Remove more CAS code.

mcs/class/corlib/System.Reflection/MonoMethod.cs

@@ -282,15 +282,6 @@ namespace System.Reflection {
 			ParameterInfo[] pinfo = GetParametersInternal ();
 			ConvertValues (binder, parameters, pinfo, culture, invokeAttr);
 
-#if !NET_2_1
-			if (SecurityManager.SecurityEnabled) {
-				// sadly Attributes doesn't tell us which kind of security action this is so
-				// we must do it the hard way - and it also means that we can skip calling
-				// Attribute (which is another an icall)
-				SecurityManager.ReflectedLinkDemandInvoke (this);
-			}
-#endif
-
 			if (ContainsGenericParameters)
 				throw new InvalidOperationException ("Late bound operations cannot be performed on types or methods for which ContainsGenericParameters is true.");
 
@@ -634,15 +625,6 @@ namespace System.Reflection {
 
 			MonoMethod.ConvertValues (binder, parameters, pinfo, culture, invokeAttr);
 
-#if !NET_2_1
-			if (SecurityManager.SecurityEnabled) {
-				// sadly Attributes doesn't tell us which kind of security action this is so
-				// we must do it the hard way - and it also means that we can skip calling
-				// Attribute (which is another an icall)
-				SecurityManager.ReflectedLinkDemandInvoke (this);
-			}
-#endif
-
 			if (obj == null && DeclaringType.ContainsGenericParameters)
 				throw new MemberAccessException ("Cannot create an instance of " + DeclaringType + " because Type.ContainsGenericParameters is true.");
 

mcs/class/corlib/System.Security/CodeAccessPermission.cs

@@ -58,50 +58,6 @@ namespace System.Security {
 			new PermissionSet (this).Assert ();
 		}
 
-		internal bool CheckAssert (CodeAccessPermission asserted)
-		{
-			if (asserted == null)
-				return false;
-			if (asserted.GetType () != this.GetType ())
-				return false;
-			return IsSubsetOf (asserted);
-		}
-
-		internal bool CheckDemand (CodeAccessPermission target)
-		{
-			if (target == null)
-				return false;
-			if (target.GetType () != this.GetType ())
-				return false;
-			return IsSubsetOf (target);
-		}
-
-		internal bool CheckDeny (CodeAccessPermission denied)
-		{
-			if (denied == null)
-				return true;
-			Type t = denied.GetType ();
-			if (t != this.GetType ())
-				return true;
-			IPermission inter = Intersect (denied);
-			if (inter == null)
-				return true;
-			// sadly that's not enough :( at this stage we must also check
-			// if an empty (PermissionState.None) is a subset of the denied
-			// (which is like a empty intersection looks like for flag based
-			// permissions, e.g. AspNetHostingPermission).
-			return denied.IsSubsetOf (PermissionBuilder.Create (t));
-		}
-
-		internal bool CheckPermitOnly (CodeAccessPermission target)
-		{
-			if (target == null)
-				return false;
-			if (target.GetType () != this.GetType ())
-				return false;
-			return IsSubsetOf (target);
-		}
-
 		public abstract IPermission Copy ();
 
 		public void Demand ()
@@ -169,28 +125,7 @@ namespace System.Security {
 		{
 			if (!SecurityManager.SecurityEnabled)
 				return;
-
-			SecurityFrame sf = new SecurityFrame (1);
-			bool revert = false;
-			if ((sf.Assert != null) && !sf.Assert.DeclarativeSecurity) {
-				revert = true;
-				throw new NotSupportedException ("Currently only declarative Assert are supported.");
-			}
-			if ((sf.Deny != null) && !sf.Deny.DeclarativeSecurity) {
-				revert = true;
-				throw new NotSupportedException ("Currently only declarative Deny are supported.");
-			}
-			if ((sf.PermitOnly != null) && !sf.PermitOnly.DeclarativeSecurity) {
-				revert = true;
-				throw new NotSupportedException ("Currently only declarative PermitOnly are supported.");
-			}
-
-			if (!revert) {
-				string msg = Locale.GetText ("No stack modifiers are present on the current stack frame.");
-				// FIXME: we don't (yet) support imperative stack modifiers
-				msg += Environment.NewLine + "Currently only declarative stack modifiers are supported.";
-				throw new ExecutionEngineException (msg);
-			}
+			throw new NotImplementedException ();
 		}
 
 		[MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
@@ -198,14 +133,7 @@ namespace System.Security {
 		{
 			if (!SecurityManager.SecurityEnabled)
 				return;
-
-			SecurityFrame sf = new SecurityFrame (1);
-			if ((sf.Assert != null) && !sf.Assert.DeclarativeSecurity) {
-				throw new NotSupportedException ("Currently only declarative Assert are supported.");
-			} else {
-				// we can't revert declarative security (or an empty frame) imperatively
-				ThrowExecutionEngineException (SecurityAction.Assert);
-			}
+			throw new NotImplementedException ();
 		}
 
 		[MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
@@ -213,14 +141,7 @@ namespace System.Security {
 		{
 			if (!SecurityManager.SecurityEnabled)
 				return;
-
-			SecurityFrame sf = new SecurityFrame (1);
-			if ((sf.Deny != null) && !sf.Deny.DeclarativeSecurity) {
-				throw new NotSupportedException ("Currently only declarative Deny are supported.");
-			} else {
-				// we can't revert declarative security (or an empty frame) imperatively
-				ThrowExecutionEngineException (SecurityAction.Deny);
-			}
+			throw new NotImplementedException ();
 		}
 
 		[MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
@@ -228,14 +149,7 @@ namespace System.Security {
 		{
 			if (!SecurityManager.SecurityEnabled)
 				return;
-
-			SecurityFrame sf = new SecurityFrame (1);
-			if ((sf.PermitOnly != null) && sf.PermitOnly.DeclarativeSecurity) {
-				throw new NotSupportedException ("Currently only declarative PermitOnly are supported.");
-			} else {
-				// we can't revert declarative security (or an empty frame) imperatively
-				ThrowExecutionEngineException (SecurityAction.PermitOnly);
-			}
+			throw new NotImplementedException ();
 		}
 
 		// Internal helpers methods
@@ -313,80 +227,11 @@ namespace System.Security {
 			return (String.Compare (value, Boolean.TrueString, true, CultureInfo.InvariantCulture) == 0);
 		}
 
-		internal bool ProcessFrame (SecurityFrame frame)
-		{ 
-			// 1. CheckPermitOnly
-			if (frame.PermitOnly != null) {
-				// the demanded permission must be in one of the permitted...
-				bool permit = frame.PermitOnly.IsUnrestricted ();
-				if (!permit) {
-					// check individual permissions
-					foreach (IPermission p in frame.PermitOnly) {
-						if (CheckPermitOnly (p as CodeAccessPermission)) {
-							permit = true;
-							break;
-						}
-					}
-				}
-				if (!permit) {
-					// ...or else we throw
-					ThrowSecurityException (this, "PermitOnly", frame, SecurityAction.Demand, null);
-				}
-			}
-
-			// 2. CheckDeny
-			if (frame.Deny != null) {
-				// special case where everything is denied (i.e. no child to be processed)
-				if (frame.Deny.IsUnrestricted ())
-					ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, null);
-				foreach (IPermission p in frame.Deny) {
-					if (!CheckDeny (p as CodeAccessPermission))
-						ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, p);
-				}
-			}
-
-			// 3. CheckAssert
-			if (frame.Assert != null) {
-				if (frame.Assert.IsUnrestricted ())
-					return true; // remove permission and continue stack walk
-				foreach (IPermission p in frame.Assert) {
-					if (CheckAssert (p as CodeAccessPermission)) {
-						return true; // remove permission and continue stack walk
-					}
-				}
-			}
-
-			// continue the stack walk
-			return false; 
-		}
-
 		internal static void ThrowInvalidPermission (IPermission target, Type expected) 
 		{
 			string msg = Locale.GetText ("Invalid permission type '{0}', expected type '{1}'.");
 			msg = String.Format (msg, target.GetType (), expected);
 			throw new ArgumentException (msg, "target");
 		}
-
-		internal static void ThrowExecutionEngineException (SecurityAction stackmod)
-		{
-			string msg = Locale.GetText ("No {0} modifier is present on the current stack frame.");
-			// FIXME: we don't (yet) support imperative stack modifiers
-			msg += Environment.NewLine + "Currently only declarative stack modifiers are supported.";
-			throw new ExecutionEngineException (String.Format (msg, stackmod));
-		}
-
-		internal static void ThrowSecurityException (object demanded, string message, SecurityFrame frame,
-			SecurityAction action, IPermission failed)
-		{
-#if NET_2_1
-			throw new SecurityException (message);
-#else
-			Assembly a = frame.Assembly;
-			throw new SecurityException (Locale.GetText (message), 
-				a.UnprotectedGetName (), a.GrantedPermissionSet, 
-				a.DeniedPermissionSet, frame.Method, action, demanded, 
-				failed, a.UnprotectedGetEvidence ());
-#endif
-		}
 	}
 }

mcs/class/corlib/System.Security/PermissionSet.cs

@@ -234,35 +234,6 @@ namespace System.Security {
 				// special case when directly called from CodeAccessPermission.Demand
 				_ignored = new bool [list.Count];
 			}
-
-			ArrayList frames = SecurityFrame.GetStack (skip);
-			if ((frames != null) && (frames.Count > 0)) {
-				SecurityFrame first = ((SecurityFrame) frames [0]);
-				current = first.Assembly;
-				domain = first.Domain;
-				// skip ourself, Demand and other security runtime methods
-				foreach (SecurityFrame sf in frames) {
-					if (ProcessFrame (sf, ref current, ref domain)) {
-						if (AllIgnored ())
-							return; // reached Assert
-					}
-				}
-				SecurityFrame last = ((SecurityFrame) frames [frames.Count - 1]);
-				CheckAssembly (current, last);
-				CheckAppDomain (domain, last);
-			}
-#if FEATURE_COMPRESSEDSTACK
-			// Is there a CompressedStack to handle ?
-			CompressedStack stack = Thread.CurrentThread.GetCompressedStack ();
-			if ((stack != null) && !stack.IsEmpty ()) {
-				foreach (SecurityFrame frame in stack.List) {
-					if (ProcessFrame (frame, ref current, ref domain)) {
-						if (AllIgnored ())
-							return; // reached Assert
-					}
-				}
-			}
-#endif
 		}
 
 		[MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
@@ -682,65 +653,6 @@ namespace System.Security {
 			return true;
 		}
 
-		internal bool ProcessFrame (SecurityFrame frame, ref Assembly current, ref AppDomain domain)
-		{
-			if (IsUnrestricted ()) {
-				// we request unrestricted
-				if (frame.Deny != null) {
-					// but have restrictions (some denied permissions)
-					CodeAccessPermission.ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, null);
-				} else if ((frame.PermitOnly != null) && !frame.PermitOnly.IsUnrestricted ()) {
-					// but have restrictions (only some permitted permissions)
-					CodeAccessPermission.ThrowSecurityException (this, "PermitOnly", frame, SecurityAction.Demand, null);
-				}
-			}
-
-			// skip next steps if no Assert, Deny or PermitOnly are present
-			if (frame.HasStackModifiers) {
-				for (int i = 0; i < list.Count; i++) {
-					CodeAccessPermission cap = (CodeAccessPermission) list [i];
-					if (cap.ProcessFrame (frame)) {
-						_ignored [i] = true; // asserted
-						if (AllIgnored ())
-							return true; // no more, abort stack walk!
-					}
-				}
-			}
-
-			// however the "final" grant set is resolved by assembly, so
-			// there's no need to check it every time (just when we're 
-			// changing assemblies between frames).
-			if (frame.Assembly != current) {
-				CheckAssembly (current, frame);
-				current = frame.Assembly;
-			}
-
-			if (frame.Domain != domain) {
-				CheckAppDomain (domain, frame);
-				domain = frame.Domain;
-			}
-
-			return false;
-		}
-
-		internal void CheckAssembly (Assembly a, SecurityFrame frame)
-		{
-			IPermission p = SecurityManager.CheckPermissionSet (a, this, false);
-			if (p != null) {
-				CodeAccessPermission.ThrowSecurityException (this, "Demand failed assembly permissions checks.",
-					frame, SecurityAction.Demand, p);
-			}
-		}
-
-		internal void CheckAppDomain (AppDomain domain, SecurityFrame frame)
-		{
-			IPermission p = SecurityManager.CheckPermissionSet (domain, this);
-			if (p != null) {
-				CodeAccessPermission.ThrowSecurityException (this, "Demand failed appdomain permissions checks.",
-					frame, SecurityAction.Demand, p);
-			}
-		}
-
 		// 2.0 metadata format
 
 		internal static PermissionSet CreateFromBinaryFormat (byte[] data)

mcs/class/corlib/System.Security/SecurityFrame.cs

@@ -41,91 +41,4 @@ namespace System.Security {
 		public int size;
 		public int index;
 	}
-
-	internal struct SecurityFrame {
-
-		private AppDomain _domain;
-		private MethodInfo _method;
-		private PermissionSet _assert;
-		private PermissionSet _deny;
-		private PermissionSet _permitonly;
-
-		internal SecurityFrame (int skip)
-		{
-			_domain = null;
-			_method = null;
-			_assert = null;
-			_deny = null;
-			_permitonly = null;
-
-			throw new NotImplementedException ();
-		}
-
-		public Assembly Assembly {
-			get { return _method.ReflectedType.Assembly; }
-		}
-
-		public AppDomain Domain {
-			get { return _domain; }
-		}
-
-		public MethodInfo Method {
-			get { return _method; }
-		}
-
-		public PermissionSet Assert {
-			get { return _assert; }
-		}
-
-		public PermissionSet Deny {
-			get { return _deny; }
-		}
-
-		public PermissionSet PermitOnly {
-			get { return _permitonly; }
-		}
-
-		public bool HasStackModifiers {
-			get { return ((_assert != null) || (_deny != null) || (_permitonly != null)); }
-		}
-
-		public bool Equals (SecurityFrame sf)
-		{
-			if (!Object.ReferenceEquals (_domain, sf.Domain))
-				return false;
-			if (Assembly.ToString () != sf.Assembly.ToString ())
-				return false;
-			if (Method.ToString () != sf.Method.ToString ())
-				return false;
-
-			if ((_assert != null) && !_assert.Equals (sf.Assert))
-				return false;
-			if ((_deny != null) && !_deny.Equals (sf.Deny))
-				return false;
-			if ((_permitonly != null) && !_permitonly.Equals (sf.PermitOnly))
-				return false;
-
-			return true;
-		}
-
-		public override string ToString ()
-		{
-			StringBuilder sb = new StringBuilder ();
-			sb.AppendFormat ("Frame: {0}{1}", _method, Environment.NewLine);
-			sb.AppendFormat ("\tAppDomain: {0}{1}", Domain, Environment.NewLine);
-			sb.AppendFormat ("\tAssembly: {0}{1}", Assembly, Environment.NewLine);
-			if (_assert != null)
-				sb.AppendFormat ("\tAssert: {0}{1}", _assert, Environment.NewLine);
-			if (_deny != null)
-				sb.AppendFormat ("\tDeny: {0}{1}", _deny, Environment.NewLine);
-			if (_permitonly != null)
-				sb.AppendFormat ("\tPermitOnly: {0}{1}", _permitonly, Environment.NewLine);
-			return sb.ToString ();
-		}
-
-		static public ArrayList GetStack (int skipFrames)
-		{
-			return new ArrayList ();
-		}
-	}
 }

mcs/class/corlib/System.Security/SecurityManager.cs

@@ -153,68 +153,6 @@ namespace System.Security {
 			return true;
 		}
 
-		internal static IPermission CheckPermissionSet (Assembly a, PermissionSet ps, bool noncas)
-		{
-			if (ps.IsEmpty ())
-				return null;
-
-			foreach (IPermission p in ps) {
-				// note: this may contains non CAS permissions
-				if ((!noncas) && (p is CodeAccessPermission)) {
-					if (!IsGranted (a, p))
-						return p;
-				} else {
-					// but non-CAS will throw on failure...
-					try {
-						p.Demand ();
-					}
-					catch (SecurityException) {
-						// ... so we catch
-						return p;
-					}
-				}
-			}
-			return null;
-		}
-
-		internal static IPermission CheckPermissionSet (AppDomain ad, PermissionSet ps)
-		{
-			if ((ps == null) || ps.IsEmpty ())
-				return null;
-
-			PermissionSet granted = ad.GrantedPermissionSet;
-			if (granted == null)
-				return null;
-			if (granted.IsUnrestricted ())
-				return null;
-			if (ps.IsUnrestricted ())
-				return new SecurityPermission (SecurityPermissionFlag.NoFlags);
-
-			foreach (IPermission p in ps) {
-				if (p is CodeAccessPermission) {
-					CodeAccessPermission grant = (CodeAccessPermission) granted.GetPermission (p.GetType ());
-					if (grant == null) {
-						if (!granted.IsUnrestricted () || !(p is IUnrestrictedPermission)) {
-							if (!p.IsSubsetOf (null))
-								return p;
-						}
-					} else if (!p.IsSubsetOf (grant)) {
-						return p;
-					}
-				} else {
-					// but non-CAS will throw on failure...
-					try {
-						p.Demand ();
-					}
-					catch (SecurityException) {
-						// ... so we catch
-						return p;
-					}
-				}
-			}
-			return null;
-		}
-
 		[Obsolete]
 		[SecurityPermission (SecurityAction.Demand, ControlPolicy = true)]
 		public static PolicyLevel LoadPolicyLevelFromFile (string path, PolicyLevelType type)
@@ -528,19 +466,6 @@ namespace System.Security {
 			}
 		}
 
-		//  security check when using reflection
-
-		// When using reflection LinkDemand are promoted to full Demand (i.e. stack walk)
-		internal unsafe static void ReflectedLinkDemandInvoke (MethodBase mb)
-		{
-			return;
-		}
-
-		internal unsafe static bool ReflectedLinkDemandQuery (MethodBase mb)
-		{
-			return true;
-		}
-
 		// called by the runtime when CoreCLR is enabled
 
 		private static void ThrowException (Exception ex)

mcs/class/corlib/System.Security/SecurityManager_mobile.cs

@@ -197,16 +197,6 @@ namespace System.Security {
 			throw new NotSupportedException ();
 		}
 
-		internal static void ReflectedLinkDemandInvoke (MethodBase mb)
-		{
-			throw new NotSupportedException ();
-		}
-
-		internal static bool ReflectedLinkDemandQuery (MethodBase mb)
-		{
-			throw new NotSupportedException ();
-		}
-
 		public static PermissionSet GetStandardSandbox (Evidence evidence)
 		{
 			if (evidence == null)

mcs/class/corlib/System.Threading/CompressedStack.cs

@@ -65,7 +65,7 @@ namespace System.Threading {
 			throw new NotSupportedException ();
 #else
 			CompressedStack cs = new CompressedStack (0);
-			cs._list = SecurityFrame.GetStack (1);
+			cs._list = new ArrayList ();
 
 			// include any current CompressedStack inside the new Capture
 			CompressedStack currentCs = Thread.CurrentThread.ExecutionContext.SecurityContext.CompressedStack;
@@ -146,12 +146,6 @@ namespace System.Threading {
 			if (_list.Count != cs._list.Count)
 				return false;
 
-			for (int i=0; i < _list.Count; i++) {
-				SecurityFrame sf1 = (SecurityFrame) _list [i];
-				SecurityFrame sf2 = (SecurityFrame) cs._list [i];
-				if (!sf1.Equals (sf2))
-					return false;
-			}
 			return true;
 		}