Skip to content

Latest commit

 

History

History
74 lines (44 loc) · 7.35 KB

ii.22.11-declsecurity-0x0e.md

File metadata and controls

74 lines (44 loc) · 7.35 KB

II.22.11 DeclSecurity: 0x0E

Security attributes, which derive from System.Security.Permissions.SecurityAttribute (see Partition IV), can be attached to a TypeDef, a Method, or an Assembly. All constructors of this class shall take a System.Security.Permissions.SecurityAction value as their first parameter, describing what should be done with the permission on the type, method or assembly to which it is attached. Code access security attributes, which derive from System.Security.Permissions. CodeAccessSecurityAttribute, can have any of the security actions.

These different security actions are encoded in the DeclSecurity table as a 2-byte enum (see below). All security custom attributes for a given security action on a method, type, or assembly shall be gathered together, and one System.Security.PermissionSet instance shall be created, stored in the Blob heap, and referenced from the DeclSecurity table.

[Note: The general flow from a compiler's point of view is as follows. The user specifies a custom attribute through some language-specific syntax that encodes a call to the attribute's constructor. If the attribute's type is derived (directly or indirectly) from System.Security.Permissions.SecurityAttribute then it is a security custom attribute and requires special treatment, as follows (other custom attributes are handled by simply recording the constructor in the metadata as described in §II.22.10). The attribute object is constructed, and provides a method (CreatePermission) to convert it into a security permission object (an object derived from System.Security.Permission). All the permission objects attached to a given metadata item with the same security action are combined together into a System.Security.PermissionSet. This permission set is converted into a form that is ready to be stored in XML using its ToXML method to create a System.Security.SecurityElement. Finally, the XML that is required for the metadata is created using the ToString method on the security element. end note]

The DeclSecurity table has the following columns:

  • Action (a 2-byte value)

  • Parent (an index into the TypeDef, MethodDef, or Assembly table; more precisely, a HasDeclSecurityII.24.2.6) coded index)

  • PermissionSet (an index into the Blob heap)

Action is a 2-byte representation of Security Actions (see System.Security.SecurityAction in Partition IV). The values 0–0xFF are reserved for future standards use. Values 0x20–0x7F and 0x100–0x07FF are for uses where the action can be ignored if it is not understood or supported. Values 0x80–0xFF and 0x0800–0xFFFF are for uses where the action shall be implemented for secure operation; in implementations where the action is not available, no access to the assembly, type, or method shall be permitted.

Security Action Note Explanation of behavior Valid Scope
Assert 1 Without further checks, satisfy Demand for the specified permission. Method, Type
Demand 1 Check that all callers in the call chain have been granted specified permission, throw SecurityException (see Partition IV) on failure. Method, Type
Deny 1 Without further checks refuse Demand for the specified permission. Method, Type
InheritanceDemand 1 The specified permission shall be granted in order to inherit from class or override virtual method. Method, Type
LinkDemand 1 Check that the immediate caller has been granted the specified permission; throw SecurityException (see Partition IV) on failure. Method, Type
NonCasDemand 2 Check that the current assembly has been granted the specified permission; throw SecurityException (see Partition IV) otherwise. Method, Type
NonCasLinkDemand 2 Check that the immediate caller has been granted the specified permission; throw SecurityException (see Partition IV) otherwise. Method, Type
PrejitGrant   Reserved for implementation-specific use. Assembly
PermitOnly 1 Without further checks, refuse Demand for all permissions other than those specified. Method, Type
RequestMinimum   Specify the minimum permissions required to run. Assembly
RequestOptional   Specify the optional permissions to grant. Assembly
RequestRefuse   Specify the permissions not to be granted. Assembly

Note 1: The specified attribute shall derive from System.Security.Permissions.CodeAccessSecurityAttribute

Note 2: The attribute shall derive from System.Security.Permissions.SecurityAttribute, but shall not derive from System.Security.Permissions.CodeAccessSecurityAttribute

Parent is a metadata token that identifies the Method, Type, or Assembly on which security custom attributes encoded in PermissionSet was defined.

PermissionSet is a 'blob' having the following format:

  • A byte containing a period (.).

  • A compressed unsigned integer containing the number of attributes encoded in the blob.

  • An array of attributes each containing the following:

    • A String, which is the fully-qualified type name of the attribute. (Strings are encoded as a compressed unsigned integer to indicate the size followed by an array of UTF8 characters.)

    • A set of properties, encoded as the named arguments to a custom attribute would be (as in §II.23.3, beginning with NumNamed).

The permission set contains the permissions that were requested with an Action on a specific Method, Type, or Assembly (see Parent). In other words, the blob will contain an encoding of all the attributes on the Parent with that particular Action.

[Note: The first edition of this standard specified an XML encoding of a permission set. Implementations should continue supporting this encoding for backward compatibility. end note]

The rows of the DeclSecurity table are filled by attaching a .permission or .permissionset directive that specifies the Action and PermissionSet on a parent assembly (§II.6.6) or parent type or method (§II.10.2).

This contains informative text only.

  1. Action shall have only those values set that are specified [ERROR]

  2. Parent shall be one of TypeDef, MethodDef, or Assembly. That is, it shall index a valid row in the TypeDef table, the MethodDef table, or the Assembly table. [ERROR]

  3. If Parent indexes a row in the TypeDef table, that row should not define an Interface. The security system ignores any such parent; compilers should not emit such permissions sets. [WARNING]

  4. If Parent indexes a TypeDef, then its TypeDef.Flags.HasSecurity bit shall be set [ERROR]

  5. If Parent indexes a MethodDef, then its MethodDef.Flags.HasSecurity bit shall be set [ERROR]

  6. PermissionSet shall index a 'blob' in the Blob heap [ERROR]

  7. The format of the 'blob' indexed by PermissionSet shall represent a valid, encoded CLI object graph. (The encoded form of all standardized permissions is specified in Partition IV.) [ERROR]

End informative text.