8000 II.22.11 DeclSecurity refers to security actions that aren't defined anywhere · Issue #4 · stakx/ecma-335 · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
II.22.11 DeclSecurity refers to security actions that aren't defined anywhere #4
New issue
New issue
Open
Open
II.22.11 DeclSecurity refers to security actions that aren't defined anywhere#4
@stakx

Description

@stakx
stakx
opened on May 10, 2020

e.g. prejitgrant. The library XML file does not contain the numeric value for that (and other) security actions. Find out where those are officially defined.

(One reference defining those security actions & their numeric values is Serge Lidin's ILAsm book... which brings up the question how out-of-band content & annotations should be added to this repository.)

From Serge Lidin, Inside Microsoft .NET IL Assembler, published in 2002 by Microsoft Press, lists the following security actions on p. 344 (emphasis in bold by me):

  • Request: code 0x0001, ILAsm keyword request.
  • Demand: code 0x0002, ILAsm keyword demand.
  • Assert: code 0x0003, ILAsm keyword assert.
  • Deny: code 0x0004, ILAsm keyword deny.
  • Permit Only: code 0x0005, ILAsm keyword permitonly.
  • Link Demand: code 0x0006, ILAsm keyword linkcheck.
  • Inheritance Demand: code 0x0007, ILAsm keyword inheritcheck.
  • Request Minimum: code 0x0008, ILAsm keyword reqmin.
  • Request Optional: code 0x0009, ILAsm keyword reqopt.
  • Request Refuse: code 0x000A, ILAsm keyword reqrefuse.
  • Pre-JIT Grant (persisted grant, set at pre-JIT compilation time by the Ngen.exe utility): code 0x000B, ILAsm keyword prejitgrant.
  • Pre-JIT Deny (persisted denial, set at pre-JIT compilation time): code 0x000C, ILAsm keyword prejitdeny. This security action is not supported in the first release of the common language runtime.
  • Non-CAS Demand: code 0x000D, ILAsm keyword noncasdemand. This action is similar to Demand, but the permission classes that make up the permission set must not be derived from_System.Security.Permissions.CodeAccessPermission_.
  • Non-CAS Link Demand: code 0x000E, ILAsm keyword noncaslinkdemand. This action is similar to Link Demand but has the same limitation as Non-CAS Demand.
  • Non-CAS Inheritance Demand: code 0x000F, ILAsm keyword noncasinheritance. This action is similar to _Inheritance Demand_but has the same limitation as Non-CAS Demand.

In System.Reflection.Metadata:

https://github.com/dotnet/runtime/blob/ccf6aedb63c37ea8e10e4f5b5d9d23a69bdd9489/src/libraries/System.Reflection.Metadata/src/System/Reflection/System.Reflection.cs#L103-L110

        // Wait for an actual need before exposing these. They all have ilasm keywords, but some are missing from the CLI spec and
        // and none are defined in System.Security.Permissions.SecurityAction.
        //Request = 0x0001,
        //PrejitGrant = 0x000B,
        //PrejitDeny = 0x000C,
        //NonCasDemand = 0x000D,
        //NonCasLinkDemand = 0x000E,
        //NonCasInheritanceDemand = 0x000F,

From Mono source code (src/mono/mono/metadata/runtime/tabledefs.h):

https://github.com/dotnet/runtime/blob/cd622cd50c7104fc14a25fb199f8377472920f2e/src/mono/mono/metadata/tabledefs.h#L57-L64

	/* Special cases (non CAS permissions) */
	SECURITY_ACTION_NONCASDEMAND        = 13,
	SECURITY_ACTION_NONCASLINKDEMAND    = 14,
	SECURITY_ACTION_NONCASINHERITANCE   = 15,
	/* Fx 2.0 actions (for both CAS and non-CAS permissions) */
	SECURITY_ACTION_LINKDEMANDCHOICE    = 16,
	SECURITY_ACTION_INHERITDEMANDCHOICE = 17,
	SECURITY_ACTION_DEMANDCHOICE        = 18

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0