Author: mprobst
Date: 2007-09-11 14:21:27 -0400 (Tue, 11 Sep 2007)
New Revision: 85652
Modified:
trunk/mono/mono/metadata/ChangeLog
trunk/mono/mono/metadata/icall.c
trunk/mono/mono/tests/ChangeLog
trunk/mono/mono/tests/coreclr-security.cs
Log:
2007-09-11 Mark Probst <[EMAIL PROTECTED]>
* icall.c (ves_icall_InternalInvoke): Enforce CoreCLR security
rules for calling methods via reflection.
2007-09-11 Mark Probst <[EMAIL PROTECTED]>
* coreclr-security.cs: Added positive and negative tests for
calling methods via reflection.
Modified: trunk/mono/mono/metadata/ChangeLog
===================================================================
--- trunk/mono/mono/metadata/ChangeLog 2007-09-11 18:17:29 UTC (rev 85651)
+++ trunk/mono/mono/metadata/ChangeLog 2007-09-11 18:21:27 UTC (rev 85652)
@@ -1,3 +1,8 @@
+2007-09-11 Mark Probst <[EMAIL PROTECTED]>
+
+ * icall.c (ves_icall_InternalInvoke): Enforce CoreCLR security
+ rules for calling methods via reflection.
+
2007-09-11 Zoltan Varga <[EMAIL PROTECTED]>
* reflection.c (resolve_object): Add support for MonoGenericClass.
Modified: trunk/mono/mono/metadata/icall.c
===================================================================
--- trunk/mono/mono/metadata/icall.c 2007-09-11 18:17:29 UTC (rev 85651)
+++ trunk/mono/mono/metadata/icall.c 2007-09-11 18:21:27 UTC (rev 85652)
@@ -58,6 +58,7 @@
#include <mono/metadata/mono-config.h>
#include <mono/metadata/cil-coff.h>
#include <mono/metadata/security-manager.h>
+#include <mono/metadata/security-core-clr.h>
#include <mono/io-layer/io-layer.h>
#include <mono/utils/strtod.h>
#include <mono/utils/monobitset.h>
@@ -2689,6 +2690,35 @@
return res;
}
+static void
+ensure_reflection_security (void)
+{
+ MonoMethod *m = mono_method_get_last_managed ();
+
+ while (m) {
+ /*
+ g_print ("method %s.%s.%s in image %s\n",
+ m->klass->name_space, m->klass->name, m->name,
m->klass->image->name);
+ */
+
+ /* We stop at the first method which is not in
+ System.Reflection or which is not in a platform
+ image. */
+ if (strcmp (m->klass->name_space, "System.Reflection") != 0 ||
+ !mono_security_core_clr_is_platform_image
(m->klass->image)) {
+ /* If the method is transparent we throw an exception.
*/
+ if (mono_security_core_clr_method_level (m, TRUE) ==
MONO_SECURITY_CORE_CLR_TRANSPARENT ) {
+ MonoException *ex =
mono_exception_from_name_msg (mono_defaults.corlib, "System",
"MethodAccessException", "Reflection called from transparent code");
+
+ mono_raise_exception (ex);
+ }
+ return;
+ }
+
+ mono_stack_walk_no_il (get_caller, &m);
+ }
+}
+
static MonoObject *
ves_icall_InternalInvoke (MonoReflectionMethod *method, MonoObject *this,
MonoArray *params)
{
@@ -2703,6 +2733,10 @@
MONO_ARCH_SAVE_REGS;
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR &&
+ mono_security_core_clr_method_level (m, TRUE) ==
MONO_SECURITY_CORE_CLR_CRITICAL)
+ ensure_reflection_security ();
+
if (!(m->flags & METHOD_ATTRIBUTE_STATIC)) {
if (this) {
if (!mono_object_isinst (this, m->klass))
Modified: trunk/mono/mono/tests/ChangeLog
===================================================================
--- trunk/mono/mono/tests/ChangeLog 2007-09-11 18:17:29 UTC (rev 85651)
+++ trunk/mono/mono/tests/ChangeLog 2007-09-11 18:21:27 UTC (rev 85652)
@@ -1,3 +1,8 @@
+2007-09-11 Mark Probst <[EMAIL PROTECTED]>
+
+ * coreclr-security.cs: Added positive and negative tests for
+ calling methods via reflection.
+
2007-09-10 William Holmes <[EMAIL PROTECTED]>
* marshal9.cs, libtest.c Adding test case for marshal.c r84161
Modified: trunk/mono/mono/tests/coreclr-security.cs
===================================================================
--- trunk/mono/mono/tests/coreclr-security.cs 2007-09-11 18:17:29 UTC (rev
85651)
+++ trunk/mono/mono/tests/coreclr-security.cs 2007-09-11 18:21:27 UTC (rev
85652)
@@ -108,6 +108,8 @@
public delegate void MethodDelegate ();
+public delegate Object InvokeDelegate (Object obj, Object[] parms);
+
public class Test
{
static bool haveError = false;
@@ -161,6 +163,10 @@
}
*/
+ public static void TransparentReflectionCMethod ()
+ {
+ }
+
[SecurityCriticalAttribute]
public static void ReflectionCMethod ()
{
@@ -230,16 +236,44 @@
unsafeMethod ();
} catch (VerificationException) {
}
+ */
try {
Type type = Type.GetType ("Test");
+ MethodInfo method = type.GetMethod
("TransparentReflectionCMethod");
+
+ method.Invoke(null, null);
+ } catch (MethodAccessException) {
+ error ("transparent method not called via reflection");
+ }
+
+ try {
+ Type type = Type.GetType ("Test");
MethodInfo method = type.GetMethod
("ReflectionCMethod");
method.Invoke(null, null);
} catch (MethodAccessException) {
}
- */
+ try {
+ Type type = Type.GetType ("Test");
+ MethodInfo method = type.GetMethod
("TransparentReflectionCMethod");
+ InvokeDelegate id = new InvokeDelegate (method.Invoke);
+
+ id (null, null);
+ } catch (MethodAccessException) {
+ error ("transparent method not called via reflection
delegate");
+ }
+
+ try {
+ Type type = Type.GetType ("Test");
+ MethodInfo method = type.GetMethod
("ReflectionCMethod");
+ InvokeDelegate id = new InvokeDelegate (method.Invoke);
+
+ id (null, null);
+ } catch (MethodAccessException) {
+ }
+
//Console.WriteLine ("ok");
if (haveError)
_______________________________________________
Mono-patches maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-patches
