if (isApplicationTrustFormatPresent) - { - applicationTrust = dataObjectToApply.GetData(DataFormats.ApplicationTrust, /*autoConvert:*/false); - } - - if (applicationTrust != null) - { - string applicationTrustText = null; - // convert to string - applicationTrustText = applicationTrust.ToString(); - - - // Convert string to permission set for getting permission set of source - PermissionSet permissionSetSource; - try - { - SecurityElement securityElement = SecurityElement.FromString(applicationTrustText); - permissionSetSource = new System.Security.PermissionSet(PermissionState.None); - permissionSetSource.FromXml(securityElement); - } - catch(XmlSyntaxException) - { - // This is the condition where we have Malformed XML in the clipboard for application trust - // here we will fail silently since we do not want to break arbitrary applications - // but since we cannot establish the validity of the application trust content we will fall back to - // whatever is more secure - return true; - } - } - return retVal; - } - private static IDataObject GetDataObjectInternal() { IDataObject dataObject; @@ -734,23 +694,7 @@ private static IDataObject GetDataObjectInternal() { dataObject = null; } - // We make this check outside of the loop independant of whether the data is ole data object or IDataObject - // Although one is unable to create an OleDataObject in partial trust we still need to ensure that if he did - // we strip the formats we care about by wrapping in ConstrainedDataObject - if (dataObject != null) - { - // this is the case we are concerend about where content comes from partial trust into full trust - // in the case where data contained is in one of the two formats: XAML or ApplicationTrust we return a wrapper - // that blocks access to these - if (IsDataObjectFromLessPriviligedApplicationDomain(dataObject) && - (dataObject.GetDataPresent(DataFormats.Xaml, /*autoConvert:*/false) || - dataObject.GetDataPresent(DataFormats.ApplicationTrust, /*autoConvert:*/false))) - { - // in this case we set the data object to be a wrapper data object that blocks off - // xaml or application trust formats if they exist - dataObject = new ConstrainedDataObject(dataObject); - } - } + return dataObject; } diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs index f6f4bc59dd8..237dab75f2c 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/dataobject.cs @@ -396,6 +396,7 @@ public void SetData(Type format, object data) /// /// Callers must have UIPermission(UIPermissionClipboard.AllClipboard) to call this API. /// + [FriendAccessAllowed] public void SetData(string format, Object data, bool autoConvert) { if (format == null) @@ -408,7 +409,7 @@ public void SetData(string format, Object data, bool autoConvert) throw new ArgumentException(SR.Get(SRID.DataObject_EmptyFormatNotAllowed)); } - CriticalSetData(format, data, autoConvert); + _innerData.SetData(format, data, autoConvert); } @@ -1326,18 +1327,6 @@ internal static string[] GetMappedFormats(string format) #region Private Methods - /// - /// - /// - [FriendAccessAllowed] - internal void CriticalSetData(string format, Object data, bool autoConvert) - { - if (data == null) - { - throw new ArgumentNullException("data"); - } - _innerData.SetData(format, data, autoConvert); - } /// /// Behaves like IComDataObject.GetData and IComDataObject.GetDataHere, @@ -2164,28 +2153,12 @@ private static bool IsDataSystemBitmapSource(object data) private static bool IsFormatAndDataSerializable(string format, object data) { return - (IsFormatNotSupportedInPartialTrust(format)) - && - (IsFormatEqual(format, DataFormats.Serializable) + IsFormatEqual(format, DataFormats.Serializable) || data is ISerializable - || (data != null && data.GetType().IsSerializable)); + || (data != null && data.GetType().IsSerializable); } - /// - /// This code is used to determine whether any of the formats in the list here are supported in partial trust. - /// By adding an entry here we are letting consumers set and get data for this format in partial trust. - /// - /// - /// - private static bool IsFormatNotSupportedInPartialTrust(string format) - { - return (!IsFormatEqual(format, DataFormats.Text) - && !IsFormatEqual(format, DataFormats.OemText) - && !IsFormatEqual(format, DataFormats.UnicodeText) - && !IsFormatEqual(format, DataFormats.CommaSeparatedValue) - && !IsFormatEqual(format, DataFormats.Xaml) - && !IsFormatEqual(format, DataFormats.ApplicationTrust)); - } + /// /// Return true if the format string are equal(Case-senstive). /// diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Ink/XamlClipboardData.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Ink/XamlClipboardData.cs index 351d463d9e0..773cad72f20 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Ink/XamlClipboardData.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/Ink/XamlClipboardData.cs @@ -98,16 +98,7 @@ protected override void DoCopy(IDataObject dataObject) // Set the data object as XML format. dataObject.SetData(DataFormats.Xaml, xmlData.ToString()); - - // - // we need to copy the permission set on the clipboard for - // the Clipboard class methods. See security note for details. - // - PermissionSet permSet = SecurityHelper.ExtractAppDomainPermissionSetMinusSiteOfOrigin(); - string setString = permSet.ToString(); - Debug.Assert(setString.Length > 0); - dataObject.SetData(DataFormats.ApplicationTrust, setString); -} + } // Retrieves the Xaml from the IDataObject and instantiate the elements based on the Xaml protected override void DoPaste(IDataObject dataObject) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs index 8d731f0eab7..b95b2b70ffb 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Controls/DataGrid.cs @@ -8334,7 +8334,7 @@ protected virtual void OnExecutedCopy(ExecutedRoutedEventArgs args) foreach (string format in formats) { - dataObject.CriticalSetData(format, dataGridStringBuilders[format].ToString(), false /*autoConvert*/); + dataObject.SetData(format, dataGridStringBuilders[format].ToString(), false /*autoConvert*/); } Clipboard.CriticalSetDataObject(dataObject, true /* Copy */); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs index 83f7cf1b5f7..c31c8371f65 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs @@ -109,14 +109,14 @@ internal static DataObject _CreateDataObject(TextEditor This, bool isDragDrop) // ConfirmDataFormatSetting rasies a public event - could throw recoverable exception. if (ConfirmDataFormatSetting(This.UiScope, dataObject, DataFormats.Text)) { - CriticalSetDataWrapper(dataObject,DataFormats.Text, textString); + ((DataObject)dataObject).SetData(DataFormats.Text, textString, false); } // Copy unicode text into data object. // ConfirmDataFormatSetting rasies a public event - could throw recoverable exception. if (ConfirmDataFormatSetting(This.UiScope, dataObject, DataFormats.UnicodeText)) { - CriticalSetDataWrapper(dataObject,DataFormats.UnicodeText, textString); + ((DataObject)dataObject).SetData(DataFormats.UnicodeText, textString, false); } } @@ -173,15 +173,7 @@ internal static DataObject _CreateDataObject(TextEditor This, bool isDragDrop) if (ConfirmDataFormatSetting(This.UiScope, dataObject, DataFormats.Xaml)) { // Place Xaml data onto the dataobject using safe setter - CriticalSetDataWrapper(dataObject, DataFormats.Xaml, xamlText); - - // The dataobject itself must hold an information about permission set - // of the source appdomain. Set it there: - - // Package permission set for the current appdomain - PermissionSet psCurrentAppDomain = SecurityHelper.ExtractAppDomainPermissionSetMinusSiteOfOrigin(); - string permissionSetCurrentAppDomain = psCurrentAppDomain.ToString(); - CriticalSetDataWrapper(dataObject, DataFormats.ApplicationTrust, permissionSetCurrentAppDomain); + ((DataObject)dataObject).SetData(DataFormats.Xaml, xamlText, false); } } } @@ -716,22 +708,6 @@ private static void OnPasteFormat(object sender, ExecutedRoutedEventArgs args) // Provide an implementation for this command } - /// - /// This code is used to call into an internal overload to set data which circumvents the demand for - /// all clipboard permission. Although this is not the cleanest we prefer to cast it to DataObject - /// and call the critical overload to reduce the scope of the code that gets called here. - /// This saves us one high level assert. - /// - /// - /// - /// - private static void CriticalSetDataWrapper(IDataObject dataObjectValue, string format, string content) - { - if (dataObjectValue is DataObject) - { - ((DataObject)dataObjectValue).CriticalSetData(format, content, format == DataFormats.ApplicationTrust ? /*autoConvert:*/false : true); - } - } /// /// Paste the content data(Text, Unicode, Xaml and Rtf) to the current text selection diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs index 4a523b17636..06c908f02a0 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Internal/SecurityHelper.cs @@ -119,12 +119,6 @@ internal static int MapUrlToZoneWrapper(Uri uri) curSecMgr = null; return targetZone; } - - internal static PermissionSet ExtractAppDomainPermissionSetMinusSiteOfOrigin() - { - return new PermissionSet(PermissionState.Unrestricted); - } - #endif From 0a1b4b50648aeac32f251ce8062f2a130fd25bb3 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Tue, 25 Jun 2019 13:33:11 -0700 Subject: [PATCH 21/21] addressed comment --- .../System/Windows/Documents/TextEditorCopyPaste.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs index c31c8371f65..7790d821354 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/System/Windows/Documents/TextEditorCopyPaste.cs @@ -109,14 +109,14 @@ internal static DataObject _CreateDataObject(TextEditor This, bool isDragDrop) // ConfirmDataFormatSetting rasies a public event - could throw recoverable exception. if (ConfirmDataFormatSetting(This.UiScope, dataObject, DataFormats.Text)) { - ((DataObject)dataObject).SetData(DataFormats.Text, textString, false); + dataObject.SetData(DataFormats.Text, textString, false); } // Copy unicode text into data object. // ConfirmDataFormatSetting rasies a public event - could throw recoverable exception. if (ConfirmDataFormatSetting(This.UiScope, dataObject, DataFormats.UnicodeText)) { - ((DataObject)dataObject).SetData(DataFormats.UnicodeText, textString, false); + dataObject.SetData(DataFormats.UnicodeText, textString, false); } } @@ -173,7 +173,7 @@ internal static DataObject _CreateDataObject(TextEditor This, bool isDragDrop) if (ConfirmDataFormatSetting(This.UiScope, dataObject, DataFormats.Xaml)) { // Place Xaml data onto the dataobject using safe setter - ((DataObject)dataObject).SetData(DataFormats.Xaml, xamlText, false); + dataObject.SetData(DataFormats.Xaml, xamlText, false); } } }