Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

2007-08-20 Mark Probst <mark.probst@gmail.com>

	* security-core-clr.c, security-core-clr.h: CoreCLR security
	utility functions.

	* Makefile.am: Added security-core-clr.[ch].

	* security-manager.c, security-manager.h: Functions and enum for
	setting and getting the security mode.

	* class.c: CoreCLR security checks.

2007-08-20  Mark Probst  <mark.probst@gmail.com>

	* mini.c: CoreCLR security checks.

	* mini.h: Removed MonoSecurityMode (moved to
	metadata/security-manager.h) and mono_security_mode global var
	(replaced by set/get functions in security-manager.h).

	* driver.c: Added "core-clr-test" security mode for testing.  Used
	set-function for setting security mode.

svn path=/trunk/mono/; revision=84458
  • Loading branch information...
commit b188c2ed00acf8fcf453f723bd87b6e3f1d96cd4 1 parent cb11326
@schani schani authored
View
11 mono/metadata/ChangeLog
@@ -1,3 +1,14 @@
+2007-08-20 Mark Probst <mark.probst@gmail.com>
+
+ * security-core-clr.c, security-core-clr.h: CoreCLR security
+ utility functions.
+
+ * Makefile.am: Added security-core-clr.[ch].
+
+ * security-manager.c, security-manager.h: Functions and enum for
+ setting and getting the security mode.
+
+ * class.c: CoreCLR security checks.
Mon Aug 20 12:38:42 CEST 2007 Paolo Molaro <lupus@ximian.com>
View
2  mono/metadata/Makefile.am
@@ -84,6 +84,8 @@ libmonoruntime_la_SOURCES = \
rand.c \
security.c \
security.h \
+ security-core-clr.c \
+ security-core-clr-h \
string-icalls.c \
string-icalls.h \
sysmath.h \
View
64 mono/metadata/class.c
@@ -31,6 +31,7 @@
#include <mono/metadata/reflection.h>
#include <mono/metadata/exception.h>
#include <mono/metadata/security-manager.h>
+#include <mono/metadata/security-core-clr.h>
#include <mono/os/gc_wrapper.h>
#include <mono/utils/mono-counters.h>
@@ -1864,6 +1865,18 @@ mono_class_setup_vtable (MonoClass *class)
return;
}
+static void
+check_core_clr_override_method (MonoClass *class, MonoMethod *override, MonoMethod *base)
+{
+ MonoSecurityCoreCLRLevel override_level = mono_security_core_clr_method_level (override, FALSE);
+ MonoSecurityCoreCLRLevel base_level = mono_security_core_clr_method_level (base, FALSE);
+
+ if (override_level != base_level && base_level == MONO_SECURITY_CORE_CLR_CRITICAL) {
+ class->exception_type = MONO_EXCEPTION_TYPE_LOAD;
+ class->exception_data = NULL;
+ }
+}
+
/*
* LOCKING: this is supposed to be called with the loader lock held.
*/
@@ -1923,6 +1936,9 @@ mono_class_setup_vtable_general (MonoClass *class, MonoMethod **overrides, int o
override_map = g_hash_table_new (mono_aligned_addr_hash, NULL);
g_hash_table_insert (override_map, overrides [i * 2], overrides [i * 2 + 1]);
+
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR)
+ check_core_clr_override_method (class, vtable [dslot], decl);
}
}
@@ -1973,6 +1989,9 @@ mono_class_setup_vtable_general (MonoClass *class, MonoMethod **overrides, int o
mono_secman_inheritancedemand_method (cm, im);
}
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR)
+ check_core_clr_override_method (class, cm, im);
+
g_assert (io + l <= max_vtsize);
vtable [io + l] = cm;
}
@@ -2023,6 +2042,9 @@ mono_class_setup_vtable_general (MonoClass *class, MonoMethod **overrides, int o
mono_secman_inheritancedemand_method (cm, im);
}
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR)
+ check_core_clr_override_method (class, cm, im);
+
g_assert (io + l <= max_vtsize);
vtable [io + l] = cm;
break;
@@ -2060,6 +2082,9 @@ mono_class_setup_vtable_general (MonoClass *class, MonoMethod **overrides, int o
mono_secman_inheritancedemand_method (cm, im);
}
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR)
+ check_core_clr_override_method (class, cm, im);
+
g_assert (io + l <= max_vtsize);
vtable [io + l] = cm;
break;
@@ -2184,6 +2209,9 @@ mono_class_setup_vtable_general (MonoClass *class, MonoMethod **overrides, int o
mono_secman_inheritancedemand_method (cm, m1);
}
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR)
+ check_core_clr_override_method (class, cm, m1);
+
slot = k->methods [j]->slot;
g_assert (cm->slot < max_vtsize);
if (!override_map)
@@ -2216,6 +2244,9 @@ mono_class_setup_vtable_general (MonoClass *class, MonoMethod **overrides, int o
if (!override_map)
override_map = g_hash_table_new (mono_aligned_addr_hash, NULL);
g_hash_table_insert (override_map, decl, overrides [i * 2 + 1]);
+
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR)
+ check_core_clr_override_method (class, vtable [decl->slot], decl);
}
}
@@ -2455,6 +2486,36 @@ set_failure_from_loader_error (MonoClass *class, MonoLoaderError *error)
}
}
+static MonoSecurityCoreCLRLevel
+class_security_level (MonoClass *class)
+{
+ MonoCustomAttrInfo *cinfo = mono_custom_attrs_from_class (class);
+ MonoSecurityCoreCLRLevel lvl = mono_security_core_clr_level_from_cinfo (cinfo, class->image);
+
+ if (cinfo)
+ mono_custom_attrs_free (cinfo);
+
+ return lvl;
+}
+
+static void
+check_core_clr_inheritance (MonoClass *class)
+{
+ MonoSecurityCoreCLRLevel class_level, parent_level;
+ MonoClass *parent = class->parent;
+
+ if (!parent)
+ return;
+
+ class_level = class_security_level (class);
+ parent_level = class_security_level (parent);
+
+ if (class_level < parent_level) {
+ class->exception_type = MONO_EXCEPTION_TYPE_LOAD;
+ class->exception_data = NULL;
+ }
+}
+
/**
* mono_class_init:
* @class: the class to initialize
@@ -2504,6 +2565,9 @@ mono_class_init (MonoClass *class)
mono_secman_inheritancedemand_class (class, class->parent);
}
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR)
+ check_core_clr_inheritance (class);
+
if (mono_debugger_start_class_init_func)
mono_debugger_start_class_init_func (class);
View
92 mono/metadata/security-core-clr.c
@@ -0,0 +1,92 @@
+/*
+ * security-core-clr.c: CoreCLR security
+ *
+ * Author:
+ * Mark Probst <mark.probst@gmail.com>
+ *
+ * (C) 2007 Novell, Inc
+ */
+
+#include <mono/metadata/class-internals.h>
+#include <mono/metadata/security-manager.h>
+#include <mono/metadata/assembly.h>
+
+#include "security-core-clr.h"
+
+gboolean mono_security_core_clr_test = FALSE;
+
+static MonoClass*
+security_critical_attribute (void)
+{
+ static MonoClass *class = NULL;
+
+ if (!class) {
+ class = mono_class_from_name (mono_defaults.corlib, "System.Security",
+ "SecurityCriticalAttribute");
+ }
+ g_assert (class);
+ return class;
+}
+
+static MonoClass*
+security_safe_critical_attribute (void)
+{
+ static MonoClass *class = NULL;
+
+ if (!class) {
+ class = mono_class_from_name (mono_defaults.corlib, "System.Security",
+ "SecuritySafeCriticalAttribute");
+ }
+ g_assert (class);
+ return class;
+}
+
+MonoSecurityCoreCLRLevel
+mono_security_core_clr_level_from_cinfo (MonoCustomAttrInfo *cinfo, MonoImage *image)
+{
+ int level = MONO_SECURITY_CORE_CLR_TRANSPARENT;
+
+ if (!mono_security_core_clr_test && !mono_security_core_clr_is_platform_image (image))
+ return level;
+
+ if (cinfo && mono_custom_attrs_has_attr (cinfo, security_safe_critical_attribute ()))
+ level = MONO_SECURITY_CORE_CLR_SAFE_CRITICAL;
+ if (cinfo && mono_custom_attrs_has_attr (cinfo, security_critical_attribute ()))
+ level = MONO_SECURITY_CORE_CLR_CRITICAL;
+
+ return level;
+}
+
+MonoSecurityCoreCLRLevel
+mono_security_core_clr_method_level (MonoMethod *method, gboolean with_class_level)
+{
+ MonoCustomAttrInfo *cinfo = mono_custom_attrs_from_method (method);
+ MonoSecurityCoreCLRLevel level = mono_security_core_clr_level_from_cinfo (cinfo, method->klass->image);
+
+ if (with_class_level && level == MONO_SECURITY_CORE_CLR_TRANSPARENT)
+ level = mono_security_core_clr_level_from_cinfo (mono_custom_attrs_from_class (method->klass), method->klass->image);
+
+ if (cinfo)
+ mono_custom_attrs_free (cinfo);
+
+ return level;
+}
+
+gboolean
+mono_security_core_clr_is_platform_image (MonoImage *image)
+{
+ const char *prefix = mono_assembly_getrootdir ();
+ int prefix_len = strlen (prefix);
+ static const char subprefix[] = "/mono/2.1/";
+ int subprefix_len = strlen (subprefix);
+
+ if (!image->name)
+ return FALSE;
+ if (strncmp (prefix, image->name, prefix_len) != 0)
+ return FALSE;
+ if (strncmp (subprefix, image->name + prefix_len, subprefix_len) != 0)
+ return FALSE;
+ if (strchr (image->name + prefix_len + subprefix_len, '/'))
+ return FALSE;
+ return TRUE;
+}
View
31 mono/metadata/security-core-clr.h
@@ -0,0 +1,31 @@
+/*
+ * security-core-clr.h: CoreCLR security
+ *
+ * Author:
+ * Mark Probst <mark.probst@gmail.com>
+ *
+ * (C) 2007 Novell, Inc
+ */
+
+#ifndef _MONO_METADATA_SECURITY_CORE_CLR_H_
+#define _MONO_METADATA_SECURITY_CORE_CLR_H_
+
+#include <mono/metadata/reflection.h>
+
+typedef enum {
+ /* We compare these values as integers, so the order must not
+ be changed. */
+ MONO_SECURITY_CORE_CLR_TRANSPARENT = 0,
+ MONO_SECURITY_CORE_CLR_SAFE_CRITICAL,
+ MONO_SECURITY_CORE_CLR_CRITICAL
+} MonoSecurityCoreCLRLevel;
+
+extern gboolean mono_security_core_clr_test;
+
+extern MonoSecurityCoreCLRLevel mono_security_core_clr_level_from_cinfo (MonoCustomAttrInfo *cinfo, MonoImage *image) MONO_INTERNAL;
+
+extern MonoSecurityCoreCLRLevel mono_security_core_clr_method_level (MonoMethod *method, gboolean with_class_level) MONO_INTERNAL;
+
+extern gboolean mono_security_core_clr_is_platform_image (MonoImage *image) MONO_INTERNAL;
+
+#endif /* _MONO_METADATA_SECURITY_CORE_CLR_H_ */
View
13 mono/metadata/security-manager.c
@@ -16,10 +16,23 @@ static MonoSecurityManager secman;
static MonoBoolean mono_security_manager_activated = FALSE;
static MonoBoolean mono_security_manager_enabled = TRUE;
static MonoBoolean mono_security_manager_execution = TRUE;
+static MonoSecurityMode mono_security_mode = MONO_SECURITY_MODE_NONE;
/* Public stuff */
+void
+mono_security_set_mode (MonoSecurityMode mode)
+{
+ mono_security_mode = mode;
+}
+
+MonoSecurityMode
+mono_security_get_mode (void)
+{
+ return mono_security_mode;
+}
+
MonoSecurityManager*
mono_security_manager_get_methods (void)
{
View
10 mono/metadata/security-manager.h
@@ -38,6 +38,12 @@ enum {
MONO_METADATA_INHERITANCEDEMAND_METHOD = 0x02
};
+typedef enum {
+ MONO_SECURITY_MODE_NONE,
+ MONO_SECURITY_MODE_CORE_CLR,
+ MONO_SECURITY_MODE_CAS,
+ MONO_SECURITY_MODE_SMCS_HACK
+} MonoSecurityMode;
/* Structures */
@@ -57,7 +63,6 @@ typedef struct {
MonoClass *suppressunmanagedcodesecurity; /* System.Security.SuppressUnmanagedCodeSecurityAttribute */
} MonoSecurityManager;
-
/* Initialization/utility functions */
void mono_activate_security_manager (void) MONO_INTERNAL;
gboolean mono_is_security_manager_active (void) MONO_INTERNAL;
@@ -68,6 +73,9 @@ MonoMethod* mono_get_context_capture_method (void) MONO_INTERNAL;
void mono_secman_inheritancedemand_class (MonoClass *klass, MonoClass *parent) MONO_INTERNAL;
void mono_secman_inheritancedemand_method (MonoMethod *override, MonoMethod *base) MONO_INTERNAL;
+/* Security mode */
+void mono_security_set_mode (MonoSecurityMode mode) MONO_INTERNAL;
+MonoSecurityMode mono_security_get_mode (void) MONO_INTERNAL;
/* internal calls */
MonoBoolean ves_icall_System_Security_SecurityManager_get_SecurityEnabled (void) MONO_INTERNAL;
View
11 mono/mini/ChangeLog
@@ -1,3 +1,14 @@
+2007-08-20 Mark Probst <mark.probst@gmail.com>
+
+ * mini.c: CoreCLR security checks.
+
+ * mini.h: Removed MonoSecurityMode (moved to
+ metadata/security-manager.h) and mono_security_mode global var
+ (replaced by set/get functions in security-manager.h).
+
+ * driver.c: Added "core-clr-test" security mode for testing. Used
+ set-function for setting security mode.
+
2007-08-17 Mark Probst <mark.probst@gmail.com>
* mini.c: MonoJitInfo's are freed hazardously now. Statistics for
View
12 mono/mini/driver.c
@@ -42,6 +42,7 @@
#include <mono/metadata/verify.h>
#include <mono/metadata/mono-debug.h>
#include <mono/metadata/security-manager.h>
+#include <mono/metadata/security-core-clr.h>
#include <mono/os/gc_wrapper.h>
#include "mono/utils/mono-counters.h"
@@ -1178,15 +1179,18 @@ mono_main (int argc, char* argv[])
} else if (strcmp (argv [i], "--debug") == 0) {
enable_debugging = TRUE;
} else if (strcmp (argv [i], "--security") == 0) {
- mono_security_mode = MONO_SECURITY_MODE_CAS;
+ mono_security_set_mode (MONO_SECURITY_MODE_CAS);
mono_activate_security_manager ();
} else if (strncmp (argv [i], "--security=", 11) == 0) {
if (strcmp (argv [i] + 11, "temporary-smcs-hack") == 0) {
- mono_security_mode = MONO_SECURITY_MODE_SMCS_HACK;
+ mono_security_set_mode (MONO_SECURITY_MODE_SMCS_HACK);
} else if (strcmp (argv [i] + 11, "core-clr") == 0) {
- mono_security_mode = MONO_SECURITY_MODE_CORE_CLR;
+ mono_security_set_mode (MONO_SECURITY_MODE_CORE_CLR);
+ } else if (strcmp (argv [i] + 11, "core-clr-test") == 0) {
+ mono_security_set_mode (MONO_SECURITY_MODE_CORE_CLR);
+ mono_security_core_clr_test = TRUE;
} else if (strcmp (argv [i] + 11, "cas") == 0){
- mono_security_mode = MONO_SECURITY_MODE_CAS;
+ mono_security_set_mode (MONO_SECURITY_MODE_CAS);
mono_activate_security_manager ();
} else {
fprintf (stderr, "error: --security= option has invalid argument (cas or core-clr)\n");
View
120 mono/mini/mini.c
@@ -60,6 +60,7 @@
#include <mono/metadata/security-manager.h>
#include <mono/metadata/threads-types.h>
#include <mono/metadata/rawbuffer.h>
+#include <mono/metadata/security-core-clr.h>
#include <mono/utils/mono-math.h>
#include <mono/utils/mono-compiler.h>
#include <mono/utils/mono-counters.h>
@@ -129,7 +130,6 @@ gboolean mono_break_on_exc = FALSE;
#ifndef DISABLE_AOT
gboolean mono_compile_aot = FALSE;
#endif
-MonoSecurityMode mono_security_mode = MONO_SECURITY_MODE_NONE;
static int mini_verbose = 0;
@@ -3755,6 +3755,85 @@ gboolean check_linkdemand (MonoCompile *cfg, MonoMethod *caller, MonoMethod *cal
return FALSE;
}
+static MonoMethod*
+method_access_exception (void)
+{
+ static MonoMethod *method = NULL;
+
+ if (!method) {
+ MonoSecurityManager *secman = mono_security_manager_get_methods ();
+ method = mono_class_get_method_from_name (secman->securitymanager,
+ "MethodAccessException", 2);
+ }
+ g_assert (method);
+ return method;
+}
+
+static void
+emit_throw_method_access_exception (MonoCompile *cfg, MonoMethod *caller, MonoMethod *callee,
+ MonoBasicBlock *bblock, unsigned char *ip)
+{
+ MonoMethod *thrower = method_access_exception ();
+ MonoInst *args [2];
+
+ NEW_METHODCONST (cfg, args [0], caller);
+ NEW_METHODCONST (cfg, args [1], callee);
+ mono_emit_method_call_spilled (cfg, bblock, thrower,
+ mono_method_signature (thrower), args, ip, NULL);
+}
+
+static MonoMethod*
+verification_exception (void)
+{
+ static MonoMethod *method = NULL;
+
+ if (!method) {
+ MonoSecurityManager *secman = mono_security_manager_get_methods ();
+ method = mono_class_get_method_from_name (secman->securitymanager,
+ "VerificationException", 0);
+ }
+ g_assert (method);
+ return method;
+}
+
+static void
+emit_throw_verification_exception (MonoCompile *cfg, MonoBasicBlock *bblock, unsigned char *ip)
+{
+ MonoMethod *thrower = verification_exception ();
+
+ mono_emit_method_call_spilled (cfg, bblock, thrower,
+ mono_method_signature (thrower),
+ NULL, ip, NULL);
+}
+
+static void
+ensure_method_is_allowed_to_call_method (MonoCompile *cfg, MonoMethod *caller, MonoMethod *callee,
+ MonoBasicBlock *bblock, unsigned char *ip)
+{
+ MonoSecurityCoreCLRLevel caller_level = mono_security_core_clr_method_level (caller, TRUE);
+ MonoSecurityCoreCLRLevel callee_level = mono_security_core_clr_method_level (callee, TRUE);
+ gboolean is_safe = TRUE;
+
+ if (!(caller_level >= callee_level ||
+ caller_level == MONO_SECURITY_CORE_CLR_SAFE_CRITICAL ||
+ callee_level == MONO_SECURITY_CORE_CLR_SAFE_CRITICAL)) {
+ is_safe = FALSE;
+ }
+
+ if (!is_safe)
+ emit_throw_method_access_exception (cfg, caller, callee, bblock, ip);
+}
+
+static gboolean
+method_is_safe (MonoMethod *method)
+{
+ /*
+ if (strcmp (method->name, "unsafeMethod") == 0)
+ return FALSE;
+ */
+ return TRUE;
+}
+
/*
* Check that the IL instructions at ip are the array initialization
* sequence and return the pointer to the data and the size.
@@ -3869,7 +3948,7 @@ mono_method_to_ir (MonoCompile *cfg, MonoMethod *method, MonoBasicBlock *start_b
dont_verify |= method->wrapper_type == MONO_WRAPPER_COMINTEROP_INVOKE;
/* turn off visibility checks for smcs */
- dont_verify |= mono_security_mode == MONO_SECURITY_MODE_SMCS_HACK;
+ dont_verify |= mono_security_get_mode () == MONO_SECURITY_MODE_SMCS_HACK;
/* still some type unsafety issues in marshal wrappers... (unknown is PtrToStructure) */
dont_verify_stloc = method->wrapper_type == MONO_WRAPPER_MANAGED_TO_NATIVE;
@@ -4024,7 +4103,7 @@ mono_method_to_ir (MonoCompile *cfg, MonoMethod *method, MonoBasicBlock *start_b
}
}
- if (mono_security_mode == MONO_SECURITY_MODE_CAS)
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CAS)
secman = mono_security_manager_get_methods ();
security = (secman && mono_method_has_declsec (method));
@@ -4109,6 +4188,20 @@ mono_method_to_ir (MonoCompile *cfg, MonoMethod *method, MonoBasicBlock *start_b
mono_emit_method_call_spilled (cfg, init_localsbb, secman->demandunmanaged, mono_method_signature (secman->demandunmanaged), NULL, ip, NULL);
}
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR) {
+ if (method->wrapper_type == MONO_WRAPPER_MANAGED_TO_NATIVE) {
+ MonoMethod *wrapped = mono_marshal_method_from_wrapper (method);
+ if (wrapped && (wrapped->flags & METHOD_ATTRIBUTE_PINVOKE_IMPL)) {
+ if (!(method->klass && method->klass->image &&
+ mono_security_core_clr_is_platform_image (method->klass->image))) {
+ emit_throw_method_access_exception (cfg, method, wrapped, bblock, ip);
+ }
+ }
+ }
+ if (!method_is_safe (method))
+ emit_throw_verification_exception (cfg, bblock, ip);
+ }
+
if (get_basic_blocks (cfg, header, real_offset, ip, end, &err_pos)) {
ip = err_pos;
UNVERIFIED;
@@ -4510,7 +4603,7 @@ mono_method_to_ir (MonoCompile *cfg, MonoMethod *method, MonoBasicBlock *start_b
if (!cmethod)
goto load_error;
- if (mono_security_mode == MONO_SECURITY_MODE_CAS) {
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CAS) {
if (check_linkdemand (cfg, method, cmethod, bblock, ip))
INLINE_FAILURE;
CHECK_CFG_EXCEPTION;
@@ -4562,6 +4655,9 @@ mono_method_to_ir (MonoCompile *cfg, MonoMethod *method, MonoBasicBlock *start_b
if (!dont_verify && !cfg->skip_visibility && !mono_method_can_access_method (method, cil_method))
UNVERIFIED;
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR)
+ ensure_method_is_allowed_to_call_method (cfg, method, cil_method, bblock, ip);
+
if (!virtual && (cmethod->flags & METHOD_ATTRIBUTE_ABSTRACT))
/* MS.NET seems to silently convert this to a callvirt */
virtual = 1;
@@ -4584,7 +4680,7 @@ mono_method_to_ir (MonoCompile *cfg, MonoMethod *method, MonoBasicBlock *start_b
n = fsig->param_count + fsig->hasthis;
- if (mono_security_mode == MONO_SECURITY_MODE_CAS) {
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CAS) {
if (check_linkdemand (cfg, method, cmethod, bblock, ip))
INLINE_FAILURE;
CHECK_CFG_EXCEPTION;
@@ -5572,10 +5668,12 @@ mono_method_to_ir (MonoCompile *cfg, MonoMethod *method, MonoBasicBlock *start_b
if (!mono_class_init (cmethod->klass))
goto load_error;
- if (mono_security_mode == MONO_SECURITY_MODE_CAS) {
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CAS) {
if (check_linkdemand (cfg, method, cmethod, bblock, ip))
INLINE_FAILURE;
CHECK_CFG_EXCEPTION;
+ } else if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR) {
+ ensure_method_is_allowed_to_call_method (cfg, method, cmethod, bblock, ip);
}
n = fsig->param_count;
@@ -7235,10 +7333,12 @@ mono_method_to_ir (MonoCompile *cfg, MonoMethod *method, MonoBasicBlock *start_b
goto load_error;
mono_class_init (cmethod->klass);
- if (mono_security_mode == MONO_SECURITY_MODE_CAS) {
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CAS) {
if (check_linkdemand (cfg, method, cmethod, bblock, ip))
INLINE_FAILURE;
CHECK_CFG_EXCEPTION;
+ } else if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR) {
+ ensure_method_is_allowed_to_call_method (cfg, method, cmethod, bblock, ip);
}
handle_loaded_temps (cfg, bblock, stack_start, sp);
@@ -7267,10 +7367,12 @@ mono_method_to_ir (MonoCompile *cfg, MonoMethod *method, MonoBasicBlock *start_b
goto load_error;
mono_class_init (cmethod->klass);
- if (mono_security_mode == MONO_SECURITY_MODE_CAS) {
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CAS) {
if (check_linkdemand (cfg, method, cmethod, bblock, ip))
INLINE_FAILURE;
CHECK_CFG_EXCEPTION;
+ } else if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR) {
+ ensure_method_is_allowed_to_call_method (cfg, method, cmethod, bblock, ip);
}
handle_loaded_temps (cfg, bblock, stack_start, sp);
@@ -12009,7 +12111,7 @@ print_jit_stats (void)
g_print ("Hazardous pointers: %ld\n", mono_stats.hazardous_pointer_count);
- if (mono_security_mode == MONO_SECURITY_MODE_CAS) {
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CAS) {
g_print ("\nDecl security check : %ld\n", mono_jit_stats.cas_declsec_check);
g_print ("LinkDemand (user) : %ld\n", mono_jit_stats.cas_linkdemand);
g_print ("LinkDemand (icall) : %ld\n", mono_jit_stats.cas_linkdemand_icall);
View
9 mono/mini/mini.h
@@ -131,15 +131,6 @@ extern int mono_exc_esp_offset;
extern gboolean mono_compile_aot;
#endif
-typedef enum {
- MONO_SECURITY_MODE_NONE,
- MONO_SECURITY_MODE_CORE_CLR,
- MONO_SECURITY_MODE_CAS,
- MONO_SECURITY_MODE_SMCS_HACK
-} MonoSecurityMode;
-
-extern MonoSecurityMode mono_security_mode;
-
struct MonoEdge {
MonoEdge *next;
MonoBasicBlock *bb;
Please sign in to comment.
Something went wrong with that request. Please try again.