From 3121717866953a1a1ce98ff23157519bd38d740c Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Thu, 20 Jun 2019 10:53:16 -0700 Subject: [PATCH 1/7] removed attributes --- .../CPP/DWriteWrapper/Common.h | 8 - .../CPP/DWriteWrapper/DWriteInterfaces.h | 7 - .../CPP/DWriteWrapper/DWriteTypeConverter.h | 1 - .../CPP/DWriteWrapper/Factory.cpp | 16 - .../CPP/DWriteWrapper/Factory.h | 15 - .../CPP/DWriteWrapper/Font.cpp | 14 - .../CPP/DWriteWrapper/Font.h | 3 - .../CPP/DWriteWrapper/FontCollection.cpp | 7 +- .../CPP/DWriteWrapper/FontCollection.h | 2 - .../DWriteWrapper/FontCollectionLoader.cpp | 2 - .../CPP/DWriteWrapper/FontCollectionLoader.h | 2 - .../CPP/DWriteWrapper/FontFace.cpp | 16 - .../CPP/DWriteWrapper/FontFace.h | 9 - .../CPP/DWriteWrapper/FontFamily.cpp | 6 +- .../CPP/DWriteWrapper/FontFamily.h | 1 - .../CPP/DWriteWrapper/FontFile.cpp | 10 - .../CPP/DWriteWrapper/FontFile.h | 6 - .../CPP/DWriteWrapper/FontFileEnumerator.cpp | 2 - .../CPP/DWriteWrapper/FontFileEnumerator.h | 2 - .../CPP/DWriteWrapper/FontFileLoader.cpp | 2 - .../CPP/DWriteWrapper/FontFileLoader.h | 2 - .../CPP/DWriteWrapper/FontFileStream.cpp | 5 - .../CPP/DWriteWrapper/FontFileStream.h | 2 - .../CPP/DWriteWrapper/FontList.h | 1 - .../CPP/DWriteWrapper/ItemProps.cpp | 6 - .../CPP/DWriteWrapper/ItemProps.h | 5 - .../CPP/DWriteWrapper/LocalizedStrings.cpp | 12 - .../CPP/DWriteWrapper/LocalizedStrings.h | 4 - .../DWriteWrapper/NativePointerWrapper.cpp | 7 - .../CPP/DWriteWrapper/NativePointerWrapper.h | 7 - .../CPP/DWriteWrapper/TextAnalyzer.cpp | 14 - .../CPP/DWriteWrapper/TextAnalyzer.h | 14 - .../CPP/DWriteWrapper/TextItemizer.cpp | 1 - .../CPP/DWriteWrapper/TextItemizer.h | 2 - .../TtfDelta/ControlTableInit.h | 1 - .../TrueTypeSubsetter/TtfDelta/GlobalInit.h | 1 - .../TrueTypeSubsetter/TtfDelta/automap.cpp | 6 - .../CPP/TrueTypeSubsetter/TtfDelta/automap.h | 3 - .../TtfDelta/intsafe_private_copy.h | 6 +- .../TrueTypeSubsetter/TtfDelta/makeglst.cpp | 3 - .../CPP/TrueTypeSubsetter/TtfDelta/makeglst.h | 1 - .../TrueTypeSubsetter/TtfDelta/modcmap.cpp | 12 +- .../CPP/TrueTypeSubsetter/TtfDelta/modcmap.h | 1 - .../TrueTypeSubsetter/TtfDelta/modglyf.cpp | 1 - .../CPP/TrueTypeSubsetter/TtfDelta/modglyf.h | 1 - .../TrueTypeSubsetter/TtfDelta/modsbit.cpp | 8 - .../CPP/TrueTypeSubsetter/TtfDelta/modsbit.h | 3 +- .../TrueTypeSubsetter/TtfDelta/modtable.cpp | 16 - .../CPP/TrueTypeSubsetter/TtfDelta/modtable.h | 10 - .../TrueTypeSubsetter/TtfDelta/mtxcalc.cpp | 3 - .../CPP/TrueTypeSubsetter/TtfDelta/mtxcalc.h | 1 - .../CPP/TrueTypeSubsetter/TtfDelta/ttfacc.cpp | 20 -- .../CPP/TrueTypeSubsetter/TtfDelta/ttfacc.h | 20 -- .../TrueTypeSubsetter/TtfDelta/ttfcntrl.cpp | 3 +- .../TrueTypeSubsetter/TtfDelta/ttfdelta.cpp | 10 - .../CPP/TrueTypeSubsetter/TtfDelta/ttfdelta.h | 4 - .../TrueTypeSubsetter/TtfDelta/ttftabl1.cpp | 33 -- .../CPP/TrueTypeSubsetter/TtfDelta/ttftabl1.h | 31 -- .../TrueTypeSubsetter/TtfDelta/ttftable.cpp | 51 --- .../CPP/TrueTypeSubsetter/TtfDelta/ttftable.h | 37 -- .../CPP/TrueTypeSubsetter/TtfDelta/ttmem.cpp | 7 - .../CPP/TrueTypeSubsetter/TtfDelta/ttmem.h | 6 - .../CPP/TrueTypeSubsetter/TtfDelta/util.cpp | 2 - .../CPP/TrueTypeSubsetter/truetype.cpp | 1 - .../CPP/TrueTypeSubsetter/truetype.h | 1 - .../CPP/TrueTypeSubsetter/util2.cpp | 3 +- .../CPP/TrueTypeSubsetter/util2.h | 4 +- .../src/DirectWriteForwarder/CPP/wpfvcclr.h | 1 - .../src/DirectWriteForwarder/main.cpp | 15 - .../MS/internal/MediaTrace.cs | 5 - .../src/Shared/cpp/Utils.cxx | 4 - .../src/Shared/cpp/dwriteloader.cpp | 1 - .../src/Shared/inc/dwriteloader.h | 3 +- .../src/System.Xaml/GlobalSuppressions.cs | 2 - .../DRT/TestServices/MS/Internal/PointUtil.cs | 4 - .../MS/Internal/SecurityCriticalDataForSet.cs | 4 - .../TestServices/MS/Win32/HandleCollector.cs | 2 - .../TestServices/MS/Win32/NativeMethodsCLR.cs | 36 -- .../MS/Win32/NativeMethodsOther.cs | 42 --- .../MS/Win32/NativeMethodsSetLastError.cs | 4 - .../MS/Win32/SafeNativeMethodsCLR.cs | 36 -- .../MS/Win32/SafeNativeMethodsOther.cs | 18 - .../MS/Win32/UnsafeNativeMethodsCLR.cs | 337 ------------------ .../MS/Win32/UnsafeNativeMethodsOther.cs | 106 ------ 84 files changed, 9 insertions(+), 1134 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Common.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Common.h index 825085409fc..96f52b704d0 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Common.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Common.h @@ -26,8 +26,6 @@ private ref class Util sealed /// Safe - We are using ThrowExceptionForHR() in a safe way // by ignoring the IErrorInfo of the current thread. /// - [SecuritySafeCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] __declspec(noinline) void static ConvertHresultToException(HRESULT hr) { @@ -63,8 +61,6 @@ private ref class Util sealed /// Critical - Asserts unmanaged code permissions to call ThrowExceptionForHR. /// - Exposes a pointer to the contents of a managed string. /// - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] __declspec(noinline) const cli::interior_ptr static GetPtrToStringChars(System::String^ s) { return CriticalPtrToStringChars(s); @@ -79,8 +75,6 @@ private ref class Util sealed /// Critical - Asserts unmanaged code permissions. /// Safe - Does not expose critical data. /// - [SecuritySafeCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] __declspec(noinline) static _GUID ToGUID( System::Guid& guid ) { array^ guidData = guid.ToByteArray(); @@ -101,7 +95,6 @@ private ref class Util sealed /// /// Critical - Calls critical IsFullTrustCaller and Marshal::GetExceptionForHR /// - [SecurityCritical] void static SanitizeAndThrowIfKnownException(HRESULT hr) { if (hr == COR_E_INVALIDOPERATION) @@ -129,7 +122,6 @@ private ref class Util sealed /// for verifying the security of an operation, and therefore should not demand permissions. /// Safe - It is safe to perform a demand. /// - [SecurityCritical] static bool IsFullTrustCaller() { #ifndef _CLR_NETCORE diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/DWriteInterfaces.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/DWriteInterfaces.h index 58a659f2782..dbe9ab8436b 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/DWriteInterfaces.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/DWriteInterfaces.h @@ -38,7 +38,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Critical - receives native pointers as parameters. /// - [SecurityCritical] [PreserveSig] HRESULT ReadFileFragment( [Out] const void **fragmentStart, @@ -54,7 +53,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Critical - receives native pointers as parameters. /// - [SecurityCritical] [PreserveSig] void ReleaseFileFragment( [In] void *fragmentContext @@ -76,7 +74,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Critical - receives native pointers as parameters. /// - [SecurityCritical] [PreserveSig] HRESULT GetFileSize( [Out/*, MarshalAs(UnmanagedType::U8)*/] UINT64 *fileSize @@ -95,7 +92,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Critical - receives native pointers as parameters. /// - [SecurityCritical] [PreserveSig] HRESULT GetLastWriteTime( [Out/*, MarshalAs(UnmanagedType::U8)*/] UINT64 *lastWriteTime @@ -128,7 +124,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Critical - receives native pointers as parameters. /// - [SecurityCritical] [PreserveSig] HRESULT CreateStreamFromKey( [In] void const* fontFileReferenceKey, @@ -168,7 +163,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Critical - receives native pointers as parameters. /// - [SecurityCritical] [PreserveSig] HRESULT GetCurrentFontFile( /*[Out, MarshalAs(UnmanagedType::Interface)]*/ IDWriteFontFile** fontFile @@ -201,7 +195,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Critical - receives native pointers as parameters. /// - [SecurityCritical] [PreserveSig] HRESULT CreateEnumeratorFromKey( /*[In, MarshalAs(UnmanagedType::Interface)]*/ IntPtr factory, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/DWriteTypeConverter.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/DWriteTypeConverter.h index 3fc7375bb34..a872a43934f 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/DWriteTypeConverter.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/DWriteTypeConverter.h @@ -25,7 +25,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// This class is used to convert data types back anf forth between DWrite and DWriteWrapper. /// - [System::Security::SecurityCritical(System::Security::SecurityCriticalScope::Everything)] private ref class DWriteTypeConverter sealed { internal: diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.cpp index 64004f1e0c7..4b50be7704e 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.cpp @@ -19,7 +19,6 @@ typedef HRESULT (WINAPI *DWRITECREATEFACTORY)(DWRITE_FACTORY_TYPE factoryType, R /// Critical - Returns a pointer to the DWriteCreateFactory method which /// can be used to access the shared factory. /// -[System::Security::SecurityCritical] extern void *GetDWriteCreateFactoryFunctionPointer(); namespace MS { namespace Internal { namespace Text { namespace TextInterface @@ -27,7 +26,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Calls security critical Factory ctor(). /// - [SecurityCritical] Factory^ Factory::Create( FactoryType factoryType, IFontSourceCollectionFactory^ fontSourceCollectionFactory, @@ -45,8 +43,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// 'System.Runtime.InteropServices.Marshal.Release(System.IntPtr)' but this is ok since they are called for objects that this method create. /// Asserts unmanaged code permissions to call Marshal.* /// - //[SecurityCritical] - tagged in header file - //[SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] Factory::Factory( FactoryType factoryType, IFontSourceCollectionFactory^ fontSourceCollectionFactory, @@ -99,7 +95,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Assigns security critical member _pFactory. /// Safe - Does not expose any critical info. /// - [SecuritySafeCritical] __declspec(noinline) void Factory::Initialize( FactoryType factoryType ) @@ -124,9 +119,7 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Safe - Just releases the interface. /// - Marshal is called with trusted inputs. /// - [SecuritySafeCritical] [ReliabilityContract(Consistency::WillNotCorruptState, Cer::Success)] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] __declspec(noinline) bool Factory::ReleaseHandle() { if (_wpfFontCollectionLoader != nullptr) @@ -163,7 +156,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Assumes that the user has permissions to access filePathUri. /// - [SecurityCritical] __declspec(noinline) FontFile^ Factory::CreateFontFile( System::Uri^ filePathUri ) @@ -195,7 +187,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Calls security critical CreateFontFace. /// - [SecurityCritical] FontFace^ Factory::CreateFontFace( System::Uri^ filePathUri, unsigned int faceIndex @@ -211,7 +202,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Calls security critical CreateFontFile. /// - [SecurityCritical] FontFace^ Factory::CreateFontFace( System::Uri^ filePathUri, unsigned int faceIndex, @@ -291,7 +281,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical _pFactory pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontCollection^ Factory::GetSystemFontCollection( bool checkForUpdates ) @@ -319,8 +308,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// - Asserts Unmanaged code permissions to call Marshal.* But /// Marshal is called with trusted inputs. /// - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] __declspec(noinline) FontCollection^ Factory::GetFontCollection(System::Uri^ uri) { System::String^ uriString = uri->AbsoluteUri; @@ -357,8 +344,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// - Asserts unmanaged code permissions to call Marshal.* However the call to Marshal is safe /// because it is called with trusted inputs. /// - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] HRESULT Factory::CreateFontFile( IDWriteFactory* factory, FontFileLoader^ fontFileLoader, @@ -488,7 +473,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Safe - It does not expose the pointer it uses. /// - TextAnalyzer ctor() is called with a trusted pointer. /// - [SecuritySafeCritical] __declspec(noinline) TextAnalyzer^ Factory::CreateTextAnalyzer() { IDWriteTextAnalyzer* textAnalyzer = NULL; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.h index bf049ddf1bf..a712da473d1 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.h @@ -35,7 +35,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - native pointer. /// - [SecurityCritical] IDWriteFactory* _pFactory; /// @@ -49,8 +48,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// The factory just created. /// - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] Factory( FactoryType factoryType, IFontSourceCollectionFactory^ fontSourceCollectionFactory, @@ -70,7 +67,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - We call Marshal.* with this member variable and we // assume it is trusted. /// - [SecurityCritical] FontCollectionLoader^ _wpfFontCollectionLoader; /// @@ -80,7 +76,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - We call Marshal.* with this member variable and we // assume it is trusted. /// - [SecurityCritical] FontFileLoader^ _wpfFontFileLoader; IFontSourceFactory^ _fontSourceFactory; @@ -95,7 +90,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface protected: - [SecuritySafeCritical] [ReliabilityContract(Consistency::WillNotCorruptState, Cer::Success)] virtual bool ReleaseHandle() override; @@ -106,7 +100,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Exposes critical member _pFactory. /// - [SecurityCritical] IDWriteFactory* get() { _pFactory->AddRef(); @@ -125,7 +118,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// The factory just created. /// - [SecurityCritical] static Factory^ Create( FactoryType factoryType, IFontSourceCollectionFactory^ fontSourceCollectionFactory, @@ -140,7 +132,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Newly created font file object, or NULL in case of failure. /// - [SecurityCritical] FontFile^ CreateFontFile(System::Uri^ filePathUri); /// @@ -153,7 +144,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Newly created font face object, or NULL in case of failure. /// - [SecurityCritical] FontFace^ CreateFontFace( System::Uri^ filePathUri, unsigned int faceIndex, @@ -169,7 +159,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Newly created font face object, or NULL in case of failure. /// - [SecurityCritical] FontFace^ CreateFontFace( System::Uri^ filePathUri, unsigned int faceIndex @@ -190,7 +179,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// The font collection. /// - [SecurityCritical] FontCollection^ GetFontCollection(System::Uri^ uri); /// @@ -221,7 +209,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Standard HRESULT error code /// - [SecurityCritical] static HRESULT CreateFontFile( IDWriteFactory* factory, FontFileLoader^ fontFileLoader, @@ -235,7 +222,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// attributes from Microsoft.VisualC.dll (MiscellaneousBitsAttribute & DebugInfoInPDBAttribute) /// This should be fixed in Microsoft.VisualC.dll. /// - [SecuritySafeCritical] __declspec(noinline) static DWRITE_MATRIX GetIdentityTransform() { DWRITE_MATRIX transform; @@ -255,7 +241,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface virtual property bool IsInvalid { - [SecuritySafeCritical] [ReliabilityContract(Consistency::WillNotCorruptState, Cer::Success)] bool get() override; } diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.cpp index 1bbd4541463..b0dab91df66 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.cpp @@ -20,7 +20,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// This whole object is wrapped around the passed in pointer /// So this ctor assumes safety of the passed in pointer. /// - //[SecurityCritical] � tagged in header file Font::Font( IDWriteFont* font ) @@ -155,7 +154,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Exposes the critical member _font. /// - [SecurityCritical] System::IntPtr Font::DWriteFontAddRef::get() { _font->Value->AddRef(); @@ -166,7 +164,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical _font pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontFamily^ Font::Family::get() { IDWriteFontFamily* dwriteFontFamily; @@ -182,7 +179,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical _font pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontWeight Font::Weight::get() { DWRITE_FONT_WEIGHT dwriteFontWeight = _font->Value->GetWeight(); @@ -194,7 +190,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical _font pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontStretch Font::Stretch::get() { DWRITE_FONT_STRETCH dwriteFontStretch = _font->Value->GetStretch(); @@ -206,7 +201,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical _font pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontStyle Font::Style::get() { DWRITE_FONT_STYLE dwriteFontStyle = _font->Value->GetStyle(); @@ -218,7 +212,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical _font pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) bool Font::IsSymbolFont::get() { if ((_flags & Flags_IsSymbolFontInitialized) != Flags_IsSymbolFontInitialized) @@ -239,7 +232,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Security Critical LocalizedStrings ctor. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) LocalizedStrings^ Font::FaceNames::get() { IDWriteLocalizedStrings* dwriteLocalizedStrings; @@ -255,7 +247,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical _font pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) bool Font::GetInformationalStrings( InformationalStringID informationalStringID, [System::Runtime::InteropServices::Out] LocalizedStrings^% informationalStrings @@ -278,7 +269,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical _font pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontSimulations Font::SimulationFlags::get() { DWRITE_FONT_SIMULATIONS dwriteFontSimulations = _font->Value->GetSimulations(); @@ -290,7 +280,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical _font pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontMetrics^ Font::Metrics::get() { if (_fontMetrics == nullptr) @@ -309,7 +298,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical _font pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) bool Font::HasCharacter( UINT32 unicodeValue ) @@ -329,7 +317,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// security critical FontFace ctor. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontFace^ Font::CreateFontFace() { IDWriteFontFace* dwriteFontFace; @@ -371,7 +358,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical _font pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontMetrics^ Font::DisplayMetrics(FLOAT emSize, FLOAT pixelsPerDip) { DWRITE_FONT_METRICS fontMetrics; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.h index e32d4d5217c..ea45e5c8e70 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.h @@ -45,7 +45,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - native pointer. /// - [SecurityCritical] NativeIUnknownWrapper^ _font; /// @@ -119,7 +118,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// This whole object is wrapped around the passed in pointer /// So this ctor assumes safety of the passed in pointer. /// - [SecurityCritical] Font( IDWriteFont* font ); @@ -129,7 +127,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// property System::IntPtr DWriteFontAddRef { - [SecurityCritical] System::IntPtr get(); } diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.cpp index 4002fdbfd07..914da988404 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.cpp @@ -12,7 +12,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// This whole object is wrapped around the passed in pointer /// So this ctor assumes safety of the passed in pointer. /// - //[SecurityCritical] � tagged in header file FontCollection::FontCollection(IDWriteFontCollection* fontCollection) { _fontCollection = gcnew NativeIUnknownWrapper(fontCollection); @@ -23,7 +22,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// - Calls security critical Util::GetPtrToStringChars. /// Safe - Does not expose any security critical info. /// - [SecuritySafeCritical] __declspec(noinline) bool FontCollection::FindFamilyName( System::String^ familyName, [System::Runtime::InteropServices::Out] unsigned int% index @@ -48,7 +46,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _fontCollection and fontFace->DWriteFontFace. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) Font^ FontCollection::GetFontFromFontFace(FontFace^ fontFace) { IDWriteFontFace* dwriteFontFace = fontFace->DWriteFontFaceNoAddRef; @@ -71,7 +68,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _fontCollection and calls security critical ctor FontFamily. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontFamily^ FontCollection::default::get(unsigned int familyIndex) { IDWriteFontFamily* dwriteFontFamily = NULL; @@ -104,7 +100,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _fontCollection. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) unsigned int FontCollection::FamilyCount::get() { UINT32 familyCount = _fontCollection->Value->GetFontFamilyCount(); @@ -112,4 +107,4 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return familyCount; } -}}}}//MS::Internal::Text::TextInterface \ No newline at end of file +}}}}//MS::Internal::Text::TextInterface diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.h index 99b1662c41b..f254222691e 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.h @@ -28,7 +28,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - native pointer. /// - [SecurityCritical] NativeIUnknownWrapper^ _fontCollection; internal: @@ -42,7 +41,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// This whole object is wrapped around the passed in pointer /// So this ctor assumes safety of the passed in pointer. /// - [SecurityCritical] FontCollection(IDWriteFontCollection* fontCollection); /// diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollectionLoader.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollectionLoader.cpp index d6e32759db2..8ac7e0fdaa0 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollectionLoader.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollectionLoader.cpp @@ -22,8 +22,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// because it is called with trusted inputs. /// [ComVisible(true)] - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] HRESULT FontCollectionLoader::CreateEnumeratorFromKey( IntPtr factory, __in_bcount(collectionKeySize) void const* collectionKey, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollectionLoader.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollectionLoader.h index 78c69ccf9bf..a236b1a75de 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollectionLoader.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollectionLoader.h @@ -16,7 +16,6 @@ using namespace System::Diagnostics; namespace MS { namespace Internal { namespace Text { namespace TextInterface { [ClassInterface(ClassInterfaceType::None), ComVisible(true)] - [System::Security::SecurityCritical(System::Security::SecurityCriticalScope::Everything)] private ref class FontCollectionLoader : public IDWriteFontCollectionLoaderMirror { private: @@ -45,7 +44,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Standard HRESULT error code. /// [ComVisible(true)] - [SecurityCritical] virtual HRESULT CreateEnumeratorFromKey( IntPtr factory, __in_bcount(collectionKeySize) void const* collectionKey, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.cpp index 11af0edd756..3edf6fd53a8 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.cpp @@ -13,7 +13,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// This whole object is wrapped around the passed in pointer /// So this ctor assumes safety of the passed in pointer. /// - //[SecurityCritical] � tagged in header file FontFace::FontFace(IDWriteFontFace* fontFace) { _fontFace = gcnew NativeIUnknownWrapper(fontFace); @@ -23,7 +22,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Manipulates security critical member _fontCollection. /// Safe - Just releases the interface. /// - //[SecuritySafeCritical] __declspec(noinline) FontFace::~FontFace() { if (_fontFace != nullptr) @@ -40,7 +38,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Exposes the native pointer that this object wraps. /// - [SecurityCritical] IDWriteFontFace* FontFace::DWriteFontFaceNoAddRef::get() { return _fontFace->Value; @@ -49,7 +46,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Exposes the native pointer that this object wraps. /// - [SecurityCritical] System::IntPtr FontFace::DWriteFontFaceAddRef::get() { _fontFace->Value->AddRef(); @@ -60,7 +56,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _fontFace. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontFaceType FontFace::Type::get() { DWRITE_FONT_FACE_TYPE dwriteFontFaceType = _fontFace->Value->GetType(); @@ -72,7 +67,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _fontFace. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontFile^ FontFace::GetFileZero() { unsigned int numberOfFiles = 0; @@ -122,7 +116,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _fontFace. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) unsigned int FontFace::Index::get() { unsigned int index = _fontFace->Value->GetIndex(); @@ -134,7 +127,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _fontFace. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontSimulations FontFace::SimulationFlags::get() { DWRITE_FONT_SIMULATIONS dwriteFontSimulations = _fontFace->Value->GetSimulations(); @@ -146,7 +138,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _fontFace. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) bool FontFace::IsSymbolFont::get() { BOOL isSymbolFont = _fontFace->Value->IsSymbolFont(); @@ -158,7 +149,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _fontFace. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontMetrics^ FontFace::Metrics::get() { if (_fontMetrics == nullptr) @@ -177,7 +167,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _fontFace. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) UINT16 FontFace::GlyphCount::get() { UINT16 glyphCount = _fontFace->Value->GetGlyphCount(); @@ -190,7 +179,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Receives a native pointer as an argument. /// Exposes a native pointer to the caller. /// - [SecurityCritical] void FontFace::GetDesignGlyphMetrics( __in_ecount(glyphCount) const UINT16 *pGlyphIndices, UINT32 glyphCount, @@ -213,7 +201,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Receives a native pointer as an argument. /// Exposes a native pointer to the caller. /// - [SecurityCritical] void FontFace::GetDisplayGlyphMetrics( __in_ecount(glyphCount) const UINT16 *pGlyphIndices, UINT32 glyphCount, @@ -243,7 +230,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Receives a native pointer as an argument. /// Exposes a native pointer to the caller. /// - [SecurityCritical] void FontFace::GetArrayOfGlyphIndices( __in_ecount(glyphCount) const UINT32* pCodePoints, UINT32 glyphCount, @@ -265,7 +251,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Exposes the data from a font. /// - [SecurityCritical] __declspec(noinline) bool FontFace::TryGetFontTable( OpenTypeTableTag openTypeTableTag, [System::Runtime::InteropServices::Out] array^% tableData @@ -305,7 +290,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _fontFace. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) bool FontFace::ReadFontEmbeddingRights([System::Runtime::InteropServices::Out] unsigned short% fsType) { void* os2Table; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.h index 8af1c1a34a2..c272f527ca3 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.h @@ -37,7 +37,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - native pointer. /// - [SecurityCritical] NativeIUnknownWrapper^ _fontFace; /// @@ -65,7 +64,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// This whole object is wrapped around the passed in pointer /// So this ctor assumes safety of the passed in pointer. /// - [SecurityCritical] FontFace(IDWriteFontFace* fontFace); /// @@ -77,7 +75,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// property IDWriteFontFace* DWriteFontFaceNoAddRef { - [SecurityCritical] IDWriteFontFace* get(); } @@ -86,7 +83,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// property System::IntPtr DWriteFontFaceAddRef { - [SecurityCritical] System::IntPtr get(); } @@ -176,14 +172,12 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Unsafe pointer to flat array of GlyphMetrics structs for output. Passed as /// unsafe to allow optimization by the caller of stack or heap allocation. /// The metrics returned are in font design units - [SecurityCritical] void GetDesignGlyphMetrics( __in_ecount(glyphCount) const UINT16 *pGlyphIndices, UINT32 glyphCount, __out_ecount(glyphCount) GlyphMetrics *pGlyphMetrics ); - [SecurityCritical] void GetDisplayGlyphMetrics( __in_ecount(glyphCount) const UINT16 *pGlyphIndices, UINT32 glyphCount, @@ -207,7 +201,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Array of nominal glyph indices filled by this function. // "GetGlyphIndices" is defined in WinGDI.h to be "GetGlyphIndicesW" that why we chose // "GetArrayOfGlyphIndices" - [SecurityCritical] void GetArrayOfGlyphIndices( __in_ecount(glyphCount) const UINT32* pCodePoints, UINT32 glyphCount, @@ -220,7 +213,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// The tag of table to find. /// The table. /// True if table exists. - [SecurityCritical] bool TryGetFontTable( OpenTypeTableTag openTypeTableTag, [System::Runtime::InteropServices::Out] array^% tableData @@ -236,7 +228,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// dtor. /// - [SecuritySafeCritical] ~FontFace(); }; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.cpp index 36a8ee226d4..c5cc9eb35b9 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.cpp @@ -12,7 +12,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// This whole object is wrapped around the passed in pointer /// So this ctor assumes safety of the passed in pointer. /// - //[SecurityCritical] � tagged in header file FontFamily::FontFamily(IDWriteFontFamily* fontFamily) : FontList(fontFamily) { _regularFont = nullptr; @@ -22,7 +21,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical FontFamilyObject pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) LocalizedStrings^ FontFamily::FamilyNames::get() { IDWriteLocalizedStrings* dwriteLocalizedStrings; @@ -73,7 +71,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical FontFamilyObject pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) Font^ FontFamily::GetFirstMatchingFont( FontWeight weight, FontStretch stretch, @@ -97,7 +94,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical FontFamilyObject pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) FontList^ FontFamily::GetMatchingFonts( FontWeight weight, FontStretch stretch, @@ -115,4 +111,4 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface ConvertHresultToException(hr, "FontList^ FontFamily::GetMatchingFonts"); return gcnew FontList(dwriteFontList); } -}}}}//MS::Internal::Text::TextInterface \ No newline at end of file +}}}}//MS::Internal::Text::TextInterface diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.h index 167ee4efcd7..5e86d1177c9 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.h @@ -39,7 +39,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// This whole object is wrapped around the passed in pointer /// So this ctor assumes safety of the passed in pointer. /// - [SecurityCritical] FontFamily(IDWriteFontFamily* fontFamily); /// diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.cpp index f822c667cb9..487e769714b 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.cpp @@ -17,8 +17,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// - Assigns security critical _guidForIDWriteLocalFontFileLoader /// Safe - The data used to initialize _guidForIDWriteLocalFontFileLoader is const. /// - [SecuritySafeCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] static FontFile::FontFile() { System::Guid guid = System::Guid("b2d9f3ec-c9fe-4a11-a2ec-d86208f7c0a2"); @@ -32,7 +30,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// This whole object is wrapped around the passed in pointer /// So this ctor assumes safety of the passed in pointer. /// - //[SecurityCritical] � tagged in header file FontFile::FontFile(IDWriteFontFile* fontFile) { _fontFile = gcnew NativeIUnknownWrapper(fontFile); @@ -42,7 +39,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Manipulates security critical member _fontFile. /// Safe - Just releases the interface. /// - //[SecuritySafeCritical] __declspec(noinline) FontFile::~FontFile() { if (_fontFile != nullptr) @@ -56,7 +52,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical _fontFile pointer. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) bool FontFile::Analyze( [System::Runtime::InteropServices::Out] DWRITE_FONT_FILE_TYPE% fontFileType, [System::Runtime::InteropServices::Out] DWRITE_FONT_FACE_TYPE% fontFaceType, @@ -94,7 +89,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Exposes critical member _fontFile. /// - [SecurityCritical] IDWriteFontFile* FontFile::DWriteFontFileNoAddRef::get() { return _fontFile->Value; @@ -106,8 +100,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// - Exposes Font File path which can expose the windows folder location /// to partial trust apps. /// - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] System::String^ FontFile::GetUriPath() { void* fontFileReferenceKey; @@ -178,8 +170,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Asserts unmanaged code permissions. /// Safe - This function does not perform dangerous operations. /// - [SecuritySafeCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] __declspec(noinline) void FontFile::ReleaseInterface(IDWriteLocalFontFileLoader** ppInterface) { if (ppInterface && *ppInterface) diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.h index 8ea8f25b7e8..250addff494 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.h @@ -27,7 +27,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - native pointer. /// - [SecurityCritical] NativeIUnknownWrapper^ _fontFile; /// @@ -40,7 +39,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - native pointer. /// - [SecurityCritical] static NativePointerWrapper<_GUID>^ _guidForIDWriteLocalFontFileLoader; /// @@ -61,7 +59,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Constructs a Font File object. /// /// A pointer to the DWrite fontFile object. - [SecurityCritical] FontFile(IDWriteFontFile* fontFile); /// @@ -75,7 +72,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// property IDWriteFontFile* DWriteFontFileNoAddRef { - [SecurityCritical] IDWriteFontFile* get(); } @@ -106,13 +102,11 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Gets the path of this font file. /// /// The path of this font file. - [SecurityCritical] System::String^ GetUriPath(); //// /// dtor. /// - [SecuritySafeCritical] ~FontFile(); }; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileEnumerator.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileEnumerator.cpp index 2ad18cf3e52..c3170a2fd2f 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileEnumerator.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileEnumerator.cpp @@ -24,8 +24,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// because it is called with trusted inputs. /// [ComVisible(true)] - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] HRESULT FontFileEnumerator::MoveNext( __out bool% hasCurrentFile ) diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileEnumerator.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileEnumerator.h index 621ba21fdc1..f55149b458d 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileEnumerator.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileEnumerator.h @@ -17,7 +17,6 @@ using namespace System::Diagnostics; namespace MS { namespace Internal { namespace Text { namespace TextInterface { [ClassInterface(ClassInterfaceType::None), ComVisible(true)] - [System::Security::SecurityCritical(System::Security::SecurityCriticalScope::Everything)] private ref class FontFileEnumerator : public IDWriteFontFileEnumeratorMirror { private: @@ -46,7 +45,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Standard HRESULT error code. /// [ComVisible(true)] - [SecurityCritical] virtual HRESULT MoveNext( __out bool% hasCurrentFile ); diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileLoader.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileLoader.cpp index 6d7f796f0f0..5a87f08d286 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileLoader.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileLoader.cpp @@ -17,8 +17,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// because it is called with trusted inputs. /// [ComVisible(true)] - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] HRESULT FontFileLoader::CreateStreamFromKey( __in_bcount(fontFileReferenceKeySize) void const* fontFileReferenceKey, UINT32 fontFileReferenceKeySize, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileLoader.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileLoader.h index a43a718e325..dbf72593691 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileLoader.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileLoader.h @@ -16,7 +16,6 @@ using namespace System::Diagnostics; namespace MS { namespace Internal { namespace Text { namespace TextInterface { [ClassInterface(ClassInterfaceType::None), ComVisible(true)] - [System::Security::SecurityCritical(System::Security::SecurityCriticalScope::Everything)] private ref class FontFileLoader : public IDWriteFontFileLoaderMirror { IFontSourceFactory^ _fontSourceFactory; @@ -39,7 +38,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Standard HRESULT error code. /// [ComVisible(true)] - [SecurityCritical] virtual HRESULT CreateStreamFromKey( __in_bcount(fontFileReferenceKeySize) void const* fontFileReferenceKey, UINT32 fontFileReferenceKeySize, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.cpp index e83dc8fb3ef..c58dfbd511f 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.cpp @@ -38,7 +38,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Calls critical CreateGarbageCollectorHandleNativeWrapper /// - [System::Security::SecurityCritical] [ComVisible(true)] HRESULT FontFileStream::ReadFileFragment( __deref_out_bcount(fragmentSize) const void ** fragmentStart, @@ -104,9 +103,7 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Frees a GCHandle based on the passed in pointer so the pointer /// passed in must be trusted. /// - [System::Security::SecurityCritical] #ifndef _CLR_NETCORE - [System::Security::Permissions::SecurityPermission(System::Security::Permissions::SecurityAction::Assert, UnmanagedCode=true)] #endif [ComVisible(true)] void FontFileStream::ReleaseFileFragment( @@ -124,8 +121,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Asserts unmanaged code permissions to call Marshal.* /// [ComVisible(true)] - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] HRESULT FontFileStream::GetFileSize( __out UINT64* fileSize ) diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.h index 94a580579df..ec84b5e7dd1 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.h @@ -17,7 +17,6 @@ using namespace System::Diagnostics; namespace MS { namespace Internal { namespace Text { namespace TextInterface { [ClassInterface(ClassInterfaceType::None), ComVisible(true)] - [SecurityCritical(SecurityCriticalScope::Everything)] private ref class FontFileStream : public IDWriteFontFileStreamMirror { private: @@ -90,7 +89,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// decisions based on the value of the file size (e.g., validation against a persisted file size). /// [ComVisible(true)] - [SecurityCritical] virtual HRESULT GetFileSize( __out UINT64* fileSize ); diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontList.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontList.h index 350b630594c..707882784d3 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontList.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontList.h @@ -26,7 +26,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Represents a list of fonts. /// - [System::Security::SecurityCritical(System::Security::SecurityCriticalScope::Everything)] private ref class FontList : System::Collections::Generic::IEnumerable { private: diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.cpp index f9322e170ac..49823761d0d 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.cpp @@ -9,7 +9,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Exposes a native pointer. /// - [SecurityCritical] void* ItemProps::ScriptAnalysis::get() { if (_scriptAnalysis != nullptr) @@ -25,7 +24,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Exposes a native pointer. /// - [SecurityCritical] void* ItemProps::NumberSubstitutionNoAddRef::get() { return _numberSubstitution->Value; @@ -82,8 +80,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Sets members to arbitrary native pointers that are later read by treat as safe methods. /// - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode = true)] ItemProps^ ItemProps::Create( void* scriptAnalysis, void* numberSubstitution, @@ -125,8 +121,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Asserts to read unmanaged memory. /// Safe - Reads from a safe location. /// - [SecuritySafeCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode = true)] __declspec(noinline) bool ItemProps::CanShapeTogether(ItemProps^ other) { // Check whether 2 ItemProps have the same attributes that impact shaping so diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.h index 72af14f9184..bfaf791d6ea 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.h @@ -33,7 +33,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// property void* NumberSubstitutionNoAddRef { - [SecurityCritical] void* get(); } @@ -42,7 +41,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// property void* ScriptAnalysis { - [SecurityCritical] void* get(); } @@ -86,14 +84,11 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Asserts to allocate and initialize unmanaged memory. /// TreatAsSafe - Initializes unmanaged memory to known safe state. /// - [SecuritySafeCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode = true)] ItemProps(); /// /// Critical - Asserts to initialize unmanaged memory. /// - [SecurityCritical] static ItemProps^ Create( void* scriptAnalysis, void* numberSubstitution, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.cpp index b239f4ae4a7..1fcedc6c0ae 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.cpp @@ -17,7 +17,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// This whole object is wrapped around the passed in pointer /// So this ctor assumes safety of the passed in pointer. /// - //[SecurityCritical] � tagged in header file LocalizedStrings::LocalizedStrings(IDWriteLocalizedStrings* localizedStrings) { _localizedStrings = gcnew NativeIUnknownWrapper(localizedStrings); @@ -34,7 +33,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Writes to security critical member _localizedStrings. /// Safe - Always writes NULL to _localizedStrings. /// - //[SecuritySafeCritical] __declspec(noinline) LocalizedStrings::LocalizedStrings() { _localizedStrings = nullptr; @@ -49,7 +47,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _localizedStrings. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) UINT32 LocalizedStrings::StringsCount::get() { UINT32 count = (_localizedStrings != nullptr)? _localizedStrings->Value->GetCount() : 0; @@ -124,7 +121,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _localizedStrings. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) KeyValuePair LocalizedStrings::LocalizedStringsEnumerator::Current::get() { if (_currentIndex >= _localizedStrings->StringsCount) @@ -158,8 +154,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Uses security critical member _localizedStrings. /// Safe - Does not expose any security critical info. /// - [SecuritySafeCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] __declspec(noinline) bool LocalizedStrings::FindLocaleName( System::String^ localeName, [System::Runtime::InteropServices::Out] UINT32% index @@ -196,7 +190,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _localizedStrings. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) UINT32 LocalizedStrings::GetLocaleNameLength( UINT32 index ) @@ -228,8 +221,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// TreatAsSafe - Caller does not control size of native buffer and buffer is not exposed. /// - Method does not return critical data. /// - [SecuritySafeCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] __declspec(noinline) System::String^ LocalizedStrings::GetLocaleName( UINT32 index ) @@ -275,7 +266,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Uses security critical member _localizedStrings. /// Safe - It does not expose the pointer it uses. /// - [SecuritySafeCritical] __declspec(noinline) UINT32 LocalizedStrings::GetStringLength( UINT32 index ) @@ -307,8 +297,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// TreatAsSafe - Caller does not control size of native buffer and buffer is not exposed. /// - Method does not return critical data. /// - [SecuritySafeCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] __declspec(noinline) System::String^ LocalizedStrings::GetString( UINT32 index ) diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.h index 65f6a6d5deb..4d26e691f4d 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.h @@ -28,7 +28,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - native pointer. /// - [SecurityCritical] NativeIUnknownWrapper^ _localizedStrings; /// @@ -80,7 +79,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// The DWrite localized Strings object that /// this class wraps. - [SecurityCritical] LocalizedStrings( IDWriteLocalizedStrings* localizedStrings ); @@ -88,7 +86,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Constructs an empty LocalizedStrings object. /// - [SecuritySafeCritical] LocalizedStrings( ); @@ -176,7 +173,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Calls critical method to get localized font string /// TreatAsSafe - it is safe to expose the localized strings for the font. /// - [SecuritySafeCritical] __declspec(noinline) virtual bool TryGetValue( CultureInfo^ key, [Runtime::InteropServices::Out] String^% value diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/NativePointerWrapper.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/NativePointerWrapper.cpp index 7dc57697329..e9750aac8f7 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/NativePointerWrapper.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/NativePointerWrapper.cpp @@ -10,7 +10,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Critical - Assigns the native pointer that this object wraps. /// - //[SecurityCritical] � tagged in header file NativePointerCriticalHandle::NativePointerCriticalHandle(void* pNativePointer) : CriticalHandle(IntPtr::Zero) { SetHandle(IntPtr(pNativePointer)); @@ -21,7 +20,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// Critical - Accesses the critical handle. /// Safe - Does not expose the critical handle. /// - [SecuritySafeCritical] __declspec(noinline) bool NativePointerCriticalHandle::IsInvalid::get() { return (handle == IntPtr::Zero); @@ -31,7 +29,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Critical - Exposes the pointer that this object wraps. /// - [SecurityCritical] T* NativePointerCriticalHandle::Value::get() { return (T*)handle.ToPointer(); @@ -41,7 +38,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Critical - Assigns the native pointer that this object wraps. /// - //[SecurityCritical] � tagged in header file NativeIUnknownWrapper::NativeIUnknownWrapper(IUnknown* pNativePointer) : NativePointerCriticalHandle(pNativePointer) { } @@ -52,7 +48,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// Safe - Just releases the pointer which is stored /// internally and is trusted. /// - [SecuritySafeCritical] __declspec(noinline) bool NativeIUnknownWrapper::ReleaseHandle() { ((IUnknown*)handle.ToPointer())->Release(); @@ -64,7 +59,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Critical - Assigns the native pointer that this object wraps. /// - //[SecurityCritical] � tagged in header file NativePointerWrapper::NativePointerWrapper(T* pNativePointer) : NativePointerCriticalHandle(pNativePointer) { } @@ -75,7 +69,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// Safe - Just deletes the pointer which is stored /// internally and is trusted. /// - [SecuritySafeCritical] __declspec(noinline) bool NativePointerWrapper::ReleaseHandle() { delete handle.ToPointer(); diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/NativePointerWrapper.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/NativePointerWrapper.h index bc6154c2a6c..acb5f3880ea 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/NativePointerWrapper.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/NativePointerWrapper.h @@ -16,19 +16,16 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n private ref class NativePointerCriticalHandle abstract : public CriticalHandle { public: - [SecurityCritical] NativePointerCriticalHandle(void* pNativePointer); virtual property bool IsInvalid { - [SecuritySafeCritical] [ReliabilityContract(Consistency::WillNotCorruptState, Cer::Success)] bool get() override; } property T* Value { - [SecurityCritical] T* get(); } }; @@ -38,12 +35,10 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n { protected: - [SecuritySafeCritical] [ReliabilityContract(Consistency::WillNotCorruptState, Cer::Success)] virtual bool ReleaseHandle() override; public: - [SecurityCritical] NativeIUnknownWrapper(IUnknown* pNativePointer); }; @@ -52,12 +47,10 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n { protected: - [SecuritySafeCritical] [ReliabilityContract(Consistency::WillNotCorruptState, Cer::Success)] virtual bool ReleaseHandle() override; public: - [SecurityCritical] NativePointerWrapper(T* pNativePointer); }; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.cpp index b89c3894bf5..6c4a49f9464 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.cpp @@ -19,7 +19,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Calls critical AnalyzeExtendedAndItemize overload /// - [SecurityCritical] IList^ TextAnalyzer::Itemize( __in_ecount(length) const WCHAR* text, UINT32 length, @@ -124,8 +123,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// the pointer passed to Itemize() is constructed internally so the call /// to TextItemizer->Itemize() is safe. /// - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] IList^ TextAnalyzer::AnalyzeExtendedAndItemize( TextItemizer^ textItemizer, __in_ecount(length) const WCHAR *text, @@ -152,7 +149,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Receives pointers, arrays and their bounds as input. /// - [SecurityCritical] void TextAnalyzer::AnalyzeExtendedCharactersAndDigits( __in_ecount(length) const WCHAR* text, UINT32 length, @@ -241,7 +237,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Receives pointers, arrays and their bounds as input. /// - [SecurityCritical] void TextAnalyzer::GetBlankGlyphsForControlCharacters( __in_ecount(textLength) const WCHAR* pTextString, UINT32 textLength, @@ -297,7 +292,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } // Warning 4714 (__forceinline function not inlined) -// is expected here because TextAnalyzer::GetGlyphs is marked with [SecurityCritical] // and tries to inline HRESULT_FROM_WIN32. // inlining is prevented when the caller or the callee // are marked with any security attribute (critical, safecritical, treatassafecritical). @@ -315,8 +309,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// To new and delete native buffers. /// To perform unsafe reinterpret_casts /// - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] void TextAnalyzer::GetGlyphs( __in_ecount(textLength) const WCHAR* textString, UINT32 textLength, @@ -504,7 +496,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Receives pointers, arrays and their bounds as input. /// - [SecurityCritical] void TextAnalyzer::GetGlyphPlacementsForControlCharacters( __in_ecount(textLength) const WCHAR* pTextString, UINT32 textLength, @@ -590,8 +581,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// To allocate and delete temporary native buffers /// To perform unsafe reinterpret_casts /// - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] void TextAnalyzer::GetGlyphPlacements( __in_ecount(textLength) const WCHAR* textString, __in_ecount(textLength) UINT16 const* clusterMap, @@ -849,8 +838,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// To perform unsafe reinterpret_casts /// To call Marshal.Copy /// - [SecurityCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] void TextAnalyzer::GetGlyphsAndTheirPlacements( __in_ecount(textLength) const WCHAR* textString, UINT32 textLength, @@ -972,7 +959,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Critical - Calls security critical itemProps->ScriptAnalysis. /// Safe - Does not expose the pointer returned from itemProps->ScriptAnalysis. /// - [SecuritySafeCritical] __declspec(noinline) DWRITE_SCRIPT_SHAPES TextAnalyzer::GetScriptShapes(ItemProps^ itemProps) { return ((DWRITE_SCRIPT_ANALYSIS*)(itemProps->ScriptAnalysis))->shapes; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.h index d536d256d9d..790c4f3286c 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.h @@ -47,7 +47,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - receives native pointers as parameters. /// - [SecurityCritical] private delegate int CreateTextAnalysisSource( WCHAR const* text, UINT32 length, @@ -62,19 +61,16 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Returns a native pointer. /// - [SecurityCritical] private delegate void* CreateTextAnalysisSink(); /// /// Critical - receives as parameters and returns native pointers . /// - [SecurityCritical] private delegate void* GetScriptAnalysisList(void*); /// /// Critical - receives as parameters and returns native pointers . /// - [SecurityCritical] private delegate void* GetNumberSubstitutionList(void*); /// /// This class is responsible for Text Analysis and Shaping. @@ -87,7 +83,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - native pointer. /// - [SecurityCritical] NativeIUnknownWrapper^ _textAnalyzer; void GetBlankGlyphsForControlCharacters( @@ -102,7 +97,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface [System::Runtime::InteropServices::Out] UINT32% actualGlyphCount ); - [SecurityCritical] void GetGlyphPlacementsForControlCharacters( __in_ecount(textLength) const WCHAR* pTextString, UINT32 textLength, @@ -121,7 +115,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - recieves native pointers. /// - [SecurityCritical] static void ReleaseItemizationNativeResources( IDWriteFactory** ppFactory, IDWriteTextAnalyzer** ppTextAnalyzer, @@ -151,7 +144,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } } - [SecurityCritical] static IList^ AnalyzeExtendedAndItemize( TextItemizer^ textItemizer, __in_ecount(length) const WCHAR *text, @@ -175,12 +167,10 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Contructs a Font object. /// /// The DWrite font object that this class wraps. - [SecurityCritical] TextAnalyzer( IDWriteTextAnalyzer* textAnalyzer ); - [SecurityCritical] static IList^ Itemize( __in_ecount(length) const WCHAR* text, UINT32 length, @@ -197,7 +187,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface CreateTextAnalysisSource^ pfnCreateTextAnalysisSource ); - [SecurityCritical] static void AnalyzeExtendedCharactersAndDigits( __in_ecount(length) const WCHAR* text, UINT32 length, @@ -207,7 +196,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface IClassification^ classificationUtility ); - [SecurityCritical] void GetGlyphsAndTheirPlacements( __in_ecount(textLength) const WCHAR* textString, UINT32 textLength, @@ -229,7 +217,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface [System::Runtime::InteropServices::Out] array ^% glyphOffsets ); - [SecurityCritical] void GetGlyphs( __in_ecount(textLength) const WCHAR* textString, UINT32 textLength, @@ -251,7 +238,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface [System::Runtime::InteropServices::Out] UINT32% actualGlyphCount ); - [SecurityCritical] void GetGlyphPlacements( __in_ecount(textLength) const WCHAR* textString, __in_ecount(textLength) UINT16 const* clusterMap, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextItemizer.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextItemizer.cpp index bd9a3d454d9..8c91570a883 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextItemizer.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextItemizer.cpp @@ -61,7 +61,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Critical - Can be passed an arbitrary pointer that is written to in the method. /// - [SecurityCritical] __declspec(noinline) IList^ TextItemizer::Itemize(CultureInfo^ numberCulture, __in_ecount(textLength) CharAttributeType* pCharAttribute, UINT32 textLength) { DWriteTextAnalysisNode* pScriptAnalysisListPrevious = _pScriptAnalysisListHead; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextItemizer.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextItemizer.h index 13ede8a7546..c5ef306309e 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextItemizer.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextItemizer.h @@ -40,7 +40,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface }; [ClassInterface(ClassInterfaceType::None), ComVisible(true)] - [System::Security::SecurityCritical(System::Security::SecurityCriticalScope::Everything)] private ref class TextItemizer { private: @@ -67,7 +66,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface TextItemizer(DWriteTextAnalysisNode* pScriptAnalysisListHead, DWriteTextAnalysisNode* pNumberSubstitutionListHead); - [SecurityCritical] IList^ Itemize(CultureInfo^ numberCulture, __in_ecount(textLength) CharAttributeType* pCharAttribute, UINT32 textLength); void SetIsDigit( diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ControlTableInit.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ControlTableInit.h index 14a3ad83b94..120d2037970 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ControlTableInit.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ControlTableInit.h @@ -12,7 +12,6 @@ private ref class ControlTableInit static bool _isInitialized = false; public: - [System::Security::SecurityCritical, System::Security::SecurityTreatAsSafe] static void Init(); }; #endif //__CONTROLTABLEINIT_H diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/GlobalInit.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/GlobalInit.h index 09bd0d72b8c..93d240b9879 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/GlobalInit.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/GlobalInit.h @@ -12,7 +12,6 @@ private ref class GlobalInit static bool _isInitialized = false; public: - [System::Security::SecurityCritical, System::Security::SecurityTreatAsSafe] static void Init(); }; #endif // __GLOBAL_INIT_H diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/automap.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/automap.cpp index ba7fecc8c89..00ec1e7b5a4 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/automap.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/automap.cpp @@ -24,7 +24,6 @@ #include "automap.h" -[System::Security::SecurityCritical] int16 MortAutoMap(TTFACC_FILEBUFFERINFO * pInputBufferInfo, /* ttfacc info */ uint8 * pabKeepGlyphs, /* binary list of glyphs to keep - to be updated here */ uint16 usnGlyphs, /* number of glyphs in list */ @@ -69,7 +68,6 @@ int16 errCode = NO_ERROR; /* Static function to syncronize the Keep Glyph List with the Coverage list */ /* (add in values if necessary) */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] static int16 UpdateKeepWithCoverage(TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint8 * pabKeepGlyphs, uint16 usnGlyphs, uint16 fKeepFlag, uint32 ulBaseOffset, uint32 ulCoverageOffset, uint16 *pArray, uint16 usLookupType, uint16 usSubstFormat) { uint32 ulOffset; @@ -302,7 +300,6 @@ int16 errCode = NO_ERROR; /* static function to read glyphid out of BaseCoordFormat2 table and */ /* add it to the KeepGlyph list */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] static int16 ProcessBaseCoord(TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulOffset, uint8 * pabKeepGlyphs, uint16 usnGlyphs, uint16 fKeepFlag) { BASECOORDFORMAT2 BASECoordFormat2; @@ -325,7 +322,6 @@ uint16 usBytesRead; /* static function to read the glyphids from a MinMax record and add it*/ /* to the KeepGlyph list */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] static int16 ProcessMinMax(TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulOffset, uint8 * pabKeepGlyphs, uint16 usnGlyphs, uint16 fKeepFlag) { BASEMINMAX BASEMinMax; @@ -363,7 +359,6 @@ int16 errCode; /* function to grab all referenced glyph IDs from GSUB, JSTF and BASE */ /* TTO tables and add them into the list of glyphs to keep */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 TTOAutoMap( TTFACC_FILEBUFFERINFO * pInputBufferInfo, /* ttfacc info */ uint8 * pabKeepGlyphs, /* binary list of glyphs to keep - to be updated here */ uint16 usnGlyphs, /* number of glyphs in list */ @@ -752,7 +747,6 @@ int16 errCode = NO_ERROR; /* function to read all the glyph IDs from the Apple cmap, and add them*/ /* into the list of glyphs to keep */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 AppleAutoMap( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint8 * pabKeepGlyphs, uint16 usnGlyphs, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/automap.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/automap.h index f29a5e14181..5ea99c57b0b 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/automap.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/automap.h @@ -12,11 +12,8 @@ #ifndef AUTOMAP_DOT_H_DEFINED #define AUTOMAP_DOT_H_DEFINED -[System::Security::SecurityCritical] int16 TTOAutoMap( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint8 * pabKeepGlyphs, uint16 usnGlyphs, uint16 fKeepFlag); -[System::Security::SecurityCritical] int16 MortAutoMap( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint8 * pabKeepGlyphs, uint16 usnGlyphs, uint16 fKeepFlag); -[System::Security::SecurityCritical] int16 AppleAutoMap(TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint8 * pabKeepGlyphs, uint16 usnGlyphs, uint16 fKeepFlag); #endif /* AUTOMAP_DOT_H_DEFINED */ diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/intsafe_private_copy.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/intsafe_private_copy.h index 5a70681fe8e..7fe53745b72 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/intsafe_private_copy.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/intsafe_private_copy.h @@ -46,7 +46,6 @@ typedef unsigned __int64 ULONGLONG; // // UINT addition // -[System::Security::SecurityCritical] __checkReturn __inline HRESULT @@ -74,7 +73,6 @@ UIntAdd( // // ULONGLONG -> ULONG conversion // -[System::Security::SecurityCritical] __checkReturn __inline HRESULT @@ -101,7 +99,6 @@ ULongLongToULong( // // ULONG multiplication // -[System::Security::SecurityCritical] __checkReturn __inline HRESULT @@ -118,7 +115,6 @@ ULongMult( // // ULONG subtraction // -[System::Security::SecurityCritical] __checkReturn __inline HRESULT @@ -142,4 +138,4 @@ ULongSub( return hr; } -#endif //__INTSAFE_PRIVATE_COPY_H \ No newline at end of file +#endif //__INTSAFE_PRIVATE_COPY_H diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/makeglst.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/makeglst.cpp index bbe19ceaa8e..6ea0dde0f34 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/makeglst.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/makeglst.cpp @@ -155,7 +155,6 @@ Thanks, /* ---------------------------------------------------------------------- */ /* Convert an array of codepoints to user space if this is a symbol font */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 UnicodeToSymbols( TTFACC_FILEBUFFERINFO * pInputBufferInfo, /* ttfacc info */ CONST CHAR_ID *pulKeepCharCodeList, /* list of chars to keep - from client */ @@ -212,7 +211,6 @@ USHORT usHighByte; /* Check if resulting glyph table would be empty for current keep list */ /* and if it is the case, just add first non-empty glyph to the list. */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 EnsureNonEmptyGlyfTable( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint8 *puchKeepGlyphList, @@ -270,7 +268,6 @@ int16 EnsureNonEmptyGlyfTable( } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 MakeKeepGlyphList( TTFACC_FILEBUFFERINFO * pInputBufferInfo, /* ttfacc info */ CONST uint16 usListType, /* 0 = character list, 1 = glyph list */ diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/makeglst.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/makeglst.h index c32b9056fc5..361426390b6 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/makeglst.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/makeglst.h @@ -12,7 +12,6 @@ #ifndef MAKEGLIST_DOT_H_DEFINED #define MAKEGLIST_DOT_H_DEFINED -[System::Security::SecurityCritical] int16 MakeKeepGlyphList( TTFACC_FILEBUFFERINFO * pInputBufferInfo, CONST uint16 usListType, /* 0 = character list, 1 = glyph list */ diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modcmap.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modcmap.cpp index 672dcf4f400..c0922b8dc52 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modcmap.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modcmap.cpp @@ -43,7 +43,6 @@ struct cmapoffsetrecordkeeper /* housekeeping structure */ }; /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 InitCmapOffsetArray(PCMAPOFFSETRECORDKEEPER pKeeper, uint16 usRecordCount) { @@ -55,7 +54,6 @@ PRIVATE int16 InitCmapOffsetArray(PCMAPOFFSETRECORDKEEPER pKeeper, return NO_ERROR; } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE void FreeCmapOffsetArray(PCMAPOFFSETRECORDKEEPER pKeeper) { Mem_Free(pKeeper->pCmapOffsetArray); @@ -64,7 +62,6 @@ PRIVATE void FreeCmapOffsetArray(PCMAPOFFSETRECORDKEEPER pKeeper) pKeeper->usNextArrayIndex = 0; } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 RecordCmapOffset(PCMAPOFFSETRECORDKEEPER pKeeper, uint32 ulOldCmapOffset, uint32 ulNewCmapOffset) @@ -79,7 +76,6 @@ PRIVATE int16 RecordCmapOffset(PCMAPOFFSETRECORDKEEPER pKeeper, } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE uint32 LookupCmapOffset(PCMAPOFFSETRECORDKEEPER pKeeper, uint32 ulOldCmapOffset) { @@ -104,7 +100,6 @@ typedef struct { /* used to sort and keep track of new offsets */ /* Must sort subtables by offset, so that their data blocks may be moved in order */ /* output of this function is the IndexOffset array */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE void SortCmapSubByOffset(CMAP_TABLELOC *pCmapTableLoc, uint16 usSubTableCount, IndexOffset *pIndexArray) { uint16 i, j, k; @@ -136,7 +131,6 @@ uint16 i, j, k; /* lcp change long word pad between subtables to short word pad. Caused tables */ /* to grow unnecessarily */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 CompressCmapSubTables(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, /* ttfacc info */ CMAP_TABLELOC *pCmapTableLoc, /* array of CmapSubTable locators */ uint16 usSubTableCount, /* count of that array */ @@ -224,7 +218,6 @@ uint16 usPadBytes; return errCode; } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE uint16 GetCmapSubtableCount( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulCmapOffset) { @@ -241,7 +234,6 @@ uint16 usBytesRead; /* this routine modifies the apple cmap table so that characters referencing deleted glyphs are mapped to the missing character. */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 ModMacStandardCmap( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 ulOffset, uint8 *puchKeepGlyphList, uint16 usGlyphCount ) { uint16 i; @@ -267,7 +259,6 @@ int16 errCode; referencing deleted glphs are mapped to the missing character. It will also shorten the table if possible. */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 ModMacTrimmedCmap( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 ulOffset, uint8 *puchKeepGlyphList, @@ -349,7 +340,6 @@ uint32 ulOutGlyphOffset; /* to point to a glyph value to write */ /* if the resulting CMAP table will be larger than the original, then */ /* the cmap will be restored the original */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ModCmap(CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint8 *puchKeepGlyphList, /* glyphs to keep - boolean */ @@ -548,4 +538,4 @@ uint16 usBytesRead; } /* ModCmap() */ -/* ------------------------------------------------------------------- */ \ No newline at end of file +/* ------------------------------------------------------------------- */ diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modcmap.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modcmap.h index f3ef084673f..5c7b2ea2ef8 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modcmap.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modcmap.h @@ -12,7 +12,6 @@ #ifndef MODCMAP_DOT_H_DEFINED #define MODCMAP_DOT_H_DEFINED -[System::Security::SecurityCritical] int16 ModCmap(CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint8 *puchKeepGlyphList, /* glyphs to keep - boolean */ diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modglyf.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modglyf.cpp index 870c5ac3d2d..eaf87f2de70 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modglyf.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modglyf.cpp @@ -32,7 +32,6 @@ The described action is taken here to reduce the size of the font file. */ /* this function will work if a glyf and or loca table already exist in the output */ /* file or not */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ModGlyfLocaAndHead( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint8 *puchKeepGlyphList, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modglyf.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modglyf.h index 5a8dcc8d854..90d8bb65170 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modglyf.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modglyf.h @@ -12,7 +12,6 @@ #ifndef MODGLYF_DOT_H_DEFINED #define MODGLYF_DOT_H_DEFINED -[System::Security::SecurityCritical] int16 ModGlyfLocaAndHead( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutBufferInfo, uint8 *puchKeepGlyphList, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modsbit.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modsbit.cpp index d843d60930f..b50aeb50257 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modsbit.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modsbit.cpp @@ -50,7 +50,6 @@ struct glyphoffsetrecordkeeper /* housekeeping structure */ }; /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 RecordGlyphOffset(PGLYPHOFFSETRECORDKEEPER pKeeper, uint32 ulOldOffset, ImageDataBlock * pImageDataBlock) /* record this block as being used */ @@ -74,7 +73,6 @@ PRIVATE int16 RecordGlyphOffset(PGLYPHOFFSETRECORDKEEPER pKeeper, } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE uint32 LookupGlyphOffset(PGLYPHOFFSETRECORDKEEPER pKeeper, uint32 ulOldOffset, ImageDataBlock *pImageDataBlock) @@ -107,7 +105,6 @@ uint32 i; pulEBDTBytesWritten, pulTableSize /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 FixSbitSubTables(CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, /* input TTF data */ TTFACC_FILEBUFFERINFO * pOutputBufferInfo, /* output TTF data */ uint32 ulOffset, /* offset where to read the indexSubHeader (from the Output buffer) */ @@ -580,7 +577,6 @@ typedef struct { /* There is an error reported if this occurs */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE uint32 FixSbitSubTableFormat1(uint16 usFirstIndex, /* index of first Glyph in table */ uint16 * pusLastIndex, /* pointer to index of last glyph in table - will set if not all table will fit */ uint8 * puchIndexSubTable, /* buffer into which to stuff the Format 3 table(s) - does not include IndexSubTableArray */ @@ -647,7 +643,6 @@ uint16 usIndex; /* ------------------------------------------------------------------- */ /* process all IndexSubTables in an IndexSubTable Array */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 FixSbitSubTableArray(CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 ulOffset, @@ -805,7 +800,6 @@ PRIVATE int16 FixSbitSubTableArray(CONST_TTFACC_FILEBUFFERINFO * pInputBufferInf } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 WriteIndexSubTables(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, INDEXSUBTABLEARRAY *pIndexSubTableArray, uint8 * puchIndexSubTables, @@ -891,7 +885,6 @@ uint32 ulStartOffset; return NO_ERROR; } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void Cleanup_SubTablePointers(SubTablePointers *pSubTablePointers,uint32 ulNumSizes) { uint16 ulSizeIndex; @@ -923,7 +916,6 @@ uint16 ulSizeIndex; /* If a component of a composite character is deleted (but not the character), */ /* this is an error */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ModSbit( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, /* input buffer, we will read EBDT data from here */ TTFACC_FILEBUFFERINFO * pOutputBufferInfo, /* output buffer, we will copy EBLC data here, then modify */ CONST uint8 *puchKeepGlyphList, /* list of glyphs to keep */ diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modsbit.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modsbit.h index cd938b40df6..7e3bd5bae0a 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modsbit.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modsbit.h @@ -12,11 +12,10 @@ #ifndef MODSBIT_DOT_H_DEFINED #define MODSBIT_DOT_H_DEFINED -[System::Security::SecurityCritical] int16 ModSbit( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint8 *puchKeepGlyphList, CONST uint16 usGlyphListCount, uint32 *pulNewOutOffset); -#endif /* MODSBIT_DOT_H_DEFINED */ \ No newline at end of file +#endif /* MODSBIT_DOT_H_DEFINED */ diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modtable.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modtable.cpp index 994f83dc9bc..f61c38cd718 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modtable.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modtable.cpp @@ -54,7 +54,6 @@ This function may do one of many things. /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ModXmtxXhea( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint8 *puchKeepGlyphList, @@ -256,7 +255,6 @@ const char * xhea_tag; } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ModMaxP( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 *pulNewOutOffset) @@ -300,7 +298,6 @@ uint16 usBytesWritten; /* NOTE: This function will work fine even if the OS/2 table becomes updated. The version value is preserved, and the length of the table is not modified */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ModOS2( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint16 usMinChr, uint16 usMaxChr, @@ -362,7 +359,6 @@ int16 errCode = NO_ERROR; /* this function changes all Post tables to format 3.0 for space savings */ /* ------------------------------------------------------------------- */ #define POST_FORMAT_3 0x0030000 -[System::Security::SecurityCritical] int16 ModPost( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint16 usFormat, @@ -420,7 +416,6 @@ overwriting data we already have */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ModName( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint16 usLanguage, @@ -493,7 +488,6 @@ TTFACC_FILEBUFFERINFO NameTableBufferInfo; /* needed by WriteNameRecords */ } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 AdjustKernFormat0(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint8 *puchKeepGlyphList, CONST uint16 usGlyphListCount, @@ -568,7 +562,6 @@ int16 errCode; } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ModKern( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint8 *puchKeepGlyphList, CONST uint16 usGlyphListCount, @@ -653,7 +646,6 @@ int16 errCode = NO_ERROR; /* clear out any unused glyphs. Calculate new maxWidth value for each device record */ /* assumes that hhea table has been updated with info for the modified hmtx table */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ModHdmx( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint8 *puchKeepGlyphList, CONST uint16 usGlyphListCount, @@ -782,7 +774,6 @@ uint32 ulOutSizeDeviceRecord; /* ------------------------------------------------------------------- */ /* Zero out any unused glyphs */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ModLTSH( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint8 *puchKeepGlyphList, CONST uint16 usGlyphListCount, @@ -862,7 +853,6 @@ uint16 usBytesWritten; /* Greatest Common Denominator */ /* recursive !! */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE uint16 GCD (uint16 u, uint16 v) { if (v == 0) @@ -871,7 +861,6 @@ PRIVATE uint16 GCD (uint16 u, uint16 v) return GCD(v, (uint16) (u % v)); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void ReduceRatio(uint16 *px, uint16 *py) { uint16 gcd; @@ -901,7 +890,6 @@ struct groupoffsetrecordkeeper /* housekeeping structure */ }; /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 InitGroupOffsetArray(PGROUPOFFSETRECORDKEEPER pKeeper, uint16 usRecordCount) { @@ -913,7 +901,6 @@ PRIVATE int16 InitGroupOffsetArray(PGROUPOFFSETRECORDKEEPER pKeeper, return NO_ERROR; } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE void FreeGroupOffsetArray(PGROUPOFFSETRECORDKEEPER pKeeper) { Mem_Free(pKeeper->pGroupOffsetArray); @@ -922,7 +909,6 @@ PRIVATE void FreeGroupOffsetArray(PGROUPOFFSETRECORDKEEPER pKeeper) pKeeper->usNextArrayIndex = 0; } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 RecordGroupOffset(PGROUPOFFSETRECORDKEEPER pKeeper, uint16 usOldGroupOffset, uint16 usNewGroupOffset) @@ -937,7 +923,6 @@ PRIVATE int16 RecordGroupOffset(PGROUPOFFSETRECORDKEEPER pKeeper, } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE uint16 LookupGroupOffset(PGROUPOFFSETRECORDKEEPER pKeeper, uint16 usOldGroupOffset) { @@ -958,7 +943,6 @@ uint16 i; /* need to remove 4:3 ratio and 0:0 ration (if a 1:1 already exists) */ /* don't have to copy the data over from the inputbuffer, as this function reads directly from there */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ModVDMX(CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint16 usFormat, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modtable.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modtable.h index e71db9cd72d..5c506d218d0 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modtable.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/modtable.h @@ -12,25 +12,15 @@ #ifndef MODTABLE_DOT_H_DEFINED #define MODTABLE_DOT_H_DEFINED -[System::Security::SecurityCritical] int16 ModXmtxXhea( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint8 *puchKeepGlyphList, CONST uint16 usGlyphListCount, CONST uint16 usGlyphIndexCount, CONST uint16 usMaxGlyphIndexUsed, BOOL isHmtx, uint32 *pulBytesWritten); -[System::Security::SecurityCritical] int16 ModLTSH( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint8 *puchKeepGlyphList, CONST uint16 usGlyphListCount, CONST uint16 usGlyphIndexCount, uint32 *pulBytesWritten); -[System::Security::SecurityCritical] int16 ModHdmx( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint8 *puchKeepGlyphList, CONST uint16 usGlyphListCount, CONST uint16 usGlyphIndexCount, uint32 *pulBytesWritten); -[System::Security::SecurityCritical] int16 ModHead( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint16 usGlyphListCount, uint32 *pCheckSumAdjustment, uint32 *pulBytesWritten ); -[System::Security::SecurityCritical] int16 ModKern( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint8 *puchKeepGlyphList, CONST uint16 usGlyphListCount, CONST uint16 usFormat , uint32 *pulBytesWritten); -[System::Security::SecurityCritical] int16 ModMaxP( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 *pulBytesWritten); -[System::Security::SecurityCritical] int16 ModName(CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint16 usLanguage, CONST uint16 usFormat, uint32 *pulBytesWritten ); -[System::Security::SecurityCritical] int16 ModOS2(CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint16 usMinChr, uint16 usMaxChr, CONST uint16 usFormat, uint32 *pulBytesWritten ); -[System::Security::SecurityCritical] int16 ModPost(CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo , CONST uint16 usFormat, uint32 *pulBytesWritten ); -[System::Security::SecurityCritical] int16 ModVDMX(CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST uint16 usFormat, uint32 *pulBytesWritten ); #endif /* MODTABLE_DOT_H_DEFINED */ diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/mtxcalc.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/mtxcalc.cpp index 27b893456f6..7fe356cb088 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/mtxcalc.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/mtxcalc.cpp @@ -25,7 +25,6 @@ /* function definitions ---------------------------------------------- */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 GetGlyphStats( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 usGlyphIdx, int16 * psnContours, @@ -69,7 +68,6 @@ int16 errCode; /* ------------------------------------------------------------------- */ /* NOT recursive, operates on "flat" tree */ -[System::Security::SecurityCritical] PRIVATE int16 GetCompositeGlyphStats( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 usGlyphIdx, int16 * psnContours, @@ -121,7 +119,6 @@ BOOL bStatus; } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ComputeMaxPStats( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 * pusMaxContours, uint16 * pusMaxPoints, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/mtxcalc.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/mtxcalc.h index 338972f6451..d2f519a1da6 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/mtxcalc.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/mtxcalc.h @@ -16,7 +16,6 @@ /* macro definitions ---------------------------------------------------- */ /* function prototypes -------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ComputeMaxPStats( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 * pusMaxContours, uint16 * pusMaxPoints, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfacc.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfacc.cpp index d4319499c14..8a2bce89d10 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfacc.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfacc.cpp @@ -32,7 +32,6 @@ #endif /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 CheckInOffset(TTFACC_FILEBUFFERINFO *a, uint32 b, uint32 c) { @@ -50,7 +49,6 @@ int16 CheckInOffset(TTFACC_FILEBUFFERINFO *a, uint32 b, uint32 c) } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 CheckOutOffset(TTFACC_FILEBUFFERINFO *a, register uint32 b, register uint32 c) { @@ -101,7 +99,6 @@ int16 CheckOutOffset(TTFACC_FILEBUFFERINFO *a, register uint32 b, register uint3 } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 ReadByte(TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint8 * puchBuffer, uint32 ulOffset) { @@ -117,7 +114,6 @@ int16 ReadByte(TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint8 * puchBuffer, uin return NO_ERROR; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 ReadWord(TTFACC_FILEBUFFERINFO * pInputBufferInfo, UNALIGNED uint16 * pusBuffer, uint32 ulOffset) { @@ -133,7 +129,6 @@ ReadWord(TTFACC_FILEBUFFERINFO * pInputBufferInfo, UNALIGNED uint16 * pusBuffer, return NO_ERROR; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 ReadLong(TTFACC_FILEBUFFERINFO * pInputBufferInfo, UNALIGNED uint32 * pulBuffer, uint32 ulOffset) { @@ -149,7 +144,6 @@ int16 ReadLong(TTFACC_FILEBUFFERINFO * pInputBufferInfo, UNALIGNED uint32 * pulB return NO_ERROR; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 ReadBytes(TTFACC_FILEBUFFERINFO * pInputBufferInfo, __out_ecount(Count) uint8 * puchBuffer, uint32 ulOffset, uint32 Count) { @@ -165,7 +159,6 @@ int16 ReadBytes(TTFACC_FILEBUFFERINFO * pInputBufferInfo, __out_ecount(Count) ui return NO_ERROR; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 WriteByte(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint8 uchValue, uint32 ulOffset) { @@ -180,7 +173,6 @@ int16 WriteByte(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint8 uchValue, uint3 return NO_ERROR; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 WriteWord(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint16 usValue, uint32 ulOffset) { @@ -195,7 +187,6 @@ int16 WriteWord(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint16 usValue, uint3 return NO_ERROR; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 WriteLong(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 ulValue, uint32 ulOffset) { @@ -210,7 +201,6 @@ int16 WriteLong(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 ulValue, uint3 return NO_ERROR; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 WriteBytes(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint8 * puchBuffer, uint32 ulOffset, uint32 Count) { @@ -234,7 +224,6 @@ pusByteRead - number of bytes read 0 if OK error code if not. */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 ReadGeneric( TTFACC_FILEBUFFERINFO * pInputBufferInfo, /* buffer info of file buffer to read from */ @@ -335,7 +324,6 @@ pusByteRead - number of bytes read total 0 if OK or ErrorCode */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 ReadGenericRepeat( TTFACC_FILEBUFFERINFO * pInputBufferInfo, /* buffer info of file buffer to read from */ @@ -372,7 +360,6 @@ pusBytesWritten - Number of bytes written. 0 or Error Code */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 WriteGeneric( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, @@ -471,7 +458,6 @@ pusByteWritten - number of bytes written total 0 if OK or ErrorCode */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 WriteGenericRepeat( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, @@ -502,7 +488,6 @@ uint16 usBytesWritten; /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint16 GetGenericSize(uint8 * puchControl) { uint16 usCurrOffset = 0; @@ -535,7 +520,6 @@ uint16 i; /* ---------------------------------------------------------------------- */ /* next 2 functions moved from ttftabl1.c to allow inline ReadLong access */ /* calc checksum of an as-yet unwritten Directory. */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 CalcChecksum( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulOffset, @@ -580,7 +564,6 @@ int16 CalcChecksum( TTFACC_FILEBUFFERINFO * pInputBufferInfo, return NO_ERROR; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) uint16 CalcFileChecksum( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulLength, uint32 * pulChecksum) { @@ -588,7 +571,6 @@ uint16 CalcFileChecksum( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulLeng } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) uint16 UTF16toUCS4(uint16 *pUTF16, uint16 usCountUTF16, uint32 *pUCS4, uint16 usCountUCS4, uint16 *pusChars) { @@ -634,7 +616,6 @@ uint16 UTF16toUCS4(uint16 *pUTF16, uint16 usCountUTF16, uint32 *pUCS4, uint16 us } /* Init function. Set the function pointers to the default functions below. */ -[System::Security::SecurityCritical] void InitFileBufferInfo(TTFACC_FILEBUFFERINFO * pBufferInfo, uint8 *puchBuffer, uint32 ulBufferSize, CFP_REALLOCPROC lpfnReAlloc) { pBufferInfo->puchBuffer = puchBuffer; @@ -643,7 +624,6 @@ void InitFileBufferInfo(TTFACC_FILEBUFFERINFO * pBufferInfo, uint8 *puchBuffer, pBufferInfo->lpfnReAllocate = lpfnReAlloc; } -[System::Security::SecurityCritical] void InitConstFileBufferInfo(CONST_TTFACC_FILEBUFFERINFO * pBufferInfo, CONST uint8 *puchBuffer, uint32 ulBufferSize) { InitFileBufferInfo((TTFACC_FILEBUFFERINFO *)pBufferInfo, (uint8*)puchBuffer, ulBufferSize, NULL /* cant reallocate const */); diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfacc.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfacc.h index cfdc0a55d8a..c1ee5d13ceb 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfacc.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfacc.h @@ -56,33 +56,21 @@ typedef struct CONST_TTFACC_FILEBUFFERINFO { CFP_REALLOCPROC lpfnReAllocate; } CONST_TTFACC_FILEBUFFERINFO; -[System::Security::SecurityCritical] void InitFileBufferInfo(TTFACC_FILEBUFFERINFO * pBufferInfo, uint8 *puchBuffer, uint32 ulBufferSize, CFP_REALLOCPROC lpfnReAllocate); -[System::Security::SecurityCritical] void InitConstFileBufferInfo(CONST_TTFACC_FILEBUFFERINFO * pBufferInfo, CONST uint8 *puchBuffer, uint32 ulBufferSize); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 CheckInOffset(TTFACC_FILEBUFFERINFO *a, uint32 b, uint32 c); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 CheckOutOffset(TTFACC_FILEBUFFERINFO *a, register uint32 b, register uint32 c); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 ReadByte(TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint8 * puchBuffer, uint32 ulOffset); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 ReadWord(TTFACC_FILEBUFFERINFO * pInputBufferInfo, UNALIGNED uint16 * pusBuffer, uint32 ulOffset); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 ReadLong(TTFACC_FILEBUFFERINFO * pInputBufferInfo, UNALIGNED uint32 * pulBuffer, uint32 ulOffset); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 ReadBytes(TTFACC_FILEBUFFERINFO * pInputBufferInfo, __out_ecount(Count) uint8 * puchBuffer, uint32 ulOffset, uint32 Count); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 WriteByte(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint8 uchValue, uint32 ulOffset); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 WriteWord(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint16 usValue, uint32 ulOffset); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 WriteLong(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 ulValue, uint32 ulOffset); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 WriteBytes(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint8 * puchBuffer, uint32 ulOffset, uint32 Count); /* ReadGeneric - Generic read of data - Translation buffer provided for Word and Long swapping and RISC alignment handling */ @@ -92,7 +80,6 @@ puchDestBuffer updated with new data Return: 0 or ErrorCode. */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 ReadGeneric( TTFACC_FILEBUFFERINFO * pInputBufferInfo, /* buffer info of file buffer to read from */ uint8 * puchBuffer, /* buffer to read into - pad according to pControl data */ @@ -102,7 +89,6 @@ __checkReturn __success(return==NO_ERROR) int16 ReadGeneric( uint16 * pusBytesRead /* number of bytes read from the file */ ); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 ReadGenericRepeat( TTFACC_FILEBUFFERINFO * pInputBufferInfo, /* buffer info of file buffer to read from */ uint8 * puchBuffer, /* buffer to read into - pad according to pControl data */ @@ -120,7 +106,6 @@ puchDestBuffer updated with new data Number of bytes written. */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 WriteGeneric( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint8 * puchBuffer, @@ -130,7 +115,6 @@ __checkReturn __success(return==NO_ERROR) int16 WriteGeneric( uint16 *pusBytesWritten ); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 WriteGenericRepeat( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint8 * puchBuffer, /* buffer to read from - pad according to pControl data */ @@ -141,24 +125,20 @@ __checkReturn __success(return==NO_ERROR) int16 WriteGenericRepeat( uint16 usItemSize /* size of item in buffer */ ); -[System::Security::SecurityCritical] uint16 GetGenericSize(uint8 * puchControl); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) int16 CalcChecksum( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulOffset, uint32 ulLength, uint32 * pulChecksum ); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) uint16 CalcFileChecksum( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulLength, uint32 * pulChecksum ); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) uint16 UTF16toUCS4( uint16 *pUTF16, uint16 usCountUTF16, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfcntrl.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfcntrl.cpp index 917c9b31058..a37fed98a7c 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfcntrl.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfcntrl.cpp @@ -431,7 +431,6 @@ uint8 MORTHEADER_CONTROL[MORTHEADER_CONTROL_COUNT+1]; /* MORTTABLE */ // methods to fail NGEN and be Jitted causing significant startup perf regressions. // This method has to be made SecurityCritical so that NGEN can process it! // It contains safe code. -[SecurityCritical, SecurityTreatAsSafe] void GlobalInit::Init() { if (!_isInitialized) @@ -1571,4 +1570,4 @@ void GlobalInit::Init() System::Threading::Monitor::Exit(_staticLock); } } -} \ No newline at end of file +} diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfdelta.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfdelta.cpp index 9efbc505a37..faaaccffa30 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfdelta.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfdelta.cpp @@ -34,7 +34,6 @@ #include "modsbit.h" /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 TTCOffsetTableOffset( /* 0 */ CONST unsigned char * puchSrcBuffer, /* input TTF or TTC buffer */ /* 1 */ CONST unsigned long ulSrcBufferSize, /* size of input TTF or TTC buffer data */ @@ -69,7 +68,6 @@ uint32 ulOffset; return errCode; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 ExitCleanup(int16 errCode) { Mem_End(); @@ -77,7 +75,6 @@ PRIVATE int16 ExitCleanup(int16 errCode) } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 CopyOffsetDirectoryTables(CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint16 usFormat, @@ -193,7 +190,6 @@ int16 errCode; return(errCode); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 CopyForgottenTables( CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 * pulNewOutOffset ) @@ -257,7 +253,6 @@ char szTag[5]; /* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE void FillGlyphIndexArray( __in_ecount(usGlyphListCount) CONST uint8 *puchKeepGlyphList, CONST uint16 usGlyphListCount, @@ -279,7 +274,6 @@ uint16 usGlyphIndex = 0; /* ------------------------------------------------------------------- */ /* call this at the very end, before tables. */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 CompactMaxpLocaTable(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint8 *puchKeepGlyphList, uint16 usGlyphListCount, @@ -372,7 +366,6 @@ HEAD Head; 8. Re-calculate file checksum and update head table /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int16 UpdatePrivateTable(TTFACC_FILEBUFFERINFO *pOutputBufferInfo, uint32 *pulNewOutOffset, CONST uint16 * pusGlyphIndexArray, @@ -434,7 +427,6 @@ uint16 usBytesWritten; /* in addition any array tables (LTSH, loca, hmtx, hdmx, vmtx) will have a percentage discarded */ /* Format Delta will keep only a list of tables, and the Subset1 compacted and Glyf tables will keep only a portion */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE void CalcOutputBufferSize(CONST_TTFACC_FILEBUFFERINFO *pInputBufferInfo, uint16 usGlyphListCount, uint16 usGlyphKeepCount, @@ -534,7 +526,6 @@ uint32 ulKeepTablesLength = 0; typedef void *(CFP_REALLOCPROC) (void *, size_t ); void *lpvReserved /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 CreateDeltaTTF(CONST uint8 * puchSrcBuffer, CONST uint32 ulSrcBufferSize, uint8 ** ppuchDestBuffer, @@ -698,7 +689,6 @@ int16 CreateDeltaTTF(CONST uint8 * puchSrcBuffer, return errCode; } -[System::Security::SecurityCritical] int16 CreateDeltaTTFEx(CONST uint8 * puchSrcBuffer, CONST uint32 ulSrcBufferSize, uint8 ** ppuchDestBuffer, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfdelta.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfdelta.h index ae2780a3f27..cff5bd1a107 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfdelta.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttfdelta.h @@ -23,7 +23,6 @@ typedef void *(*CFP_REALLOCPROC)(void *, size_t); typedef void (*CFP_FREEPROC)(void *); #endif -[System::Security::SecurityCritical] short TTCOffsetTableOffset(CONST unsigned char * puchSrcBuffer, CONST unsigned long ulSrcBufferSize, CONST unsigned short usTTCIndex, @@ -31,7 +30,6 @@ short TTCOffsetTableOffset(CONST unsigned char * puchSrcBuffer, /* return codes defined in ttferror.h */ -[System::Security::SecurityCritical] short SubsetTTF(CONST unsigned char * puchSrcBuffer, unsigned char * puchDestBuffer, CONST unsigned long ulBufferSize, @@ -44,7 +42,6 @@ short SubsetTTF(CONST unsigned char * puchSrcBuffer, CONST unsigned short usTTCIndex); /* return codes defined in ttferror.h */ -[System::Security::SecurityCritical] short CreateDeltaTTF(CONST unsigned char * puchSrcBuffer, CONST unsigned long ulSrcBufferSize, unsigned char ** ppuchDestBuffer, @@ -61,7 +58,6 @@ short CreateDeltaTTF(CONST unsigned char * puchSrcBuffer, CFP_FREEPROC lpfnFree, unsigned long ulOffsetTableOffset, void * lpvReserved); -[System::Security::SecurityCritical] short CreateDeltaTTFEx(CONST unsigned char * puchSrcBuffer, CONST unsigned long ulSrcBufferSize, unsigned char ** ppuchDestBuffer, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftabl1.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftabl1.cpp index c94d7bdf78a..54f3800a14d 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftabl1.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftabl1.cpp @@ -62,7 +62,6 @@ static CONTROL_TABLE Control_Table[TAG_INDEX_COUNT]; // methods to fail NGEN and be Jitted causing significant startup perf regressions. // This method has to be made SecurityCritical so that NGEN can process it! // It contains safe code. -[SecurityCritical, SecurityTreatAsSafe] void ControlTableInit::Init() { if (!_isInitialized) @@ -133,7 +132,6 @@ void ControlTableInit::Init() } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void ConvertLongTagToString(uint32 ulTag, __in_bcount(5) char *szTag) /* convert a tag, as it has been read from the font, to a string */ { uint32 ulSwappedTag; @@ -143,7 +141,6 @@ uint32 ulSwappedTag; szTag[4] = '\0'; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void ConvertStringTagToLong(__in_bcount(4) const char *szTag, uint32 *pulTag) { memcpy((char *)pulTag, szTag, 4); @@ -151,7 +148,6 @@ void ConvertStringTagToLong(__in_bcount(4) const char *szTag, uint32 *pulTag) } /* functions to read font file data ------------------------------------- */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 TTDirectoryEntryOffset( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szTagName @@ -191,7 +187,6 @@ const uint32 *pulTag = (const uint32 *) szTagName; /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetTTDirectory( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szTagName, @@ -212,7 +207,6 @@ uint32 ulOffset; /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 TTTableLength( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szTagName ) @@ -226,7 +220,6 @@ DIRECTORY Directory; /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 TTTableOffset( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szTagName ) @@ -240,7 +233,6 @@ uint32 TTTableOffset( } /* this function calculates the checksum of a table already written to the buffer */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 TTTableChecksum( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szTagName, @@ -270,7 +262,6 @@ uint32 ulLength; /* ---------------------------------------------------------------------- */ /* calcs the new checksum */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 UpdateChecksum( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char* szDirTag) @@ -299,7 +290,6 @@ int16 errCode; /* ---------------------------------------------------------------------- */ /* sets the new length, calcs the new checksum, makes sure offset on long word boundary */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 UpdateDirEntry( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szDirTag, @@ -335,7 +325,6 @@ int16 errCode; /* ---------------------------------------------------------------------- */ /* sets the new length, calcs the new checksum, makes sure offset on long word boundary */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 UpdateDirEntryAll( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szDirTag, @@ -372,7 +361,6 @@ int16 errCode; /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE uint32 GetGeneric( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint8 * puchBuffer, uint16 usTagIndex) { uint32 ulOffset; @@ -389,49 +377,42 @@ uint16 usBytesRead; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetHHea( TTFACC_FILEBUFFERINFO * pInputBufferInfo, HHEA * pHorizHead ) { return(GetGeneric(pInputBufferInfo, (uint8 *) pHorizHead, HHEA_INDEX)); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetVHea( TTFACC_FILEBUFFERINFO * pInputBufferInfo, VHEA * pVertHead ) { return(GetGeneric(pInputBufferInfo, (uint8 *) pVertHead, VHEA_INDEX)); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetHead( TTFACC_FILEBUFFERINFO * pInputBufferInfo, HEAD * pHead ) { return(GetGeneric(pInputBufferInfo, (uint8 *) pHead, HEAD_INDEX)); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetOS2( TTFACC_FILEBUFFERINFO * pInputBufferInfo, OS2 *pOs2 ) { return(GetGeneric(pInputBufferInfo, (uint8 *) pOs2, OS2_INDEX)); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetNEWOS2( TTFACC_FILEBUFFERINFO * pInputBufferInfo, NEWOS2 *pNewOs2 ) { return(GetGeneric(pInputBufferInfo, (uint8 *) pNewOs2, NEWOS2_INDEX)); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetVERSION2OS2( TTFACC_FILEBUFFERINFO * pInputBufferInfo, VERSION2OS2 *pVersion2Os2 ) { return(GetGeneric(pInputBufferInfo, (uint8 *) pVersion2Os2, VERSION2OS2_INDEX)); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetSmartOS2(TTFACC_FILEBUFFERINFO * pInputBufferInfo, NEWOS2 *pOs2, BOOL *pbNewOS2) { uint32 ulOffset = 0L; @@ -455,7 +436,6 @@ uint32 ulLength = 0L; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetSmarterOS2(TTFACC_FILEBUFFERINFO * pInputBufferInfo, MAINOS2 *pOs2) { uint32 ulOffset = 0L; @@ -475,7 +455,6 @@ uint32 ulLength = 0L; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetMaxp( TTFACC_FILEBUFFERINFO * pInputBufferInfo, MAXP * pMaxp ) { return(GetGeneric(pInputBufferInfo, (uint8 *) pMaxp, MAXP_INDEX)); @@ -483,28 +462,24 @@ uint32 GetMaxp( TTFACC_FILEBUFFERINFO * pInputBufferInfo, MAXP * pMaxp ) /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetPost( TTFACC_FILEBUFFERINFO * pInputBufferInfo, POST * Post ) { return(GetGeneric(pInputBufferInfo, (uint8 *) Post, POST_INDEX)); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetHdmx( TTFACC_FILEBUFFERINFO * pInputBufferInfo, HDMX * Hdmx ) { return(GetGeneric(pInputBufferInfo, (uint8 *) Hdmx, HDMX_INDEX)); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetLTSH( TTFACC_FILEBUFFERINFO * pInputBufferInfo, LTSH * Ltsh ) { return(GetGeneric(pInputBufferInfo, (uint8 *) Ltsh, LTSH_INDEX)); } /* ---------------------------------------------------------------------- */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint16 GetUnitsPerEm( TTFACC_FILEBUFFERINFO * pInputBufferInfo ) { /* get true type scaling factor */ @@ -517,7 +492,6 @@ HEAD Head = {0}; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint16 GetNumGlyphs( TTFACC_FILEBUFFERINFO * pInputBufferInfo ) { MAXP MaxP = {0}; @@ -534,7 +508,6 @@ the whole thing out again. This routine assumes that the checkSumAdjustment field was set to 0 and the 'head' table checksum was computed while that was so. */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void SetFileChecksum( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 ulLength ) { uint32 ulCheckSum; @@ -566,7 +539,6 @@ uint16 usBytesMoved; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 CopyBlock( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulTarget, uint32 ulSource, @@ -604,7 +576,6 @@ account possible overlap between source and target */ } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 CopyBlockOver( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulTarget, @@ -645,7 +616,6 @@ account possible overlap between source and target */ /* copy a table from the input buffer to the output buffer to location *pulNewOutOffset */ /* table should not already exist in the output buffer, it will get written elsewhere */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 CopyTableOver(TTFACC_FILEBUFFERINFO *pOutputBufferInfo, CONST_TTFACC_FILEBUFFERINFO *pInputBufferInfo, __in_bcount(4) const char * Tag, @@ -701,7 +671,6 @@ uint16 usBytesWritten; return errCode; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 RoundToLongWord( uint32 ulLength ) { ulLength = (ulLength + 3) & ~3; @@ -710,7 +679,6 @@ uint32 RoundToLongWord( uint32 ulLength ) /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) uint16 ZeroLongWordGap( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulOffset, @@ -742,7 +710,6 @@ uint32 usPaddingBytes; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) uint16 ZeroLongWordAlign( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulOffset, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftabl1.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftabl1.h index 39d50193b6a..dbf3a50efe5 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftabl1.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftabl1.h @@ -22,94 +22,63 @@ /* exported functions --------------------------------------------------- */ -[System::Security::SecurityCritical] void ConvertLongTagToString(uint32 ulTag, __in_bcount(5) char *szTag); /* convert a tag, as it has been read from the font, to a string */ -[System::Security::SecurityCritical] void ConvertStringTagToLong(__in_bcount(4) const char *szTag, uint32 *pulTag); -[System::Security::SecurityCritical] uint32 TTDirectoryEntryOffset( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szTagName ); -[System::Security::SecurityCritical] uint32 GetTTDirectory( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szTagName, DIRECTORY * pDirectory ); -[System::Security::SecurityCritical] uint32 TTTableLength( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szTagName ); -[System::Security::SecurityCritical] uint32 TTTableOffset( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szTagName ); -[System::Security::SecurityCritical] uint32 TTTableChecksum( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szTagName, uint32 * pulChecksum ); -[System::Security::SecurityCritical] int16 UpdateChecksum( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szDirTag ); -[System::Security::SecurityCritical] int16 UpdateDirEntry( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szDirTag, uint32 ulNewLength ); -[System::Security::SecurityCritical] int16 UpdateDirEntryAll( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szDirTag, uint32 ulNewLength, uint32 ulNewOffset); -[System::Security::SecurityCritical] uint32 GetHHea( TTFACC_FILEBUFFERINFO * pInputBufferInfo, HHEA * HorizHead ); -[System::Security::SecurityCritical] uint32 GetVHea( TTFACC_FILEBUFFERINFO * pInputBufferInfo, VHEA * VertHead ); -[System::Security::SecurityCritical] uint32 GetHead( TTFACC_FILEBUFFERINFO * pInputBufferInfo, HEAD * Head ); -[System::Security::SecurityCritical] uint32 GetOS2( TTFACC_FILEBUFFERINFO * pInputBufferInfo, OS2 *Os2 ); -[System::Security::SecurityCritical] uint32 GetNEWOS2( TTFACC_FILEBUFFERINFO * pInputBufferInfo, NEWOS2 *NEWOs2 ); -[System::Security::SecurityCritical] uint32 GetVERSION2OS2( TTFACC_FILEBUFFERINFO * pInputBufferInfo, VERSION2OS2 *pVersion2Os2 ); -[System::Security::SecurityCritical] uint32 GetSmartOS2(TTFACC_FILEBUFFERINFO * pInputBufferInfo, NEWOS2 *pOs2, BOOL *pbNewOS2); -[System::Security::SecurityCritical] uint32 GetSmarterOS2(TTFACC_FILEBUFFERINFO * pInputBufferInfo, MAINOS2 *pOs2); -[System::Security::SecurityCritical] uint32 GetMaxp( TTFACC_FILEBUFFERINFO * pInputBufferInfo, MAXP * pMaxp ); -[System::Security::SecurityCritical] uint32 GetPost( TTFACC_FILEBUFFERINFO * pInputBufferInfo, POST * Post ); -[System::Security::SecurityCritical] uint32 GetHdmx( TTFACC_FILEBUFFERINFO * pInputBufferInfo, HDMX * Hdmx ); -[System::Security::SecurityCritical] uint32 GetLTSH( TTFACC_FILEBUFFERINFO * pInputBufferInfo, LTSH * Ltsh ); -[System::Security::SecurityCritical] uint16 GetUnitsPerEm( TTFACC_FILEBUFFERINFO * pInputBufferInfo ); -[System::Security::SecurityCritical] uint16 GetNumGlyphs( TTFACC_FILEBUFFERINFO * pInputBufferInfo ); -[System::Security::SecurityCritical] void SetFileChecksum( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 ulLength ); -[System::Security::SecurityCritical] int16 CopyBlock( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulTarget, uint32 ulSource, uint32 ulSize ) ; -[System::Security::SecurityCritical] int16 CopyBlockOver( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CONST_TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulTarget, uint32 ulSource, uint32 ulSize ); -[System::Security::SecurityCritical] int16 CopyTableOver(TTFACC_FILEBUFFERINFO *pOutputBufferInfo, CONST_TTFACC_FILEBUFFERINFO *pInputBufferInfo, __in_bcount(4) const char * Tag, uint32 *pulNewOutOffset); -[System::Security::SecurityCritical] uint32 RoundToLongWord( uint32 ulLength ) ; -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) uint16 ZeroLongWordGap( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulOffset, uint32 ulUnalignedLength, __out_opt uint32 *pulNewOffset); -[System::Security::SecurityCritical] __checkReturn __success(return==NO_ERROR) uint16 ZeroLongWordAlign( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulOffset, uint32 *pulNewOffset); diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftable.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftable.cpp index d83b63e8897..cbb2de39061 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftable.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftable.cpp @@ -30,7 +30,6 @@ #include "ttfdcnfg.h" /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int CRTCB AscendingTagCompare( CONST void *arg1, CONST void *arg2 ) { if (((DIRECTORY *)(arg1))->tag == ((DIRECTORY *)(arg2))->tag) /* they're the same */ @@ -40,7 +39,6 @@ PRIVATE int CRTCB AscendingTagCompare( CONST void *arg1, CONST void *arg2 ) return 1; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int CRTCB AscendingOffsetCompare( CONST void *arg1, CONST void *arg2 ) { if (((DIRECTORY *)(arg1))->offset == ((DIRECTORY *)(arg2))->offset) /* they're the same */ @@ -54,7 +52,6 @@ PRIVATE int CRTCB AscendingOffsetCompare( CONST void *arg1, CONST void *arg2 ) /* this routine sorts an array of directory entries by tag value using a qsort */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void SortByTag( DIRECTORY * aDirectory, uint16 usnDirs ) { @@ -67,7 +64,6 @@ void SortByTag( DIRECTORY * aDirectory, /* this routine sorts an array of directory entries by offset value using a qsort */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void SortByOffset( DIRECTORY * aDirectory, uint16 usnDirs ) { @@ -83,7 +79,6 @@ it sets the tag to something unrecognizable so it will be filtered out by the compress tables operation at the end of program execution. */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void MarkTableForDeletion( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, __in_bcount(4) const char * szDirTag ) { @@ -110,7 +105,6 @@ uint16 usBytesMoved; } /* MarkTableForDeletion() */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 FindCmapSubtable( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint16 usDesiredPlatform, uint16 usDesiredEncodingID, @@ -199,7 +193,6 @@ uint32 ulFoundOffset; } /* FindCmapSubtable() */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE uint16 GuessNumCmapGlyphIds( uint16 usnSegments, FORMAT4_SEGMENTS * Format4Segments ) { @@ -241,7 +234,6 @@ uint16 usMaxGlyphIdIdx; /* ---------------------------------------------------------------------- */ /* special case, need to read long or short repeatedly into long buffer */ /* buffer must have been allocated large enough for the number of glyphs */ -[System::Security::SecurityCritical] uint32 GetLoca( TTFACC_FILEBUFFERINFO *pInputBufferInfo, __out_ecount(ulAllocedCount) uint32 *pulLoca, __range(1, USHORT_MAX + 1) uint32 ulAllocedCount @@ -282,7 +274,6 @@ uint32 ulBytesRead; } return( ulOffset ); } -[System::Security::SecurityCritical] PRIVATE int CRTCB CompareSegments(const void *elem1, const void *elem2) { @@ -296,7 +287,6 @@ PRIVATE int CRTCB CompareSegments(const void *elem1, const void *elem2) } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint16 GetGlyphIdx( uint16 usCharCode, FORMAT4_SEGMENTS * Format4Segments, uint16 usnSegments, @@ -339,7 +329,6 @@ FORMAT4_SEGMENTS KeySegment; /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 GetGlyphIdx12( uint32 ulCharCode, FORMAT12_GROUPS * pFormat12Groups, uint32 ulnGroups ) @@ -361,19 +350,16 @@ uint32 ulGlyphIdx = INVALID_GLYPH_INDEX_LONG; /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void FreeCmapFormat4Ids( GLYPH_ID *GlyphId ) { Mem_Free( GlyphId ); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void FreeCmapFormat4Segs( FORMAT4_SEGMENTS *Format4Segments) { Mem_Free( Format4Segments ); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void FreeCmapFormat4( FORMAT4_SEGMENTS *Format4Segments, GLYPH_ID *GlyphId ) { @@ -382,7 +368,6 @@ void FreeCmapFormat4( FORMAT4_SEGMENTS *Format4Segments, } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ReadAllocCmapFormat4Ids( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 usSegCount, FORMAT4_SEGMENTS * Format4Segments, GLYPH_ID ** ppGlyphId, @@ -432,7 +417,6 @@ int16 errCode; } /* ReadAllocCmapFormat4Ids() */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ReadAllocCmapFormat4Segs( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 usSegCount, FORMAT4_SEGMENTS ** Format4Segments, uint32 ulOffset, @@ -517,7 +501,6 @@ uint32 ulBytesRead; /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ReadCmapLength( TTFACC_FILEBUFFERINFO * pInputBufferInfo, CMAP_SUBHEADER_GEN * pCmapSubHeader, uint32 ulStartOffset, @@ -586,7 +569,6 @@ int16 ReadCmapLength( TTFACC_FILEBUFFERINFO * pInputBufferInfo, /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ReadAllocCmapFormat4( TTFACC_FILEBUFFERINFO * pInputBufferInfo, CONST uint16 usPlatform, CONST uint16 usEncoding, @@ -647,14 +629,12 @@ CMAP_SUBHEADER_GEN CmapSubHeader; } /* ReadAllocCmapFormat4() */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void FreeCmapFormat6( uint16 * glyphIndexArray) { Mem_Free( glyphIndexArray ); } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ReadAllocCmapFormat6( TTFACC_FILEBUFFERINFO * pInputBufferInfo, CONST uint16 usPlatform, CONST uint16 usEncoding, @@ -695,7 +675,6 @@ int16 errCode; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ReadCmapFormat0( TTFACC_FILEBUFFERINFO * pInputBufferInfo, CONST uint16 usPlatform, CONST uint16 usEncoding, @@ -729,7 +708,6 @@ int16 errCode; /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ReadAllocCmapFormat12( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulSubOffset, CMAP_FORMAT12 * pCmapFormat12, @@ -780,7 +758,6 @@ int16 errCode; } /* ReadAllocCmapFormat12() */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void FreeCmapFormat12Groups( FORMAT12_GROUPS *pFormat12Groups) { Mem_Free( pFormat12Groups ); @@ -788,7 +765,6 @@ void FreeCmapFormat12Groups( FORMAT12_GROUPS *pFormat12Groups) /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 GetGlyphHeader( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 GlyfIdx, uint16 usIdxToLocFmt, @@ -847,7 +823,6 @@ int16 errCode; /* It is possible that this function could run out of stack */ /* if the font defines a VERY deep component tree. */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 GetComponentGlyphList( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 usCompositeGlyphIdx, uint16 * pusnGlyphs, @@ -932,7 +907,6 @@ int16 errCode; /* ------------------------------------------------------------------- */ /* support for Cmap Modifying and merging */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int CRTCB AscendingCodeCompare( CONST void *arg1, CONST void *arg2 ) { if (((PCHAR_GLYPH_MAP_LIST)(arg1))->usCharCode == ((PCHAR_GLYPH_MAP_LIST)(arg2))->usCharCode) /* they're the same */ @@ -943,7 +917,6 @@ PRIVATE int CRTCB AscendingCodeCompare( CONST void *arg1, CONST void *arg2 ) } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE void SortCodeList( PCHAR_GLYPH_MAP_LIST pCharGlyphMapList, uint16 *pusnCharMapListLength ) { @@ -971,7 +944,6 @@ uint16 i, j; *pusnCharMapListLength = i+1; /* the last good i value */ } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int CRTCB AscendingCodeCompareEx( CONST void *arg1, CONST void *arg2 ) { if (((PCHAR_GLYPH_MAP_LIST_EX)(arg1))->ulCharCode == ((PCHAR_GLYPH_MAP_LIST_EX)(arg2))->ulCharCode) /* they're the same */ @@ -981,7 +953,6 @@ PRIVATE int CRTCB AscendingCodeCompareEx( CONST void *arg1, CONST void *arg2 ) return 1; } -[System::Security::SecurityCritical] PRIVATE void SortCodeListEx( PCHAR_GLYPH_MAP_LIST_EX pCharGlyphMapList, uint32 *pulnCharMapListLength ) { @@ -1008,14 +979,12 @@ uint32 i, j; } /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void FreeFormat4CharCodes(PCHAR_GLYPH_MAP_LIST pusCharCodeList) { Mem_Free(pusCharCodeList); } /* ---------------------------------------------------------------------- */ /* create a list of character codes to keep, based on the glyph list */ -[System::Security::SecurityCritical] int16 ReadAllocFormat4CharGlyphMapList(TTFACC_FILEBUFFERINFO * pInputBufferInfo, CONST uint16 usPlatform, CONST uint16 usEncoding, @@ -1121,14 +1090,12 @@ int16 errCode = NO_ERROR; /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void FreeFormat12CharCodes(PCHAR_GLYPH_MAP_LIST_EX pulCharCodeList) { Mem_Free(pulCharCodeList); } /* ---------------------------------------------------------------------- */ /* create a list of character codes to keep, based on the glyph list */ -[System::Security::SecurityCritical] int16 ReadAllocFormat12CharGlyphMapList(TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulOffset, uint8 *puchKeepGlyphList, /* glyphs to keep - boolean */ @@ -1206,7 +1173,6 @@ int16 errCode = NO_ERROR; /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE uint32 Format4CmapLength( uint16 usnSegments, uint16 usnGlyphIdxs ) { @@ -1218,7 +1184,6 @@ PRIVATE uint32 Format4CmapLength( uint16 usnSegments, based on a list of character codes and corresponding glyph indexes. */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void ComputeFormat4CmapData( CMAP_FORMAT4 * pCmapFormat4, /* to be set by this routine */ FORMAT4_SEGMENTS * NewFormat4Segments, /* to be set by this routine */ @@ -1329,7 +1294,6 @@ reconstructed around the missing glyphs. It assumes that there is already enough space allocated to hold the new format 4 subtable. */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 WriteOutFormat4CmapData( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CMAP_FORMAT4 *pCmapFormat4, /* created by ComputeNewFormat4Data */ @@ -1392,7 +1356,6 @@ uint32 ulOffset; based on a list of character codes and corresponding glyph indexes. */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void ComputeFormat12CmapData( CMAP_FORMAT12 * pCmapFormat12, /* to be set by this routine */ FORMAT12_GROUPS * NewFormat12Groups, /* to be set by this routine */ uint32 * pulnGroups, /* count of NewFormat12Groups - returned */ @@ -1439,7 +1402,6 @@ reconstructed around the missing glyphs. It assumes that there is already enough space allocated to hold the new format 12 subtable. */ /* ------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 WriteOutFormat12CmapData( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CMAP_FORMAT12 *pCmapFormat12, /* created by ComputeNewFormat12Data */ @@ -1484,7 +1446,6 @@ uint32 ulOffset; /* will point to the allocated array and the *pNameRecordCount value will be set to the number of */ /* records in the array. */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ReadAllocNameRecords(TTFACC_FILEBUFFERINFO * pInputBufferInfo, PNAMERECORD *ppNameRecordArray, /* allocated by this function */ uint16 *pNameRecordCount, /* number of records in array */ @@ -1547,7 +1508,6 @@ uint16 i; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] uint32 CalcMaxNameTableLength(PNAMERECORD pNameRecordArray, uint16 NameRecordCount) { @@ -1586,7 +1546,6 @@ struct namerecordstrings uint16 usNameRecordStringCharIndex; /* index into string referenced by StringIndex of where this string starts */ }; /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int CRTCB DescendingStringLengthCompare( CONST void *arg1, CONST void *arg2 ) { if (((NAMERECORDSTRINGS *)(arg1))->usNameRecordStringLength == ((NAMERECORDSTRINGS *)(arg2))->usNameRecordStringLength) /* they're the same */ @@ -1596,7 +1555,6 @@ PRIVATE int CRTCB DescendingStringLengthCompare( CONST void *arg1, CONST void *a return -1; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] PRIVATE int CRTCB AscendingRecordIndexCompare( CONST void *arg1, CONST void *arg2 ) { if (((NAMERECORDSTRINGS *)(arg1))->usNameRecordIndex == ((NAMERECORDSTRINGS *)(arg2))->usNameRecordIndex) /* they're the same */ @@ -1608,7 +1566,6 @@ PRIVATE int CRTCB AscendingRecordIndexCompare( CONST void *arg1, CONST void *arg /* ---------------------------------------------------------------------- */ /* sort largest first */ -[System::Security::SecurityCritical] PRIVATE void SortNameRecordsByStringLength(NAMERECORDSTRINGS *pNameRecordStrings,uint16 NameRecordCount) { if (pNameRecordStrings == NULL || NameRecordCount == 0) @@ -1619,7 +1576,6 @@ PRIVATE void SortNameRecordsByStringLength(NAMERECORDSTRINGS *pNameRecordStrings } /* ---------------------------------------------------------------------- */ /* sorts by index */ -[System::Security::SecurityCritical] PRIVATE void SortNameRecordsByNameRecordIndex(NAMERECORDSTRINGS *pNameRecordStrings,uint16 NameRecordCount) { if (pNameRecordStrings == NULL || NameRecordCount == 0) @@ -1630,7 +1586,6 @@ PRIVATE void SortNameRecordsByNameRecordIndex(NAMERECORDSTRINGS *pNameRecordStri } /* ---------------------------------------------------------------------- */ /* sorts by platformID, then encodingID, then languageID, then nameID */ -[System::Security::SecurityCritical] PRIVATE int CRTCB AscendingNameRecordCompare( CONST void *arg1, CONST void *arg2 ) { @@ -1669,7 +1624,6 @@ PRIVATE int CRTCB AscendingNameRecordCompare( CONST void *arg1, CONST void *arg2 /* To get a maximum size for the buffer to pass in, call CalcMaxNameTableLength. This will return the size of an unoptimized */ /* name table. */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 WriteNameRecords(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, /* bufferInfo for a NAME table, not a TrueType file */ PNAMERECORD pNameRecordArray, uint16 NameRecordCount, @@ -1823,7 +1777,6 @@ char *pStr1, *pStr2; /* temps to point to either new or old string from PNAMEREC /* have been allocated with the same function as was handed to the ReadAllocNameRecords function */ /* or something compatible with the lpfnFree function */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] void FreeNameRecords(PNAMERECORD pNameRecordArray, uint16 NameRecordCount, CFP_FREEPROC lfpnFree) { uint16 i; @@ -1844,7 +1797,6 @@ uint16 i; /* next three functions only used by Name Wizard and Embedding .dll, not by CreateFontPackage */ /* or MergeFontPackage */ /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 InsertTable(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, __in_bcount(4) const char * szTag, uint8 * puchTableBuffer, uint32 ulTableBufferLength) { uint32 ulTableOffset; @@ -2061,7 +2013,6 @@ int32 lCopySize; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 WriteNameTable(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, PNAMERECORD pNameRecordArray, /* internal representation of NameRecord - from ttftable.h */ uint16 NameRecordCount, @@ -2095,7 +2046,6 @@ TTFACC_FILEBUFFERINFO NameTableBufferInfo; /* needed by WriteNameRecords */ } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 WriteSmartOS2Table(TTFACC_FILEBUFFERINFO * pOutputBufferInfo, MAINOS2 * pOS2) { @@ -2163,7 +2113,6 @@ BOOL bWritten = FALSE; } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 CompressTables( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 * pulBytesWritten ) { /* this routine compresses the tables present in a font file by removing diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftable.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftable.h index b8b42eb69c7..7b739aa8bfa 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftable.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttftable.h @@ -40,32 +40,25 @@ struct namerecord /* MUST be same as NAME_RECORD from ttff.h for the first 6 ele /* exported functions --------------------------------------------------- */ -[System::Security::SecurityCritical] void MarkTableForDeletion( TTFACC_FILEBUFFERINFO * pInputBufferInfo, __in_bcount(4) const char * szDirTag ); /* pointer to null terminated string with tag name */ -[System::Security::SecurityCritical] uint32 FindCmapSubtable( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 usDesiredPlatform, uint16 usDesiredEncodingID, uint16 *pusFoundEncoding); -[System::Security::SecurityCritical] int16 ReadCmapLength( TTFACC_FILEBUFFERINFO * pInputBufferInfo, CMAP_SUBHEADER_GEN * pCmapSubHeader, uint32 ulStartOffset, uint16 * pusBytesRead); -[System::Security::SecurityCritical] void FreeCmapFormat4Ids( GLYPH_ID * GlyphId ); -[System::Security::SecurityCritical] void FreeCmapFormat4Segs( FORMAT4_SEGMENTS * Format4Segments); -[System::Security::SecurityCritical] void FreeCmapFormat4( FORMAT4_SEGMENTS * Format4Segments, GLYPH_ID * GlyphId ); -[System::Security::SecurityCritical] int16 ReadAllocCmapFormat4Ids( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 usSegCount, FORMAT4_SEGMENTS * Format4Segments, @@ -73,13 +66,11 @@ int16 ReadAllocCmapFormat4Ids( uint16 * pusnIds, uint32 ulOffset, uint32 *pulBytesRead ); -[System::Security::SecurityCritical] int16 ReadAllocCmapFormat4Segs( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 usSegCount, FORMAT4_SEGMENTS ** Format4Segments, uint32 ulOffset, uint32 *pulBytesRead); -[System::Security::SecurityCritical] int16 ReadAllocCmapFormat4( TTFACC_FILEBUFFERINFO * pInputBufferInfo, CONST uint16 usPlatform, @@ -90,9 +81,7 @@ int16 ReadAllocCmapFormat4( GLYPH_ID ** GlyphId, uint16 * pusnIds ); -[System::Security::SecurityCritical] void FreeCmapFormat6( uint16 * glyphIndexArray); -[System::Security::SecurityCritical] int16 ReadAllocCmapFormat6( TTFACC_FILEBUFFERINFO * pInputBufferInfo, CONST uint16 usPlatform, @@ -100,34 +89,28 @@ int16 ReadAllocCmapFormat6( uint16 *pusFoundEncoding, CMAP_FORMAT6 * pCmap, uint16 ** glyphIndexArray); -[System::Security::SecurityCritical] int16 ReadCmapFormat0( TTFACC_FILEBUFFERINFO * pInputBufferInfo, CONST uint16 usPlatform, CONST uint16 usEncoding, uint16 *pusFoundEncoding, CMAP_FORMAT0 * CmapFormat0); -[System::Security::SecurityCritical] int16 ReadAllocCmapFormat12( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulSubOffset, CMAP_FORMAT12 * pCmapFormat12, FORMAT12_GROUPS ** ppFormat12Groups); -[System::Security::SecurityCritical] void FreeCmapFormat12Groups(FORMAT12_GROUPS * pFormat12Groups); -[System::Security::SecurityCritical] uint16 GetGlyphIdx( uint16 CharCode, FORMAT4_SEGMENTS * Format4Segments, uint16 usnSegments, GLYPH_ID * GlyphId, uint16 usnGlyphs); -[System::Security::SecurityCritical] uint32 GetGlyphIdx12( uint32 ulCharCode, FORMAT12_GROUPS * pFormat12Groups, uint32 ulnGroups ); -[System::Security::SecurityCritical] int16 GetGlyphHeader( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 GlyfIdx, @@ -137,12 +120,10 @@ int16 GetGlyphHeader( GLYF_HEADER * GlyfHeader, uint32 * pulOffset, uint16 * pusLength ); -[System::Security::SecurityCritical] uint32 GetLoca( TTFACC_FILEBUFFERINFO *pInputBufferInfo, __out_ecount(ulAllocedCount) uint32 *pulLoca, __range(1, USHORT_MAX + 1) uint32 ulAllocedCount ); -[System::Security::SecurityCritical] int16 GetComponentGlyphList( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint16 usCompositeGlyphIdx, @@ -154,18 +135,15 @@ int16 GetComponentGlyphList( uint16 usIdxToLocFmt, uint32 ulLocaOffset, uint32 ulGlyfOffset); -[System::Security::SecurityCritical] int16 ReadAllocNameRecords( TTFACC_FILEBUFFERINFO * pInputBufferInfo, PNAMERECORD *ppNameRecordArray, uint16 *pNameRecordCount, CFP_ALLOCPROC lfpnAllocate, CFP_FREEPROC lfpnFree); -[System::Security::SecurityCritical] uint32 CalcMaxNameTableLength( PNAMERECORD pNameRecordArray, uint16 NameRecordCount); -[System::Security::SecurityCritical] int16 WriteNameRecords( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, PNAMERECORD pNameRecordArray, @@ -173,37 +151,30 @@ int16 WriteNameRecords( BOOL bDeleteStrings, BOOL bOptimize, uint32 *pulBytesWritten); -[System::Security::SecurityCritical] void FreeNameRecords( PNAMERECORD pNameRecordArray, uint16 NameRecordCount, CFP_FREEPROC lfpnFree); -[System::Security::SecurityCritical] int16 InsertTable( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, __in_bcount(4) const char * szTag, uint8 * puchTableBuffer, uint32 ulTableBufferLength); -[System::Security::SecurityCritical] int16 WriteNameTable( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, PNAMERECORD pNameRecordArray, /* internal representation of NameRecord - from ttftable.h */ uint16 NameRecordCount, BOOL bOptimize); /* lcp 4/8/97, if set to TRUE, optimize Name string storage for size */ -[System::Security::SecurityCritical] int16 WriteSmartOS2Table( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, MAINOS2 * pOS2); -[System::Security::SecurityCritical] void SortByTag( DIRECTORY * aDirectory, uint16 usnDirs); -[System::Security::SecurityCritical] void SortByOffset( DIRECTORY * aDirectory, uint16 usnDirs); -[System::Security::SecurityCritical] int16 CompressTables( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, uint32 * pulBytesWritten); @@ -220,9 +191,7 @@ typedef struct Char_Glyph_Map_List_Ex { } *PCHAR_GLYPH_MAP_LIST_EX; -[System::Security::SecurityCritical] void FreeFormat4CharCodes(PCHAR_GLYPH_MAP_LIST pusCharCodeList); -[System::Security::SecurityCritical] int16 ReadAllocFormat4CharGlyphMapList( TTFACC_FILEBUFFERINFO * pInputBufferInfo, CONST uint16 usPlatform, @@ -231,9 +200,7 @@ int16 ReadAllocFormat4CharGlyphMapList( uint16 usGlyphCount, /* count of puchKeepGlyphList */ PCHAR_GLYPH_MAP_LIST *ppCharGlyphMapList, uint16 *pusnCharGlyphMapListCount); -[System::Security::SecurityCritical] void FreeFormat12CharCodes(PCHAR_GLYPH_MAP_LIST_EX pulCharCodeList); -[System::Security::SecurityCritical] int16 ReadAllocFormat12CharGlyphMapList( TTFACC_FILEBUFFERINFO * pInputBufferInfo, uint32 ulOffset, @@ -242,7 +209,6 @@ int16 ReadAllocFormat12CharGlyphMapList( PCHAR_GLYPH_MAP_LIST_EX *ppCharGlyphMapList, uint32 *pulnCharGlyphMapListCount); -[System::Security::SecurityCritical] void ComputeFormat4CmapData( CMAP_FORMAT4 * pCmapFormat4, /* to be set by this routine */ FORMAT4_SEGMENTS * NewFormat4Segments, /* to be set by this routine */ @@ -252,7 +218,6 @@ void ComputeFormat4CmapData( PCHAR_GLYPH_MAP_LIST pCharGlyphMapList, /* input - map of CharCode to GlyphIndex */ uint16 usnCharGlyphMapListCount); /* input */ -[System::Security::SecurityCritical] int16 WriteOutFormat4CmapData( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CMAP_FORMAT4 *pCmapFormat4, /* created by ComputeNewFormat4Data */ @@ -263,14 +228,12 @@ int16 WriteOutFormat4CmapData( uint32 ulNewOffset, /* where to write the table */ uint32 *pulBytesWritten); /* number of bytes written to table */ -[System::Security::SecurityCritical] void ComputeFormat12CmapData( CMAP_FORMAT12 * pCmapFormat12, /* to be set by this routine */ FORMAT12_GROUPS * NewFormat12Groups, /* to be set by this routine */ uint32 * pulnGroups, /* count of NewFormat12Groups - returned */ PCHAR_GLYPH_MAP_LIST_EX pCharGlyphMapList, /* input - map of CharCode to GlyphIndex */ uint32 ulnCharGlyphMapListCount); /* input */ -[System::Security::SecurityCritical] int16 WriteOutFormat12CmapData( TTFACC_FILEBUFFERINFO * pOutputBufferInfo, CMAP_FORMAT12 *pCmapFormat12, /* created by ComputeNewFormat12Data */ diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttmem.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttmem.cpp index c707c658de3..d39788055df 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttmem.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttmem.cpp @@ -26,8 +26,6 @@ using namespace System::Security::Permissions; // // Critical - allocates native mem and returns a pointer to it. // -[SecurityCritical] -[SecurityPermission(SecurityAction::Assert, UnmanagedCode = true)] void * Mem_Alloc(size_t size) { return calloc(1, size); @@ -37,8 +35,6 @@ void * Mem_Alloc(size_t size) // // Critical - Frees an arbitrary native pointer. // -[SecurityCritical] -[SecurityPermission(SecurityAction::Assert, UnmanagedCode = true)] void Real_Mem_Free(void * pv) { free (pv); @@ -51,7 +47,6 @@ void Real_Mem_Free(void * pv) // // Critical - Frees an arbitrary native pointer. // -[SecurityCritical] void Mem_Free(void * pv) { if (pv != NULL) @@ -64,8 +59,6 @@ void Mem_Free(void * pv) // // Critical - allocates native mem and returns a pointer to it. // -[SecurityCritical] -[SecurityPermission(SecurityAction::Assert, UnmanagedCode = true)] void * Mem_ReAlloc(void * base, size_t newSize) { return realloc(base, newSize); diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttmem.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttmem.h index 74b60b820ac..5ed9c9ff294 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttmem.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttmem.h @@ -16,17 +16,14 @@ #define MemNoErr 0 #define MemErr -1 -[System::Security::SecurityCritical] int16 Mem_Init(void); /* Initialize memory manager internal structures */ /* return MemNoErr if successful */ -[System::Security::SecurityCritical] void Mem_End(void); /* free all memory previously allocated and free memory structure */ -[System::Security::SecurityCritical] void * Mem_Alloc(size_t); /* void *Mem_Alloc(size) * allocate a size bytes of memory @@ -35,11 +32,9 @@ void * Mem_Alloc(size_t); * Pointer to a block of data */ -[System::Security::SecurityCritical] void Mem_Free(void *); /* free up a block of data */ -[System::Security::SecurityCritical] void * Mem_ReAlloc(void *, CONST size_t); /* void *Mem_ReAlloc( pOldPtr, newSize) * reallocate and copy data @@ -51,7 +46,6 @@ void * Mem_ReAlloc(void *, CONST size_t); * RETURN VALUE * Pointer to a block of data */ -[System::Security::SecurityCritical] void *Mem_ReAllocDelta(void * pOldPtr, CONST size_t Delta); /* void *Mem_ReAllocDelta( pOldPtr, Delta) * reallocate and copy data diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/util.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/util.cpp index ffd611398cb..feaebe68d39 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/util.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/util.cpp @@ -21,7 +21,6 @@ /* ---------------------------------------------------------------------- */ /* stolen from ffconfig mtxcalc.c */ -[System::Security::SecurityCritical] uint16 log2( uint16 arg ) { if ( arg < 2 ) return( 0 ); @@ -43,7 +42,6 @@ uint16 log2( uint16 arg ) } /* ---------------------------------------------------------------------- */ -[System::Security::SecurityCritical] int16 ValueOKForShort(uint32 ulValue) { if (ulValue & 0xFFFF0000) /* any high bits turned on */ diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/truetype.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/truetype.cpp index ec205de717c..3da6d699ca4 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/truetype.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/truetype.cpp @@ -60,7 +60,6 @@ using MS::Internal::TtfDelta::CreateDeltaTTF; namespace MS { namespace Internal { -[System::Security::SecurityCritical] array ^ TrueTypeSubsetter::ComputeSubset(void * fontData, int fileSize, System::Uri ^ sourceUri, int directoryOffset, array ^ glyphArray) { uint8 * puchDestBuffer = NULL; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/truetype.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/truetype.h index a7c95f36639..29d37e9d1a4 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/truetype.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/truetype.h @@ -19,7 +19,6 @@ typedef System::UInt16 ushort; public ref class TrueTypeSubsetter abstract sealed { internal: - [System::Security::SecurityCritical] static array ^ ComputeSubset(void * fontData, int fileSize, System::Uri ^ sourceUri, int directoryOffset, array ^ glyphArray); }; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/util2.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/util2.cpp index 39b8314d886..51a28664b8f 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/util2.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/util2.cpp @@ -11,7 +11,6 @@ namespace MS { namespace Internal { namespace FontCache { -[System::Security::SecurityCritical] bool Util2::GetRegistryKeyLastWriteTimeUtc(System::String ^ registryKey, [System::Runtime::InteropServices::Out] System::Int64 % lastWriteTime) { HKEY hkey = NULL; @@ -41,4 +40,4 @@ bool Util2::GetRegistryKeyLastWriteTimeUtc(System::String ^ registryKey, [System return false; } -}}} \ No newline at end of file +}}} diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/util2.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/util2.h index d372eb67f2e..fae43613b01 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/util2.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/util2.h @@ -13,9 +13,7 @@ ref class Util2 abstract sealed // // Critical - calls into unmanaged code. Obtains the last write time for an arbitrary registry key under HKLM. // - [System::Security::SecurityCritical] - //[System::Security::Permissions::SecurityPermission(System::Security::Permissions::SecurityAction::Assert, System::Security::Permissions::UnmanagedCode = true)] static bool GetRegistryKeyLastWriteTimeUtc(System::String ^ registryKey, [System::Runtime::InteropServices::Out] System::Int64 % lastWriteTime); }; -}}} \ No newline at end of file +}}} diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/wpfvcclr.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/wpfvcclr.h index ce989eee446..c8f56a22efe 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/wpfvcclr.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/wpfvcclr.h @@ -46,7 +46,6 @@ typedef const System::String* __const_String_handle; /// Critical - get an interior gc pointer to the first character contained /// in a System::String object. /// -[System::Security::SecurityCritical] inline __const_Char_ptr CriticalPtrToStringChars(__const_String_handle s) { _Byte_ptr bp = const_cast<_Byte_ptr>(reinterpret_cast<__const_Byte_ptr>(s)); diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/main.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/main.cpp index d99dbb3830b..a85fc2067e9 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/main.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/main.cpp @@ -49,7 +49,6 @@ using namespace System::Diagnostics; // [DllImport("user32.dll", EntryPoint="SetProcessDPIAware")] -[SuppressUnmanagedCodeSecurity, SecurityCritical] WINUSERAPI BOOL WINAPI @@ -75,8 +74,6 @@ private ref class NativeWPFDLLLoader sealed // known library name, limiting the risk. // // - [SecuritySafeCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] static void LoadDwrite( ) { // We load dwrite here because it's cleanup logic is different from the other native dlls @@ -94,7 +91,6 @@ private ref class NativeWPFDLLLoader sealed // Critical -- Calls critical FreeLibrary to unload a native library // TreatAsSafe -- A known\trusted handle to dwrite.dll is passed // - [SecuritySafeCritical] __declspec(noinline) static void UnloadDWrite() { @@ -116,7 +112,6 @@ private ref class NativeWPFDLLLoader sealed /// Critical: Exposes a pointer to the DWrite method that is used to create factories /// which can be used to obtain any info about fonts. /// - [SecurityCritical] static void *GetDWriteCreateFactoryFunctionPointer() { return m_pfnDWriteCreateFactory; @@ -125,7 +120,6 @@ private ref class NativeWPFDLLLoader sealed /// /// Critical: Nulls a pointer to the DWrite method that is used to create factories /// - [SecurityCritical] static void ClearDWriteCreateFactoryFunctionPointer() { m_pfnDWriteCreateFactory = NULL; @@ -138,7 +132,6 @@ private ref class NativeWPFDLLLoader sealed // // Critical -- Field is untyped pointer // - [SecurityCritical] static void *m_pfnDWriteCreateFactory; }; }} // namespace MS.Internal @@ -154,7 +147,6 @@ private class CModuleInitialize // TreatAsSafe -- The function passed to atexit is trusted. // // - [SecuritySafeCritical] __declspec(noinline) CModuleInitialize(void (*cleaningUpFunc)()) { IsProcessDpiAware(); @@ -171,8 +163,6 @@ private class CModuleInitialize /// Safe : The libraries to be released are coming from internally /// trusted source /// - [SecuritySafeCritical] - [SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] // Previously we had this as a class dtor but we found out that // we can't use a destructor due to an issue with how it's registered to be called on exit: // A compiler-generated function calls _atexit_m_appdomain(). But that generated function is transparenct, @@ -202,7 +192,6 @@ private class CModuleInitialize /// Critical: Exposes a pointer to the DWrite method that is used to create factories /// which can be used to obtain any info about fonts. /// - [SecurityCritical] void *GetDWriteCreateFactoryFunctionPointer() { return MS::Internal::NativeWPFDLLLoader::GetDWriteCreateFactoryFunctionPointer(); @@ -223,7 +212,6 @@ private : // lets the OS know how to treat the visual display of the app. // // - [SecuritySafeCritical] __declspec(noinline) void IsProcessDpiAware( ) { Version ^osVersion = (Environment::OSVersion)->Version; @@ -275,7 +263,6 @@ void CleanUp(); /// Critical: Contains unverifiable native code. /// Safe : The code is safe and only returns a new object. /// -[SecuritySafeCritical] __declspec(noinline) static System::IntPtr CreateCModuleInitialize() { return System::IntPtr(new CModuleInitialize(CleanUp)); @@ -286,7 +273,6 @@ __declspec(noinline) static System::IntPtr CreateCModuleInitialize() // Then the generated method is unsafe, fails NGENing and causes Jitting. __declspec(appdomain) static System::IntPtr cmiStartupRunner = CreateCModuleInitialize(); -[SecuritySafeCritical] void CleanUp() { CModuleInitialize* pCmiStartupRunner = static_cast(cmiStartupRunner.ToPointer()); @@ -301,7 +287,6 @@ void CleanUp() /// Critical: Exposes a pointer to the DWrite method that is used to create factories /// which can be used to obtain any info about fonts. /// -[SecurityCritical] void *GetDWriteCreateFactoryFunctionPointer() { return (static_cast(cmiStartupRunner.ToPointer()))->GetDWriteCreateFactoryFunctionPointer(); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/MediaTrace.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/MediaTrace.cs index e49298c766f..b1122e6d5e4 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/MediaTrace.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/MS/internal/MediaTrace.cs @@ -45,11 +45,6 @@ public class ChangeQueue // If you want to enable trace tags without recompiling. This is a good place to put a break point // during start-up. - [SecurityCritical -#if DEBUG - ,SecurityTreatAsSafe -#endif - ] static MediaTrace() { // NodeFlag.Enable(); diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx b/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx index 012fcea1de6..f0e2bece9ec 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx +++ b/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx @@ -35,7 +35,6 @@ namespace WPFUtils { // Critical -- Calls native methods RegOpenKeyEx, RegQueryValueEx, and RegCloseKey // #if _MANAGED -[SecurityCritical] #endif LONG ReadRegistryString(__in HKEY rootKey, __in LPCWSTR keyName, __in LPCWSTR valueName, __out LPWSTR value, size_t cchMax) @@ -70,11 +69,8 @@ LONG ReadRegistryString(__in HKEY rootKey, __in LPCWSTR keyName, __in LPCWSTR va } #if _MANAGED -[SecurityCritical] -[SecurityPermission(SecurityAction::Assert, UnmanagedCode=true)] #endif // Warning 4714 (__forceinline function not inlined) -// is expected here because WPFUtils::GetWPFInstallPath is marked with [SecurityCritical] // and tries to inline HRESULT_FROM_WIN32. // inlining is prevented when the caller or the callee // are marked with any security attribute (critical, safecritical, treatassafecritical). diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/cpp/dwriteloader.cpp b/src/Microsoft.DotNet.Wpf/src/Shared/cpp/dwriteloader.cpp index f5a56f5ddbe..37372669a1a 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/cpp/dwriteloader.cpp +++ b/src/Microsoft.DotNet.Wpf/src/Shared/cpp/dwriteloader.cpp @@ -11,7 +11,6 @@ namespace WPFUtils /// /// Critical - Receives a native pointer as parameter. /// -[System::Security::SecurityCritical] #endif HMODULE LoadDWriteLibraryAndGetProcAddress(void **pfncptrDWriteCreateFactory) { diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/inc/dwriteloader.h b/src/Microsoft.DotNet.Wpf/src/Shared/inc/dwriteloader.h index 7e599ca585f..35725fe389d 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/inc/dwriteloader.h +++ b/src/Microsoft.DotNet.Wpf/src/Shared/inc/dwriteloader.h @@ -13,7 +13,6 @@ namespace WPFUtils /// Critical - Receives a native pointer as parameter. /// Loads a dll from an input path. /// - [System::Security::SecurityCritical] #endif HMODULE LoadDWriteLibraryAndGetProcAddress(void **pfncptrDWriteCreateFactory); -} \ No newline at end of file +} diff --git a/src/Microsoft.DotNet.Wpf/src/System.Xaml/GlobalSuppressions.cs b/src/Microsoft.DotNet.Wpf/src/System.Xaml/GlobalSuppressions.cs index abb1676ec59..23b6a9a1548 100644 --- a/src/Microsoft.DotNet.Wpf/src/System.Xaml/GlobalSuppressions.cs +++ b/src/Microsoft.DotNet.Wpf/src/System.Xaml/GlobalSuppressions.cs @@ -124,8 +124,6 @@ #endregion #region Microsoft.Security Suppressions -[module: SuppressMessage("Microsoft.Security", "CA2103:ReviewImperativeSecurity", Scope = "member", Target = "System.Xaml.Permissions.XamlLoadPermission.#Copy()", Justification = "Reviewed by senior CLR security developer.")] [module: SuppressMessage("Microsoft.Security", "CA2103:ReviewImperativeSecurity", Scope = "member", Target = "MS.Internal.Xaml.Runtime.DynamicMethodRuntime.#.ctor(MS.Internal.Xaml.Runtime.XamlRuntimeSettings,System.Xaml.XamlSchemaContext,System.Xaml.Permissions.XamlAccessLevel)", Justification = "Reviewed by Microsoft.")] -[module: SuppressMessage("Microsoft.Security", "CA2122:DoNotIndirectlyExposeMethodsWithLinkDemands", Scope = "member", Target = "System.Xaml.XamlObjectReader+ObjectMarkupInfo.#GetInstanceDescriptorInfo(System.ComponentModel.Design.Serialization.InstanceDescriptor,System.Reflection.MemberInfo&,System.Collections.ICollection&,System.Boolean&)", Justification = "Non-issue since C# 2.0. LinkDemand is FullDemand by default without a SecurityCritical attribute.")] [module: SuppressMessage("Microsoft.Security", "CA2106:SecureAsserts", Scope = "member", Target = "MS.Internal.Utility.PerfServiceProxy.#InitializeGetId()", Justification = "Doesn't make sense with security transparency system. Reviewed by Microsoft")] #endregion diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/PointUtil.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/PointUtil.cs index 21aeb83c4a1..4896a187466 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/PointUtil.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/PointUtil.cs @@ -23,7 +23,6 @@ public static class PointUtil /// Critical: This code accesses presentationSource /// TreatAsSafe: Transforming a Point is considered safe. /// - [SecuritySafeCritical] public static Point ClientToRoot(Point pt, PresentationSource presentationSource) { // Convert from pixels into measure units. @@ -45,7 +44,6 @@ public static Point ClientToRoot(Point pt, PresentationSource presentationSource /// Critical: This code accesses presentationSource /// TreatAsSafe: Transforming a point is considered safe. /// - [SecuritySafeCritical] public static Point RootToClient(Point pt, PresentationSource presentationSource) { // REVIEW: @@ -129,7 +127,6 @@ internal static Matrix GetVisualTransform(Visual v) /// Convert a point from "client" coordinate space of a window into /// the coordinate space of the screen. /// - [SecuritySafeCritical] public static Point ClientToScreen(Point ptClient, PresentationSource presentationSource) { // For now we only know how to use HwndSource. @@ -192,7 +189,6 @@ public static Point ClientToScreen(Point ptClient, PresentationSource presentati /// Critical: This code accesses presentationSource /// TreatAsSafe: Transforming a Point is considered safe. /// - [SecuritySafeCritical] internal static Point ScreenToClient(Point ptScreen, PresentationSource presentationSource) { // For now we only know how to use HwndSource. diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/SecurityCriticalDataForSet.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/SecurityCriticalDataForSet.cs index bfa10c6e30e..594bdac3325 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/SecurityCriticalDataForSet.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/SecurityCriticalDataForSet.cs @@ -49,7 +49,6 @@ public struct SecurityCriticalDataForSet /// Critical - "by definition" - this class is intended only for data that's /// Critical for setting. /// - [SecurityCritical] internal SecurityCriticalDataForSet(T value) { _value = value; @@ -66,7 +65,6 @@ internal T Value #if DEBUG [System.Diagnostics.DebuggerStepThrough] #endif - [SecurityCritical, SecurityTreatAsSafe] get { return _value; @@ -75,7 +73,6 @@ internal T Value #if DEBUG [System.Diagnostics.DebuggerStepThrough] #endif - [SecurityCritical] set { _value = value; @@ -85,7 +82,6 @@ internal T Value /// /// Critical - by definition as this data is Critical for set. /// > - [SecurityCritical] private T _value; } } diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/HandleCollector.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/HandleCollector.cs index 27bf77daf09..8b9cba6a0af 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/HandleCollector.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/HandleCollector.cs @@ -29,7 +29,6 @@ internal static IntPtr Add(IntPtr handle, int type) { /// Critical - Accepts and returns critical SafeHandle type. /// Safe - Does not perform operations on the critical handle, does not leak handle information. /// - [System.Security.SecuritySafeCritical] internal static SafeHandle Add(SafeHandle handle, int type) { handleTypes[type - 1].Add(); return handle; @@ -73,7 +72,6 @@ internal static IntPtr Remove(IntPtr handle, int type) { /// Critical - Accepts and returns critical SafeHandle type. /// Safe - Does not perform operations on the critical handle, does not leak handle information. /// - [System.Security.SecuritySafeCritical] internal static SafeHandle Remove(SafeHandle handle, int type) { handleTypes[type - 1].Remove(); return handle ; diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsCLR.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsCLR.cs index fbdb63d47b3..78b63929e04 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsCLR.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsCLR.cs @@ -2509,7 +2509,6 @@ public class OLECMD { /// Critical : Elevates to UnmanagedCode permissions /// - [SuppressUnmanagedCodeSecurity] [ComVisible(true), ComImport(), Guid("B722BCCB-4E68-101B-A2BC-00AA00404770"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown), CLSCompliantAttribute(false)] public interface IOleCommandTarget @@ -2883,7 +2882,6 @@ public struct DEVMODE /// Critical : Elevates to UnmanagedCode permissions /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("0FF510A3-5FA5-49F1-8CCC-190D71083F3E"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IVsPerPropertyBrowsing { // hides the property at the given dispid from the properties window @@ -2944,7 +2942,6 @@ int IsPropertyReadOnly(int dispid, /// Critical : Elevates to UnmanagedCode permissions /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("7494683C-37A0-11d2-A273-00C04F8EF4FF"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IManagedPerPropertyBrowsing { @@ -2960,7 +2957,6 @@ int GetPropertyAttributes(int dispid, /// Critical : Elevates to UnmanagedCode permissions /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("33C0C1D8-33CF-11d3-BFF2-00C04F990235"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IProvidePropertyBuilder { @@ -3293,7 +3289,6 @@ public class TPMPARAMS { /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(TPMPARAMS)); @@ -3582,7 +3577,6 @@ public sealed class tagFONTDESC { /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(tagFONTDESC)); @@ -3625,7 +3619,6 @@ public class CHOOSECOLOR { /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(CHOOSECOLOR)); @@ -3801,7 +3794,6 @@ public class NOTIFYICONDATA { /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(NOTIFYICONDATA)); @@ -3828,7 +3820,6 @@ public class MENUITEMINFO_T /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(MENUITEMINFO_T)); @@ -3859,7 +3850,6 @@ public class MENUITEMINFO_T_RW /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(MENUITEMINFO_T_RW)); @@ -3928,7 +3918,6 @@ public class OPENFILENAME_I /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(OPENFILENAME_I)); @@ -3982,7 +3971,6 @@ public class CHOOSEFONT { /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(CHOOSEFONT)); @@ -4210,7 +4198,6 @@ public class MSOCRINFOSTRUCT { /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(MSOCRINFOSTRUCT)); @@ -4413,7 +4400,6 @@ public struct NMHDR /// Critical : Elevates to UnmanagedCode permissions /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("376BD3AA-3845-101B-84ED-08002B2EC713"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IPerPropertyBrowsing { [PreserveSig] @@ -4449,7 +4435,6 @@ int GetPredefinedValue( /// Critical : Elevates to UnmanagedCode permissions /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("4D07FC10-F931-11CE-B001-00AA006884E5"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface ICategorizeProperties { @@ -4517,7 +4502,6 @@ public sealed class tagCONTROLINFO /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(tagCONTROLINFO)); @@ -4563,7 +4547,6 @@ public bool Byref{ /// Critical: This calls into Marshal.Release which is link demand protected /// TreatAsSafe: This is instance based and the internal pointer it is releasing is critical for set /// - [SecuritySafeCritical] public void Clear() { if ((this.vt == (int)tagVT.VT_UNKNOWN || this.vt == (int)tagVT.VT_DISPATCH) && this.data1.Value != IntPtr.Zero) { Marshal.Release(this.data1.Value); @@ -4687,7 +4670,6 @@ public static VARIANT FromObject(Object var) { /// /// Critical: Sets the pointer to an arbitrary long /// - [SecurityCritical] public void SetLong(long lVal) { data1.Value = (IntPtr)(lVal & 0xFFFFFFFF); data2.Value = (IntPtr)((lVal >> 32) & 0xFFFFFFFF); @@ -4697,7 +4679,6 @@ public void SetLong(long lVal) { /// Critical: Calls Marshal.AllocCoTaskMem, .WriteInt16 and .WriteInt32 which have LinkDemands. /// Writes to unmanaged memory and returns a pointer to it. /// - [SecurityCritical] public IntPtr ToCoTaskMemPtr() { IntPtr mem = Marshal.AllocCoTaskMem(16); Marshal.WriteInt16(mem, vt); @@ -4712,7 +4693,6 @@ public IntPtr ToCoTaskMemPtr() { /// /// Critical: Converts an intptr to an object , it acceses PtrToStruct which is critical /// - [SecurityCritical] public object ToObject() { IntPtr val = data1.Value; long longVal; @@ -4863,7 +4843,6 @@ public object ToObject() { /// /// Critical: Reads an arbitrary IntPtr /// - [SecurityCritical] private static IntPtr GetRefInt(IntPtr value) { return Marshal.ReadIntPtr(value); } @@ -4883,7 +4862,6 @@ public sealed class tagLICINFO /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(tagLICINFO)); @@ -5096,7 +5074,6 @@ public class TOOLINFO_T /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(TOOLINFO_T)); @@ -5120,7 +5097,6 @@ public class TOOLINFO_TOOLTIP /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(TOOLINFO_TOOLTIP)); @@ -5401,7 +5377,6 @@ public class HELPINFO { /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(HELPINFO)); @@ -5626,7 +5601,6 @@ public class MCHITTESTINFO { /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(MCHITTESTINFO)); @@ -5821,7 +5795,6 @@ public override string ToString() { /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(LVGROUP)); @@ -5839,7 +5812,6 @@ public class LVINSERTMARK { /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(LVINSERTMARK)); @@ -5859,7 +5831,6 @@ public class LVTILEVIEWINFO { /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(LVTILEVIEWINFO)); @@ -5994,7 +5965,6 @@ public class CHARFORMATW /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(CHARFORMATW)); @@ -6019,7 +5989,6 @@ public class CHARFORMATA /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(CHARFORMATA)); @@ -6054,7 +6023,6 @@ public class CHARFORMAT2A /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(CHARFORMAT2A)); @@ -6102,7 +6070,6 @@ public class PARAFORMAT /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(PARAFORMAT)); @@ -6140,7 +6107,6 @@ internal abstract class CharBuffer /// Critical: Extensive use of Marshal to allocate and manipulate /// Character buffers. /// - [SecurityCritical] internal static CharBuffer CreateBuffer(int size) { if (Marshal.SystemDefaultCharSize == 1) @@ -6651,7 +6617,6 @@ public enum tagSYSKIND { /// Critical : Elevates to UnmanagedCode permissions /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("A7ABA9C1-8983-11cf-8F20-00805F2CD064"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IProvideMultipleClassInfo { // since the inheritance doesn't seem to work... @@ -6689,7 +6654,6 @@ public class EVENTMSG { /// Critical : Elevates to UnmanagedCode permissions /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("B196B283-BAB4-101A-B69C-00AA00341D07"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IProvideClassInfo { [return: MarshalAs(UnmanagedType.Interface)] diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs index b100261a680..59bb2b84673 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs @@ -111,7 +111,6 @@ internal sealed class OSVERSIONINFOEX /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(OSVERSIONINFOEX)); @@ -148,14 +147,11 @@ public GUID(Guid guid) /// /// Critical - Applies SuppressUnmanagedCodeSecurity. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [ComVisible(true), ComImport(), Guid("B722BCCB-4E68-101B-A2BC-00AA00404770")] [InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] internal interface IOleCommandTarget { - [SecurityCritical] [return: MarshalAs(UnmanagedType.I4)] [PreserveSig] int QueryStatus( @@ -166,7 +162,6 @@ int QueryStatus( [In, Out] IntPtr pCmdText); - [SecurityCritical] [return: MarshalAs(UnmanagedType.I4)] [PreserveSig] int Exec( @@ -196,7 +191,6 @@ internal class DOCHOSTUIINFO { /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(DOCHOSTUIINFO)); @@ -239,7 +233,6 @@ public enum DOCHOSTUIDBLCLICK { /// /// Critical : Elevates to UnmanagedCode permissions /// - [SecurityCritical] [DllImport(ExternDll.Gdi32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] internal static extern IntPtr SetEnhMetaFileBits(uint cbBuffer, byte[] buffer); @@ -260,7 +253,6 @@ public abstract class WpfSafeHandle : SafeHandleZeroOrMinusOneIsInvalid /// /// Critical:This code calls into a base class which is protected by link demand and by inheritance demand /// - [SecurityCritical] protected WpfSafeHandle(bool ownsHandle, int collectorId) : base(ownsHandle) { HandleCollector.Add(collectorId); @@ -271,7 +263,6 @@ protected WpfSafeHandle(bool ownsHandle, int collectorId) : base(ownsHandle) /// Critical: Conceptually, this would be accessing critical data as it's in the destroy call path. /// TreatAsSafe: This is just destroying a handle that this object owns. /// - [SecuritySafeCritical] protected override void Dispose(bool disposing) { HandleCollector.Remove(_collectorId); @@ -287,7 +278,6 @@ public sealed class BitmapHandle : WpfSafeHandle /// /// Critical: This code calls into a base class which is protected by a SecurityCritical constructor. /// - [SecurityCritical] private BitmapHandle() : this(true) { } @@ -295,14 +285,12 @@ private BitmapHandle() : this(true) /// /// Critical: This code calls into a base class which is protected by a SecurityCritical constructor. /// - [SecurityCritical] private BitmapHandle(bool ownsHandle) : base(ownsHandle, NativeMethods.CommonHandles.GDI) { } /// /// Critical: This calls into DeleteObject /// - [SecurityCritical] [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] protected override bool ReleaseHandle() { @@ -312,7 +300,6 @@ protected override bool ReleaseHandle() /// /// Critical: Accesses internal critical data. /// - [SecurityCritical] internal HandleRef MakeHandleRef(object obj) { return new HandleRef(obj, handle); @@ -321,7 +308,6 @@ internal HandleRef MakeHandleRef(object obj) /// /// Critical: Creates a new BitmapHandle using Critical constructor. /// - [SecurityCritical] internal static BitmapHandle CreateFromHandle(IntPtr hbitmap, bool ownsHandle=true) { return new BitmapHandle(ownsHandle) @@ -336,7 +322,6 @@ internal sealed class IconHandle : WpfSafeHandle /// /// Critical: This code calls into a base class which is protected by a SecurityCritical constructor. /// - [SecurityCritical] private IconHandle() : base(true, NativeMethods.CommonHandles.Icon) { } @@ -344,7 +329,6 @@ private IconHandle() : base(true, NativeMethods.CommonHandles.Icon) /// /// Critical: This calls into DestroyIcon /// - [SecurityCritical] [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] protected override bool ReleaseHandle() { @@ -355,7 +339,6 @@ protected override bool ReleaseHandle() /// Critical: This creates a new SafeHandle, which has a critical constructor. /// TreatAsSafe: The handle this creates is invalid. It contains no critical data. /// - [SecuritySafeCritical] internal static IconHandle GetInvalidIcon() { return new IconHandle(); @@ -367,7 +350,6 @@ internal static IconHandle GetInvalidIcon() /// /// Critical: This accesses critical data for the safe handle. /// - [SecurityCritical] internal IntPtr CriticalGetHandle() { return handle; @@ -379,7 +361,6 @@ internal sealed class CursorHandle : WpfSafeHandle /// /// Critical: This code calls into a base class which is protected by a SecurityCritical constructor. /// - [SecurityCritical] private CursorHandle() : base(true, NativeMethods.CommonHandles.Cursor) { } @@ -387,7 +368,6 @@ private CursorHandle() : base(true, NativeMethods.CommonHandles.Cursor) /// /// Critical: This calls into DestroyCursor /// - [SecurityCritical] [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] protected override bool ReleaseHandle() { @@ -398,7 +378,6 @@ protected override bool ReleaseHandle() /// Critical: This creates a new SafeHandle, which has a critical constructor. /// TreatAsSafe: The handle this creates is invalid. It contains no critical data. /// - [SecuritySafeCritical] internal static CursorHandle GetInvalidCursor() { return new CursorHandle(); @@ -621,7 +600,6 @@ public BITMAPINFO(int width, int height, short bpp) /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(BITMAPINFO)); @@ -635,7 +613,6 @@ internal class SECURITY_ATTRIBUTES /// Critical : Initializes critical SafeHandle field /// Safe : Initializes handle to known safe value /// - [SecuritySafeCritical] public SECURITY_ATTRIBUTES () { lpSecurityDescriptor = new SafeLocalMemHandle(); @@ -646,7 +623,6 @@ public SECURITY_ATTRIBUTES () /// /// Critical : Exposes critical SafeHandle /// - [SecurityCritical] public SafeLocalMemHandle lpSecurityDescriptor = new SafeLocalMemHandle(); public bool bInheritHandle = false; @@ -654,7 +630,6 @@ public SECURITY_ATTRIBUTES () /// /// Critical : Disposes critical lpSecurityDescriptor field /// - [SecurityCritical] public void Release() { if (lpSecurityDescriptor != null) @@ -670,7 +645,6 @@ public void Release() /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(SECURITY_ATTRIBUTES)); @@ -680,15 +654,12 @@ private static int SizeOf() /// /// Critical: Inherits from critical tyoe SafeHandleZeroOrMinusOneIsInvalid /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [HostProtection(SecurityAction.LinkDemand, MayLeakOnAbort=true)] internal sealed class SafeLocalMemHandle : SafeHandleZeroOrMinusOneIsInvalid { /// /// Critical: Calls critical SafeHandle ctor /// - [SecurityCritical] public SafeLocalMemHandle() : base(true) { } @@ -696,7 +667,6 @@ public SafeLocalMemHandle() : base(true) /// /// Critical: Calls critical SafeHandle.SetHandle /// - [SecurityCritical] public SafeLocalMemHandle(IntPtr existingHandle, bool ownsHandle) : base(ownsHandle) { base.SetHandle(existingHandle); @@ -705,7 +675,6 @@ public SafeLocalMemHandle(IntPtr existingHandle, bool ownsHandle) : base(ownsHan /// /// Critical: Calls critical LocalFree /// - [SecurityCritical] protected override bool ReleaseHandle() { return (LocalFree(base.handle) == IntPtr.Zero); @@ -714,8 +683,6 @@ protected override bool ReleaseHandle() /// /// Critical: Elevates to unmanaged code permissions /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] [DllImport("kernel32.dll")] private static extern IntPtr LocalFree(IntPtr hMem); @@ -1238,7 +1205,6 @@ public class ANIMATIONINFO /// Critical : Calls critical Marshal.SizeOf /// Safe : Calls method with trusted input (well known safe type) /// - [SecuritySafeCritical] private static int SizeOf() { return Marshal.SizeOf(typeof(ANIMATIONINFO)); @@ -1452,7 +1418,6 @@ public static HDC NULL /// /// Critical: Elevates to unmanaged code permissions /// - [SecurityCritical] [DllImport("gdi32.dll")] public static extern Int32 EndDoc(HDC hdc); @@ -1477,7 +1442,6 @@ public unsafe struct PrinterEscape /// /// Critical: Exposes native pointer /// - [SecurityCritical] public void* buffer; } @@ -1494,7 +1458,6 @@ public unsafe struct PrinterEscape /// /// Critical: Elevates to unmanaged code permissions /// - [SecurityCritical] [DllImport("gdi32.dll")] public static unsafe extern Int32 ExtEscape(HDC hdc, Int32 nEscape, Int32 cbInput, PrinterEscape* lpvInData, Int32 cbOutput, [Out] void* lpvOutData); @@ -1526,7 +1489,6 @@ public unsafe struct DocInfo /// /// Critical: Elevates to unmanaged code permissions /// - [SecurityCritical] [DllImport("gdi32.dll")] public unsafe static extern Int32 StartDoc(HDC hdc, ref DocInfo docInfo); @@ -1540,7 +1502,6 @@ public unsafe struct DocInfo /// /// Critical: Elevates to unmanaged code permissions /// - [SecurityCritical] [DllImport("winspool.drv", BestFitMapping = false, ThrowOnUnmappableChar = true)] public unsafe static extern Int32 OpenPrinterA(String printerName, IntPtr* phPrinter, void* pDefaults); @@ -1552,7 +1513,6 @@ public unsafe struct DocInfo /// /// Critical: Elevates to unmanaged code permissions /// - [SecurityCritical] [DllImport("winspool.drv")]//CASRemoval: public static extern Int32 ClosePrinter(IntPtr hPrinter); @@ -1564,7 +1524,6 @@ public unsafe struct DocInfo /// /// Critical: Elevates to unmanaged code permissions /// - [SecurityCritical] [DllImport("gdi32.dll")]//CASRemoval: public static extern Int32 EndPage(HDC hdc); @@ -1576,7 +1535,6 @@ public unsafe struct DocInfo /// /// Critical: Elevates to unmanaged code permissions /// - [SecurityCritical] [DllImport("gdi32.dll")]//CASRemoval: public static extern Int32 StartPage(HDC hdc); diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsSetLastError.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsSetLastError.cs index 724a5c8922d..72d271f014e 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsSetLastError.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsSetLastError.cs @@ -34,22 +34,18 @@ namespace MS.Internal.Drt using System.Windows; using MS.Win32; - [SuppressUnmanagedCodeSecurity] public static class NativeMethodsSetLastError { #if WINDOWSFORMSINTEGRATION // WinFormsIntegration - [SuppressMessage("Microsoft.Security", "CA2118:ReviewSuppressUnmanagedCodeSecurityUsage")] [DllImport(ExternDll.PresentationNativeDll, EntryPoint="EnableWindowWrapper", SetLastError = true, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern bool EnableWindow(IntPtr hWnd, bool enable); #elif UIAUTOMATIONCLIENT || UIAUTOMATIONCLIENTSIDEPROVIDERS // UIAutomation - [SuppressMessage("Microsoft.Security", "CA2118:ReviewSuppressUnmanagedCodeSecurityUsage")] [DllImport(ExternDll.PresentationNativeDll, EntryPoint="GetWindowLongWrapper", CharSet=CharSet.Auto, SetLastError=true)] public static extern Int32 GetWindowLong(IntPtr hWnd, int nIndex ); - [SuppressMessage("Microsoft.Security", "CA2118:ReviewSuppressUnmanagedCodeSecurityUsage")] [DllImport(ExternDll.PresentationNativeDll, EntryPoint="GetWindowLongPtrWrapper", CharSet=CharSet.Auto, SetLastError=true)] public static extern IntPtr GetWindowLongPtr(IntPtr hWnd, int nIndex ); diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsCLR.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsCLR.cs index 08f1ea88e1b..d6bd01938bd 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsCLR.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsCLR.cs @@ -42,7 +42,6 @@ public static partial class SafeNativeMethods /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] public static int GetMessagePos() { return SafeNativeMethodsPrivate.GetMessagePos(); @@ -52,7 +51,6 @@ public static int GetMessagePos() /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] public static IntPtr GetKeyboardLayout(int dwLayout) { return SafeNativeMethodsPrivate.GetKeyboardLayout(dwLayout); @@ -62,7 +60,6 @@ public static IntPtr GetKeyboardLayout(int dwLayout) /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] public static IntPtr ActivateKeyboardLayout(HandleRef hkl, int uFlags) { return SafeNativeMethodsPrivate.ActivateKeyboardLayout(hkl, uFlags); @@ -73,7 +70,6 @@ public static IntPtr ActivateKeyboardLayout(HandleRef hkl, int uFlags) /// Critical - access unmanaged code via SetLastError() and IntGetKeyboardLayoutList(). /// TreatAsSafe - no returns from SetLastError(). Calling IntGetKeyboardLayoutList() is safe. /// - [SecuritySafeCritical] public static int GetKeyboardLayoutList(int size, [Out, MarshalAs(UnmanagedType.LPArray)] IntPtr[] hkls) { int result = NativeMethodsSetLastError.GetKeyboardLayoutList(size, hkls); @@ -95,7 +91,6 @@ public static int GetKeyboardLayoutList(int size, [Out, MarshalAs(UnmanagedType. /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] internal static void GetMonitorInfo(HandleRef hmonitor, [In, Out]NativeMethods.MONITORINFOEX info) { if (SafeNativeMethodsPrivate.IntGetMonitorInfo(hmonitor, info) == false) @@ -109,7 +104,6 @@ internal static void GetMonitorInfo(HandleRef hmonitor, [In, Out]NativeMethods.M /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] public static IntPtr MonitorFromPoint(NativeMethods.POINTSTRUCT pt, int flags) { return SafeNativeMethodsPrivate.MonitorFromPoint(pt,flags); @@ -120,7 +114,6 @@ public static IntPtr MonitorFromPoint(NativeMethods.POINTSTRUCT pt, int flags) /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] public static IntPtr MonitorFromRect(ref NativeMethods.RECT rect, int flags) { return SafeNativeMethodsPrivate.MonitorFromRect(ref rect,flags); @@ -131,7 +124,6 @@ public static IntPtr MonitorFromRect(ref NativeMethods.RECT rect, int flags) /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] public static IntPtr MonitorFromWindow(HandleRef handle, int flags) { return SafeNativeMethodsPrivate.MonitorFromWindow(handle, flags); @@ -143,7 +135,6 @@ public static IntPtr MonitorFromWindow(HandleRef handle, int flags) /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] public static NativeMethods.CursorHandle LoadCursor(HandleRef hInst, IntPtr iconId) { NativeMethods.CursorHandle cursorHandle = SafeNativeMethodsPrivate.LoadCursor(hInst, iconId); @@ -161,7 +152,6 @@ public static NativeMethods.CursorHandle LoadCursor(HandleRef hInst, IntPtr icon /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] public static IntPtr GetCursor() { return SafeNativeMethodsPrivate.GetCursor(); @@ -171,7 +161,6 @@ public static IntPtr GetCursor() /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: Hiding cursor is ok /// - [SecuritySafeCritical] public static int ShowCursor(bool show) { return SafeNativeMethodsPrivate.ShowCursor(show); @@ -181,7 +170,6 @@ public static int ShowCursor(bool show) /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] internal static bool AdjustWindowRectEx(ref NativeMethods.RECT lpRect, int dwStyle, bool bMenu, int dwExStyle) { bool returnValue = SafeNativeMethodsPrivate.IntAdjustWindowRectEx(ref lpRect, dwStyle, bMenu, dwExStyle); @@ -197,7 +185,6 @@ internal static bool AdjustWindowRectEx(ref NativeMethods.RECT lpRect, int dwSty /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] internal static void GetClientRect(HandleRef hWnd, [In, Out] ref NativeMethods.RECT rect) { if(!SafeNativeMethodsPrivate.IntGetClientRect(hWnd, ref rect)) @@ -210,7 +197,6 @@ internal static void GetClientRect(HandleRef hWnd, [In, Out] ref NativeMethods.R /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] internal static void GetWindowRect(HandleRef hWnd, [In, Out] ref NativeMethods.RECT rect) { if(!SafeNativeMethodsPrivate.IntGetWindowRect(hWnd, ref rect)) @@ -223,7 +209,6 @@ internal static void GetWindowRect(HandleRef hWnd, [In, Out] ref NativeMethods.R /// Critical: This code elevates to unmanaged code permission /// TreatAsafe: This function is safe to call /// - [SecuritySafeCritical] public static int GetDoubleClickTime() { return SafeNativeMethodsPrivate.GetDoubleClickTime(); @@ -233,7 +218,6 @@ public static int GetDoubleClickTime() /// Critical: This code elevates to unmanaged code permission /// TreatAsafe: This function is safe to call /// - [SecuritySafeCritical] public static bool IsWindowEnabled(HandleRef hWnd) { return SafeNativeMethodsPrivate.IsWindowEnabled(hWnd); @@ -243,7 +227,6 @@ public static bool IsWindowEnabled(HandleRef hWnd) /// Critical: This code elevates to unmanaged code permission /// TreatAsafe: This function is safe to call /// - [SecuritySafeCritical] public static bool IsWindowVisible(HandleRef hWnd) { return SafeNativeMethodsPrivate.IsWindowVisible(hWnd); @@ -253,7 +236,6 @@ public static bool IsWindowVisible(HandleRef hWnd) /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] internal static bool ReleaseCapture() { bool returnValue = SafeNativeMethodsPrivate.IntReleaseCapture(); @@ -271,7 +253,6 @@ internal static bool ReleaseCapture() /// Critical: This code calls into unmanaged code which elevates /// TreatAsSafe: This method is ok to give out /// - [SecuritySafeCritical] public static bool TrackMouseEvent(NativeMethods.TRACKMOUSEEVENT tme) { bool retVal = SafeNativeMethodsPrivate.TrackMouseEvent(tme); @@ -290,7 +271,6 @@ public static bool TrackMouseEvent(NativeMethods.TRACKMOUSEEVENT tme) /// Critical: This code elevates to unmanaged code permission /// TreatAsafe: This function is safe to call /// - [SecuritySafeCritical] public static void SetTimer(HandleRef hWnd, int nIDEvent, int uElapse) { if(SafeNativeMethodsPrivate.SetTimer(hWnd, nIDEvent, uElapse, null) == IntPtr.Zero) @@ -305,7 +285,6 @@ public static void SetTimer(HandleRef hWnd, int nIDEvent, int uElapse) /// Critical: This code elevates to unmanaged code permission /// TreatAsafe: This function is safe to call /// - [SecuritySafeCritical] public static bool TrySetTimer(HandleRef hWnd, int nIDEvent, int uElapse) { if(SafeNativeMethodsPrivate.TrySetTimer(hWnd, nIDEvent, uElapse, null) == IntPtr.Zero) @@ -322,7 +301,6 @@ public static bool TrySetTimer(HandleRef hWnd, int nIDEvent, int uElapse) /// TreatAsafe: This function is safe to call as in the worst case it destroys the dispatcher timer. /// it destroys a timer /// - [SecuritySafeCritical] public static bool KillTimer(HandleRef hwnd, int idEvent) { return (SafeNativeMethodsPrivate.KillTimer(hwnd,idEvent)); @@ -334,7 +312,6 @@ public static bool KillTimer(HandleRef hwnd, int idEvent) /// Critical: This code elevates to unmanaged code permission /// TreatAsafe: This function is safe to call /// - [SecuritySafeCritical] public static int GetTickCount() { return SafeNativeMethodsPrivate.GetTickCount(); @@ -346,7 +323,6 @@ public static int GetTickCount() /// Critical: This code elevates to unmanaged code permission /// TreatAsafe: It is considered safe to play sounds. /// - [SecuritySafeCritical] public static int MessageBeep(int uType) { return SafeNativeMethodsPrivate.MessageBeep(uType); @@ -357,7 +333,6 @@ public static int MessageBeep(int uType) /// Critical: This code elevates to unmanaged code permission /// TreatAsafe: This function is safe to call /// - [SecuritySafeCritical] public static bool IsWindowUnicode(HandleRef hWnd) { return (SafeNativeMethodsPrivate.IsWindowUnicode(hWnd)); @@ -369,7 +344,6 @@ public static bool IsWindowUnicode(HandleRef hWnd) /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: Setting Cursor is ok /// - [SecuritySafeCritical] public static IntPtr SetCursor(HandleRef hcursor) { return SafeNativeMethodsPrivate.SetCursor(hcursor); @@ -379,7 +353,6 @@ public static IntPtr SetCursor(HandleRef hcursor) /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: Setting Cursor is ok /// - [SecuritySafeCritical] public static IntPtr SetCursor(SafeHandle hcursor) { return SafeNativeMethodsPrivate.SetCursor(hcursor); @@ -392,7 +365,6 @@ public static IntPtr SetCursor(SafeHandle hcursor) /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: Screen to Clien is ok to give out /// - [SecuritySafeCritical] public static void ScreenToClient(HandleRef hWnd, [In, Out] NativeMethods.POINT pt) { if(SafeNativeMethodsPrivate.IntScreenToClient(hWnd, pt) == 0) @@ -405,7 +377,6 @@ public static void ScreenToClient(HandleRef hWnd, [In, Out] NativeMethods.POINT /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: Process Id is ok to give out /// - [SecuritySafeCritical] public static int GetCurrentProcessId() { return SafeNativeMethodsPrivate.GetCurrentProcessId(); @@ -416,7 +387,6 @@ public static int GetCurrentProcessId() /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: Thread ID is ok to give out /// - [SecuritySafeCritical] public static int GetCurrentThreadId() { return SafeNativeMethodsPrivate.GetCurrentThreadId(); @@ -432,7 +402,6 @@ public static int GetCurrentThreadId() /// /// The session id upon success, null on failure /// - [SecuritySafeCritical] public static int? GetCurrentSessionId() { int? result = null; @@ -453,7 +422,6 @@ public static int GetCurrentThreadId() /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: Getting mouse capture is ok /// - [SecuritySafeCritical] public static IntPtr GetCapture() { return SafeNativeMethodsPrivate.GetCapture(); @@ -465,7 +433,6 @@ public static IntPtr GetCapture() /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: Setting Capture is ok /// - [SecuritySafeCritical] public static IntPtr SetCapture(HandleRef hwnd) { return SafeNativeMethodsPrivate.SetCapture(hwnd); @@ -476,7 +443,6 @@ public static IntPtr SetCapture(HandleRef hwnd) /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: Getting virtual key mapping is ok /// - [SecuritySafeCritical] internal static int MapVirtualKey(int nVirtKey, int nMapType) { return SafeNativeMethodsPrivate.MapVirtualKey(nVirtKey,nMapType); @@ -506,7 +472,6 @@ internal static int MapVirtualKey(int nVirtKey, int nMapType) /// critical: This method elevates to unmanaged-code permission /// safe: Returns safe information /// - [SecuritySafeCritical] public static bool IsCurrentSessionConnectStateWTSActive(int? SessionId = null, bool defaultResult = true) { IntPtr buffer = IntPtr.Zero; @@ -552,7 +517,6 @@ public static bool IsCurrentSessionConnectStateWTSActive(int? SessionId = null, return currentSessionConnectState; } - [SuppressUnmanagedCodeSecurity] private partial class SafeNativeMethodsPrivate { diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsOther.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsOther.cs index d62013436d0..9e0c52a888d 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsOther.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsOther.cs @@ -37,8 +37,6 @@ namespace MS.Win32 { // The attributes are commented out here because this is a partial class and the attributes are already // applied in SafeNativeMethodsCLR.cs // - //[SecuritySafeCritical] - //[SuppressUnmanagedCodeSecurity] public partial class SafeNativeMethods { @@ -66,7 +64,6 @@ internal enum PlaySoundFlags /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: This function is safe to call /// - [SecuritySafeCritical] internal static bool InSendMessage() { return SafeNativeMethodsPrivate.InSendMessage(); @@ -78,7 +75,6 @@ internal static bool InSendMessage() /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: This function is safe to call /// - [SecuritySafeCritical] public static int GetQueueStatus(uint flags) { return SafeNativeMethodsPrivate.GetQueueStatus(flags); @@ -88,7 +84,6 @@ public static int GetQueueStatus(uint flags) /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: This function is safe to call /// - [SecuritySafeCritical] internal static int GetInputState() { return SafeNativeMethodsPrivate.GetInputState(); @@ -99,7 +94,6 @@ internal static int GetInputState() /// Critical: This code elevates to unmanaged code permission /// TreatAsafe: This function is safe to call /// - [SecuritySafeCritical] public static bool IsUxThemeActive() { return SafeNativeMethodsPrivate.IsThemeActive() != 0; } @@ -107,7 +101,6 @@ internal static int GetInputState() /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: This function is safe to call /// - [SecuritySafeCritical] public static bool SetCaretPos(int x, int y) { // To be consistent with our other PInvoke wrappers @@ -123,7 +116,6 @@ public static bool SetCaretPos(int x, int y) /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: This function is safe to call /// - [SecuritySafeCritical] public static bool DestroyCaret() { // To be consistent with our other PInvoke wrappers @@ -139,7 +131,6 @@ public static bool DestroyCaret() /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: This function is safe to call /// - [SecuritySafeCritical] public static int GetCaretBlinkTime() { // To be consistent with our other PInvoke wrappers @@ -173,7 +164,6 @@ public static int GetCaretBlinkTime() /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: This function is safe to call /// - [SecuritySafeCritical] public static bool GetStringTypeEx(uint locale, uint infoType, char[] sourceString, int count, UInt16[] charTypes) { @@ -192,7 +182,6 @@ public static bool GetStringTypeEx(uint locale, uint infoType, char[] sourceStri /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: This function is safe to call /// - [SecuritySafeCritical] public static int GetSysColor(int nIndex) { return SafeNativeMethodsPrivate.GetSysColor(nIndex); @@ -202,7 +191,6 @@ public static int GetSysColor(int nIndex) /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: Exposes no critical data and doesn't affect clipboard state /// - [SecuritySafeCritical] public static bool IsClipboardFormatAvailable(int format) { return SafeNativeMethodsPrivate.IsClipboardFormatAvailable(format); @@ -229,7 +217,6 @@ internal static void DestroyIcon(NativeMethods.IconHandle hIcon) /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: This function is safe to call /// - [SecuritySafeCritical] public static bool IsDebuggerPresent() { return SafeNativeMethodsPrivate.IsDebuggerPresent(); } #endif #if BASE_NATIVEMETHODS @@ -241,7 +228,6 @@ internal static void DestroyIcon(NativeMethods.IconHandle hIcon) /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: This function is safe to call /// - [SecuritySafeCritical] public static void QueryPerformanceCounter(out long lpPerformanceCount) { if (!SafeNativeMethodsPrivate.QueryPerformanceCounter(out lpPerformanceCount)) @@ -254,7 +240,6 @@ public static void QueryPerformanceCounter(out long lpPerformanceCount) /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: This function is safe to call /// - [SecuritySafeCritical] public static void QueryPerformanceFrequency(out long lpFrequency) { if (!SafeNativeMethodsPrivate.QueryPerformanceFrequency(out lpFrequency)) @@ -267,7 +252,6 @@ public static void QueryPerformanceFrequency(out long lpFrequency) /// Critical: This code elevates to unmanaged code permission /// TreatAsSafe: This function is safe to call /// - [SecuritySafeCritical] internal static int GetMessageTime() { return SafeNativeMethodsPrivate.GetMessageTime(); @@ -279,13 +263,11 @@ internal static int GetMessageTime() /// This method accesses an UnsafeNativeMethod under an elevation. This is /// still safe because it just returns the style or ex style which we consider safe. /// - [SecuritySafeCritical] internal static Int32 GetWindowStyle(HandleRef hWnd, bool exStyle) { int nIndex = exStyle ? NativeMethods.GWL_EXSTYLE : NativeMethods.GWL_STYLE; return UnsafeNativeMethods.GetWindowLong(hWnd, nIndex); } - [SuppressUnmanagedCodeSecurity] private static partial class SafeNativeMethodsPrivate { [DllImport(ExternDll.User32, CharSet = CharSet.Auto)] diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsCLR.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsCLR.cs index 08e44b63177..1acfeb478da 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsCLR.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsCLR.cs @@ -60,7 +60,6 @@ public POINTSTRUCT(int x, int y) { /// Critical: The code below has a link demand for unmanaged code permission.This code can be used to /// get to data that a pointer points to which can lead to easier data reading. /// - [SecurityCritical] public static object PtrToStructure(IntPtr lparam, Type cls) { return Marshal.PtrToStructure(lparam, cls); } @@ -70,7 +69,6 @@ public static object PtrToStructure(IntPtr lparam, Type cls) { /// Critical: The code below has a link demand for unmanaged code permission.This code can be used to /// write data to arbitrary memory. /// - [SecurityCritical] public static void StructureToPtr(object structure, IntPtr ptr, bool fDeleteOld) { Marshal.StructureToPtr(structure, ptr, fDeleteOld); @@ -80,43 +78,34 @@ public static void StructureToPtr(object structure, IntPtr ptr, bool fDeleteOld) /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Ole32, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern int OleGetClipboard(ref IComDataObject data); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Ole32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern int OleSetClipboard(IComDataObject pDataObj); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Ole32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern int OleFlushClipboard(); #endif /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Uxtheme, CharSet = CharSet.Auto, BestFitMapping = false)] public static extern int GetCurrentThemeName(StringBuilder pszThemeFileName, int dwMaxNameChars, StringBuilder pszColorBuff, int dwMaxColorChars, StringBuilder pszSizeBuff, int cchMaxSizeChars); /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.DwmAPI, BestFitMapping = false)] public static extern int DwmIsCompositionEnabled(out Int32 enabled); /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern IntPtr GetCurrentThread(); @@ -124,7 +113,6 @@ public static void StructureToPtr(object structure, IntPtr ptr, bool fDeleteOld) /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.User32, CharSet = System.Runtime.InteropServices.CharSet.Auto, BestFitMapping = false)] public static extern WindowMessage RegisterWindowMessage(string msg); #endif @@ -132,14 +120,12 @@ public static void StructureToPtr(object structure, IntPtr ptr, bool fDeleteOld) /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.User32, EntryPoint = "SetWindowPos", ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, SetLastError = true)] public static extern bool SetWindowPos(HandleRef hWnd, HandleRef hWndInsertAfter, int x, int y, int cx, int cy, int flags); /// /// Critical: This code escalates to unmanaged code permission /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, SetLastError = true)] public static extern IntPtr GetWindow(HandleRef hWnd, int uCmd); @@ -164,53 +150,45 @@ public enum ProcessDpiAwareness Process_Per_Monitor_DPI_Aware = 2 } - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Shcore, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, SetLastError = true)] public static extern uint GetProcessDpiAwareness(HandleRef hProcess, out IntPtr awareness); /// /// Critical: This code escalates to unmanaged code permission /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Shcore, CharSet = System.Runtime.InteropServices.CharSet.Auto, SetLastError = true)] public static extern uint GetDpiForMonitor(HandleRef hMonitor, MonitorDpiType dpiType, out uint dpiX, out uint dpiY); - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.User32, EntryPoint = "IsProcessDPIAware", CharSet = CharSet.Auto, SetLastError = true)] internal static extern bool IsProcessDPIAware(); /// /// Critical: This code escalates to unmanaged code permission /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Kernel32, CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr OpenProcess(int dwDesiredAccess, bool fInherit, int dwProcessId); /// /// Critical: This code escalates to unmanaged code permission /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.User32, EntryPoint = "EnableNonClientDpiScaling", CharSet = CharSet.Auto, SetLastError = true)] public static extern bool EnableNonClientDpiScaling(HandleRef hWnd); /// /// Critical: This code escalates to unmanaged code permission /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.User32, SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, BestFitMapping = false)] public static extern int GetClassName(HandleRef hwnd, StringBuilder lpClassName, int nMaxCount); /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.User32, SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, BestFitMapping = false)] public static extern int MessageBox(HandleRef hWnd, string text, string caption, int type); /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Uxtheme, CharSet = CharSet.Auto, BestFitMapping = false, EntryPoint = "SetWindowTheme")] public static extern int CriticalSetWindowTheme(HandleRef hWnd, string subAppName, string subIdList); @@ -221,45 +199,36 @@ public enum ProcessDpiAwareness /// /// Critical - elevates via a SUC. Can be used to run arbitrary code. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, EntryPoint = "CreateCompatibleBitmap", CharSet = CharSet.Auto)] public static extern IntPtr CriticalCreateCompatibleBitmap(HandleRef hDC, int width, int height); /// /// Critical - elevates via a SUC. Can be used to run arbitrary code. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Gdi32, EntryPoint = "GetStockObject", SetLastError = true, CharSet = CharSet.Auto)] public static extern IntPtr CriticalGetStockObject(int stockObject); /// /// Critical - elevates via a SUC. Can be used to run arbitrary code. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint = "FillRect", SetLastError = true, CharSet = CharSet.Auto)] public static extern int CriticalFillRect(IntPtr hdc, ref NativeMethods.RECT rcFill, IntPtr brush); /// /// Critical: This code escalates to unmanaged code permission /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern int GetBitmapBits(HandleRef hbmp, int cbBuffer, byte[] lpvBits); /// /// Critical: This code escalates to unmanaged code permission /// - [SecurityCritical,SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern bool ShowWindow(HandleRef hWnd, int nCmdShow); /// /// Critical: This code escalates to unmanaged code permission /// - [SecurityCritical] public static void DeleteObject(HandleRef hObject) { HandleCollector.Remove((IntPtr)hObject, NativeMethods.CommonHandles.GDI); @@ -273,7 +242,6 @@ public static void DeleteObject(HandleRef hObject) /// /// Critical: This code escalates to unmanaged code permission via a call to IntDeleteObject /// - [SecurityCritical] public static bool DeleteObjectNoThrow(HandleRef hObject) { HandleCollector.Remove((IntPtr)hObject, NativeMethods.CommonHandles.GDI); @@ -293,7 +261,6 @@ public static bool DeleteObjectNoThrow(HandleRef hObject) /// /// Critical: This code escalates to unmanaged code permission /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Gdi32, SetLastError=true, ExactSpelling = true, EntryPoint="DeleteObject", CharSet=System.Runtime.InteropServices.CharSet.Auto)] public static extern bool IntDeleteObject(HandleRef hObject); @@ -304,14 +271,12 @@ public static bool DeleteObjectNoThrow(HandleRef hObject) /// /// Critical: This code escalates to unmanaged code permission /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern IntPtr SelectObject(HandleRef hdc, NativeMethods.BitmapHandle obj); /// /// Critical: This code escalates to unmanaged code permission /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Gdi32, EntryPoint="SelectObject", SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern IntPtr CriticalSelectObject(HandleRef hdc, IntPtr obj); @@ -321,8 +286,6 @@ public static bool DeleteObjectNoThrow(HandleRef hObject) /// /// This code elevates to unmanaged code permission /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, BestFitMapping = false)] public static extern int RegisterClipboardFormat(string format); @@ -332,16 +295,12 @@ public static extern bool BitBlt(HandleRef hDC, int x, int y, int nWidth, int nH /// /// This code elevates to unmanaged code permission /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint="PrintWindow", SetLastError = true, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern bool CriticalPrintWindow(HandleRef hWnd, HandleRef hDC, int flags); /// /// This code elevates to unmanaged code permission /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint="RedrawWindow", ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern bool CriticalRedrawWindow(HandleRef hWnd, IntPtr lprcUpdate, IntPtr hrgnUpdate, int flags); @@ -351,7 +310,6 @@ public static extern bool BitBlt(HandleRef hDC, int x, int y, int nWidth, int nH /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Shell32, CharSet=CharSet.Auto, BestFitMapping = false)] public static extern IntPtr ShellExecute(HandleRef hwnd, string lpOperation, string lpFile, string lpParameters, string lpDirectory, int nShowCmd); @@ -396,7 +354,6 @@ internal enum ShellExecuteFlags /// /// Critical - elevates via SUC. Starts a new process. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Shell32, CharSet = CharSet.Unicode, SetLastError = true)] internal static extern bool ShellExecuteEx([In, Out] ShellExecuteInfo lpExecInfo); @@ -407,35 +364,27 @@ internal enum ShellExecuteFlags /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Kernel32, ExactSpelling=true, CharSet=CharSet.Unicode, SetLastError=true)] public static extern int MultiByteToWideChar(int CodePage, int dwFlags, byte[] lpMultiByteStr, int cchMultiByte, [Out, MarshalAs(UnmanagedType.LPWStr)] StringBuilder lpWideCharStr, int cchWideChar); /// /// Critical - elevates (via SuppressUnmanagedCodeSecurity). /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Kernel32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Unicode)] public static extern int WideCharToMultiByte(int codePage, int flags, [MarshalAs(UnmanagedType.LPWStr)]string wideStr, int chars, [In,Out]byte[] pOutBytes, int bufferBytes, IntPtr defaultChar, IntPtr pDefaultUsed); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, ExactSpelling=true, EntryPoint="RtlMoveMemory", CharSet=CharSet.Unicode)] public static extern void CopyMemoryW(IntPtr pdst, string psrc, int cb); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, ExactSpelling = true, EntryPoint = "RtlMoveMemory", CharSet = CharSet.Unicode)] public static extern void CopyMemoryW(IntPtr pdst, char[] psrc, int cb); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, ExactSpelling=true, EntryPoint="RtlMoveMemory")] public static extern void CopyMemory(IntPtr pdst, byte[] psrc, int cb); @@ -444,11 +393,8 @@ internal enum ShellExecuteFlags /// Critical as this code performs an elevation due to an unmanaged code call. Also this /// information can be used to exploit the system. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint="GetKeyboardState", CharSet=CharSet.Auto, SetLastError=true)] private static extern int IntGetKeyboardState(byte [] keystate); - [SecurityCritical] public static void GetKeyboardState(byte [] keystate) { if(IntGetKeyboardState(keystate) == 0) @@ -467,14 +413,12 @@ public static void GetKeyboardState(byte [] keystate) /// /// Critical: This code elevates to unmanaged code permission /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, EntryPoint = "GetModuleFileName", CharSet=CharSet.Unicode, SetLastError = true)] private static extern int IntGetModuleFileName(HandleRef hModule, StringBuilder buffer, int length); /// /// Critical: This code elevates to unmanaged code permission by calling into IntGetModuleFileName /// - [SecurityCritical] internal static string GetModuleFileName(HandleRef hModule) { // .Net is currently far behind Windows with regard to supporting paths longer than MAX_PATH. @@ -512,8 +456,6 @@ internal static string GetModuleFileName(HandleRef hModule) /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern bool TranslateMessage([In, Out] ref System.Windows.Interop.MSG msg); @@ -521,8 +463,6 @@ internal static string GetModuleFileName(HandleRef hModule) /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, CharSet=CharSet.Auto)] public static extern IntPtr DispatchMessage([In] ref System.Windows.Interop.MSG msg); #endif @@ -531,10 +471,8 @@ internal static string GetModuleFileName(HandleRef hModule) /// /// Critical as this code performs an elevation. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, CharSet=CharSet.Auto, EntryPoint="PostThreadMessage", SetLastError=true)] private static extern int IntPostThreadMessage(int id, int msg, IntPtr wparam, IntPtr lparam); - [SecurityCritical] public static void PostThreadMessage(int id, int msg, IntPtr wparam, IntPtr lparam) { if(IntPostThreadMessage(id, msg, wparam, lparam) == 0) @@ -547,26 +485,21 @@ public static void PostThreadMessage(int id, int msg, IntPtr wparam, IntPtr lpar /// /// Critical - This code elevates to unmanaged code. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport("oleacc.dll")] internal static extern int ObjectFromLresult(IntPtr lResult, ref Guid iid, IntPtr wParam, [In, Out] ref IAccessible ppvObject); /// /// Critical - This code elevates to unmanaged code. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport("user32.dll")] internal static extern bool IsWinEventHookInstalled(int winevent); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Ole32, EntryPoint="OleInitialize")] private static extern int IntOleInitialize(IntPtr val); - [SecurityCritical] public static int OleInitialize() { return IntOleInitialize(IntPtr.Zero); @@ -575,7 +508,6 @@ public static int OleInitialize() /// /// Critical: SUC. Inherently unsafe. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Ole32)] public static extern int CoRegisterPSClsid(ref Guid riid, ref Guid rclsid); @@ -586,7 +518,6 @@ public static int OleInitialize() /// /// Critical: This code calls into unmanaged code which elevates /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Ole32, ExactSpelling=true, CharSet=CharSet.Auto, SetLastError=true)] public static extern int OleUninitialize(); @@ -596,7 +527,6 @@ public static int OleInitialize() /// /// Critical: Closes a passed in handle, LinkDemand on Marshal.GetLastWin32Error /// - [SecurityCritical] public static bool CloseHandleNoThrow(HandleRef handle) { HandleCollector.Remove((IntPtr)handle, NativeMethods.CommonHandles.Kernel); @@ -616,7 +546,6 @@ public static bool CloseHandleNoThrow(HandleRef handle) /// /// Critical as this code performs an UnmanagedCodeSecurity elevation. /// - [SecurityCritical] [DllImport(ExternDll.Ole32, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern int CreateStreamOnHGlobal(IntPtr hGlobal, bool fDeleteOnRelease, ref System.Runtime.InteropServices.ComTypes.IStream istream); @@ -628,8 +557,6 @@ public static bool CloseHandleNoThrow(HandleRef handle) /// /// Critical - elevates via a SUC. Can be used to run arbitrary code. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Gdi32, SetLastError=true, EntryPoint="CreateCompatibleDC", CharSet=CharSet.Auto)] public static extern IntPtr CriticalCreateCompatibleDC(HandleRef hDC); @@ -638,7 +565,6 @@ public static bool CloseHandleNoThrow(HandleRef handle) /// TreatAsSafe: Throwing an exception isn't unsafe /// Note: If SupressUnmanagedCodeSecurity attribute is ever added to IntCreateCompatibleDC, we need to be Critical /// - [SecuritySafeCritical] public static IntPtr CreateCompatibleDC(HandleRef hDC) { IntPtr h = IntCreateCompatibleDC(hDC); @@ -659,7 +585,6 @@ public static IntPtr CreateCompatibleDC(HandleRef hDC) /// TreatAsSafe: Throwing an exception isn't unsafe /// Note: If SupressUnmanagedCodeSecurity attribute is ever added to IntUnmapViewOfFile, we need to be Critical /// - [SecuritySafeCritical] public static void UnmapViewOfFile(HandleRef pvBaseAddress) { HandleCollector.Remove((IntPtr)pvBaseAddress, NativeMethods.CommonHandles.Kernel); @@ -672,7 +597,6 @@ public static void UnmapViewOfFile(HandleRef pvBaseAddress) /// /// Critical: Unmaps a file handle, LinkDemand on Marshal.GetLastWin32Error /// - [SecurityCritical] public static bool UnmapViewOfFileNoThrow(HandleRef pvBaseAddress) { HandleCollector.Remove((IntPtr)pvBaseAddress, NativeMethods.CommonHandles.Kernel); @@ -692,7 +616,6 @@ public static bool UnmapViewOfFileNoThrow(HandleRef pvBaseAddress) /// /// Critical: This code calls into unmanaged code which elevates /// - [SecurityCritical] public static bool EnableWindow(HandleRef hWnd, bool enable) { bool result = NativeMethodsSetLastError.EnableWindow(hWnd, enable); @@ -711,7 +634,6 @@ public static bool EnableWindow(HandleRef hWnd, bool enable) /// /// Critical: This code calls into unmanaged code which elevates /// - [SecurityCritical] public static bool EnableWindowNoThrow(HandleRef hWnd, bool enable) { // This method is not throwing because the caller don't want to fail after calling this. @@ -726,22 +648,18 @@ public static bool EnableWindowNoThrow(HandleRef hWnd, bool enable) /// /// Critical: This code returns the window which has focus and elevates to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern IntPtr GetFocus(); /// /// Critical - this code elevates via SUC. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint = "GetCursorPos", ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] private static extern bool IntGetCursorPos([In, Out] NativeMethods.POINT pt); /// /// Critical - calls a critical function. /// - [SecurityCritical] internal static bool GetCursorPos([In, Out] NativeMethods.POINT pt) { bool returnValue = IntGetCursorPos(pt); @@ -755,14 +673,12 @@ internal static bool GetCursorPos([In, Out] NativeMethods.POINT pt) /// /// Critical - this code elevates via SUC. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint = "GetCursorPos", ExactSpelling = true, CharSet = CharSet.Auto)] private static extern bool IntTryGetCursorPos([In, Out] NativeMethods.POINT pt); /// /// Critical - calls a critical function. /// - [SecurityCritical] internal static bool TryGetCursorPos([In, Out] NativeMethods.POINT pt) { bool returnValue = IntTryGetCursorPos(pt); @@ -785,8 +701,6 @@ internal static bool TryGetCursorPos([In, Out] NativeMethods.POINT pt) /// Critical:Unmanaged code that gets the state of the keyboard keys /// This can be exploited to get keyboard state. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=System.Runtime.InteropServices.CharSet.Auto)] public static extern int GetWindowThreadProcessId(HandleRef hWnd, out int lpdwProcessId); @@ -794,32 +708,24 @@ internal static bool TryGetCursorPos([In, Out] NativeMethods.POINT pt) /// Critical:Unmanaged code that gets the state of the keyboard keys /// This can be exploited to get keyboard state. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern short GetKeyState(int keyCode); /// /// Critical:Elevates to Unmanaged code permission /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Ole32, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, PreserveSig = false)] public static extern void DoDragDrop(IComDataObject dataObject, UnsafeNativeMethods.IOleDropSource dropSource, int allowedEffects, int[] finalEffect); /// /// Critical - this code elevates via SUC. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Ole32, ExactSpelling=true, CharSet=CharSet.Auto)] internal static extern void ReleaseStgMedium(ref STGMEDIUM medium); /// /// Critical - this code elevates via SUC. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=System.Runtime.InteropServices.CharSet.Auto)] public static extern bool InvalidateRect(HandleRef hWnd, IntPtr rect, bool erase); @@ -830,7 +736,6 @@ internal static bool TryGetCursorPos([In, Out] NativeMethods.POINT pt) /// /// SecurityCritical due to a call to SetLastError and calls GetWindowText /// - [SecurityCritical] internal static int GetWindowText(HandleRef hWnd, [Out] StringBuilder lpString, int nMaxCount) { int returnValue = NativeMethodsSetLastError.GetWindowText(hWnd, lpString, nMaxCount); @@ -848,7 +753,6 @@ internal static int GetWindowText(HandleRef hWnd, [Out] StringBuilder lpString, /// /// SecurityCritical due to a call to SetLastError /// - [SecurityCritical] internal static int GetWindowTextLength(HandleRef hWnd) { int returnValue = NativeMethodsSetLastError.GetWindowTextLength(hWnd); @@ -866,48 +770,36 @@ internal static int GetWindowTextLength(HandleRef hWnd) /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr GlobalAlloc(int uFlags, IntPtr dwBytes); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr GlobalReAlloc(HandleRef handle, IntPtr bytes, int flags); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr GlobalLock(HandleRef handle); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern bool GlobalUnlock(HandleRef handle); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr GlobalFree(HandleRef handle); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr GlobalSize(HandleRef handle); @@ -915,40 +807,30 @@ internal static int GetWindowTextLength(HandleRef hWnd) /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet=CharSet.Auto)] public static extern bool ImmSetConversionStatus(HandleRef hIMC, int conversion, int sentence); /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet=CharSet.Auto)] public static extern bool ImmGetConversionStatus(HandleRef hIMC, ref int conversion, ref int sentence); /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern IntPtr ImmGetContext(HandleRef hWnd); /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern bool ImmReleaseContext(HandleRef hWnd, HandleRef hIMC); /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet=CharSet.Auto)] public static extern IntPtr ImmAssociateContext(HandleRef hWnd, HandleRef hIMC); @@ -956,32 +838,24 @@ internal static int GetWindowTextLength(HandleRef hWnd) /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern bool ImmSetOpenStatus(HandleRef hIMC, bool open); /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern bool ImmGetOpenStatus(HandleRef hIMC); /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern bool ImmNotifyIME(HandleRef hIMC, int dwAction, int dwIndex, int dwValue); /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet=CharSet.Auto)] public static extern int ImmGetProperty(HandleRef hkl, int flags); @@ -989,8 +863,6 @@ internal static int GetWindowTextLength(HandleRef hWnd) /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmGetCompositionString(HandleRef hIMC, int dwIndex, char[] lpBuf, int dwBufLen); @@ -998,8 +870,6 @@ internal static int GetWindowTextLength(HandleRef hWnd) /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmGetCompositionString(HandleRef hIMC, int dwIndex, byte[] lpBuf, int dwBufLen); @@ -1007,8 +877,6 @@ internal static int GetWindowTextLength(HandleRef hWnd) /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmGetCompositionString(HandleRef hIMC, int dwIndex, int[] lpBuf, int dwBufLen); @@ -1016,8 +884,6 @@ internal static int GetWindowTextLength(HandleRef hWnd) /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmGetCompositionString(HandleRef hIMC, int dwIndex, IntPtr lpBuf, int dwBufLen); @@ -1033,16 +899,12 @@ internal static int GetWindowTextLength(HandleRef hWnd) /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmSetCompositionWindow(HandleRef hIMC, [In, Out] ref NativeMethods.COMPOSITIONFORM compform); /// /// Critical:This code causes an elevation of privilige to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmSetCandidateWindow(HandleRef hIMC, [In, Out] ref NativeMethods.CANDIDATEFORM candform); @@ -1053,7 +915,6 @@ internal static int GetWindowTextLength(HandleRef hWnd) /// /// Critical - calls SetFocusWrapper (the real PInvoke method) /// - [SecurityCritical] internal static IntPtr SetFocus(HandleRef hWnd) { IntPtr result = IntPtr.Zero; @@ -1069,7 +930,6 @@ internal static IntPtr SetFocus(HandleRef hWnd) /// /// Critical - calls SetFocusWrapper (the real PInvoke method) /// - [SecurityCritical] internal static bool TrySetFocus(HandleRef hWnd) { IntPtr result = IntPtr.Zero; @@ -1079,7 +939,6 @@ internal static bool TrySetFocus(HandleRef hWnd) /// /// Critical - calls SetFocusWrapper (the real PInvoke method) /// - [SecurityCritical] internal static bool TrySetFocus(HandleRef hWnd, ref IntPtr result) { result = NativeMethodsSetLastError.SetFocus(hWnd); @@ -1096,7 +955,6 @@ internal static bool TrySetFocus(HandleRef hWnd, ref IntPtr result) /// /// Critical - This code returns a critical resource and calls critical code. /// - [SecurityCritical] internal static IntPtr GetParent(HandleRef hWnd) { IntPtr retVal = NativeMethodsSetLastError.GetParent(hWnd); @@ -1113,15 +971,12 @@ internal static IntPtr GetParent(HandleRef hWnd) /// /// Critical - This code returns a critical resource and causes unmanaged code elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern IntPtr GetAncestor(HandleRef hWnd, int flags); /// /// Critical - This code causes unmanaged code elevation. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.User32, SetLastError = true, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern bool IsChild(HandleRef hWndParent, HandleRef hwnd); @@ -1141,21 +996,17 @@ internal static IntPtr GetParent(HandleRef hWnd) /// Critical as this code performs an elevation. /// [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] - [ SecurityCritical, SuppressUnmanagedCodeSecurity] public static extern IntPtr SetParent(HandleRef hWnd, HandleRef hWndParent); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, EntryPoint = "GetModuleHandle", CharSet = CharSet.Auto, BestFitMapping = false, ThrowOnUnmappableChar = true, SetLastError = true)] private static extern IntPtr IntGetModuleHandle(string modName); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] internal static IntPtr GetModuleHandle(string modName) { IntPtr retVal = IntGetModuleHandle(modName); @@ -1172,8 +1023,6 @@ internal static IntPtr GetModuleHandle(string modName) /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, CharSet=CharSet.Auto)] public static extern IntPtr CallWindowProc(IntPtr wndProc, IntPtr hWnd, int msg, IntPtr wParam, IntPtr lParam); @@ -1181,23 +1030,18 @@ public static extern IntPtr CallWindowProc(IntPtr wndProc, IntPtr hWnd, int msg, /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, CharSet = CharSet.Unicode, EntryPoint = "DefWindowProcW")] public static extern IntPtr DefWindowProc(IntPtr hWnd, Int32 Msg, IntPtr wParam, IntPtr lParam); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, SetLastError=true, EntryPoint="GetProcAddress", CharSet=CharSet.Ansi, BestFitMapping=false)] public static extern IntPtr IntGetProcAddress(HandleRef hModule, string lpProcName); /// /// Critical - calls IntGetProcAddress (the real PInvoke method) /// - [SecurityCritical] public static IntPtr GetProcAddress(HandleRef hModule, string lpProcName) { IntPtr result = IntGetProcAddress(hModule, lpProcName); @@ -1219,15 +1063,12 @@ public static IntPtr GetProcAddress(HandleRef hModule, string lpProcName) /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, EntryPoint="GetProcAddress", CharSet=CharSet.Ansi, BestFitMapping=false)] public static extern IntPtr GetProcAddressNoThrow(HandleRef hModule, string lpProcName); /// /// Critical: as suppressing UnmanagedCodeSecurity /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, CharSet = CharSet.Unicode)] public static extern IntPtr LoadLibrary(string lpFileName); @@ -1393,8 +1234,6 @@ internal enum LoadLibraryFlags : uint /// /// Do not use this - instead use /// - [SuppressUnmanagedCodeSecurity] - [SecurityCritical] [Obsolete("Use LoadLibraryHelper.SafeLoadLibraryEx instead")] [DllImport(ExternDll.Kernel32, CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, SetLastError = true)] internal static extern IntPtr LoadLibraryEx([In][MarshalAs(UnmanagedType.LPTStr)]string lpFileName, IntPtr hFile, [In] LoadLibraryFlags dwFlags); @@ -1423,8 +1262,6 @@ internal enum GetModuleHandleFlags : uint GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT = 0x00000002 } - [SuppressUnmanagedCodeSecurity] - [SecurityCritical] [DllImport(ExternDll.Kernel32, CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] internal static extern bool GetModuleHandleEx( @@ -1432,8 +1269,6 @@ internal static extern bool GetModuleHandleEx( [In][Optional][MarshalAs(UnmanagedType.LPTStr)] string lpModuleName, [Out] out IntPtr hModule); - [SuppressUnmanagedCodeSecurity] - [SecurityCritical] [DllImport(ExternDll.Kernel32, CallingConvention = CallingConvention.Winapi, CharSet = CharSet.Unicode, SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] internal static extern bool FreeLibrary([In] IntPtr hModule); @@ -1442,8 +1277,6 @@ internal static extern bool GetModuleHandleEx( /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32)] public static extern int GetSystemMetrics(SM nIndex); #endif @@ -1451,62 +1284,48 @@ internal static extern bool GetModuleHandleEx( /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true, CharSet=CharSet.Auto, BestFitMapping = false)] public static extern bool SystemParametersInfo(int nAction, int nParam, ref NativeMethods.RECT rc, int nUpdate); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false)] public static extern bool SystemParametersInfo(int nAction, int nParam, ref int value, int ignore); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false)] public static extern bool SystemParametersInfo(int nAction, int nParam, ref bool value, int ignore); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false)] public static extern bool SystemParametersInfo(int nAction, int nParam, ref NativeMethods.HIGHCONTRAST_I rc, int nUpdate); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false)] public static extern bool SystemParametersInfo(int nAction, int nParam, [In, Out] NativeMethods.NONCLIENTMETRICS metrics, int nUpdate); /// /// Critical as this code performs an elevation. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, CharSet = CharSet.Auto, ExactSpelling = true)] public static extern bool GetSystemPowerStatus(ref NativeMethods.SYSTEM_POWER_STATUS systemPowerStatus); /// /// Critical - performs an elevation via SUC. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint="ClientToScreen", SetLastError=true, ExactSpelling=true, CharSet=CharSet.Auto)] private static extern int IntClientToScreen(HandleRef hWnd, [In, Out] NativeMethods.POINT pt); /// /// Critical calls critical code - IntClientToScreen /// - [SecurityCritical] public static void ClientToScreen(HandleRef hWnd, [In, Out] NativeMethods.POINT pt) { if(IntClientToScreen(hWnd, pt) == 0) @@ -1518,7 +1337,6 @@ public static void ClientToScreen(HandleRef hWnd, [In, Out] NativeMethods.POINT /// /// Critical:Elevates to Unmanaged code permission /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern IntPtr GetDesktopWindow(); @@ -1526,24 +1344,18 @@ public static void ClientToScreen(HandleRef hWnd, [In, Out] NativeMethods.POINT /// Critical:Elevates to Unmanaged code permission and can be used to /// change the foreground window. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern IntPtr GetForegroundWindow(); /// /// Critical:Elevates to Unmanaged code permission /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Ole32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern int RegisterDragDrop(HandleRef hwnd, UnsafeNativeMethods.IOleDropTarget target); /// /// Critical:Elevates to Unmanaged code permission /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Ole32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern int RevokeDragDrop(HandleRef hwnd); @@ -1552,13 +1364,10 @@ public static void ClientToScreen(HandleRef hWnd, [In, Out] NativeMethods.POINT /// Critical:Elevates to Unmanaged code permission and can be used to /// get information of messages in queues. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, CharSet=CharSet.Auto)] public static extern bool PeekMessage([In, Out] ref System.Windows.Interop.MSG msg, HandleRef hwnd, WindowMessage msgMin, WindowMessage msgMax, int remove); #if BASE_NATIVEMETHODS - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, BestFitMapping = false, CharSet=CharSet.Auto)] public static extern bool SetProp(HandleRef hWnd, string propName, HandleRef data); @@ -1567,15 +1376,12 @@ public static void ClientToScreen(HandleRef hWnd, [In, Out] NativeMethods.POINT /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint = "PostMessage", CharSet = CharSet.Auto, SetLastError = true)] private static extern bool IntPostMessage(HandleRef hwnd, WindowMessage msg, IntPtr wparam, IntPtr lparam); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] internal static void PostMessage(HandleRef hwnd, WindowMessage msg, IntPtr wparam, IntPtr lparam) { if (!IntPostMessage(hwnd, msg, wparam, lparam)) @@ -1587,8 +1393,6 @@ internal static void PostMessage(HandleRef hwnd, WindowMessage msg, IntPtr wpara /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint = "PostMessage", CharSet = CharSet.Auto)] internal static extern bool TryPostMessage(HandleRef hwnd, WindowMessage msg, IntPtr wparam, IntPtr lparam); #endif @@ -1596,23 +1400,18 @@ internal static void PostMessage(HandleRef hwnd, WindowMessage msg, IntPtr wpara /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern void NotifyWinEvent(int winEvent, HandleRef hwnd, int objType, int objID); #endif /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling = true, EntryPoint = "BeginPaint", CharSet = CharSet.Auto)] private static extern IntPtr IntBeginPaint(HandleRef hWnd, [In, Out] ref NativeMethods.PAINTSTRUCT lpPaint); /// /// Critical as this code performs an elevation. via the call to IntBeginPaint /// - [SecurityCritical] public static IntPtr BeginPaint(HandleRef hWnd, [In, Out, MarshalAs(UnmanagedType.LPStruct)] ref NativeMethods.PAINTSTRUCT lpPaint) { return HandleCollector.Add(IntBeginPaint(hWnd, ref lpPaint), NativeMethods.CommonHandles.HDC); } @@ -1620,15 +1419,11 @@ public static IntPtr BeginPaint(HandleRef hWnd, [In, Out, MarshalAs(UnmanagedTyp /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling = true, EntryPoint = "EndPaint", CharSet = CharSet.Auto)] private static extern bool IntEndPaint(HandleRef hWnd, ref NativeMethods.PAINTSTRUCT lpPaint); /// /// Critical as this code performs an elevation via the call to IntEndPaint. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] public static bool EndPaint(HandleRef hWnd, [In, MarshalAs(UnmanagedType.LPStruct)] ref NativeMethods.PAINTSTRUCT lpPaint) { HandleCollector.Remove(lpPaint.hdc, NativeMethods.CommonHandles.HDC); return IntEndPaint(hWnd, ref lpPaint); @@ -1637,8 +1432,6 @@ public static bool EndPaint(HandleRef hWnd, [In, MarshalAs(UnmanagedType.LPStruc /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true, ExactSpelling = true, EntryPoint = "GetDC", CharSet = CharSet.Auto)] private static extern IntPtr IntGetDC(HandleRef hWnd); /// @@ -1647,7 +1440,6 @@ public static bool EndPaint(HandleRef hWnd, [In, MarshalAs(UnmanagedType.LPStruc /// stores a count of the number of instances of a given /// handle and not the handle itself. /// - [SecurityCritical] public static IntPtr GetDC(HandleRef hWnd) { IntPtr hDc = IntGetDC(hWnd); @@ -1664,14 +1456,11 @@ public static IntPtr GetDC(HandleRef hWnd) /// is by itself not dangerous because handle collector simply /// stores a count of the number of instances of a given handle and not the handle itself. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling = true, EntryPoint = "ReleaseDC", CharSet = CharSet.Auto)] private static extern int IntReleaseDC(HandleRef hWnd, HandleRef hDC); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] public static int ReleaseDC(HandleRef hWnd, HandleRef hDC) { HandleCollector.Remove((IntPtr)hDC, NativeMethods.CommonHandles.HDC); return IntReleaseDC(hWnd, hDC); @@ -1681,24 +1470,18 @@ public static int ReleaseDC(HandleRef hWnd, HandleRef hDC) { /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern int GetDeviceCaps(HandleRef hDC, int nIndex); /// /// Critical as this code performs an elevation to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern IntPtr GetActiveWindow(); /// /// Critical as this code performs an elevation to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern bool SetForegroundWindow(HandleRef hWnd); @@ -1706,24 +1489,18 @@ public static int ReleaseDC(HandleRef hWnd, HandleRef hDC) { /// /// Critical as this code performs an elevation to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Comdlg32, SetLastError = true, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] internal static extern int CommDlgExtendedError(); /// /// Critical as this code performs an elevation to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Comdlg32, SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool GetOpenFileName([In, Out] NativeMethods.OPENFILENAME_I ofn); /// /// Critical as this code performs an elevation to unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Comdlg32, SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool GetSaveFileName([In, Out] NativeMethods.OPENFILENAME_I ofn); // End Common Dialog API Additions @@ -1731,8 +1508,6 @@ public static int ReleaseDC(HandleRef hWnd, HandleRef hDC) { /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [return:MarshalAs(UnmanagedType.Bool)] [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto, SetLastError=true)] public static extern bool SetLayeredWindowAttributes(HandleRef hwnd, int crKey, byte bAlpha, int dwFlags); @@ -1740,8 +1515,6 @@ public static int ReleaseDC(HandleRef hWnd, HandleRef hDC) { /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [return: MarshalAs(UnmanagedType.Bool)] [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern bool UpdateLayeredWindow(IntPtr hwnd, IntPtr hdcDst, NativeMethods.POINT pptDst, NativeMethods.POINT pSizeDst, IntPtr hdcSrc, NativeMethods.POINT pptSrc, int crKey, ref NativeMethods.BLENDFUNCTION pBlend, int dwFlags); @@ -1749,8 +1522,6 @@ public static int ReleaseDC(HandleRef hWnd, HandleRef hDC) { /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true)] public static extern IntPtr SetActiveWindow(HandleRef hWnd); @@ -1764,8 +1535,6 @@ public static int ReleaseDC(HandleRef hWnd, HandleRef hDC) { /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling=true, EntryPoint="DestroyCursor", CharSet=CharSet.Auto)] private static extern bool IntDestroyCursor(IntPtr hCurs); @@ -1773,7 +1542,6 @@ public static int ReleaseDC(HandleRef hWnd, HandleRef hDC) { /// /// Critical calls IntDestroyCursor /// - [SecurityCritical] public static bool DestroyCursor(IntPtr hCurs) { return IntDestroyCursor(hCurs); } @@ -1781,15 +1549,12 @@ public static bool DestroyCursor(IntPtr hCurs) { /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint="DestroyIcon", CharSet=System.Runtime.InteropServices.CharSet.Auto, SetLastError=true)] private static extern bool IntDestroyIcon(IntPtr hIcon); /// /// Critical: calls a critical method (IntDestroyIcon) /// - [SecurityCritical] public static bool DestroyIcon(IntPtr hIcon) { bool result = IntDestroyIcon(hIcon); @@ -1811,15 +1576,12 @@ public static bool DestroyIcon(IntPtr hIcon) /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Gdi32, EntryPoint="DeleteObject", CharSet=System.Runtime.InteropServices.CharSet.Auto, SetLastError=true)] private static extern bool IntDeleteObject(IntPtr hObject); /// /// Critical: calls a critical method (IntDeleteObject) /// - [SecurityCritical] public static bool DeleteObject(IntPtr hObject) { bool result = IntDeleteObject(hObject); @@ -1842,13 +1604,11 @@ public static bool DeleteObject(IntPtr hObject) /// /// Critical as suppressing UnmanagedCodeSecurity /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, EntryPoint = "CreateDIBSection")] private static extern NativeMethods.BitmapHandle PrivateCreateDIBSection(HandleRef hdc, ref NativeMethods.BITMAPINFO bitmapInfo, int iUsage, ref IntPtr ppvBits, SafeFileMappingHandle hSection, int dwOffset); /// /// Critical - The method invokes PrivateCreateDIBSection. /// - [SecurityCritical] internal static NativeMethods.BitmapHandle CreateDIBSection(HandleRef hdc, ref NativeMethods.BITMAPINFO bitmapInfo, int iUsage, ref IntPtr ppvBits, SafeFileMappingHandle hSection, int dwOffset) { if (hSection == null) @@ -1872,13 +1632,11 @@ internal static NativeMethods.BitmapHandle CreateDIBSection(HandleRef hdc, ref N /// /// Critical as suppressing UnmanagedCodeSecurity /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, EntryPoint = "CreateBitmap")] private static extern NativeMethods.BitmapHandle PrivateCreateBitmap(int width, int height, int planes, int bitsPerPixel, byte[] lpvBits); /// /// Critical - The method invokes PrivateCreateBitmap. /// - [SecurityCritical] internal static NativeMethods.BitmapHandle CreateBitmap(int width, int height, int planes, int bitsPerPixel, byte[] lpvBits) { NativeMethods.BitmapHandle hBitmap = PrivateCreateBitmap(width, height, planes, bitsPerPixel, lpvBits); @@ -1895,13 +1653,11 @@ internal static NativeMethods.BitmapHandle CreateBitmap(int width, int height, i /// /// Critical as suppressing UnmanagedCodeSecurity /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, EntryPoint = "DestroyIcon")] private static extern bool PrivateDestroyIcon(HandleRef handle); /// /// Critical - The method invokes PrivateDestroyIcon. /// - [SecurityCritical] internal static bool DestroyIcon(HandleRef handle) { HandleCollector.Remove((IntPtr)handle, NativeMethods.CommonHandles.Icon); @@ -1920,13 +1676,11 @@ internal static bool DestroyIcon(HandleRef handle) /// /// Critical as suppressing UnmanagedCodeSecurity /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, EntryPoint = "CreateIconIndirect")] private static extern NativeMethods.IconHandle PrivateCreateIconIndirect([In, MarshalAs(UnmanagedType.LPStruct)]NativeMethods.ICONINFO iconInfo); /// /// Critical - The method invokes PrivateCreateIconIndirect. /// - [SecurityCritical] internal static NativeMethods.IconHandle CreateIconIndirect([In, MarshalAs(UnmanagedType.LPStruct)]NativeMethods.ICONINFO iconInfo) { NativeMethods.IconHandle hIcon = PrivateCreateIconIndirect(iconInfo); @@ -1943,7 +1697,6 @@ internal static NativeMethods.IconHandle CreateIconIndirect([In, MarshalAs(Unman /// /// Critical: This code elevates to unmanaged code /// - [SecurityCritical,SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern bool IsWindow(HandleRef hWnd); @@ -1955,7 +1708,6 @@ internal static NativeMethods.IconHandle CreateIconIndirect([In, MarshalAs(Unman /// TreatAsSafe: Throwing an exception isn't unsafe /// Note: If SupressUnmanagedCodeSecurity attribute is ever added to IntDeleteDC, we need to be Critical /// - [SecuritySafeCritical] public static void DeleteDC(HandleRef hDC) { HandleCollector.Remove((IntPtr)hDC, NativeMethods.CommonHandles.HDC); @@ -1969,14 +1721,12 @@ public static void DeleteDC(HandleRef hDC) /// /// Critical: This code elevates to unmanaged code /// - [SecurityCritical,SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Gdi32, SetLastError=true, ExactSpelling=true, EntryPoint="DeleteDC", CharSet=CharSet.Auto)] private static extern bool IntCriticalDeleteDC(HandleRef hDC); /// /// Critical: This code elevates to unmanaged code /// - [SecurityCritical] public static void CriticalDeleteDC(HandleRef hDC) { HandleCollector.Remove((IntPtr)hDC, NativeMethods.CommonHandles.HDC); @@ -1993,14 +1743,11 @@ public static void CriticalDeleteDC(HandleRef hDC) /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError=true, EntryPoint="GetMessageW", ExactSpelling=true, CharSet=CharSet.Unicode)] private static extern int IntGetMessageW([In, Out] ref System.Windows.Interop.MSG msg, HandleRef hWnd, int uMsgFilterMin, int uMsgFilterMax); /// /// Critical - calls IntGetMessageW (the real PInvoke method) /// - [SecurityCritical] public static bool GetMessageW([In, Out] ref System.Windows.Interop.MSG msg, HandleRef hWnd, int uMsgFilterMin, int uMsgFilterMax) { bool boolResult = false; @@ -2029,14 +1776,12 @@ public static bool GetMessageW([In, Out] ref System.Windows.Interop.MSG msg, Han /// /// Critical: This code elevates via a SUC to call into unmanaged Code and can get the HWND of windows at any arbitrary point on the screen /// - [SecurityCritical,SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint="WindowFromPoint", ExactSpelling=true, CharSet=CharSet.Auto)] private static extern IntPtr IntWindowFromPoint(POINTSTRUCT pt); /// /// Critical: This calls WindowFromPoint(POINTSTRUCT) which is marked SecurityCritical /// - [SecurityCritical] public static IntPtr WindowFromPoint(int x, int y) { POINTSTRUCT ps = new POINTSTRUCT(x, y); return IntWindowFromPoint(ps); @@ -2046,7 +1791,6 @@ public static IntPtr WindowFromPoint(int x, int y) { /// /// Critical: This code elevates to call into unmanaged Code /// - [SecurityCritical,SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint="CreateWindowEx", CharSet=CharSet.Auto, BestFitMapping = false, SetLastError=true)] public static extern IntPtr IntCreateWindowEx(int dwExStyle, string lpszClassName, string lpszWindowName, int style, int x, int y, int width, int height, @@ -2055,7 +1799,6 @@ public static extern IntPtr IntCreateWindowEx(int dwExStyle, string lpszClassNa /// /// Critical: This code elevates to call into unmanaged Code by calling IntCreateWindowEx /// - [SecurityCritical] public static IntPtr CreateWindowEx(int dwExStyle, string lpszClassName, string lpszWindowName, int style, int x, int y, int width, int height, HandleRef hWndParent, HandleRef hMenu, HandleRef hInst, [MarshalAs(UnmanagedType.AsAny)]object pvParam) { @@ -2072,15 +1815,12 @@ public static IntPtr CreateWindowEx(int dwExStyle, string lpszClassName, /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true, EntryPoint="DestroyWindow", CharSet=CharSet.Auto)] public static extern bool IntDestroyWindow(HandleRef hWnd); /// /// Critical - calls Security Critical method /// - [SecurityCritical] public static void DestroyWindow(HandleRef hWnd) { if(!IntDestroyWindow(hWnd)) @@ -2091,27 +1831,23 @@ public static void DestroyWindow(HandleRef hWnd) /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.User32)] internal static extern IntPtr SetWinEventHook(int eventMin, int eventMax, IntPtr hmodWinEventProc, NativeMethods.WinEventProcDef WinEventReentrancyFilter, uint idProcess, uint idThread, int dwFlags); /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.User32)] internal static extern bool UnhookWinEvent(IntPtr winEventHook); /// /// Critical - Delegate invoked by elevated (via a SUC) pinvoke. /// - [SecurityCritical] public delegate bool EnumChildrenCallback(IntPtr hwnd, IntPtr lParam); /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] public static void EnumChildWindows(HandleRef hwndParent, EnumChildrenCallback lpEnumFunc, HandleRef lParam) { // http://msdn.microsoft.com/en-us/library/ms633494(VS.85).aspx @@ -2122,31 +1858,24 @@ public static void EnumChildWindows(HandleRef hwndParent, EnumChildrenCallback l /// /// Critical - elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.User32, EntryPoint = "EnumChildWindows", ExactSpelling = true)] private static extern bool IntEnumChildWindows(HandleRef hwndParent, EnumChildrenCallback lpEnumFunc, HandleRef lParam); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true, CharSet = CharSet.Auto)] public static extern int GetWindowRgn(HandleRef hWnd, HandleRef hRgn); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true, CharSet = CharSet.Auto)] public static extern bool PtInRegion(HandleRef hRgn, int X, int Y); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport("gdi32.dll", CharSet = CharSet.Auto, SetLastError = true, ExactSpelling = true)] public static extern IntPtr CreateRectRgn(int x1, int y1, int x2, int y2); @@ -2167,7 +1896,6 @@ public enum EXTENDED_NAME_FORMAT { /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("00000122-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleDropTarget { @@ -2210,7 +1938,6 @@ int OleDrop( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("00000121-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleDropSource { @@ -2230,7 +1957,6 @@ int OleGiveFeedback( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ ComImport(), Guid("B196B289-BAB4-101A-B69C-00AA00341D07"), @@ -2277,7 +2003,6 @@ int TranslateAccelerator( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("00000118-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleClientSite { @@ -2310,7 +2035,6 @@ int GetMoniker( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("00000119-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleInPlaceSite { @@ -2368,7 +2092,6 @@ int OnPosRectChange( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("9BFBBC02-EFF1-101A-84ED-00AA00341D07"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IPropertyNotifySink { void OnChanged(int dispID); @@ -2381,7 +2104,6 @@ public interface IPropertyNotifySink { /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("00000100-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IEnumUnknown { @@ -2409,7 +2131,6 @@ void Clone( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("0000011B-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleContainer { @@ -2440,7 +2161,6 @@ int LockContainer( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("00000116-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleInPlaceFrame { @@ -2569,7 +2289,6 @@ public enum OLECMDF { /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("00000115-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleInPlaceUIWindow { IntPtr GetWindow(); @@ -2604,7 +2323,6 @@ void SetActiveObject( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("00000117-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -2612,7 +2330,6 @@ public interface IOleInPlaceActiveObject { /// /// Critical: SUC. Exposes a native window handle. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [PreserveSig] int GetWindow(out IntPtr hwnd); @@ -2622,7 +2339,6 @@ void ContextSensitiveHelp( /// /// Critical: This code escalates to unmanaged code permission /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [PreserveSig] int TranslateAccelerator( [In] @@ -2649,7 +2365,6 @@ void EnableModeless( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("00000114-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleWindow { @@ -2665,7 +2380,6 @@ void ContextSensitiveHelp( /// /// Critical - elevates via a SUC. /// - [ SecurityCritical( SecurityCriticalScope.Everything ) , SuppressUnmanagedCodeSecurity ] [ComImport(), Guid("00000113-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -2701,7 +2415,6 @@ void SetObjectRects( /// /// Critical - elevates via a SUC. /// - [SecurityCritical( SecurityCriticalScope.Everything ) , SuppressUnmanagedCodeSecurity ] [ComImport(), Guid("00000112-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -2837,7 +2550,6 @@ int SetColorScheme( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("1C2056CC-5EF4-101B-8BC8-00AA003E3B29"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleInPlaceObjectWindowless { @@ -2983,7 +2695,6 @@ int GetDropTarget( /// /// Critical - elevates via a SUC. /// - [SecurityCritical( SecurityCriticalScope.Everything ) , SuppressUnmanagedCodeSecurity ] [ComImport(), Guid("B196B288-BAB4-101A-B69C-00AA00341D07"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -3015,7 +2726,6 @@ int FreezeEvents( /// /// Critical - elevates via a SUC. /// - [SecurityCritical( SecurityCriticalScope.Everything ) , SuppressUnmanagedCodeSecurity ] [ComImport(), Guid("B196B286-BAB4-101A-B69C-00AA00341D07"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -3052,13 +2762,11 @@ int Unadvise( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("00020404-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IEnumVariant { /// /// Critical: This code elevates to call unmanaged code /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [PreserveSig] int Next( [In, MarshalAs(UnmanagedType.U4)] @@ -3075,7 +2783,6 @@ void Skip( /// /// Critical: This code elevates to call unmanaged code /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] void Reset(); void Clone( @@ -3087,7 +2794,6 @@ void Clone( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("00000104-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IEnumOLEVERB { @@ -3120,7 +2826,6 @@ void Clone( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] // This interface has different parameter marshaling from System.Runtime.InteropServices.ComTypes.IStream. // They are incompatable. But type cast will succeed because they have the same guid. [ComImport(), Guid("0000000C-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -3200,7 +2905,6 @@ void Stat( /// /// Critical - elevates via a SUC. /// - [SecurityCritical( SecurityCriticalScope.Everything ) , SuppressUnmanagedCodeSecurity ] [ComImport(), Guid("B196B284-BAB4-101A-B69C-00AA00341D07"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -3219,7 +2923,6 @@ public interface IConnectionPointContainer /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("B196B285-BAB4-101A-B69C-00AA00341D07"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IEnumConnectionPoints { [PreserveSig] @@ -3238,7 +2941,6 @@ public interface IEnumConnectionPoints { /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("00020400-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IDispatch { @@ -3256,7 +2958,6 @@ ITypeInfo GetTypeInfo( /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [PreserveSig] HR GetIDsOfNames( [In] @@ -3274,7 +2975,6 @@ HR GetIDsOfNames( /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [PreserveSig] HR Invoke( @@ -3302,7 +3002,6 @@ HR Invoke( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("A6EF9860-C720-11D0-9337-00A0C90DCAA9"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IDispatchEx : IDispatch { @@ -3320,7 +3019,6 @@ public interface IDispatchEx : IDispatch { /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [PreserveSig] new HR GetIDsOfNames( [In] @@ -3338,7 +3036,6 @@ public interface IDispatchEx : IDispatch { /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [PreserveSig] new HR Invoke( int dispIdMember, @@ -3362,7 +3059,6 @@ public interface IDispatchEx : IDispatch { /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [PreserveSig] HR GetDispID( string name, @@ -3372,7 +3068,6 @@ HR GetDispID( /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [PreserveSig] HR InvokeEx( int dispId, @@ -3391,37 +3086,31 @@ HR InvokeEx( /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] void DeleteMemberByName(string name, int flags); /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] void DeleteMemberByDispID(int dispId); /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] int GetMemberProperties(int dispId, int propFlags); /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] string GetMemberName(int dispId); /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] int GetNextDispID(int enumFlags, int dispId); /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [return: MarshalAs(UnmanagedType.IUnknown)] object GetNameSpaceParent(); @@ -3431,14 +3120,12 @@ HR InvokeEx( /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("6D5140C1-7436-11CE-8034-00AA006009FA"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IServiceProvider { /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [return: MarshalAs(UnmanagedType.IUnknown)] object QueryService(ref Guid service, ref Guid riid); @@ -3451,7 +3138,6 @@ public interface IServiceProvider { /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("D30C1661-CDAF-11d0-8A3E-00C04FC9E26E"), TypeLibType(TypeLibTypeFlags.FHidden | TypeLibTypeFlags.FDual | TypeLibTypeFlags.FOleAutomation)] public interface IWebBrowser2 @@ -3463,14 +3149,12 @@ public interface IWebBrowser2 /// Critical elevates via a SUC. /// [DispId(100)] - [SuppressUnmanagedCodeSecurity, SecurityCritical] void GoBack(); /// /// Critical elevates via a SUC. /// [DispId(101)] - [SuppressUnmanagedCodeSecurity, SecurityCritical] void GoForward(); [DispId(102)] @@ -3486,14 +3170,12 @@ void Navigate([In] string Url, [In] ref object flags, /// Critical elevates via a SUC. /// [DispId(-550)] - [SuppressUnmanagedCodeSecurity, SecurityCritical] void Refresh(); /// /// Critical elevates via a SUC. /// [DispId(105)] - [SuppressUnmanagedCodeSecurity, SecurityCritical] void Refresh2([In] ref object level); [DispId(106)] @@ -3510,7 +3192,6 @@ void Navigate([In] string Url, [In] ref object flags, /// [DispId(203)] object Document { [return: MarshalAs(UnmanagedType.IDispatch)] - [SuppressUnmanagedCodeSecurity, SecurityCritical] get;} [DispId(204)] @@ -3533,7 +3214,6 @@ void Navigate([In] string Url, [In] ref object flags, /// [DispId(211)] string LocationURL { - [SuppressUnmanagedCodeSecurity, SecurityCritical] get;} [DispId(212)] @@ -3575,7 +3255,6 @@ string LocationURL { /// Critical elevates via a SUC. /// [DispId(500)] - [SuppressUnmanagedCodeSecurity, SecurityCritical ] void Navigate2([In] ref object URL, [In] ref object flags, [In] ref object targetFrameName, [In] ref object postData, [In] ref object headers); @@ -3697,7 +3376,6 @@ void NavigateError([In, MarshalAs(UnmanagedType.IDispatch)] object pDisp, /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ ComImport(), Guid("BD3F23C0-D43E-11CF-893B-00AA00BDCE1A"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] internal interface IDocHostUIHandler @@ -3826,7 +3504,6 @@ int FilterDataObject( /// [ComImport, Guid("3050F21F-98B5-11CF-BB82-00AA00BDCE0B"), InterfaceType(ComInterfaceType.InterfaceIsDual)] - [SuppressUnmanagedCodeSecurity] internal interface IHTMLElementCollection { string toString(); @@ -3844,14 +3521,12 @@ internal interface IHTMLElementCollection /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport, Guid("626FC520-A41E-11CF-A731-00A0C9082637"), InterfaceType(ComInterfaceType.InterfaceIsDual)] internal interface IHTMLDocument { /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [return: MarshalAs(UnmanagedType.IDispatch)] object GetScript(); @@ -3863,7 +3538,6 @@ internal interface IHTMLDocument /// can be considered 'safe for scripting'. /// [ComImport, Guid("332C4425-26CB-11D0-B483-00C04FD90119"), InterfaceType(ComInterfaceType.InterfaceIsDual)] - [SuppressUnmanagedCodeSecurity, SecurityCritical(SecurityCriticalScope.Everything)] internal interface IHTMLDocument2: IHTMLDocument { #region IHTMLDocument - base interface @@ -3993,7 +3667,6 @@ internal interface IHTMLDocument2: IHTMLDocument /// /// Critical: elevates via SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical(SecurityCriticalScope.Everything)] [ComImport, InterfaceType(ComInterfaceType.InterfaceIsDual), Guid("163BB1E0-6E00-11CF-837A-48DC04C10000")] internal interface IHTMLLocation { @@ -4022,7 +3695,6 @@ internal interface IHTMLLocation /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport, Guid("3050f6cf-98b5-11cf-bb82-00aa00bdce0b"), InterfaceType(ComInterfaceType.InterfaceIsDual)] internal interface IHTMLWindow4 { @@ -4036,7 +3708,6 @@ internal static class ArrayToVARIANTHelper /// Critical - Calls Marshal.OffsetOf(), which has a LinkDemand for unmanaged code. /// TreatAsSafe - This is not exploitable. /// - [SecuritySafeCritical] static ArrayToVARIANTHelper() { VariantSize = (int)Marshal.OffsetOf(typeof(FindSizeOfVariant), "b"); @@ -4046,7 +3717,6 @@ static ArrayToVARIANTHelper() /// /// Critical: Calls Marshal.GetNativeVariantForObject(), which has a LinkDemand for unmanaged code. /// - [SecurityCritical] public unsafe static IntPtr ArrayToVARIANTVector(object[] args) { IntPtr mem = IntPtr.Zero; @@ -4081,7 +3751,6 @@ public unsafe static IntPtr ArrayToVARIANTVector(object[] args) /// /// The allocated memory to be freed. /// The length of the Variant vector to be cleared. - [SecurityCritical] public unsafe static void FreeVARIANTVector(IntPtr mem, int len) { int hr = NativeMethods.S_OK; @@ -4123,7 +3792,6 @@ private struct FindSizeOfVariant /// /// Critical - This code causes unmanaged code elevation. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport(ExternDll.Oleaut32, PreserveSig=true)] private static extern int VariantClear(IntPtr pObject); @@ -4131,7 +3799,6 @@ private struct FindSizeOfVariant /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComImport(), Guid("7FD52380-4E07-101B-AE2D-08002B2EC713"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] internal interface IPersistStreamInit { @@ -4145,7 +3812,6 @@ void GetClassID( /// /// Critical elevates via a SUC. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] void Load( [In, MarshalAs(UnmanagedType.Interface)] System.Runtime.InteropServices.ComTypes.IStream pstm); @@ -4188,7 +3854,6 @@ internal enum BrowserNavConstants : uint /// Critical:Elevates to Unmanaged code permission /// - [SuppressUnmanagedCodeSecurity] [ComVisible(true), ComImport(), Guid("79eac9ee-baf9-11ce-8c82-00aa004ba90b"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown), CLSCompliant(false)] public interface IInternetSecurityManager { @@ -4210,7 +3875,6 @@ [PreserveSig] int ProcessUrlAction(string url, int action, /// /// Critical: as suppressing UnmanagedCodeSecurity /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError=true, CharSet=CharSet.Auto)] public static extern uint GetRawInputDeviceList( [In, Out] NativeMethods.RAWINPUTDEVICELIST[] ridl, @@ -4220,7 +3884,6 @@ public static extern uint GetRawInputDeviceList( /// /// Critical: as suppressing UnmanagedCodeSecurity /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError=true, CharSet=CharSet.Auto)] public static extern uint GetRawInputDeviceInfo( IntPtr hDevice, diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsOther.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsOther.cs index 555bfcf4f2d..14dd848ab06 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsOther.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsOther.cs @@ -41,21 +41,18 @@ namespace MS.Win32 using IComDataObject = System.Runtime.InteropServices.ComTypes.IDataObject; - //[SuppressUnmanagedCodeSecurity()] public partial class UnsafeNativeMethods { /// /// Critical: This elevates to unmanaged code permission /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, CharSet=CharSet.Unicode, SetLastError=true, EntryPoint="GetTempFileName")] internal static extern uint _GetTempFileName(string tmpPath, string prefix, uint uniqueIdOrZero, StringBuilder tmpFileName); /// /// Critical: This elevates to unmanaged code permission /// - [SecurityCritical] internal static uint GetTempFileName(string tmpPath, string prefix, uint uniqueIdOrZero, StringBuilder tmpFileName) { uint result = _GetTempFileName(tmpPath, prefix, uniqueIdOrZero, tmpFileName); @@ -70,7 +67,6 @@ internal static uint GetTempFileName(string tmpPath, string prefix, uint uniqueI /// /// Critical: This elevates to unmanaged code permission /// - [SecurityCritical,SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Shell32, CharSet = System.Runtime.InteropServices.CharSet.Auto, BestFitMapping = false, ThrowOnUnmappableChar = true)] internal static extern int ExtractIconEx( string szExeFileName, @@ -82,35 +78,30 @@ internal static extern int ExtractIconEx( /// /// Critical: This elevates to unmanaged code permission /// - [SecurityCritical,SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, CharSet = System.Runtime.InteropServices.CharSet.Auto, SetLastError=true)] internal static extern NativeMethods.IconHandle CreateIcon(IntPtr hInstance, int nWidth, int nHeight, byte cPlanes, byte cBitsPixel, byte[] lpbANDbits, byte[] lpbXORbits); /// /// Critical: This elevates to unmanaged code permission /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true)] public static extern bool CreateCaret(HandleRef hwnd, NativeMethods.BitmapHandle hbitmap, int width, int height); /// /// Critical: This elevates to unmanaged code permission /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true)] public static extern bool ShowCaret(HandleRef hwnd); /// /// Critical: This elevates to unmanaged code permission /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true)] public static extern bool HideCaret(HandleRef hwnd); /// /// Critical: This elevates to unmanaged code permission /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern bool ShowWindowAsync(HandleRef hWnd, int nCmdShow); @@ -138,14 +129,12 @@ internal static extern NativeMethods.IconHandle LoadImage( /// a certain security measure is on or off. /// Likely this determination could be made by trying certain actions and failing. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity ] [DllImport( ExternDll.Urlmon, ExactSpelling=true)] internal static extern int CoInternetIsFeatureEnabled( int featureEntry , int dwFlags ); /// /// Critical - performs an elevation. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity ] [DllImport( ExternDll.Urlmon, ExactSpelling=true)] internal static extern int CoInternetSetFeatureEnabled( int featureEntry , int dwFlags, bool fEnable ); @@ -156,7 +145,6 @@ internal static extern NativeMethods.IconHandle LoadImage( /// a certain security measure is on or off. /// Likely this determination could be made by trying certain actions and failing. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity ] [DllImport( ExternDll.Urlmon, ExactSpelling=true)] internal static extern int CoInternetIsFeatureZoneElevationEnabled( [MarshalAs(UnmanagedType.LPWStr)] string szFromURL, @@ -169,20 +157,17 @@ int dwFlags /// /// Critical - call is SUC'ed /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.PresentationHostDll, EntryPoint = "ProcessUnhandledException")] internal static extern void ProcessUnhandledException_DLL([MarshalAs(UnmanagedType.BStr)] string errMsg); /// /// Critical - performs an elevation. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity ] [DllImport(ExternDll.Kernel32, CharSet=CharSet.Unicode)] internal static extern bool GetVersionEx([In, Out] NativeMethods.OSVERSIONINFOEX ver); /// /// Critical - performs an elevation. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity ] [DllImport( ExternDll.Urlmon, ExactSpelling=true)] internal static extern int CoInternetCreateSecurityManager( [MarshalAs(UnmanagedType.Interface)] object pIServiceProvider, @@ -195,7 +180,6 @@ internal static extern int CoInternetCreateSecurityManager( /// /// Critical - performs an elevation. /// - [SuppressUnmanagedCodeSecurity] [ComImport, ComVisible(false), Guid("79eac9ee-baf9-11ce-8c82-00aa004ba90b"), System.Runtime.InteropServices.InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] internal interface IInternetSecurityManager { @@ -206,7 +190,6 @@ internal interface IInternetSecurityManager /// /// Critical - performs an elevation. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] void MapUrlToZone( [In, MarshalAs(UnmanagedType.BStr)] string pwszUrl, @@ -254,8 +237,6 @@ unsafe void QueryCustomPolicy( /// /// SecurityCritical: This code returns a critical resource obtained under an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false, ThrowOnUnmappableChar = true)] internal unsafe static extern SafeFileHandle CreateFile( string lpFileName, @@ -275,8 +256,6 @@ internal unsafe static extern SafeFileHandle CreateFile( /// consider yanking it out all the way /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, CharSet = CharSet.Auto)] internal static extern IntPtr GetMessageExtraInfo(); #endif @@ -285,8 +264,6 @@ internal unsafe static extern SafeFileHandle CreateFile( /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, EntryPoint="WaitForMultipleObjectsEx", SetLastError = true, CharSet = CharSet.Auto)] private static extern int IntWaitForMultipleObjectsEx(int nCount, IntPtr[] pHandles, bool bWaitAll, int dwMilliseconds, bool bAlertable); @@ -295,7 +272,6 @@ internal unsafe static extern SafeFileHandle CreateFile( /// /// Critical - calls IntWaitForMultipleObjectsEx (the real PInvoke method) /// - [SecurityCritical] internal static int WaitForMultipleObjectsEx(int nCount, IntPtr[] pHandles, bool bWaitAll, int dwMilliseconds, bool bAlertable) { int result = IntWaitForMultipleObjectsEx(nCount, pHandles, bWaitAll, dwMilliseconds, bAlertable); @@ -310,15 +286,12 @@ internal static int WaitForMultipleObjectsEx(int nCount, IntPtr[] pHandles, bool /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint="MsgWaitForMultipleObjectsEx", SetLastError=true, ExactSpelling = true, CharSet = CharSet.Auto)] private static extern int IntMsgWaitForMultipleObjectsEx(int nCount, IntPtr[] pHandles, int dwMilliseconds, int dwWakeMask, int dwFlags); /// /// Critical - calls IntMsgWaitForMultipleObjectsEx (the real PInvoke method) /// - [SecurityCritical] internal static int MsgWaitForMultipleObjectsEx(int nCount, IntPtr[] pHandles, int dwMilliseconds, int dwWakeMask, int dwFlags) { int result = IntMsgWaitForMultipleObjectsEx(nCount, pHandles, dwMilliseconds, dwWakeMask, dwFlags); @@ -334,15 +307,12 @@ internal static int MsgWaitForMultipleObjectsEx(int nCount, IntPtr[] pHandles, i /// /// Critical: This code elevates to unmanaged code permission /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint="RegisterClassEx", CharSet=CharSet.Unicode, SetLastError=true, BestFitMapping=false)] internal static extern UInt16 IntRegisterClassEx(NativeMethods.WNDCLASSEX_D wc_d); /// /// Critical - calls IntRegisterClassEx (the real PInvoke method) /// - [SecurityCritical] internal static UInt16 RegisterClassEx(NativeMethods.WNDCLASSEX_D wc_d) { UInt16 result = IntRegisterClassEx(wc_d); @@ -357,14 +327,12 @@ internal static UInt16 RegisterClassEx(NativeMethods.WNDCLASSEX_D wc_d) /// /// Critical: This code elevates to unmanaged code permission /// - [SecurityCritical,SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint="UnregisterClass",CharSet = CharSet.Auto, SetLastError = true, BestFitMapping=false)] internal static extern int IntUnregisterClass(IntPtr atomString /*lpClassName*/ , IntPtr hInstance); /// /// Critical - calls IntUnregisterClass (the real PInvoke method) /// - [SecurityCritical] internal static void UnregisterClass(IntPtr atomString /*lpClassName*/ , IntPtr hInstance) { int result = IntUnregisterClass(atomString, hInstance); @@ -379,7 +347,6 @@ internal static void UnregisterClass(IntPtr atomString /*lpClassName*/ , IntPtr /// /// Critical - performs an elevation. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport("user32.dll", EntryPoint="ChangeWindowMessageFilter", SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool IntChangeWindowMessageFilter(WindowMessage message, MSGFLT dwFlag); @@ -387,7 +354,6 @@ internal static void UnregisterClass(IntPtr atomString /*lpClassName*/ , IntPtr /// /// Critical - performs an elevation. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport("user32.dll", EntryPoint = "ChangeWindowMessageFilterEx", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool IntChangeWindowMessageFilterEx(IntPtr hwnd, WindowMessage message, MSGFLT action, [In, Out, Optional] ref CHANGEFILTERSTRUCT pChangeFilterStruct); @@ -397,7 +363,6 @@ internal static void UnregisterClass(IntPtr atomString /*lpClassName*/ , IntPtr /// /// Critical - calls SecurityCritical methods IntChangeWindowMessageFilter and IntChangeWindowMessageFilterEx. /// - [SecurityCritical] internal static MS.Internal.Interop.HRESULT ChangeWindowMessageFilterEx(IntPtr hwnd, WindowMessage message, MSGFLT action, out MSGFLTINFO extStatus) { extStatus = MSGFLTINFO.NONE; @@ -435,14 +400,12 @@ internal static MS.Internal.Interop.HRESULT ChangeWindowMessageFilterEx(IntPtr h /// /// Critical - performs an elevation. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Urlmon, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Ansi, BestFitMapping = false, ThrowOnUnmappableChar = true)] private static extern MS.Internal.Interop.HRESULT ObtainUserAgentString(int dwOption, StringBuilder userAgent, ref int length); /// /// Critical - performs an elevation. /// - [SecurityCritical] internal static string ObtainUserAgentString() { int length = MS.Win32.NativeMethods.MAX_PATH; @@ -478,21 +441,18 @@ internal static string ObtainUserAgentString() /// the secure close scenario. For any other scenario please use the SendMessage call /// [DllImport(ExternDll.User32,EntryPoint="SendMessage", CharSet = CharSet.Auto)] - [SecurityCritical,SuppressUnmanagedCodeSecurity] internal static extern IntPtr UnsafeSendMessage(IntPtr hWnd, WindowMessage msg, IntPtr wParam, IntPtr lParam); /// /// Critical: Registering for system broadcast messages /// [DllImport(ExternDll.User32,EntryPoint="RegisterPowerSettingNotification")] - [SecurityCritical,SuppressUnmanagedCodeSecurity] unsafe internal static extern IntPtr RegisterPowerSettingNotification(IntPtr hRecipient, Guid *pGuid, int Flags); /// /// Critical: Unregistering for system broadcast messages /// [DllImport(ExternDll.User32,EntryPoint="UnregisterPowerSettingNotification")] - [SecurityCritical,SuppressUnmanagedCodeSecurity] unsafe internal static extern IntPtr UnregisterPowerSettingNotification(IntPtr hPowerNotify); /* @@ -507,7 +467,6 @@ internal static string ObtainUserAgentString() /// /// Critical: This code causes elevation to unmanaged code /// - [SecurityCritical,SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, CharSet = CharSet.Auto, SetLastError = true)] internal static extern IntPtr SendMessage( HandleRef hWnd, WindowMessage msg, IntPtr wParam, NativeMethods.IconHandle iconHandle ); #endif @@ -515,7 +474,6 @@ internal static string ObtainUserAgentString() /// /// Critical: This code causes elevation to unmanaged code /// - [SecurityCritical,SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto)] internal static extern void SetLastError(int dwErrorCode); @@ -531,8 +489,6 @@ internal static string ObtainUserAgentString() /// /// Critical: This code calls into unmanaged code /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport("user32.dll")] public static extern bool GetLayeredWindowAttributes( HandleRef hwnd, IntPtr pcrKey, IntPtr pbAlpha, IntPtr pdwFlags); @@ -541,7 +497,6 @@ internal sealed class SafeFileMappingHandle : SafeHandleZeroOrMinusOneIsInvalid /// /// Critical: base class enforces link demand and inheritance demand /// - [SecurityCritical] internal SafeFileMappingHandle(IntPtr handle) : base(false) { SetHandle(handle); @@ -551,7 +506,6 @@ internal SafeFileMappingHandle(IntPtr handle) : base(false) /// Critical: base class enforces link demand and inheritance demand /// TreatAsSafe: Creating this is ok, accessing the pointer is bad /// - [SecuritySafeCritical] internal SafeFileMappingHandle() : base(true) { } @@ -562,7 +516,6 @@ internal SafeFileMappingHandle() : base(true) /// public override bool IsInvalid { - [SecuritySafeCritical] get { return handle == IntPtr.Zero; @@ -573,7 +526,6 @@ public override bool IsInvalid /// Critical - as this function does an elevation to close a handle. /// TreatAsSafe - as this can at best be used to destabilize one's own app. /// - [SecuritySafeCritical] protected override bool ReleaseHandle() { new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert(); @@ -593,7 +545,6 @@ internal sealed class SafeViewOfFileHandle : SafeHandleZeroOrMinusOneIsInvalid /// Critical: This code calls into a base class which link demands for unmanaged code /// TreatAsSafe:Creating this is ok it is acessing the pointers in it that can be risky /// - [SecuritySafeCritical] internal SafeViewOfFileHandle() : base(true) { } /// @@ -601,7 +552,6 @@ internal SafeViewOfFileHandle() : base(true) { } /// internal unsafe void* Memory { - [SecurityCritical] get { Debug.Assert(handle != IntPtr.Zero); @@ -613,7 +563,6 @@ internal unsafe void* Memory /// Critical - as this function does an elevation to close a handle. /// TreatAsSafe - as this can at best be used to destabilize one's own app. /// - [SecuritySafeCritical] override protected bool ReleaseHandle() { new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert(); @@ -631,16 +580,12 @@ override protected bool ReleaseHandle() /// /// SecurityCritical: This code returns critical resource obtained under an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false, ThrowOnUnmappableChar = true)] internal unsafe static extern SafeFileMappingHandle CreateFileMapping(SafeFileHandle hFile, NativeMethods.SECURITY_ATTRIBUTES lpFileMappingAttributes, int flProtect, uint dwMaximumSizeHigh, uint dwMaximumSizeLow, string lpName); /// /// SecurityCritical: This code returns a critical resource obtained under an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, SetLastError = true)] internal static extern SafeViewOfFileHandle MapViewOfFileEx(SafeFileMappingHandle hFileMappingObject, int dwDesiredAccess, int dwFileOffsetHigh, int dwFileOffsetLow, IntPtr dwNumberOfBytesToMap, IntPtr lpBaseAddress); #endif // BASE_NATIVEMETHODS @@ -651,7 +596,6 @@ override protected bool ReleaseHandle() /// TreatAsSafe: Getting an error code isn't unsafe /// Note: If a SupressUnmanagedCodeSecurity attribute is ever added to IntsetWindowLong(Ptr), we'd need to be Critical /// - [SecuritySafeCritical] internal static IntPtr SetWindowLong(HandleRef hWnd, int nIndex, IntPtr dwNewLong) { IntPtr result = IntPtr.Zero; @@ -674,7 +618,6 @@ internal static IntPtr SetWindowLong(HandleRef hWnd, int nIndex, IntPtr dwNewLon /// /// Critical - it calls IntCriticalSetWindowLongPtr() / IntCriticalSetWindowLong(), which are Critical /// - [SecurityCritical] internal static IntPtr CriticalSetWindowLong(HandleRef hWnd, int nIndex, IntPtr dwNewLong) { IntPtr result = IntPtr.Zero; @@ -697,7 +640,6 @@ internal static IntPtr CriticalSetWindowLong(HandleRef hWnd, int nIndex, IntPtr /// /// Critical - This calls SetLatError() and IntCriticalSetWindowLongPtr() / IntCriticalSetWindowLong(), which are Critical /// - [SecurityCritical] internal static IntPtr CriticalSetWindowLong(HandleRef hWnd, int nIndex, NativeMethods.WndProc dwNewLong) { int errorCode; @@ -729,7 +671,6 @@ internal static IntPtr CriticalSetWindowLong(HandleRef hWnd, int nIndex, NativeM /// /// SecurityCritical: This code happens to return a critical resource and causes unmanaged code elevation /// - [SecurityCritical] internal static IntPtr GetWindowLongPtr(HandleRef hWnd, int nIndex ) { IntPtr result = IntPtr.Zero; @@ -765,7 +706,6 @@ internal static IntPtr GetWindowLongPtr(HandleRef hWnd, int nIndex ) /// /// SecurityCritical: This code happens to return a critical resource and causes unmanaged code elevation /// - [SecurityCritical] internal static Int32 GetWindowLong(HandleRef hWnd, int nIndex ) { int iResult = 0; @@ -804,7 +744,6 @@ internal static Int32 GetWindowLong(HandleRef hWnd, int nIndex ) /// Critical: Call critical method IntGetWindowLongWndProc and IntGetWindowLongWndProcPtr that causes unmanaged code elevation. /// LinkDemand on Win32Exception constructor but throwing an exception isn't unsafe /// - [SecurityCritical] internal static NativeMethods.WndProc GetWindowLongWndProc(HandleRef hWnd) { NativeMethods.WndProc returnValue = null; @@ -834,7 +773,6 @@ internal static NativeMethods.WndProc GetWindowLongWndProc(HandleRef hWnd) /// /// Critical - Unmanaged code permission is supressed. /// - [SuppressUnmanagedCodeSecurity, SecurityCritical] [DllImport("winmm.dll", CharSet = CharSet.Unicode)] internal static extern bool PlaySound([In]string soundName, IntPtr hmod, SafeNativeMethods.PlaySoundFlags soundFlags); @@ -854,7 +792,6 @@ internal const uint /// SecurityCritical - calls unmanaged code. /// [DllImport(ExternDll.Wininet, SetLastError=true, ExactSpelling=true, EntryPoint="InternetGetCookieExW", CharSet=CharSet.Unicode)] - [SuppressUnmanagedCodeSecurity, SecurityCritical] internal static extern bool InternetGetCookieEx([In]string Url, [In]string cookieName, [Out] StringBuilder cookieData, [In, Out] ref UInt32 pchCookieData, uint flags, IntPtr reserved); @@ -862,8 +799,6 @@ internal static extern bool InternetGetCookieEx([In]string Url, [In]string cooki /// SecurityCritical - calls unmanaged code. /// [DllImport(ExternDll.Wininet, SetLastError = true, ExactSpelling = true, EntryPoint = "InternetSetCookieExW", CharSet = CharSet.Unicode)] - [SuppressUnmanagedCodeSecurity] - [SecurityCritical] internal static extern uint InternetSetCookieEx([In]string Url, [In]string CookieName, [In]string cookieData, uint flags, [In] string p3pHeader); #if DRT_NATIVEMETHODS @@ -879,16 +814,12 @@ internal static extern bool InternetGetCookieEx([In]string Url, [In]string cooki /// Critical - calls unmanaged code /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Unicode)] - [SuppressUnmanagedCodeSecurity] - [SecurityCritical] internal static extern int GetLocaleInfoW(int locale, int type, string data, int dataSize); /// /// Critical - calls unmanaged code /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, SetLastError = true)] - [SuppressUnmanagedCodeSecurity] - [SecurityCritical] internal static extern int FindNLSString(int locale, uint flags, [MarshalAs(UnmanagedType.LPWStr)]string sourceString, int sourceCount, [MarshalAs(UnmanagedType.LPWStr)]string findString, int findCount, out int found); @@ -912,7 +843,6 @@ internal static extern bool InternetGetCookieEx([In]string Url, [In]string cooki /// TreatAsSafe: Throwing an exception isn't unsafe /// Note: If a SupressUnmanagedCodeSecurity attribute is ever added to IntSetWindowText, we'd need to be Critical /// - [SecuritySafeCritical] internal static void SetWindowText(HandleRef hWnd, string text) { if (IntSetWindowText(hWnd, text) == false) @@ -923,7 +853,6 @@ internal static void SetWindowText(HandleRef hWnd, string text) /// /// Critical: This code calls into unmanaged code /// - [SecurityCritical,SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint = "GetIconInfo", CharSet = CharSet.Auto, SetLastError = true)] [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] private static extern bool GetIconInfoImpl(HandleRef hIcon, [Out] ICONINFO_IMPL piconinfo); @@ -945,7 +874,6 @@ internal class ICONINFO_IMPL /// /// Critical: This code calls into unmanaged code GetIconInfoImpl /// - [SecurityCritical] internal static void GetIconInfo(HandleRef hIcon, out NativeMethods.ICONINFO piconinfo) { bool success = false; @@ -1002,7 +930,6 @@ internal static void GetIconInfo(HandleRef hIcon, out NativeMethods.ICONINFO pic /// TreatAsSafe: Throwing an exception isn't unsafe /// Note: If a SupressUnmanagedCodeSecurity attribute is ever added to IntGetWindowPlacement, we'd need to be Critical /// - [SecuritySafeCritical] internal static void GetWindowPlacement(HandleRef hWnd, ref NativeMethods.WINDOWPLACEMENT placement) { if (IntGetWindowPlacement(hWnd, ref placement) == false) @@ -1021,7 +948,6 @@ internal static void GetWindowPlacement(HandleRef hWnd, ref NativeMethods.WINDOW /// Note: If a SupressUnmanagedCodeSecurity attribute is ever added to IntSetWindowPlacement, we'd need to be Critical /// TreatAsSafe: Throwing an exception isn't unsafe /// - [SecuritySafeCritical] internal static void SetWindowPlacement(HandleRef hWnd, [In] ref NativeMethods.WINDOWPLACEMENT placement) { if (IntSetWindowPlacement(hWnd, ref placement) == false) @@ -1040,16 +966,12 @@ internal static void SetWindowPlacement(HandleRef hWnd, [In] ref NativeMethods.W /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, CharSet = CharSet.Auto, BestFitMapping = false)] internal static extern bool SystemParametersInfo(int nAction, int nParam, [In, Out] NativeMethods.ANIMATIONINFO anim, int nUpdate); /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, CharSet = CharSet.Auto, BestFitMapping = false, ThrowOnUnmappableChar = true)] internal static extern bool SystemParametersInfo(int nAction, int nParam, [In, Out] NativeMethods.ICONMETRICS metrics, int nUpdate); @@ -1089,7 +1011,6 @@ public static uint SetWindowThemeAttribute(HandleRef hwnd, NativeMethods.WINDOWT // HWND hwnd - The handle to the Target window that will receive feedback // //--------------------------------------------------------------------------- - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Uxtheme, CharSet = CharSet.Unicode)] public static extern bool BeginPanningFeedback(HandleRef hwnd); @@ -1119,7 +1040,6 @@ public static uint SetWindowThemeAttribute(HandleRef hwnd, NativeMethods.WINDOWT // the second call would be with the parameter as 20 pixels as opposed to 10 // Eg : UpdatePanningFeedback(hwnd, 10, 10, TRUE) // - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Uxtheme, CharSet = CharSet.Unicode)] public static extern bool UpdatePanningFeedback( HandleRef hwnd, @@ -1141,7 +1061,6 @@ public static extern bool UpdatePanningFeedback( // Either way, the method will try to restore the moved window. // The latter case exists for compatibility with legacy apps. // - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Uxtheme, CharSet = CharSet.Unicode)] public static extern bool EndPanningFeedback( HandleRef hwnd, @@ -1153,11 +1072,9 @@ public static extern bool EndPanningFeedback( [DllImport(ExternDll.Kernel32, CharSet = CharSet.Auto, SetLastError = true)] public static extern bool SetEvent(IntPtr hEvent); - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern int SetEvent([In] SafeWaitHandle hHandle); - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern int WaitForSingleObject([In] SafeWaitHandle hHandle, [In] int dwMilliseconds); @@ -1174,8 +1091,6 @@ public static extern bool EndPanningFeedback( /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] internal static extern int GetMouseMovePointsEx( uint cbSize, @@ -1214,8 +1129,6 @@ internal unsafe struct LARGE_INTEGER /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, SetLastError = true)] internal static extern bool GetFileSizeEx( SafeFileHandle hFile, @@ -1344,8 +1257,6 @@ IntPtr securityDescriptorSize // SD size /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false, ThrowOnUnmappableChar = true)] internal static extern SafeFileMappingHandle OpenFileMapping( int dwDesiredAccess, @@ -1356,8 +1267,6 @@ string lpName /// /// Critical as this code performs an elevation. /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Kernel32, SetLastError = true)] internal static extern IntPtr VirtualAlloc( IntPtr lpAddress, @@ -1384,8 +1293,6 @@ internal unsafe struct MOUSEQUERY /// /// Critical as this code performs an elevation (via SuppressUnmanagedCodeSecurity) /// - [SecurityCritical] - [SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.Ole32, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern int OleIsCurrentClipboard(IComDataObject pDataObj); @@ -1416,7 +1323,6 @@ internal static bool NtSuccess(int err) /// Critical: LinkDemand on Win32Exception constructor /// TreatAsSafe: Throwing an exception isn't unsafe /// - [SecuritySafeCritical] internal static void NtCheck(int err) { if (!NtSuccess(err)) @@ -1439,7 +1345,6 @@ internal static void NtCheck(int err) /// /// Critical: Satisfies a LinkDemand on releasecom call. /// - [SecurityCritical] internal static int SafeReleaseComObject(object o) { int refCount = 0; @@ -1460,7 +1365,6 @@ internal static int SafeReleaseComObject(object o) /// /// Critical as this code performs an elevation. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(DllImport.Wininet, EntryPoint = "GetUrlCacheConfigInfoW", SetLastError=true)] internal static extern bool GetUrlCacheConfigInfo( ref NativeMethods.InternetCacheConfigInfo pInternetCacheConfigInfo, @@ -1472,7 +1376,6 @@ internal static extern bool GetUrlCacheConfigInfo( /// /// Critical: takes an hwnd, calls unmanaged code /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport("WtsApi32.dll")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WTSRegisterSessionNotification(IntPtr hwnd, uint dwFlags); @@ -1480,7 +1383,6 @@ internal static extern bool GetUrlCacheConfigInfo( /// /// Critical: takes an hwnd, calls unmanaged code /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport("WtsApi32.dll")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WTSUnRegisterSessionNotification(IntPtr hwnd); @@ -1488,7 +1390,6 @@ internal static extern bool GetUrlCacheConfigInfo( /// /// Critical: Calls unmanaged code. Returns native process handle. /// - [SecurityCritical] [DllImport(ExternDll.Kernel32, SetLastError = true)] public static extern IntPtr GetCurrentProcess(); @@ -1498,7 +1399,6 @@ internal static extern bool GetUrlCacheConfigInfo( /// /// Critical: Calls unmanaged code. Returns native process handle. /// - [SecurityCritical] [DllImport(ExternDll.Kernel32, SetLastError = true)] public static extern bool DuplicateHandle( IntPtr hSourceProcess, @@ -1549,7 +1449,6 @@ public unsafe struct PROFILE /// /// Critical: Pointer field. /// - [SecurityCritical] public void* pProfileData; // either the filename of the profile or buffer containing profile depending upon dwtype public uint cbDataSize; // size in bytes of pProfileData }; @@ -1558,7 +1457,6 @@ public unsafe struct PROFILE /// /// Critical: Calls unmanaged code. /// - [SecurityCritical,SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool IsIconic(IntPtr hWnd); @@ -1596,7 +1494,6 @@ public struct MOUSEHOOKSTRUCT /// /// Critical: Calls unmanaged code. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] public static HandleRef SetWindowsHookEx(HookType idHook, HookProc lpfn, IntPtr hMod, int dwThreadId) { IntPtr result = IntSetWindowsHookEx(idHook, lpfn, hMod, dwThreadId); @@ -1611,21 +1508,18 @@ public static HandleRef SetWindowsHookEx(HookType idHook, HookProc lpfn, IntPtr /// /// Critical: Calls unmanaged code. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, EntryPoint = "SetWindowsHookExW", SetLastError = true)] private static extern IntPtr IntSetWindowsHookEx(HookType idHook, HookProc lpfn, IntPtr hMod, int dwThreadId); /// /// Critical: Calls unmanaged code. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true)] public static extern bool UnhookWindowsHookEx(HandleRef hhk); /// /// Critical: Calls unmanaged code. /// - [SecurityCritical, SuppressUnmanagedCodeSecurity] [DllImport(ExternDll.User32, SetLastError = true)] public static extern IntPtr CallNextHookEx(HandleRef hhk, int nCode, IntPtr wParam, IntPtr lParam); } From 4d95964a17f44d2c0706773f456cc145051793c0 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Thu, 20 Jun 2019 11:12:01 -0700 Subject: [PATCH 2/7] removed attributes --- .../src/ReachFramework/PrintConfig/PTProvider.cs | 15 --------------- .../manager/MetroSerializationManager.cs | 10 ++-------- 2 files changed, 2 insertions(+), 23 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/ReachFramework/PrintConfig/PTProvider.cs b/src/Microsoft.DotNet.Wpf/src/ReachFramework/PrintConfig/PTProvider.cs index 56a5f6671cb..8b50890aec6 100644 --- a/src/Microsoft.DotNet.Wpf/src/ReachFramework/PrintConfig/PTProvider.cs +++ b/src/Microsoft.DotNet.Wpf/src/ReachFramework/PrintConfig/PTProvider.cs @@ -158,9 +158,6 @@ internal class PTProvider : PTProviderBase /// /// Printing components are not installed on the client /// - [PrintingPermission( - SecurityAction.Demand, - Level = PrintingPermissionLevel.DefaultPrinting)] public PTProvider(string deviceName, int maxVersion, int clientVersion) { Toolbox.EmitEvent(EventTrace.Event.WClientDRXPTProviderStart); @@ -221,9 +218,6 @@ public PTProvider(string deviceName, int maxVersion, int clientVersion) /// /// Printing components are not installed on the client /// - [PrintingPermission( - SecurityAction.Demand, - Level = PrintingPermissionLevel.DefaultPrinting)] public override MemoryStream GetPrintCapabilities(MemoryStream printTicket) { VerifyAccess(); @@ -293,9 +287,6 @@ public override MemoryStream GetPrintCapabilities(MemoryStream printTicket) /// /// Printing components are not installed on the client /// - [PrintingPermission( - SecurityAction.Demand, - Level = PrintingPermissionLevel.DefaultPrinting)] public override MemoryStream MergeAndValidatePrintTicket(MemoryStream basePrintTicket, MemoryStream deltaPrintTicket, PrintTicketScope scope, @@ -403,9 +394,6 @@ public override MemoryStream MergeAndValidatePrintTicket(MemoryStream basePrintT /// /// Printing components are not installed on the client /// - [PrintingPermission( - SecurityAction.Demand, - Level = PrintingPermissionLevel.DefaultPrinting)] public override MemoryStream ConvertDevModeToPrintTicket(byte[] devMode, PrintTicketScope scope) { @@ -470,9 +458,6 @@ public override MemoryStream ConvertDevModeToPrintTicket(byte[] devMode, /// /// Printing components are not installed on the client /// - [PrintingPermission( - SecurityAction.Demand, - Level = PrintingPermissionLevel.DefaultPrinting)] public override byte[] ConvertPrintTicketToDevMode(MemoryStream printTicket, BaseDevModeType baseType, PrintTicketScope scope) diff --git a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/manager/MetroSerializationManager.cs b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/manager/MetroSerializationManager.cs index b67cbbf35fc..62ad5707825 100644 --- a/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/manager/MetroSerializationManager.cs +++ b/src/Microsoft.DotNet.Wpf/src/ReachFramework/Serialization/manager/MetroSerializationManager.cs @@ -416,18 +416,12 @@ TypePropertyCache property internal int JobIdentifier - { - [System.Drawing.Printing.PrintingPermission( - System.Security.Permissions.SecurityAction.Demand, - Level = System.Drawing.Printing.PrintingPermissionLevel.DefaultPrinting)] + { set { _jobIdentifier = value; } - - [System.Drawing.Printing.PrintingPermission( - System.Security.Permissions.SecurityAction.Demand, - Level = System.Drawing.Printing.PrintingPermissionLevel.DefaultPrinting)] + get { return _jobIdentifier; From ff493a59603594de526ae88a7d7f45eb6178df3c Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Thu, 20 Jun 2019 11:27:13 -0700 Subject: [PATCH 3/7] removed securitynote comments --- .../CPP/DWriteWrapper/Common.h | 22 - .../CPP/DWriteWrapper/DWriteInterfaces.h | 21 - .../CPP/DWriteWrapper/Factory.cpp | 63 -- .../CPP/DWriteWrapper/Factory.h | 20 - .../CPP/DWriteWrapper/Font.cpp | 58 -- .../CPP/DWriteWrapper/Font.h | 8 - .../CPP/DWriteWrapper/FontCollection.cpp | 22 - .../CPP/DWriteWrapper/FontCollection.h | 8 - .../DWriteWrapper/FontCollectionLoader.cpp | 5 - .../CPP/DWriteWrapper/FontFace.cpp | 65 -- .../CPP/DWriteWrapper/FontFace.h | 8 - .../CPP/DWriteWrapper/FontFamily.cpp | 17 - .../CPP/DWriteWrapper/FontFamily.h | 5 - .../CPP/DWriteWrapper/FontFile.cpp | 31 - .../CPP/DWriteWrapper/FontFile.h | 6 - .../CPP/DWriteWrapper/FontFileEnumerator.cpp | 4 - .../CPP/DWriteWrapper/FontFileLoader.cpp | 5 - .../CPP/DWriteWrapper/FontFileStream.cpp | 11 - .../CPP/DWriteWrapper/FontFileStream.h | 3 - .../CPP/DWriteWrapper/ItemProps.cpp | 17 - .../CPP/DWriteWrapper/ItemProps.h | 7 - .../CPP/DWriteWrapper/LocalizedStrings.cpp | 40 - .../CPP/DWriteWrapper/LocalizedStrings.h | 7 - .../DWriteWrapper/NativePointerWrapper.cpp | 26 - .../CPP/DWriteWrapper/TextAnalyzer.cpp | 38 - .../CPP/DWriteWrapper/TextAnalyzer.h | 18 - .../CPP/DWriteWrapper/TextItemizer.cpp | 3 - .../CPP/TrueTypeSubsetter/TtfDelta/ttmem.cpp | 12 - .../CPP/TrueTypeSubsetter/util2.h | 3 - .../src/DirectWriteForwarder/CPP/wpfvcclr.h | 4 - .../src/DirectWriteForwarder/main.cpp | 51 -- .../src/Shared/cpp/Utils.cxx | 3 - .../src/Shared/cpp/dwriteloader.cpp | 3 - .../src/Shared/inc/dwriteloader.h | 4 - .../DRT/TestServices/MS/Internal/PointUtil.cs | 17 - .../MS/Internal/SecurityCriticalDataForSet.cs | 13 - .../TestServices/MS/Win32/HandleCollector.cs | 8 - .../TestServices/MS/Win32/NativeMethodsCLR.cs | 211 ----- .../MS/Win32/NativeMethodsOther.cs | 120 --- .../MS/Win32/SafeNativeMethodsCLR.cs | 149 ---- .../MS/Win32/SafeNativeMethodsOther.cs | 67 -- .../MS/Win32/UnsafeNativeMethodsCLR.cs | 738 ------------------ .../MS/Win32/UnsafeNativeMethodsOther.cs | 272 ------- 43 files changed, 2213 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Common.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Common.h index 96f52b704d0..3fb2bd79087 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Common.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Common.h @@ -20,12 +20,6 @@ private ref class Util sealed public: - /// - /// Critical - Call security critical method ThrowExceptionForHR(). - /// - Asserts unmanaged code permissions to call ThrowExceptionForHR. - /// Safe - We are using ThrowExceptionForHR() in a safe way - // by ignoring the IErrorInfo of the current thread. - /// __declspec(noinline) void static ConvertHresultToException(HRESULT hr) { @@ -57,10 +51,6 @@ private ref class Util sealed } } - /// - /// Critical - Asserts unmanaged code permissions to call ThrowExceptionForHR. - /// - Exposes a pointer to the contents of a managed string. - /// __declspec(noinline) const cli::interior_ptr static GetPtrToStringChars(System::String^ s) { return CriticalPtrToStringChars(s); @@ -71,10 +61,6 @@ private ref class Util sealed /// The implementation of this method is taken from this msdn article: /// http://msdn.microsoft.com/en-us/library/wb8scw8f(VS.100).aspx /// - /// - /// Critical - Asserts unmanaged code permissions. - /// Safe - Does not expose critical data. - /// __declspec(noinline) static _GUID ToGUID( System::Guid& guid ) { array^ guidData = guid.ToByteArray(); @@ -92,9 +78,6 @@ private ref class Util sealed /// The IErrorInfo is taken into account in a call to GetExceptionForHR(HRESULT), see MSDN for more details. /// - /// - /// Critical - Calls critical IsFullTrustCaller and Marshal::GetExceptionForHR - /// void static SanitizeAndThrowIfKnownException(HRESULT hr) { if (hr == COR_E_INVALIDOPERATION) @@ -117,11 +100,6 @@ private ref class Util sealed /// /// Checks if the caller is in full trust mode. /// - /// - /// Critical - Performs a demand. Transparent methods should not be responsible - /// for verifying the security of an operation, and therefore should not demand permissions. - /// Safe - It is safe to perform a demand. - /// static bool IsFullTrustCaller() { #ifndef _CLR_NETCORE diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/DWriteInterfaces.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/DWriteInterfaces.h index dbe9ab8436b..4c05f4561ec 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/DWriteInterfaces.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/DWriteInterfaces.h @@ -35,9 +35,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// IMPORTANT: ReadFileFragment() implementations must check whether the requested file fragment /// is within the file bounds. Otherwise, an error should be returned from ReadFileFragment. /// - /// - /// Critical - receives native pointers as parameters. - /// [PreserveSig] HRESULT ReadFileFragment( [Out] const void **fragmentStart, @@ -50,9 +47,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// Releases a fragment from a file. /// /// The client defined context of a font fragment returned from ReadFileFragment. - /// - /// Critical - receives native pointers as parameters. - /// [PreserveSig] void ReleaseFileFragment( [In] void *fragmentContext @@ -71,9 +65,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// either require complete font file to be loaded (e.g., copying a font file) or need to make /// decisions based on the value of the file size (e.g., validation against a persisted file size). /// - /// - /// Critical - receives native pointers as parameters. - /// [PreserveSig] HRESULT GetFileSize( [Out/*, MarshalAs(UnmanagedType::U8)*/] UINT64 *fileSize @@ -89,9 +80,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// Standard HRESULT error code. For resources that don't have a concept of the last modified time, the implementation of /// GetLastWriteTime should return E_NOTIMPL. /// - /// - /// Critical - receives native pointers as parameters. - /// [PreserveSig] HRESULT GetLastWriteTime( [Out/*, MarshalAs(UnmanagedType::U8)*/] UINT64 *lastWriteTime @@ -121,9 +109,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Standard HRESULT error code. /// - /// - /// Critical - receives native pointers as parameters. - /// [PreserveSig] HRESULT CreateStreamFromKey( [In] void const* fontFileReferenceKey, @@ -160,9 +145,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Standard HRESULT error code. /// - /// - /// Critical - receives native pointers as parameters. - /// [PreserveSig] HRESULT GetCurrentFontFile( /*[Out, MarshalAs(UnmanagedType::Interface)]*/ IDWriteFontFile** fontFile @@ -192,9 +174,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n /// /// Standard HRESULT error code. /// - /// - /// Critical - receives native pointers as parameters. - /// [PreserveSig] HRESULT CreateEnumeratorFromKey( /*[In, MarshalAs(UnmanagedType::Interface)]*/ IntPtr factory, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.cpp index 4b50be7704e..09fd5108b0c 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.cpp @@ -15,17 +15,10 @@ using namespace System::Threading; typedef HRESULT (WINAPI *DWRITECREATEFACTORY)(DWRITE_FACTORY_TYPE factoryType, REFIID iid, IUnknown **factory); -/// -/// Critical - Returns a pointer to the DWriteCreateFactory method which -/// can be used to access the shared factory. -/// extern void *GetDWriteCreateFactoryFunctionPointer(); namespace MS { namespace Internal { namespace Text { namespace TextInterface { - /// - /// Critical - Calls security critical Factory ctor(). - /// Factory^ Factory::Create( FactoryType factoryType, IFontSourceCollectionFactory^ fontSourceCollectionFactory, @@ -35,14 +28,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return gcnew Factory(factoryType, fontSourceCollectionFactory, fontSourceFactory); } - /// - /// Critical - references security critical member '_pFactory'. - /// references security critical method 'MS.Internal.Text.TextInterface.FontFileLoader..ctor(MS.Internal.Text.TextInterface.IFontSourceFactory)'. - /// references security critical method 'MS.Internal.Text.TextInterface.FontCollectionLoader..ctor(MS.Internal.Text.TextInterface.IFontSourceCollectionFactory, MS.Internal.Text.TextInterface.FontFileLoader)'. - /// references security critical method 'System.Runtime.InteropServices.Marshal.GetComInterfaceForObject(System.Object, System.Type)' & - /// 'System.Runtime.InteropServices.Marshal.Release(System.IntPtr)' but this is ok since they are called for objects that this method create. - /// Asserts unmanaged code permissions to call Marshal.* - /// Factory::Factory( FactoryType factoryType, IFontSourceCollectionFactory^ fontSourceCollectionFactory, @@ -90,11 +75,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface ConvertHresultToException(hr, "Factory::Factory"); } - /// - /// Critical - Calls security critical GetDWriteCreateFactoryFunctionPointer(). - /// Assigns security critical member _pFactory. - /// Safe - Does not expose any critical info. - /// __declspec(noinline) void Factory::Initialize( FactoryType factoryType ) @@ -113,12 +93,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface _pFactory = (IDWriteFactory*)factoryTemp; } - /// - /// Critical - Manipulates security critical member _pFactory. - /// - Asserts Unmanaged code permissions to call Marshal.* - /// Safe - Just releases the interface. - /// - Marshal is called with trusted inputs. - /// [ReliabilityContract(Consistency::WillNotCorruptState, Cer::Success)] __declspec(noinline) bool Factory::ReleaseHandle() { @@ -153,9 +127,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return true; } - /// - /// Critical - Assumes that the user has permissions to access filePathUri. - /// __declspec(noinline) FontFile^ Factory::CreateFontFile( System::Uri^ filePathUri ) @@ -184,9 +155,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } - /// - /// Critical - Calls security critical CreateFontFace. - /// FontFace^ Factory::CreateFontFace( System::Uri^ filePathUri, unsigned int faceIndex @@ -199,9 +167,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface ); } - /// - /// Critical - Calls security critical CreateFontFile. - /// FontFace^ Factory::CreateFontFace( System::Uri^ filePathUri, unsigned int faceIndex, @@ -277,10 +242,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return GetSystemFontCollection(false); } - /// - /// Critical - Uses security critical _pFactory pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontCollection^ Factory::GetSystemFontCollection( bool checkForUpdates ) @@ -297,17 +258,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return gcnew FontCollection(dwriteFontCollection); } - /// - /// Critical - The caller of this method should own the verification of - /// the access permissions to the given Uri. - /// - /// Other reasons why this method should be critical (but safe) - /// ---------------------------------------------------------- - /// - Uses security critical _pFactory pointer. But - /// It does not expose the pointer it uses. - /// - Asserts Unmanaged code permissions to call Marshal.* But - /// Marshal is called with trusted inputs. - /// __declspec(noinline) FontCollection^ Factory::GetFontCollection(System::Uri^ uri) { System::String^ uriString = uri->AbsoluteUri; @@ -337,13 +287,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return gcnew FontCollection(dwriteFontCollection); } - /// - /// Critical - Receives and returns native pointers. - /// - References security critical method 'System.Runtime.InteropServices.Marshal.GetComInterfaceForObject(System.Object, System.Type)'. - /// - References security critical method 'System.Runtime.InteropServices.Marshal.Release(System.IntPtr)'. - /// - Asserts unmanaged code permissions to call Marshal.* However the call to Marshal is safe - /// because it is called with trusted inputs. - /// HRESULT Factory::CreateFontFile( IDWriteFactory* factory, FontFileLoader^ fontFileLoader, @@ -467,12 +410,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface _timeStampCache->Clear(); } - /// - /// Critical - Uses security critical _pFactory pointer. - /// - Calls security critical TextAnalyzer ctor() - /// Safe - It does not expose the pointer it uses. - /// - TextAnalyzer ctor() is called with a trusted pointer. - /// __declspec(noinline) TextAnalyzer^ Factory::CreateTextAnalyzer() { IDWriteTextAnalyzer* textAnalyzer = NULL; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.h index a712da473d1..96b673a0d1d 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Factory.h @@ -32,9 +32,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// A pointer to the wrapped DWrite factory object. /// - /// - /// Critical - native pointer. - /// IDWriteFactory* _pFactory; /// @@ -63,19 +60,11 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// The custom loader used by WPF to load font collections. /// - /// - /// Critical - We call Marshal.* with this member variable and we - // assume it is trusted. - /// FontCollectionLoader^ _wpfFontCollectionLoader; /// /// The custom loader used by WPF to load font files. /// - /// - /// Critical - We call Marshal.* with this member variable and we - // assume it is trusted. - /// FontFileLoader^ _wpfFontFileLoader; IFontSourceFactory^ _fontSourceFactory; @@ -97,9 +86,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface property IDWriteFactory* DWriteFactoryAddRef { - /// - /// Critical - Exposes critical member _pFactory. - /// IDWriteFactory* get() { _pFactory->AddRef(); @@ -216,12 +202,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface __out IDWriteFontFile** dwriteFontFile ); - /// - /// This is a workaround. - /// DWRITE_MATRIX is flagged as a critical type since it uses some security critical - /// attributes from Microsoft.VisualC.dll (MiscellaneousBitsAttribute & DebugInfoInPDBAttribute) - /// This should be fixed in Microsoft.VisualC.dll. - /// __declspec(noinline) static DWRITE_MATRIX GetIdentityTransform() { DWRITE_MATRIX transform; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.cpp index b0dab91df66..3d8008f5715 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.cpp @@ -15,11 +15,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface Flags_IsSymbolFontValue = 0x0004, }; - /// - /// Critical - Receives a native pointer and stores it internally. - /// This whole object is wrapped around the passed in pointer - /// So this ctor assumes safety of the passed in pointer. - /// Font::Font( IDWriteFont* font ) @@ -151,19 +146,12 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return fontFace; } - /// - /// Critical - Exposes the critical member _font. - /// System::IntPtr Font::DWriteFontAddRef::get() { _font->Value->AddRef(); return (System::IntPtr)_font->Value; } - /// - /// Critical - Uses security critical _font pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontFamily^ Font::Family::get() { IDWriteFontFamily* dwriteFontFamily; @@ -175,10 +163,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return gcnew FontFamily(dwriteFontFamily); } - /// - /// Critical - Uses security critical _font pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontWeight Font::Weight::get() { DWRITE_FONT_WEIGHT dwriteFontWeight = _font->Value->GetWeight(); @@ -186,10 +170,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return DWriteTypeConverter::Convert(dwriteFontWeight); } - /// - /// Critical - Uses security critical _font pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontStretch Font::Stretch::get() { DWRITE_FONT_STRETCH dwriteFontStretch = _font->Value->GetStretch(); @@ -197,10 +177,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return DWriteTypeConverter::Convert(dwriteFontStretch); } - /// - /// Critical - Uses security critical _font pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontStyle Font::Style::get() { DWRITE_FONT_STYLE dwriteFontStyle = _font->Value->GetStyle(); @@ -208,10 +184,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return DWriteTypeConverter::Convert(dwriteFontStyle); } - /// - /// Critical - Uses security critical _font pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) bool Font::IsSymbolFont::get() { if ((_flags & Flags_IsSymbolFontInitialized) != Flags_IsSymbolFontInitialized) @@ -227,11 +199,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return ((_flags & Flags_IsSymbolFontValue) == Flags_IsSymbolFontValue); } - /// - /// Critical - Uses security critical _font pointer and calls - /// Security Critical LocalizedStrings ctor. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) LocalizedStrings^ Font::FaceNames::get() { IDWriteLocalizedStrings* dwriteLocalizedStrings; @@ -243,10 +210,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return gcnew LocalizedStrings(dwriteLocalizedStrings); } - /// - /// Critical - Uses security critical _font pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) bool Font::GetInformationalStrings( InformationalStringID informationalStringID, [System::Runtime::InteropServices::Out] LocalizedStrings^% informationalStrings @@ -265,10 +228,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return (!!exists); } - /// - /// Critical - Uses security critical _font pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontSimulations Font::SimulationFlags::get() { DWRITE_FONT_SIMULATIONS dwriteFontSimulations = _font->Value->GetSimulations(); @@ -276,10 +235,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return DWriteTypeConverter::Convert(dwriteFontSimulations); } - /// - /// Critical - Uses security critical _font pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontMetrics^ Font::Metrics::get() { if (_fontMetrics == nullptr) @@ -294,10 +249,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return _fontMetrics; } - /// - /// Critical - Uses security critical _font pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) bool Font::HasCharacter( UINT32 unicodeValue ) @@ -312,11 +263,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return (!!exists); } - /// - /// Critical - Uses security critical _font pointer and calls - /// security critical FontFace ctor. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontFace^ Font::CreateFontFace() { IDWriteFontFace* dwriteFontFace; @@ -354,10 +300,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return _version; } - /// - /// Critical - Uses security critical _font pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontMetrics^ Font::DisplayMetrics(FLOAT emSize, FLOAT pixelsPerDip) { DWRITE_FONT_METRICS fontMetrics; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.h index ea45e5c8e70..ea371effde6 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/Font.h @@ -42,9 +42,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// The DWrite font object that this class wraps. /// - /// - /// Critical - native pointer. - /// NativeIUnknownWrapper^ _font; /// @@ -113,11 +110,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Contructs a Font object. /// /// The DWrite font object that this class wraps. - /// - /// Critical - Receives a native pointer and stores it internally. - /// This whole object is wrapped around the passed in pointer - /// So this ctor assumes safety of the passed in pointer. - /// Font( IDWriteFont* font ); diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.cpp index 914da988404..28d2b08a5cd 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.cpp @@ -7,21 +7,11 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { - /// - /// Critical - Receives a native pointer and stores it internally. - /// This whole object is wrapped around the passed in pointer - /// So this ctor assumes safety of the passed in pointer. - /// FontCollection::FontCollection(IDWriteFontCollection* fontCollection) { _fontCollection = gcnew NativeIUnknownWrapper(fontCollection); } - /// - /// Critical - Uses security critical member _fontCollection. - /// - Calls security critical Util::GetPtrToStringChars. - /// Safe - Does not expose any security critical info. - /// __declspec(noinline) bool FontCollection::FindFamilyName( System::String^ familyName, [System::Runtime::InteropServices::Out] unsigned int% index @@ -42,10 +32,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return (!!exists); } - /// - /// Critical - Uses security critical member _fontCollection and fontFace->DWriteFontFace. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) Font^ FontCollection::GetFontFromFontFace(FontFace^ fontFace) { IDWriteFontFace* dwriteFontFace = fontFace->DWriteFontFaceNoAddRef; @@ -64,10 +50,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return gcnew Font(dwriteFont); } - /// - /// Critical - Uses security critical member _fontCollection and calls security critical ctor FontFamily. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontFamily^ FontCollection::default::get(unsigned int familyIndex) { IDWriteFontFamily* dwriteFontFamily = NULL; @@ -96,10 +78,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return nullptr; } - /// - /// Critical - Uses security critical member _fontCollection. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) unsigned int FontCollection::FamilyCount::get() { UINT32 familyCount = _fontCollection->Value->GetFontFamilyCount(); diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.h index f254222691e..24c1d15582b 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollection.h @@ -25,9 +25,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// The DWrite font collection. /// - /// - /// Critical - native pointer. - /// NativeIUnknownWrapper^ _fontCollection; internal: @@ -36,11 +33,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Contructs a FontCollection object. /// /// The DWrite font collection object that this class wraps. - /// - /// Critical - Receives a native pointer and stores it internally. - /// This whole object is wrapped around the passed in pointer - /// So this ctor assumes safety of the passed in pointer. - /// FontCollection(IDWriteFontCollection* fontCollection); /// diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollectionLoader.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollectionLoader.cpp index 8ac7e0fdaa0..6a53d3fc3a8 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollectionLoader.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontCollectionLoader.cpp @@ -16,11 +16,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface _fontFileLoader = fontFileLoader; } - /// - /// Critical - Receives and returns native pointers. - /// - Asserts unmanaged code permissions to call Marshal.* However the call to Marshal is safe - /// because it is called with trusted inputs. - /// [ComVisible(true)] HRESULT FontCollectionLoader::CreateEnumeratorFromKey( IntPtr factory, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.cpp index 3edf6fd53a8..6e082906052 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.cpp @@ -8,20 +8,11 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { - /// - /// Critical - Receives a native pointer and stores it internally. - /// This whole object is wrapped around the passed in pointer - /// So this ctor assumes safety of the passed in pointer. - /// FontFace::FontFace(IDWriteFontFace* fontFace) { _fontFace = gcnew NativeIUnknownWrapper(fontFace); } - /// - /// Critical - Manipulates security critical member _fontCollection. - /// Safe - Just releases the interface. - /// __declspec(noinline) FontFace::~FontFace() { if (_fontFace != nullptr) @@ -35,27 +26,17 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// OBJECT IS KEPT ALIVE BY THE GC OR ELSE YOU ARE RISKING THE POINTER GETTING RELEASED BEFORE YOU'D /// WANT TO. /// - /// - /// Critical - Exposes the native pointer that this object wraps. - /// IDWriteFontFace* FontFace::DWriteFontFaceNoAddRef::get() { return _fontFace->Value; } - /// - /// Critical - Exposes the native pointer that this object wraps. - /// System::IntPtr FontFace::DWriteFontFaceAddRef::get() { _fontFace->Value->AddRef(); return (System::IntPtr)_fontFace->Value; } - /// - /// Critical - Uses security critical member _fontFace. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontFaceType FontFace::Type::get() { DWRITE_FONT_FACE_TYPE dwriteFontFaceType = _fontFace->Value->GetType(); @@ -63,10 +44,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return DWriteTypeConverter::Convert(dwriteFontFaceType); } - /// - /// Critical - Uses security critical member _fontFace. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontFile^ FontFace::GetFileZero() { unsigned int numberOfFiles = 0; @@ -112,10 +89,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return (numberOfFiles > 0) ? gcnew FontFile(pfirstDWriteFontFile) : nullptr; } - /// - /// Critical - Uses security critical member _fontFace. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) unsigned int FontFace::Index::get() { unsigned int index = _fontFace->Value->GetIndex(); @@ -123,10 +96,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return index; } - /// - /// Critical - Uses security critical member _fontFace. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontSimulations FontFace::SimulationFlags::get() { DWRITE_FONT_SIMULATIONS dwriteFontSimulations = _fontFace->Value->GetSimulations(); @@ -134,10 +103,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return DWriteTypeConverter::Convert(dwriteFontSimulations); } - /// - /// Critical - Uses security critical member _fontFace. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) bool FontFace::IsSymbolFont::get() { BOOL isSymbolFont = _fontFace->Value->IsSymbolFont(); @@ -145,10 +110,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return (!!isSymbolFont); } - /// - /// Critical - Uses security critical member _fontFace. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontMetrics^ FontFace::Metrics::get() { if (_fontMetrics == nullptr) @@ -163,10 +124,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return _fontMetrics; } - /// - /// Critical - Uses security critical member _fontFace. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) UINT16 FontFace::GlyphCount::get() { UINT16 glyphCount = _fontFace->Value->GetGlyphCount(); @@ -174,11 +131,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return glyphCount; } - /// - /// Critical - Uses security critical member _fontFace. - /// Receives a native pointer as an argument. - /// Exposes a native pointer to the caller. - /// void FontFace::GetDesignGlyphMetrics( __in_ecount(glyphCount) const UINT16 *pGlyphIndices, UINT32 glyphCount, @@ -196,11 +148,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface ConvertHresultToException(hr, "array^ FontFace::GetDesignGlyphMetrics"); } - /// - /// Critical - Uses security critical member _fontFace. - /// Receives a native pointer as an argument. - /// Exposes a native pointer to the caller. - /// void FontFace::GetDisplayGlyphMetrics( __in_ecount(glyphCount) const UINT16 *pGlyphIndices, UINT32 glyphCount, @@ -225,11 +172,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface ConvertHresultToException(hr, "array^ FontFace::GetDesignGlyphMetrics"); } - /// - /// Critical - Uses security critical member _fontFace. - /// Receives a native pointer as an argument. - /// Exposes a native pointer to the caller. - /// void FontFace::GetArrayOfGlyphIndices( __in_ecount(glyphCount) const UINT32* pCodePoints, UINT32 glyphCount, @@ -248,9 +190,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface ConvertHresultToException(hr, "array^ FontFace::GetArrayOfGlyphIndices"); } - /// - /// Critical - Exposes the data from a font. - /// __declspec(noinline) bool FontFace::TryGetFontTable( OpenTypeTableTag openTypeTableTag, [System::Runtime::InteropServices::Out] array^% tableData @@ -286,10 +225,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return (!!exists); } - /// - /// Critical - Uses security critical member _fontFace. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) bool FontFace::ReadFontEmbeddingRights([System::Runtime::InteropServices::Out] unsigned short% fsType) { void* os2Table; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.h index c272f527ca3..76f6b49dfc8 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFace.h @@ -34,9 +34,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// The DWrite font face object. /// - /// - /// Critical - native pointer. - /// NativeIUnknownWrapper^ _fontFace; /// @@ -59,11 +56,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Constructs a font face object. /// /// A pointer to the DWrite font face object. - /// - /// Critical - Receives a native pointer and stores it internally. - /// This whole object is wrapped around the passed in pointer - /// So this ctor assumes safety of the passed in pointer. - /// FontFace(IDWriteFontFace* fontFace); /// diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.cpp index c5cc9eb35b9..f3277efdc5d 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.cpp @@ -7,20 +7,11 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { - /// - /// Critical - Receives a native pointer and stores it internally. - /// This whole object is wrapped around the passed in pointer - /// So this ctor assumes safety of the passed in pointer. - /// FontFamily::FontFamily(IDWriteFontFamily* fontFamily) : FontList(fontFamily) { _regularFont = nullptr; } - /// - /// Critical - Uses security critical FontFamilyObject pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) LocalizedStrings^ FontFamily::FamilyNames::get() { IDWriteLocalizedStrings* dwriteLocalizedStrings; @@ -67,10 +58,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return regularFont->DisplayMetrics(emSize, pixelsPerDip); } - /// - /// Critical - Uses security critical FontFamilyObject pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) Font^ FontFamily::GetFirstMatchingFont( FontWeight weight, FontStretch stretch, @@ -90,10 +77,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return gcnew Font(dwriteFont); } - /// - /// Critical - Uses security critical FontFamilyObject pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) FontList^ FontFamily::GetMatchingFonts( FontWeight weight, FontStretch stretch, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.h index 5e86d1177c9..74ed818f61d 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFamily.h @@ -34,11 +34,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Contructs a FontFamily object. /// /// The DWrite font family object that this class wraps. - /// - /// Critical - Receives a native pointer and stores it internally. - /// This whole object is wrapped around the passed in pointer - /// So this ctor assumes safety of the passed in pointer. - /// FontFamily(IDWriteFontFamily* fontFamily); /// diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.cpp index 487e769714b..da99433eed6 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.cpp @@ -12,11 +12,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// static ctor to initialize the GUID of IDWriteLocalFontFileLoader interface. /// - /// - /// Critical - Asserts unmanaged code permissions. - /// - Assigns security critical _guidForIDWriteLocalFontFileLoader - /// Safe - The data used to initialize _guidForIDWriteLocalFontFileLoader is const. - /// static FontFile::FontFile() { System::Guid guid = System::Guid("b2d9f3ec-c9fe-4a11-a2ec-d86208f7c0a2"); @@ -25,20 +20,11 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface _guidForIDWriteLocalFontFileLoader = gcnew NativePointerWrapper<_GUID>(pGuidForIDWriteLocalFontFileLoader); } - /// - /// Critical - Receives a native pointer and stores it internally. - /// This whole object is wrapped around the passed in pointer - /// So this ctor assumes safety of the passed in pointer. - /// FontFile::FontFile(IDWriteFontFile* fontFile) { _fontFile = gcnew NativeIUnknownWrapper(fontFile); } - /// - /// Critical - Manipulates security critical member _fontFile. - /// Safe - Just releases the interface. - /// __declspec(noinline) FontFile::~FontFile() { if (_fontFile != nullptr) @@ -48,10 +34,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } } - /// - /// Critical - Uses security critical _fontFile pointer. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) bool FontFile::Analyze( [System::Runtime::InteropServices::Out] DWRITE_FONT_FILE_TYPE% fontFileType, [System::Runtime::InteropServices::Out] DWRITE_FONT_FACE_TYPE% fontFaceType, @@ -86,20 +68,11 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// OBJECT IS KEPT ALIVE BY THE GC OR ELSE YOU ARE RISKING THE POINTER GETTING RELEASED BEFORE YOU'D /// WANT TO. /// - /// - /// Critical - Exposes critical member _fontFile. - /// IDWriteFontFile* FontFile::DWriteFontFileNoAddRef::get() { return _fontFile->Value; } - /// - /// Critical - Asserts unmanaged code permission to new and delete a native WCHAR buffer - /// But this is ok since the buffer is created at a safe size and not exposed. - /// - Exposes Font File path which can expose the windows folder location - /// to partial trust apps. - /// System::String^ FontFile::GetUriPath() { void* fontFileReferenceKey; @@ -166,10 +139,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// is created to be marked with proper security attributes because when /// the call to Release() was made inside GetUriPath() it was causing Jitting. /// - /// - /// Critical - Asserts unmanaged code permissions. - /// Safe - This function does not perform dangerous operations. - /// __declspec(noinline) void FontFile::ReleaseInterface(IDWriteLocalFontFileLoader** ppInterface) { if (ppInterface && *ppInterface) diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.h index 250addff494..90b07c83b7d 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFile.h @@ -24,9 +24,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// A pointer to the DWrite font file object. /// - /// - /// Critical - native pointer. - /// NativeIUnknownWrapper^ _fontFile; /// @@ -36,9 +33,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// This makes the static method fail NGENing and causes Jitting which affects perf. /// If the complier gets fixed then we can remove this scheme and use __uuidof(IDWriteLocalFontFileLoader). /// - /// - /// Critical - native pointer. - /// static NativePointerWrapper<_GUID>^ _guidForIDWriteLocalFontFileLoader; /// diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileEnumerator.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileEnumerator.cpp index c3170a2fd2f..896c016a9e8 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileEnumerator.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileEnumerator.cpp @@ -19,10 +19,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface _factory = factory; } - /// - /// Critical - Asserts unmanaged code permissions to call Marshal.* However the call to Marshal is safe - /// because it is called with trusted inputs. - /// [ComVisible(true)] HRESULT FontFileEnumerator::MoveNext( __out bool% hasCurrentFile diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileLoader.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileLoader.cpp index 5a87f08d286..a826c92adb5 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileLoader.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileLoader.cpp @@ -11,11 +11,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface _fontSourceFactory = fontSourceFactory; } - /// - /// Critical - Receives and returns a native pointers. - /// - Asserts unmanaged code permissions to call Marshal.* However the call to Marshal is safe - /// because it is called with trusted inputs. - /// [ComVisible(true)] HRESULT FontFileLoader::CreateStreamFromKey( __in_bcount(fontFileReferenceKeySize) void const* fontFileReferenceKey, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.cpp index c58dfbd511f..7e9b51adde8 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.cpp @@ -35,9 +35,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface _fontSourceStream->Close(); } - /// - /// Critical - Calls critical CreateGarbageCollectorHandleNativeWrapper - /// [ComVisible(true)] HRESULT FontFileStream::ReadFileFragment( __deref_out_bcount(fragmentSize) const void ** fragmentStart, @@ -98,11 +95,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return hr; } - /// - /// Critical - Asserts unmanaged code permission to call GCHandle::FromIntPtr - /// Frees a GCHandle based on the passed in pointer so the pointer - /// passed in must be trusted. - /// #ifndef _CLR_NETCORE #endif [ComVisible(true)] @@ -117,9 +109,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } } - /// - /// Critical - Asserts unmanaged code permissions to call Marshal.* - /// [ComVisible(true)] HRESULT FontFileStream::GetFileSize( __out UINT64* fileSize diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.h index ec84b5e7dd1..fa1f3a50c24 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/FontFileStream.h @@ -20,9 +20,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface private ref class FontFileStream : public IDWriteFontFileStreamMirror { private: - /// - /// SecurityCritical : Critical Font file data. - /// Stream^ _fontSourceStream; INT64 _lastWriteTime; Object^ _fontSourceStreamLock; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.cpp index 49823761d0d..6608a7a4c58 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.cpp @@ -6,9 +6,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { - /// - /// Critical - Exposes a native pointer. - /// void* ItemProps::ScriptAnalysis::get() { if (_scriptAnalysis != nullptr) @@ -21,9 +18,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } } - /// - /// Critical - Exposes a native pointer. - /// void* ItemProps::NumberSubstitutionNoAddRef::get() { return _numberSubstitution->Value; @@ -59,10 +53,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return _isLatin; } - /// - /// Critical - Asserts to allocate and initialize unmanaged memory. - /// TreatAsSafe - Initializes unmanaged memory to known safe state. - /// ItemProps::ItemProps() { _digitCulture = nullptr; @@ -77,9 +67,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } - /// - /// Critical - Sets members to arbitrary native pointers that are later read by treat as safe methods. - /// ItemProps^ ItemProps::Create( void* scriptAnalysis, void* numberSubstitution, @@ -117,10 +104,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return result; } - /// - /// Critical - Asserts to read unmanaged memory. - /// Safe - Reads from a safe location. - /// __declspec(noinline) bool ItemProps::CanShapeTogether(ItemProps^ other) { // Check whether 2 ItemProps have the same attributes that impact shaping so diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.h index bfaf791d6ea..0da70d4d59c 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/ItemProps.h @@ -80,15 +80,8 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Applying custom attributes on the constructor implementation /// causes a compiler error (a custom attribute may not be used inside a function) /// - /// - /// Critical - Asserts to allocate and initialize unmanaged memory. - /// TreatAsSafe - Initializes unmanaged memory to known safe state. - /// ItemProps(); - /// - /// Critical - Asserts to initialize unmanaged memory. - /// static ItemProps^ Create( void* scriptAnalysis, void* numberSubstitution, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.cpp index 1fcedc6c0ae..4d353f4d045 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.cpp @@ -12,11 +12,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// The DWrite localized Strings object that /// this class wraps. - /// - /// Critical - Receives a native pointer and stores it internally. - /// This whole object is wrapped around the passed in pointer - /// So this ctor assumes safety of the passed in pointer. - /// LocalizedStrings::LocalizedStrings(IDWriteLocalizedStrings* localizedStrings) { _localizedStrings = gcnew NativeIUnknownWrapper(localizedStrings); @@ -29,10 +24,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// The DWrite localized Strings object that /// this class wraps. - /// - /// Critical - Writes to security critical member _localizedStrings. - /// Safe - Always writes NULL to _localizedStrings. - /// __declspec(noinline) LocalizedStrings::LocalizedStrings() { _localizedStrings = nullptr; @@ -43,10 +34,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Gets the number of language/string pairs. /// - /// - /// Critical - Uses security critical member _localizedStrings. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) UINT32 LocalizedStrings::StringsCount::get() { UINT32 count = (_localizedStrings != nullptr)? _localizedStrings->Value->GetCount() : 0; @@ -117,10 +104,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface return _values; } - /// - /// Critical - Uses security critical member _localizedStrings. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) KeyValuePair LocalizedStrings::LocalizedStringsEnumerator::Current::get() { if (_currentIndex >= _localizedStrings->StringsCount) @@ -149,11 +132,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// Locale name to look for. /// Receives the zero-based index of the locale name/string pair. /// TRUE if the locale name exists or FALSE if not. - /// - /// Critical - Asserts unmanaged code permission. - /// Uses security critical member _localizedStrings. - /// Safe - Does not expose any security critical info. - /// __declspec(noinline) bool LocalizedStrings::FindLocaleName( System::String^ localeName, [System::Runtime::InteropServices::Out] UINT32% index @@ -186,10 +164,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Zero-based index of the locale name. /// The length in characters, not including the null terminator. - /// - /// Critical - Uses security critical member _localizedStrings. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) UINT32 LocalizedStrings::GetLocaleNameLength( UINT32 index ) @@ -216,11 +190,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Zero-based index of the locale name. /// The locale name. - /// - /// Critical - Asserts unmanaged code permission to allocate and delete a native WCHAR buffer. - /// TreatAsSafe - Caller does not control size of native buffer and buffer is not exposed. - /// - Method does not return critical data. - /// __declspec(noinline) System::String^ LocalizedStrings::GetLocaleName( UINT32 index ) @@ -262,10 +231,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Zero-based index of the string. /// The length in characters, not including the null terminator. - /// - /// Critical - Uses security critical member _localizedStrings. - /// Safe - It does not expose the pointer it uses. - /// __declspec(noinline) UINT32 LocalizedStrings::GetStringLength( UINT32 index ) @@ -292,11 +257,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// Zero-based index of the string. /// The string. - /// - /// Critical - Asserts unmanaged code permission to allocate and delete a native WCHAR buffer. - /// TreatAsSafe - Caller does not control size of native buffer and buffer is not exposed. - /// - Method does not return critical data. - /// __declspec(noinline) System::String^ LocalizedStrings::GetString( UINT32 index ) diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.h index 4d26e691f4d..15aa425aa01 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/LocalizedStrings.h @@ -25,9 +25,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface /// /// A pointer to the wrapped DWrite Localized Strings object. /// - /// - /// Critical - native pointer. - /// NativeIUnknownWrapper^ _localizedStrings; /// @@ -169,10 +166,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface throw gcnew NotSupportedException(); } - /// - /// Critical - Calls critical method to get localized font string - /// TreatAsSafe - it is safe to expose the localized strings for the font. - /// __declspec(noinline) virtual bool TryGetValue( CultureInfo^ key, [Runtime::InteropServices::Out] String^% value diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/NativePointerWrapper.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/NativePointerWrapper.cpp index e9750aac8f7..cf9fb83c3b9 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/NativePointerWrapper.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/NativePointerWrapper.cpp @@ -7,47 +7,29 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { namespace Generics { template - /// - /// Critical - Assigns the native pointer that this object wraps. - /// NativePointerCriticalHandle::NativePointerCriticalHandle(void* pNativePointer) : CriticalHandle(IntPtr::Zero) { SetHandle(IntPtr(pNativePointer)); } template - /// - /// Critical - Accesses the critical handle. - /// Safe - Does not expose the critical handle. - /// __declspec(noinline) bool NativePointerCriticalHandle::IsInvalid::get() { return (handle == IntPtr::Zero); } template - /// - /// Critical - Exposes the pointer that this object wraps. - /// T* NativePointerCriticalHandle::Value::get() { return (T*)handle.ToPointer(); } template - /// - /// Critical - Assigns the native pointer that this object wraps. - /// NativeIUnknownWrapper::NativeIUnknownWrapper(IUnknown* pNativePointer) : NativePointerCriticalHandle(pNativePointer) { } template - /// - /// Critical - Accesses the critical handle. - /// Safe - Just releases the pointer which is stored - /// internally and is trusted. - /// __declspec(noinline) bool NativeIUnknownWrapper::ReleaseHandle() { ((IUnknown*)handle.ToPointer())->Release(); @@ -56,19 +38,11 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { n } template - /// - /// Critical - Assigns the native pointer that this object wraps. - /// NativePointerWrapper::NativePointerWrapper(T* pNativePointer) : NativePointerCriticalHandle(pNativePointer) { } template - /// - /// Critical - Accesses the critical handle. - /// Safe - Just deletes the pointer which is stored - /// internally and is trusted. - /// __declspec(noinline) bool NativePointerWrapper::ReleaseHandle() { delete handle.ToPointer(); diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.cpp index 6c4a49f9464..96fa69094ca 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.cpp @@ -16,9 +16,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface _textAnalyzer = gcnew NativeIUnknownWrapper(textAnalyzer); } - /// - /// Critical - Calls critical AnalyzeExtendedAndItemize overload - /// IList^ TextAnalyzer::Itemize( __in_ecount(length) const WCHAR* text, UINT32 length, @@ -117,12 +114,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } - /// - /// Critical - Asserts unmanaged code permission to new and delete native buffer. - /// - This method calls into security critical TextItemizer->Itemize() but - /// the pointer passed to Itemize() is constructed internally so the call - /// to TextItemizer->Itemize() is safe. - /// IList^ TextAnalyzer::AnalyzeExtendedAndItemize( TextItemizer^ textItemizer, __in_ecount(length) const WCHAR *text, @@ -146,9 +137,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } } - /// - /// Critical - Receives pointers, arrays and their bounds as input. - /// void TextAnalyzer::AnalyzeExtendedCharactersAndDigits( __in_ecount(length) const WCHAR* text, UINT32 length, @@ -234,9 +222,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface textItemizer->SetIsDigit(isDigitRangeStart, isDigitRangeEnd - isDigitRangeStart, previousIsDigitValue); } - /// - /// Critical - Receives pointers, arrays and their bounds as input. - /// void TextAnalyzer::GetBlankGlyphsForControlCharacters( __in_ecount(textLength) const WCHAR* pTextString, UINT32 textLength, @@ -304,11 +289,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface #pragma warning (push) #pragma warning (disable : 4714) - /// - /// Critical - Asserts unmanaged code permission - /// To new and delete native buffers. - /// To perform unsafe reinterpret_casts - /// void TextAnalyzer::GetGlyphs( __in_ecount(textLength) const WCHAR* textString, UINT32 textLength, @@ -493,9 +473,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface #pragma warning (pop) - /// - /// Critical - Receives pointers, arrays and their bounds as input. - /// void TextAnalyzer::GetGlyphPlacementsForControlCharacters( __in_ecount(textLength) const WCHAR* pTextString, UINT32 textLength, @@ -576,11 +553,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } } - /// - /// Critical - Asserts unmanaged code permission - /// To allocate and delete temporary native buffers - /// To perform unsafe reinterpret_casts - /// void TextAnalyzer::GetGlyphPlacements( __in_ecount(textLength) const WCHAR* textString, __in_ecount(textLength) UINT16 const* clusterMap, @@ -832,12 +804,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } - /// - /// Critical - Asserts unmanaged code permission - /// To allocate and delete temporary native buffers - /// To perform unsafe reinterpret_casts - /// To call Marshal.Copy - /// void TextAnalyzer::GetGlyphsAndTheirPlacements( __in_ecount(textLength) const WCHAR* textString, UINT32 textLength, @@ -955,10 +921,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } } - /// - /// Critical - Calls security critical itemProps->ScriptAnalysis. - /// Safe - Does not expose the pointer returned from itemProps->ScriptAnalysis. - /// __declspec(noinline) DWRITE_SCRIPT_SHAPES TextAnalyzer::GetScriptShapes(ItemProps^ itemProps) { return ((DWRITE_SCRIPT_ANALYSIS*)(itemProps->ScriptAnalysis))->shapes; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.h index 790c4f3286c..7e79bf93aca 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.h @@ -44,9 +44,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface // current release version suffix and the dll name of PresentationNative are defined in managed code. // Hence we wanted to avoid redefining these values in MC++ so as not to increase the maintenance cost // of the code. Moreover, using delegates does not impact perf to justify not using it in this case. - /// - /// Critical - receives native pointers as parameters. - /// private delegate int CreateTextAnalysisSource( WCHAR const* text, UINT32 length, @@ -58,19 +55,10 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface UINT32 numberSubstitutionMethod, void** ppTextAnalysisSource); - /// - /// Critical - Returns a native pointer. - /// private delegate void* CreateTextAnalysisSink(); - /// - /// Critical - receives as parameters and returns native pointers . - /// private delegate void* GetScriptAnalysisList(void*); - /// - /// Critical - receives as parameters and returns native pointers . - /// private delegate void* GetNumberSubstitutionList(void*); /// /// This class is responsible for Text Analysis and Shaping. @@ -80,9 +68,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface { private: - /// - /// Critical - native pointer. - /// NativeIUnknownWrapper^ _textAnalyzer; void GetBlankGlyphsForControlCharacters( @@ -112,9 +97,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface [System::Runtime::InteropServices::Out] array^% glyphOffsets ); - /// - /// Critical - recieves native pointers. - /// static void ReleaseItemizationNativeResources( IDWriteFactory** ppFactory, IDWriteTextAnalyzer** ppTextAnalyzer, diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextItemizer.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextItemizer.cpp index 8c91570a883..904cb7ca2f8 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextItemizer.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextItemizer.cpp @@ -58,9 +58,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } - /// - /// Critical - Can be passed an arbitrary pointer that is written to in the method. - /// __declspec(noinline) IList^ TextItemizer::Itemize(CultureInfo^ numberCulture, __in_ecount(textLength) CharAttributeType* pCharAttribute, UINT32 textLength) { DWriteTextAnalysisNode* pScriptAnalysisListPrevious = _pScriptAnalysisListHead; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttmem.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttmem.cpp index d39788055df..486a3bdcceb 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttmem.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/TtfDelta/ttmem.cpp @@ -23,18 +23,12 @@ using namespace System::Security; using namespace System::Security::Permissions; -// -// Critical - allocates native mem and returns a pointer to it. -// void * Mem_Alloc(size_t size) { return calloc(1, size); } -// -// Critical - Frees an arbitrary native pointer. -// void Real_Mem_Free(void * pv) { free (pv); @@ -44,9 +38,6 @@ void Real_Mem_Free(void * pv) // Mem_Free/Mem_Alloc are expensive in partial trust. More than half of the calls to Mem_Free are // with NULL pointers. So we check for NULL pointer before going into expensive assert and interop. // There are more optimizations possible (for example grouping Mem_Alloc calls). But this is safe. -// -// Critical - Frees an arbitrary native pointer. -// void Mem_Free(void * pv) { if (pv != NULL) @@ -56,9 +47,6 @@ void Mem_Free(void * pv) } -// -// Critical - allocates native mem and returns a pointer to it. -// void * Mem_ReAlloc(void * base, size_t newSize) { return realloc(base, newSize); diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/util2.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/util2.h index fae43613b01..71676319451 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/util2.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/TrueTypeSubsetter/util2.h @@ -10,9 +10,6 @@ namespace MS { namespace Internal { namespace FontCache { ref class Util2 abstract sealed { public: - // - // Critical - calls into unmanaged code. Obtains the last write time for an arbitrary registry key under HKLM. - // static bool GetRegistryKeyLastWriteTimeUtc(System::String ^ registryKey, [System::Runtime::InteropServices::Out] System::Int64 % lastWriteTime); }; diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/wpfvcclr.h b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/wpfvcclr.h index c8f56a22efe..d4c83cc3fb6 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/wpfvcclr.h +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/wpfvcclr.h @@ -42,10 +42,6 @@ typedef const System::String* __const_String_handle; /// startup code path that is sensitive to perf. So we make a copy here /// and annotate it. /// -/// -/// Critical - get an interior gc pointer to the first character contained -/// in a System::String object. -/// inline __const_Char_ptr CriticalPtrToStringChars(__const_String_handle s) { _Byte_ptr bp = const_cast<_Byte_ptr>(reinterpret_cast<__const_Byte_ptr>(s)); diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/main.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/main.cpp index a85fc2067e9..10f202df605 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/main.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/main.cpp @@ -67,13 +67,6 @@ private ref class NativeWPFDLLLoader sealed // This enables the CLR to resolve DllImport declarations for functions exported from these libraries. // The installation folder is not on the normal search path, so its location is found from the registry. // - // - // Critical -- Calls native method LoadLibrary from kernel32.dll. - // - // TreatAsSafe -- LoadLibrary is being passed a value from a installer-set registry key with a - // known library name, limiting the risk. - // - // static void LoadDwrite( ) { // We load dwrite here because it's cleanup logic is different from the other native dlls @@ -87,10 +80,6 @@ private ref class NativeWPFDLLLoader sealed m_pfnDWriteCreateFactory = pTemp; } - // - // Critical -- Calls critical FreeLibrary to unload a native library - // TreatAsSafe -- A known\trusted handle to dwrite.dll is passed - // __declspec(noinline) static void UnloadDWrite() { @@ -108,18 +97,11 @@ private ref class NativeWPFDLLLoader sealed } } - /// - /// Critical: Exposes a pointer to the DWrite method that is used to create factories - /// which can be used to obtain any info about fonts. - /// static void *GetDWriteCreateFactoryFunctionPointer() { return m_pfnDWriteCreateFactory; } - /// - /// Critical: Nulls a pointer to the DWrite method that is used to create factories - /// static void ClearDWriteCreateFactoryFunctionPointer() { m_pfnDWriteCreateFactory = NULL; @@ -129,9 +111,6 @@ private ref class NativeWPFDLLLoader sealed static System::IntPtr m_hDWrite; - // - // Critical -- Field is untyped pointer - // static void *m_pfnDWriteCreateFactory; }; }} // namespace MS.Internal @@ -141,12 +120,6 @@ private class CModuleInitialize public: // Constructor of class CModuleInitialize - // - // Critical -- Calls native methods atexit. - // - // TreatAsSafe -- The function passed to atexit is trusted. - // - // __declspec(noinline) CModuleInitialize(void (*cleaningUpFunc)()) { IsProcessDpiAware(); @@ -158,11 +131,6 @@ private class CModuleInitialize atexit(cleaningUpFunc); } - /// - /// Critical: Asserts UnmanagedCode permission to unload the native DLLs. - /// Safe : The libraries to be released are coming from internally - /// trusted source - /// // Previously we had this as a class dtor but we found out that // we can't use a destructor due to an issue with how it's registered to be called on exit: // A compiler-generated function calls _atexit_m_appdomain(). But that generated function is transparenct, @@ -188,10 +156,6 @@ private class CModuleInitialize // MS::Internal::NativeWPFDLLLoader::UnloadDWrite(); } - /// - /// Critical: Exposes a pointer to the DWrite method that is used to create factories - /// which can be used to obtain any info about fonts. - /// void *GetDWriteCreateFactoryFunctionPointer() { return MS::Internal::NativeWPFDLLLoader::GetDWriteCreateFactoryFunctionPointer(); @@ -205,13 +169,6 @@ private : // Security Transparent method which will lead to a security violation where the transparent // method will be calling security critical code in this method. // - // - // Critical -- Calls native methods SetProcessDPIAware from user32.dll (via our own extern). - // - // TreatAsSafe -- There's nothing inherently risky about calling SetProcessDPIAware - it simply - // lets the OS know how to treat the visual display of the app. - // - // __declspec(noinline) void IsProcessDpiAware( ) { Version ^osVersion = (Environment::OSVersion)->Version; @@ -259,10 +216,6 @@ void CleanUp(); /// which is not properly annotated with security tags. /// To work around this issue we create our own static method that is properly annotated. /// -/// -/// Critical: Contains unverifiable native code. -/// Safe : The code is safe and only returns a new object. -/// __declspec(noinline) static System::IntPtr CreateCModuleInitialize() { return System::IntPtr(new CModuleInitialize(CleanUp)); @@ -283,10 +236,6 @@ void CleanUp() } -/// -/// Critical: Exposes a pointer to the DWrite method that is used to create factories -/// which can be used to obtain any info about fonts. -/// void *GetDWriteCreateFactoryFunctionPointer() { return (static_cast(cmiStartupRunner.ToPointer()))->GetDWriteCreateFactoryFunctionPointer(); diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx b/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx index f0e2bece9ec..ea58a47cabc 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx +++ b/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx @@ -31,9 +31,6 @@ namespace WPFUtils { // If the function succeeds, the return value is ERROR_SUCCESS. // If the function fails, the return value is a nonzero error code defined in Winerror.h // -// -// Critical -- Calls native methods RegOpenKeyEx, RegQueryValueEx, and RegCloseKey -// #if _MANAGED #endif LONG ReadRegistryString(__in HKEY rootKey, __in LPCWSTR keyName, __in LPCWSTR valueName, diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/cpp/dwriteloader.cpp b/src/Microsoft.DotNet.Wpf/src/Shared/cpp/dwriteloader.cpp index 37372669a1a..13a14338371 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/cpp/dwriteloader.cpp +++ b/src/Microsoft.DotNet.Wpf/src/Shared/cpp/dwriteloader.cpp @@ -8,9 +8,6 @@ namespace WPFUtils { #if defined(__cplusplus_cli) -/// -/// Critical - Receives a native pointer as parameter. -/// #endif HMODULE LoadDWriteLibraryAndGetProcAddress(void **pfncptrDWriteCreateFactory) { diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/inc/dwriteloader.h b/src/Microsoft.DotNet.Wpf/src/Shared/inc/dwriteloader.h index 35725fe389d..f8ee5596ec8 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/inc/dwriteloader.h +++ b/src/Microsoft.DotNet.Wpf/src/Shared/inc/dwriteloader.h @@ -9,10 +9,6 @@ namespace WPFUtils { #if defined(__cplusplus_cli) - /// - /// Critical - Receives a native pointer as parameter. - /// Loads a dll from an input path. - /// #endif HMODULE LoadDWriteLibraryAndGetProcAddress(void **pfncptrDWriteCreateFactory); } diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/PointUtil.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/PointUtil.cs index 4896a187466..c19fb9b3fe5 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/PointUtil.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/PointUtil.cs @@ -19,10 +19,6 @@ public static class PointUtil /// Convert a point from "client" coordinate space of a window into /// the coordinate space of the root element of the same window. /// - /// - /// Critical: This code accesses presentationSource - /// TreatAsSafe: Transforming a Point is considered safe. - /// public static Point ClientToRoot(Point pt, PresentationSource presentationSource) { // Convert from pixels into measure units. @@ -40,10 +36,6 @@ public static Point ClientToRoot(Point pt, PresentationSource presentationSource /// Convert a point from the coordinate space of a root element of /// a window into the "client" coordinate space of the same window. /// - /// - /// Critical: This code accesses presentationSource - /// TreatAsSafe: Transforming a point is considered safe. - /// public static Point RootToClient(Point pt, PresentationSource presentationSource) { // REVIEW: @@ -118,11 +110,6 @@ internal static Matrix GetVisualTransform(Visual v) return Matrix.Identity; } - /// - /// SecurityCritical: This code causes eleveation to unmanaged code via call to GetWindowLong and UnsecureGetHandle - /// SecurityTreatAsSafe: This data is ok to give out - /// validate all code paths that lead to this. - /// /// /// Convert a point from "client" coordinate space of a window into /// the coordinate space of the screen. @@ -185,10 +172,6 @@ public static Point ClientToScreen(Point ptClient, PresentationSource presentati /// Convert a point from the coordinate space of the screen into /// the "client" coordinate space of a window. /// - /// - /// Critical: This code accesses presentationSource - /// TreatAsSafe: Transforming a Point is considered safe. - /// internal static Point ScreenToClient(Point ptScreen, PresentationSource presentationSource) { // For now we only know how to use HwndSource. diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/SecurityCriticalDataForSet.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/SecurityCriticalDataForSet.cs index 594bdac3325..d726502a132 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/SecurityCriticalDataForSet.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Internal/SecurityCriticalDataForSet.cs @@ -45,21 +45,11 @@ namespace MS.Internal [Serializable] public struct SecurityCriticalDataForSet { - /// - /// Critical - "by definition" - this class is intended only for data that's - /// Critical for setting. - /// internal SecurityCriticalDataForSet(T value) { _value = value; } - /// - /// Critical - Setter is Critical "by definition" - this class is intended only - /// for data that's Critical for setting. - /// Safe - get is safe by definition. - /// Not Safe - set is not safe by definition. - /// internal T Value { #if DEBUG @@ -79,9 +69,6 @@ internal T Value } } - /// - /// Critical - by definition as this data is Critical for set. - /// > private T _value; } } diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/HandleCollector.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/HandleCollector.cs index 8b9cba6a0af..a449e4182ee 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/HandleCollector.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/HandleCollector.cs @@ -25,10 +25,6 @@ internal static IntPtr Add(IntPtr handle, int type) { return handle; } - /// - /// Critical - Accepts and returns critical SafeHandle type. - /// Safe - Does not perform operations on the critical handle, does not leak handle information. - /// internal static SafeHandle Add(SafeHandle handle, int type) { handleTypes[type - 1].Add(); return handle; @@ -68,10 +64,6 @@ internal static IntPtr Remove(IntPtr handle, int type) { return handle ; } - /// - /// Critical - Accepts and returns critical SafeHandle type. - /// Safe - Does not perform operations on the critical handle, does not leak handle information. - /// internal static SafeHandle Remove(SafeHandle handle, int type) { handleTypes[type - 1].Remove(); return handle ; diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsCLR.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsCLR.cs index 78b63929e04..6a01c053b28 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsCLR.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsCLR.cs @@ -2505,9 +2505,6 @@ public class OLECMD { public uint cmdf; } - /// - /// Critical : Elevates to UnmanagedCode permissions - /// [ComVisible(true), ComImport(), Guid("B722BCCB-4E68-101B-A2BC-00AA00404770"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown), CLSCompliantAttribute(false)] @@ -2580,10 +2577,6 @@ public class FONTDESC { public bool fUnderline; public bool fStrikethrough; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(FONTDESC)); @@ -2602,10 +2595,6 @@ public class FLASHWINFO { public int uCount; public int dwTimeOut; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(FLASHWINFO)); @@ -2628,10 +2617,6 @@ public PICTDESCbmp(System.Drawing.Bitmap bitmap) { // gpr: What about palettes? } - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(PICTDESCbmp)); @@ -2653,10 +2638,6 @@ public PICTDESCicon(System.Drawing.Icon icon) { hicon = SafeNativeMethods.CopyImage(new HandleRef(icon, icon.Handle), NativeMethods.IMAGE_ICON, icon.Size.Width, icon.Size.Height, 0); } - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(PICTDESCicon)); @@ -2678,10 +2659,6 @@ public PICTDESCemf(System.Drawing.Imaging.Metafile metafile) { //gpr hemf = metafile.CopyHandle(); } - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(PICTDESCemf)); @@ -2728,10 +2705,6 @@ public class HH_AKLINK { internal string pszWindow; internal bool fIndexOnFail; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(HH_AKLINK)); @@ -2750,10 +2723,6 @@ public class HH_POPUP { internal RECT rcMargins = RECT.FromXYWH(-1, -1, -1, -1); // amount of space between edges of window and text, -1 for each member to ignore internal string pszFont = null; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(HH_POPUP)); @@ -2775,10 +2744,6 @@ public class HH_FTS_QUERY { [MarshalAs(UnmanagedType.LPStr)] internal string pszWindow; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(HH_FTS_QUERY)); @@ -2795,10 +2760,6 @@ public class MONITORINFOEX { [MarshalAs(UnmanagedType.ByValArray, SizeConst=32)] internal char[] szDevice = new char[32]; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(MONITORINFOEX)); @@ -2812,10 +2773,6 @@ public class MONITORINFO { internal RECT rcWork = new RECT(); internal int dwFlags = 0; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(MONITORINFO)); @@ -2878,9 +2835,6 @@ public struct DEVMODE public int dmPanningHeight; } - /// - /// Critical : Elevates to UnmanagedCode permissions - /// [ComImport(), Guid("0FF510A3-5FA5-49F1-8CCC-190D71083F3E"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IVsPerPropertyBrowsing { @@ -2938,9 +2892,6 @@ int IsPropertyReadOnly(int dispid, int ResetPropertyValue(int dispid); } - /// - /// Critical : Elevates to UnmanagedCode permissions - /// [ComImport(), Guid("7494683C-37A0-11d2-A273-00C04F8EF4FF"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IManagedPerPropertyBrowsing { @@ -2953,9 +2904,6 @@ int GetPropertyAttributes(int dispid, ref IntPtr pvariantInitValues); } - /// - /// Critical : Elevates to UnmanagedCode permissions - /// [ComImport(), Guid("33C0C1D8-33CF-11d3-BFF2-00C04F990235"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IProvidePropertyBuilder { @@ -2991,10 +2939,6 @@ public class INITCOMMONCONTROLSEX { public int dwSize = SizeOf(); public int dwICC; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(MONITORINFO)); @@ -3021,10 +2965,6 @@ public class IMAGELISTDRAWPARAMS { public int Frame; public int crEffect; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(IMAGELISTDRAWPARAMS)); @@ -3052,10 +2992,6 @@ public class TRACKMOUSEEVENT { public IntPtr hwndTrack = IntPtr.Zero; public int dwHoverTime = 100; // Never set this to field ZERO, or to HOVER_DEFAULT, ever! - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(TRACKMOUSEEVENT)); @@ -3194,10 +3130,6 @@ public class NONCLIENTMETRICS { [MarshalAs(UnmanagedType.Struct)] public LOGFONT lfMessageFont = null; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(NONCLIENTMETRICS)); @@ -3213,10 +3145,6 @@ public class ICONMETRICS { [MarshalAs(UnmanagedType.Struct)] public LOGFONT lfFont = null; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(ICONMETRICS)); @@ -3266,10 +3194,6 @@ public SCROLLINFO(int mask, int min, int max, int page, int pos) { nPos = pos; } - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(SCROLLINFO)); @@ -3285,10 +3209,6 @@ public class TPMPARAMS { public int rcExclude_right; public int rcExclude_bottom; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(TPMPARAMS)); @@ -3573,10 +3493,6 @@ public sealed class tagFONTDESC { [MarshalAs(UnmanagedType.Bool)] public bool fStrikethrough; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(tagFONTDESC)); @@ -3615,10 +3531,6 @@ public class CHOOSECOLOR { public WndProc lpfnHook; public string lpTemplateName; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(CHOOSECOLOR)); @@ -3790,10 +3702,6 @@ public class NOTIFYICONDATA { [MarshalAs(UnmanagedType.ByValTStr, SizeConst=64)] public string szTip; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(NOTIFYICONDATA)); @@ -3816,10 +3724,6 @@ public class MENUITEMINFO_T public string dwTypeData = null; public int cch = 0; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(MENUITEMINFO_T)); @@ -3846,10 +3750,6 @@ public class MENUITEMINFO_T_RW public int cch; public IntPtr hbmpItem; // requires WINVER > 5 - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(MENUITEMINFO_T_RW)); @@ -3914,10 +3814,6 @@ public class OPENFILENAME_I public int dwReserved; public int FlagsEx; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(OPENFILENAME_I)); @@ -3967,10 +3863,6 @@ public class CHOOSEFONT { public int nSizeMin; public int nSizeMax; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(CHOOSEFONT)); @@ -4194,10 +4086,6 @@ public class MSOCRINFOSTRUCT { public int grfcrf; // bit flags taken from olecrf values (above) public int grfcadvf; // bit flags taken from olecadvf values (above) - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(MSOCRINFOSTRUCT)); @@ -4396,9 +4284,6 @@ public struct NMHDR public int code; } - /// - /// Critical : Elevates to UnmanagedCode permissions - /// [ComImport(), Guid("376BD3AA-3845-101B-84ED-08002B2EC713"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IPerPropertyBrowsing { @@ -4431,9 +4316,6 @@ int GetPredefinedValue( VARIANT pVarOut); } - /// - /// Critical : Elevates to UnmanagedCode permissions - /// [ComImport(), Guid("4D07FC10-F931-11CE-B001-00AA006884E5"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface ICategorizeProperties { @@ -4498,10 +4380,6 @@ public sealed class tagCONTROLINFO [MarshalAs(UnmanagedType.U4)/*leftover(offset=10, dwFlags)*/] public uint dwFlags; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(tagCONTROLINFO)); @@ -4526,14 +4404,8 @@ public sealed class VARIANT { [MarshalAs(UnmanagedType.I2)] public short reserved3; - /// - /// Critical: This data is critical for set because it is used to make calls to Marshal.* - /// public SecurityCriticalDataForSet data1; - /// - /// Critical: This data is critical for set because it is used to make calls to Marshal.* - /// public SecurityCriticalDataForSet data2; @@ -4543,10 +4415,6 @@ public bool Byref{ } } - /// - /// Critical: This calls into Marshal.Release which is link demand protected - /// TreatAsSafe: This is instance based and the internal pointer it is releasing is critical for set - /// public void Clear() { if ((this.vt == (int)tagVT.VT_UNKNOWN || this.vt == (int)tagVT.VT_DISPATCH) && this.data1.Value != IntPtr.Zero) { Marshal.Release(this.data1.Value); @@ -4667,18 +4535,11 @@ public static VARIANT FromObject(Object var) { [DllImport(ExternDll.Oleaut32,CharSet=CharSet.Auto)] private static extern void SysFreeString(IntPtr pbstr); - /// - /// Critical: Sets the pointer to an arbitrary long - /// public void SetLong(long lVal) { data1.Value = (IntPtr)(lVal & 0xFFFFFFFF); data2.Value = (IntPtr)((lVal >> 32) & 0xFFFFFFFF); } - /// - /// Critical: Calls Marshal.AllocCoTaskMem, .WriteInt16 and .WriteInt32 which have LinkDemands. - /// Writes to unmanaged memory and returns a pointer to it. - /// public IntPtr ToCoTaskMemPtr() { IntPtr mem = Marshal.AllocCoTaskMem(16); Marshal.WriteInt16(mem, vt); @@ -4690,9 +4551,6 @@ public IntPtr ToCoTaskMemPtr() { return mem; } - /// - /// Critical: Converts an intptr to an object , it acceses PtrToStruct which is critical - /// public object ToObject() { IntPtr val = data1.Value; long longVal; @@ -4840,9 +4698,6 @@ public object ToObject() { return null; } } - /// - /// Critical: Reads an arbitrary IntPtr - /// private static IntPtr GetRefInt(IntPtr value) { return Marshal.ReadIntPtr(value); } @@ -4858,10 +4713,6 @@ public sealed class tagLICINFO public int fRuntimeAvailable; public int fLicVerified; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(tagLICINFO)); @@ -5070,10 +4921,6 @@ public class TOOLINFO_T public string lpszText; public IntPtr lParam; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(TOOLINFO_T)); @@ -5093,10 +4940,6 @@ public class TOOLINFO_TOOLTIP public IntPtr lpszText; public IntPtr lParam; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(TOOLINFO_TOOLTIP)); @@ -5373,10 +5216,6 @@ public class HELPINFO { public int dwContextId; public POINT MousePos; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(HELPINFO)); @@ -5597,10 +5436,6 @@ public class MCHITTESTINFO { public short st_wSecond; public short st_wMilliseconds; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(MCHITTESTINFO)); @@ -5791,10 +5626,6 @@ public override string ToString() { return "LVGROUP: header = " + pszHeader.ToString() + ", iGroupId = " + iGroupId.ToString(); } - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(LVGROUP)); @@ -5808,10 +5639,6 @@ public class LVINSERTMARK { public int iItem; public int dwReserved = 0; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(LVINSERTMARK)); @@ -5827,10 +5654,6 @@ public class LVTILEVIEWINFO { public int cLines; public RECT rcLabelMargin; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(LVTILEVIEWINFO)); @@ -5961,10 +5784,6 @@ public class CHARFORMATW [MarshalAs(UnmanagedType.ByValArray, SizeConst=64)] public byte[] szFaceName = new byte[64]; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(CHARFORMATW)); @@ -5985,10 +5804,6 @@ public class CHARFORMATA [MarshalAs(UnmanagedType.ByValArray, SizeConst=32)] public byte[] szFaceName = new byte[32]; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(CHARFORMATA)); @@ -6019,10 +5834,6 @@ public class CHARFORMAT2A public byte bAnimation; public byte bRevAuthor; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(CHARFORMAT2A)); @@ -6066,10 +5877,6 @@ public class PARAFORMAT [MarshalAs(UnmanagedType.ByValArray, SizeConst=32)] public int[] rgxTabs; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(PARAFORMAT)); @@ -6103,10 +5910,6 @@ public class ENLINK internal abstract class CharBuffer { - /// - /// Critical: Extensive use of Marshal to allocate and manipulate - /// Character buffers. - /// internal static CharBuffer CreateBuffer(int size) { if (Marshal.SystemDefaultCharSize == 1) @@ -6124,10 +5927,6 @@ internal static CharBuffer CreateBuffer(int size) } - /// - /// Critical: Extensive use of Marshal to allocate and manipulate - /// Character buffers. - /// internal class AnsiCharBuffer : CharBuffer { @@ -6188,10 +5987,6 @@ internal override void PutString(string s) } } - /// - /// Critical: Extensive use of Marshal to allocate and manipulate - /// Character buffers. - /// internal class UnicodeCharBuffer : CharBuffer { @@ -6613,9 +6408,6 @@ public enum tagSYSKIND { public delegate bool MonitorEnumProc(IntPtr monitor, IntPtr hdc, IntPtr lprcMonitor, IntPtr lParam); - /// - /// Critical : Elevates to UnmanagedCode permissions - /// [ComImport(), Guid("A7ABA9C1-8983-11cf-8F20-00805F2CD064"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IProvideMultipleClassInfo { @@ -6650,9 +6442,6 @@ public class EVENTMSG { public IntPtr hwnd; } - /// - /// Critical : Elevates to UnmanagedCode permissions - /// [ComImport(), Guid("B196B283-BAB4-101A-B69C-00AA00341D07"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IProvideClassInfo { diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs index 59bb2b84673..4f3779f0f4e 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs @@ -107,10 +107,6 @@ internal sealed class OSVERSIONINFOEX public byte productType = 0; public byte reserved = 0; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(OSVERSIONINFOEX)); @@ -144,9 +140,6 @@ public GUID(Guid guid) } } - /// - /// Critical - Applies SuppressUnmanagedCodeSecurity. - /// [ComVisible(true), ComImport(), Guid("B722BCCB-4E68-101B-A2BC-00AA00404770")] [InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] internal interface IOleCommandTarget @@ -187,10 +180,6 @@ internal class DOCHOSTUIINFO { [MarshalAs(UnmanagedType.I4)] internal int dwReserved2 = 0; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(DOCHOSTUIINFO)); @@ -230,9 +219,6 @@ public enum DOCHOSTUIDBLCLICK { SHOWCODE = 0x2 } - /// - /// Critical : Elevates to UnmanagedCode permissions - /// [DllImport(ExternDll.Gdi32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] internal static extern IntPtr SetEnhMetaFileBits(uint cbBuffer, byte[] buffer); @@ -250,19 +236,12 @@ public abstract class WpfSafeHandle : SafeHandleZeroOrMinusOneIsInvalid { private int _collectorId; - /// - /// Critical:This code calls into a base class which is protected by link demand and by inheritance demand - /// protected WpfSafeHandle(bool ownsHandle, int collectorId) : base(ownsHandle) { HandleCollector.Add(collectorId); _collectorId = collectorId; } - /// - /// Critical: Conceptually, this would be accessing critical data as it's in the destroy call path. - /// TreatAsSafe: This is just destroying a handle that this object owns. - /// protected override void Dispose(bool disposing) { HandleCollector.Remove(_collectorId); @@ -275,39 +254,24 @@ protected override void Dispose(bool disposing) public sealed class BitmapHandle : WpfSafeHandle { - /// - /// Critical: This code calls into a base class which is protected by a SecurityCritical constructor. - /// private BitmapHandle() : this(true) { } - /// - /// Critical: This code calls into a base class which is protected by a SecurityCritical constructor. - /// private BitmapHandle(bool ownsHandle) : base(ownsHandle, NativeMethods.CommonHandles.GDI) { } - /// - /// Critical: This calls into DeleteObject - /// [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] protected override bool ReleaseHandle() { return UnsafeNativeMethods.DeleteObject(handle); } - /// - /// Critical: Accesses internal critical data. - /// internal HandleRef MakeHandleRef(object obj) { return new HandleRef(obj, handle); } - /// - /// Critical: Creates a new BitmapHandle using Critical constructor. - /// internal static BitmapHandle CreateFromHandle(IntPtr hbitmap, bool ownsHandle=true) { return new BitmapHandle(ownsHandle) @@ -319,26 +283,16 @@ internal static BitmapHandle CreateFromHandle(IntPtr hbitmap, bool ownsHandle=tr internal sealed class IconHandle : WpfSafeHandle { - /// - /// Critical: This code calls into a base class which is protected by a SecurityCritical constructor. - /// private IconHandle() : base(true, NativeMethods.CommonHandles.Icon) { } - /// - /// Critical: This calls into DestroyIcon - /// [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] protected override bool ReleaseHandle() { return UnsafeNativeMethods.DestroyIcon(handle); } - /// - /// Critical: This creates a new SafeHandle, which has a critical constructor. - /// TreatAsSafe: The handle this creates is invalid. It contains no critical data. - /// internal static IconHandle GetInvalidIcon() { return new IconHandle(); @@ -347,9 +301,6 @@ internal static IconHandle GetInvalidIcon() /// /// Get access to the raw handle for native APIs that require it. /// - /// - /// Critical: This accesses critical data for the safe handle. - /// internal IntPtr CriticalGetHandle() { return handle; @@ -358,26 +309,16 @@ internal IntPtr CriticalGetHandle() internal sealed class CursorHandle : WpfSafeHandle { - /// - /// Critical: This code calls into a base class which is protected by a SecurityCritical constructor. - /// private CursorHandle() : base(true, NativeMethods.CommonHandles.Cursor) { } - /// - /// Critical: This calls into DestroyCursor - /// [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] protected override bool ReleaseHandle() { return UnsafeNativeMethods.DestroyCursor( handle ); } - /// - /// Critical: This creates a new SafeHandle, which has a critical constructor. - /// TreatAsSafe: The handle this creates is invalid. It contains no critical data. - /// internal static CursorHandle GetInvalidCursor() { return new CursorHandle(); @@ -596,10 +537,6 @@ public BITMAPINFO(int width, int height, short bpp) bmiHeader_biClrImportant = 0; } - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(BITMAPINFO)); @@ -609,10 +546,6 @@ private static int SizeOf() [StructLayout(LayoutKind.Sequential)] internal class SECURITY_ATTRIBUTES { - /// - /// Critical : Initializes critical SafeHandle field - /// Safe : Initializes handle to known safe value - /// public SECURITY_ATTRIBUTES () { lpSecurityDescriptor = new SafeLocalMemHandle(); @@ -620,16 +553,10 @@ public SECURITY_ATTRIBUTES () public int nLength = SizeOf(); - /// - /// Critical : Exposes critical SafeHandle - /// public SafeLocalMemHandle lpSecurityDescriptor = new SafeLocalMemHandle(); public bool bInheritHandle = false; - /// - /// Critical : Disposes critical lpSecurityDescriptor field - /// public void Release() { if (lpSecurityDescriptor != null) @@ -641,48 +568,29 @@ public void Release() } } - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(SECURITY_ATTRIBUTES)); } } - /// - /// Critical: Inherits from critical tyoe SafeHandleZeroOrMinusOneIsInvalid - /// [HostProtection(SecurityAction.LinkDemand, MayLeakOnAbort=true)] internal sealed class SafeLocalMemHandle : SafeHandleZeroOrMinusOneIsInvalid { - /// - /// Critical: Calls critical SafeHandle ctor - /// public SafeLocalMemHandle() : base(true) { } - /// - /// Critical: Calls critical SafeHandle.SetHandle - /// public SafeLocalMemHandle(IntPtr existingHandle, bool ownsHandle) : base(ownsHandle) { base.SetHandle(existingHandle); } - /// - /// Critical: Calls critical LocalFree - /// protected override bool ReleaseHandle() { return (LocalFree(base.handle) == IntPtr.Zero); } - /// - /// Critical: Elevates to unmanaged code permissions - /// [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] [DllImport("kernel32.dll")] private static extern IntPtr LocalFree(IntPtr hMem); @@ -1201,10 +1109,6 @@ public class ANIMATIONINFO public int cbSize = SizeOf(); public int iMinAnimate = 0; - /// - /// Critical : Calls critical Marshal.SizeOf - /// Safe : Calls method with trusted input (well known safe type) - /// private static int SizeOf() { return Marshal.SizeOf(typeof(ANIMATIONINFO)); @@ -1415,9 +1319,6 @@ public static HDC NULL /// /// Printer DC /// More than 0 if succeeds, zero or less if fails - /// - /// Critical: Elevates to unmanaged code permissions - /// [DllImport("gdi32.dll")] public static extern Int32 EndDoc(HDC hdc); @@ -1439,9 +1340,6 @@ public unsafe struct PrinterEscape public UInt32 opcode; public Int32 cbSize; - /// - /// Critical: Exposes native pointer - /// public void* buffer; } @@ -1455,9 +1353,6 @@ public unsafe struct PrinterEscape /// size of lpvOutData in bytes /// Structure to receive data /// 0 if escape not implemented, negative if error, otherwise succeeds - /// - /// Critical: Elevates to unmanaged code permissions - /// [DllImport("gdi32.dll")] public static unsafe extern Int32 ExtEscape(HDC hdc, Int32 nEscape, Int32 cbInput, PrinterEscape* lpvInData, Int32 cbOutput, [Out] void* lpvOutData); @@ -1486,9 +1381,6 @@ public unsafe struct DocInfo /// Printer DC /// Document information /// More than zero if succeeded - /// - /// Critical: Elevates to unmanaged code permissions - /// [DllImport("gdi32.dll")] public unsafe static extern Int32 StartDoc(HDC hdc, ref DocInfo docInfo); @@ -1499,9 +1391,6 @@ public unsafe struct DocInfo /// /// /// - /// - /// Critical: Elevates to unmanaged code permissions - /// [DllImport("winspool.drv", BestFitMapping = false, ThrowOnUnmappableChar = true)] public unsafe static extern Int32 OpenPrinterA(String printerName, IntPtr* phPrinter, void* pDefaults); @@ -1510,9 +1399,6 @@ public unsafe struct DocInfo /// /// /// - /// - /// Critical: Elevates to unmanaged code permissions - /// [DllImport("winspool.drv")]//CASRemoval: public static extern Int32 ClosePrinter(IntPtr hPrinter); @@ -1521,9 +1407,6 @@ public unsafe struct DocInfo /// /// Printer DC /// More than 0 if succeeds, zero or less if fails - /// - /// Critical: Elevates to unmanaged code permissions - /// [DllImport("gdi32.dll")]//CASRemoval: public static extern Int32 EndPage(HDC hdc); @@ -1532,9 +1415,6 @@ public unsafe struct DocInfo /// /// Printer DC /// More than 0 if succeeds, zero or less if fails - /// - /// Critical: Elevates to unmanaged code permissions - /// [DllImport("gdi32.dll")]//CASRemoval: public static extern Int32 StartPage(HDC hdc); diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsCLR.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsCLR.cs index d6bd01938bd..968b9ece2ce 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsCLR.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsCLR.cs @@ -31,45 +31,25 @@ namespace MS.Win32 using IComDataObject = System.Runtime.InteropServices.ComTypes.IDataObject; - /// - /// Critical - This entire class is critical as it has SuppressUnmanagedCodeSecurity. - /// TreatAsSafe - These Native methods have been reviewed as safe to call. - /// public static partial class SafeNativeMethods { - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// public static int GetMessagePos() { return SafeNativeMethodsPrivate.GetMessagePos(); } - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// public static IntPtr GetKeyboardLayout(int dwLayout) { return SafeNativeMethodsPrivate.GetKeyboardLayout(dwLayout); } - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// public static IntPtr ActivateKeyboardLayout(HandleRef hkl, int uFlags) { return SafeNativeMethodsPrivate.ActivateKeyboardLayout(hkl, uFlags); } #if BASE_NATIVEMETHODS - /// - /// Critical - access unmanaged code via SetLastError() and IntGetKeyboardLayoutList(). - /// TreatAsSafe - no returns from SetLastError(). Calling IntGetKeyboardLayoutList() is safe. - /// public static int GetKeyboardLayoutList(int size, [Out, MarshalAs(UnmanagedType.LPArray)] IntPtr[] hkls) { int result = NativeMethodsSetLastError.GetKeyboardLayoutList(size, hkls); @@ -87,10 +67,6 @@ public static int GetKeyboardLayoutList(int size, [Out, MarshalAs(UnmanagedType. #endif - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// internal static void GetMonitorInfo(HandleRef hmonitor, [In, Out]NativeMethods.MONITORINFOEX info) { if (SafeNativeMethodsPrivate.IntGetMonitorInfo(hmonitor, info) == false) @@ -100,30 +76,18 @@ internal static void GetMonitorInfo(HandleRef hmonitor, [In, Out]NativeMethods.M } - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// public static IntPtr MonitorFromPoint(NativeMethods.POINTSTRUCT pt, int flags) { return SafeNativeMethodsPrivate.MonitorFromPoint(pt,flags); } - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// public static IntPtr MonitorFromRect(ref NativeMethods.RECT rect, int flags) { return SafeNativeMethodsPrivate.MonitorFromRect(ref rect,flags); } - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// public static IntPtr MonitorFromWindow(HandleRef handle, int flags) { return SafeNativeMethodsPrivate.MonitorFromWindow(handle, flags); @@ -131,10 +95,6 @@ public static IntPtr MonitorFromWindow(HandleRef handle, int flags) #if BASE_NATIVEMETHODS - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// public static NativeMethods.CursorHandle LoadCursor(HandleRef hInst, IntPtr iconId) { NativeMethods.CursorHandle cursorHandle = SafeNativeMethodsPrivate.LoadCursor(hInst, iconId); @@ -148,28 +108,16 @@ public static NativeMethods.CursorHandle LoadCursor(HandleRef hInst, IntPtr icon #endif - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// public static IntPtr GetCursor() { return SafeNativeMethodsPrivate.GetCursor(); } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: Hiding cursor is ok - /// public static int ShowCursor(bool show) { return SafeNativeMethodsPrivate.ShowCursor(show); } - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// internal static bool AdjustWindowRectEx(ref NativeMethods.RECT lpRect, int dwStyle, bool bMenu, int dwExStyle) { bool returnValue = SafeNativeMethodsPrivate.IntAdjustWindowRectEx(ref lpRect, dwStyle, bMenu, dwExStyle); @@ -181,10 +129,6 @@ internal static bool AdjustWindowRectEx(ref NativeMethods.RECT lpRect, int dwSty } - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// internal static void GetClientRect(HandleRef hWnd, [In, Out] ref NativeMethods.RECT rect) { if(!SafeNativeMethodsPrivate.IntGetClientRect(hWnd, ref rect)) @@ -193,10 +137,6 @@ internal static void GetClientRect(HandleRef hWnd, [In, Out] ref NativeMethods.R } } - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// internal static void GetWindowRect(HandleRef hWnd, [In, Out] ref NativeMethods.RECT rect) { if(!SafeNativeMethodsPrivate.IntGetWindowRect(hWnd, ref rect)) @@ -205,37 +145,21 @@ internal static void GetWindowRect(HandleRef hWnd, [In, Out] ref NativeMethods.R } } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsafe: This function is safe to call - /// public static int GetDoubleClickTime() { return SafeNativeMethodsPrivate.GetDoubleClickTime(); } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsafe: This function is safe to call - /// public static bool IsWindowEnabled(HandleRef hWnd) { return SafeNativeMethodsPrivate.IsWindowEnabled(hWnd); } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsafe: This function is safe to call - /// public static bool IsWindowVisible(HandleRef hWnd) { return SafeNativeMethodsPrivate.IsWindowVisible(hWnd); } - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// internal static bool ReleaseCapture() { bool returnValue = SafeNativeMethodsPrivate.IntReleaseCapture(); @@ -249,10 +173,6 @@ internal static bool ReleaseCapture() #if BASE_NATIVEMETHODS - /// - /// Critical: This code calls into unmanaged code which elevates - /// TreatAsSafe: This method is ok to give out - /// public static bool TrackMouseEvent(NativeMethods.TRACKMOUSEEVENT tme) { bool retVal = SafeNativeMethodsPrivate.TrackMouseEvent(tme); @@ -267,10 +187,6 @@ public static bool TrackMouseEvent(NativeMethods.TRACKMOUSEEVENT tme) // Note: this overload has no return value. If we need an overload that // returns the timer ID, then we'll need to add one. - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsafe: This function is safe to call - /// public static void SetTimer(HandleRef hWnd, int nIDEvent, int uElapse) { if(SafeNativeMethodsPrivate.SetTimer(hWnd, nIDEvent, uElapse, null) == IntPtr.Zero) @@ -281,10 +197,6 @@ public static void SetTimer(HandleRef hWnd, int nIDEvent, int uElapse) // Note: this returns true or false for success. We still don't have an overload // that returns the timer ID. - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsafe: This function is safe to call - /// public static bool TrySetTimer(HandleRef hWnd, int nIDEvent, int uElapse) { if(SafeNativeMethodsPrivate.TrySetTimer(hWnd, nIDEvent, uElapse, null) == IntPtr.Zero) @@ -296,11 +208,6 @@ public static bool TrySetTimer(HandleRef hWnd, int nIDEvent, int uElapse) } #endif - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsafe: This function is safe to call as in the worst case it destroys the dispatcher timer. - /// it destroys a timer - /// public static bool KillTimer(HandleRef hwnd, int idEvent) { return (SafeNativeMethodsPrivate.KillTimer(hwnd,idEvent)); @@ -308,10 +215,6 @@ public static bool KillTimer(HandleRef hwnd, int idEvent) #if FRAMEWORK_NATIVEMETHODS || CORE_NATIVEMETHODS || BASE_NATIVEMETHODS - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsafe: This function is safe to call - /// public static int GetTickCount() { return SafeNativeMethodsPrivate.GetTickCount(); @@ -319,20 +222,12 @@ public static int GetTickCount() #endif #if BASE_NATIVEMETHODS - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsafe: It is considered safe to play sounds. - /// public static int MessageBeep(int uType) { return SafeNativeMethodsPrivate.MessageBeep(uType); } #endif - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsafe: This function is safe to call - /// public static bool IsWindowUnicode(HandleRef hWnd) { return (SafeNativeMethodsPrivate.IsWindowUnicode(hWnd)); @@ -340,19 +235,11 @@ public static bool IsWindowUnicode(HandleRef hWnd) #if BASE_NATIVEMETHODS - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: Setting Cursor is ok - /// public static IntPtr SetCursor(HandleRef hcursor) { return SafeNativeMethodsPrivate.SetCursor(hcursor); } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: Setting Cursor is ok - /// public static IntPtr SetCursor(SafeHandle hcursor) { return SafeNativeMethodsPrivate.SetCursor(hcursor); @@ -361,10 +248,6 @@ public static IntPtr SetCursor(SafeHandle hcursor) // not used by compiler - don't include. - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: Screen to Clien is ok to give out - /// public static void ScreenToClient(HandleRef hWnd, [In, Out] NativeMethods.POINT pt) { if(SafeNativeMethodsPrivate.IntScreenToClient(hWnd, pt) == 0) @@ -373,20 +256,12 @@ public static void ScreenToClient(HandleRef hWnd, [In, Out] NativeMethods.POINT } } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: Process Id is ok to give out - /// public static int GetCurrentProcessId() { return SafeNativeMethodsPrivate.GetCurrentProcessId(); } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: Thread ID is ok to give out - /// public static int GetCurrentThreadId() { return SafeNativeMethodsPrivate.GetCurrentThreadId(); @@ -395,10 +270,6 @@ public static int GetCurrentThreadId() /// /// Returns the ID of the session under which the current process is running /// - /// - /// safe: exposes non-critical information - /// critical: This code eleveates to unmanaged code permission - /// /// /// The session id upon success, null on failure /// @@ -416,33 +287,17 @@ public static int GetCurrentThreadId() return result; } - /// - /// This will return a valid handle only if a window on the current thread has capture - /// else it will return NULL. (Refer to Platform SDK) - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: Getting mouse capture is ok - /// public static IntPtr GetCapture() { return SafeNativeMethodsPrivate.GetCapture(); } #if BASE_NATIVEMETHODS - /// - /// This function cannot be used to capture mouse input for another process. - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: Setting Capture is ok - /// public static IntPtr SetCapture(HandleRef hwnd) { return SafeNativeMethodsPrivate.SetCapture(hwnd); } - /// - /// This can be guessed anyways and does not relay any risky information - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: Getting virtual key mapping is ok - /// internal static int MapVirtualKey(int nVirtKey, int nMapType) { return SafeNativeMethodsPrivate.MapVirtualKey(nVirtKey,nMapType); @@ -468,10 +323,6 @@ internal static int MapVirtualKey(int nVirtKey, int nMapType) /// is returned if WTSQuerySessionInformation /// fails. /// - /// - /// critical: This method elevates to unmanaged-code permission - /// safe: Returns safe information - /// public static bool IsCurrentSessionConnectStateWTSActive(int? SessionId = null, bool defaultResult = true) { IntPtr buffer = IntPtr.Zero; diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsOther.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsOther.cs index 9e0c52a888d..0c3f164aeaf 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsOther.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/SafeNativeMethodsOther.cs @@ -30,13 +30,6 @@ namespace MS.Win32 { using MS.Internal.YourAssemblyName; #endif - // - // Critical - This entire class is critical as it has SuppressUnmanagedCodeSecurity. - // TreatAsSafe - These Native methods have been reviewed as safe to call. - // - // The attributes are commented out here because this is a partial class and the attributes are already - // applied in SafeNativeMethodsCLR.cs - // public partial class SafeNativeMethods { @@ -60,10 +53,6 @@ internal enum PlaySoundFlags SND_RESOURCE = 0x00040000, /* name is resource name or atom */ } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: This function is safe to call - /// internal static bool InSendMessage() { return SafeNativeMethodsPrivate.InSendMessage(); @@ -71,36 +60,20 @@ internal static bool InSendMessage() #if never - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: This function is safe to call - /// public static int GetQueueStatus(uint flags) { return SafeNativeMethodsPrivate.GetQueueStatus(flags); } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: This function is safe to call - /// internal static int GetInputState() { return SafeNativeMethodsPrivate.GetInputState(); } #endif - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsafe: This function is safe to call - /// public static bool IsUxThemeActive() { return SafeNativeMethodsPrivate.IsThemeActive() != 0; } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: This function is safe to call - /// public static bool SetCaretPos(int x, int y) { // To be consistent with our other PInvoke wrappers @@ -112,10 +85,6 @@ public static bool SetCaretPos(int x, int y) } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: This function is safe to call - /// public static bool DestroyCaret() { // To be consistent with our other PInvoke wrappers @@ -127,10 +96,6 @@ public static bool DestroyCaret() } // NOTE: CLR has this in UnsafeNativeMethodsCLR.cs. Not sure why it is unsafe - need to follow up. - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: This function is safe to call - /// public static int GetCaretBlinkTime() { // To be consistent with our other PInvoke wrappers @@ -160,10 +125,6 @@ public static int GetCaretBlinkTime() public const UInt16 C3_IDEOGRAPH = 0x0100; public const UInt16 C3_KASHIDA = 0x0200; - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: This function is safe to call - /// public static bool GetStringTypeEx(uint locale, uint infoType, char[] sourceString, int count, UInt16[] charTypes) { @@ -178,19 +139,11 @@ public static bool GetStringTypeEx(uint locale, uint infoType, char[] sourceStri return win32Return; } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: This function is safe to call - /// public static int GetSysColor(int nIndex) { return SafeNativeMethodsPrivate.GetSysColor(nIndex); } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: Exposes no critical data and doesn't affect clipboard state - /// public static bool IsClipboardFormatAvailable(int format) { return SafeNativeMethodsPrivate.IsClipboardFormatAvailable(format); @@ -213,10 +166,6 @@ internal static void DestroyIcon(NativeMethods.IconHandle hIcon) #if FRAMEWORK_NATIVEMETHODS || BASE_NATIVEMETHODS - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: This function is safe to call - /// public static bool IsDebuggerPresent() { return SafeNativeMethodsPrivate.IsDebuggerPresent(); } #endif #if BASE_NATIVEMETHODS @@ -224,10 +173,6 @@ internal static void DestroyIcon(NativeMethods.IconHandle hIcon) ///////////////////// // used by BASE - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: This function is safe to call - /// public static void QueryPerformanceCounter(out long lpPerformanceCount) { if (!SafeNativeMethodsPrivate.QueryPerformanceCounter(out lpPerformanceCount)) @@ -236,10 +181,6 @@ public static void QueryPerformanceCounter(out long lpPerformanceCount) } } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: This function is safe to call - /// public static void QueryPerformanceFrequency(out long lpFrequency) { if (!SafeNativeMethodsPrivate.QueryPerformanceFrequency(out lpFrequency)) @@ -248,10 +189,6 @@ public static void QueryPerformanceFrequency(out long lpFrequency) } } - /// - /// Critical: This code elevates to unmanaged code permission - /// TreatAsSafe: This function is safe to call - /// internal static int GetMessageTime() { return SafeNativeMethodsPrivate.GetMessageTime(); @@ -259,10 +196,6 @@ internal static int GetMessageTime() #endif // BASE_NATIVEMETHODS - /// - /// This method accesses an UnsafeNativeMethod under an elevation. This is - /// still safe because it just returns the style or ex style which we consider safe. - /// internal static Int32 GetWindowStyle(HandleRef hWnd, bool exStyle) { int nIndex = exStyle ? NativeMethods.GWL_EXSTYLE : NativeMethods.GWL_STYLE; diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsCLR.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsCLR.cs index 1acfeb478da..5d1d821806b 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsCLR.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsCLR.cs @@ -56,76 +56,41 @@ public POINTSTRUCT(int x, int y) { } // For some reason "PtrToStructure" requires super high permission. - /// - /// Critical: The code below has a link demand for unmanaged code permission.This code can be used to - /// get to data that a pointer points to which can lead to easier data reading. - /// public static object PtrToStructure(IntPtr lparam, Type cls) { return Marshal.PtrToStructure(lparam, cls); } // For some reason "StructureToPtr" requires super high permission. - /// - /// Critical: The code below has a link demand for unmanaged code permission.This code can be used to - /// write data to arbitrary memory. - /// public static void StructureToPtr(object structure, IntPtr ptr, bool fDeleteOld) { Marshal.StructureToPtr(structure, ptr, fDeleteOld); } #if BASE_NATIVEMETHODS - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Ole32, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern int OleGetClipboard(ref IComDataObject data); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Ole32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern int OleSetClipboard(IComDataObject pDataObj); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Ole32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern int OleFlushClipboard(); #endif - /// - /// Critical - elevates via a SUC. - /// [DllImport(ExternDll.Uxtheme, CharSet = CharSet.Auto, BestFitMapping = false)] public static extern int GetCurrentThemeName(StringBuilder pszThemeFileName, int dwMaxNameChars, StringBuilder pszColorBuff, int dwMaxColorChars, StringBuilder pszSizeBuff, int cchMaxSizeChars); - /// - /// Critical - elevates via a SUC. - /// [DllImport(ExternDll.DwmAPI, BestFitMapping = false)] public static extern int DwmIsCompositionEnabled(out Int32 enabled); - /// - /// Critical - elevates via a SUC. - /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern IntPtr GetCurrentThread(); #if !DRT && !UIAUTOMATIONTYPES - /// - /// Critical - elevates via a SUC. - /// [DllImport(ExternDll.User32, CharSet = System.Runtime.InteropServices.CharSet.Auto, BestFitMapping = false)] public static extern WindowMessage RegisterWindowMessage(string msg); #endif - /// - /// Critical - elevates via a SUC. - /// [DllImport(ExternDll.User32, EntryPoint = "SetWindowPos", ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, SetLastError = true)] public static extern bool SetWindowPos(HandleRef hWnd, HandleRef hWndInsertAfter, int x, int y, int cx, int cy, int flags); - /// - /// Critical: This code escalates to unmanaged code permission - /// [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, SetLastError = true)] public static extern IntPtr GetWindow(HandleRef hWnd, int uCmd); @@ -153,42 +118,24 @@ public enum ProcessDpiAwareness [DllImport(ExternDll.Shcore, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, SetLastError = true)] public static extern uint GetProcessDpiAwareness(HandleRef hProcess, out IntPtr awareness); - /// - /// Critical: This code escalates to unmanaged code permission - /// [DllImport(ExternDll.Shcore, CharSet = System.Runtime.InteropServices.CharSet.Auto, SetLastError = true)] public static extern uint GetDpiForMonitor(HandleRef hMonitor, MonitorDpiType dpiType, out uint dpiX, out uint dpiY); [DllImport(ExternDll.User32, EntryPoint = "IsProcessDPIAware", CharSet = CharSet.Auto, SetLastError = true)] internal static extern bool IsProcessDPIAware(); - /// - /// Critical: This code escalates to unmanaged code permission - /// [DllImport(ExternDll.Kernel32, CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr OpenProcess(int dwDesiredAccess, bool fInherit, int dwProcessId); - /// - /// Critical: This code escalates to unmanaged code permission - /// [DllImport(ExternDll.User32, EntryPoint = "EnableNonClientDpiScaling", CharSet = CharSet.Auto, SetLastError = true)] public static extern bool EnableNonClientDpiScaling(HandleRef hWnd); - /// - /// Critical: This code escalates to unmanaged code permission - /// [DllImport(ExternDll.User32, SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, BestFitMapping = false)] public static extern int GetClassName(HandleRef hwnd, StringBuilder lpClassName, int nMaxCount); - /// - /// Critical - elevates via a SUC. - /// [DllImport(ExternDll.User32, SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, BestFitMapping = false)] public static extern int MessageBox(HandleRef hWnd, string text, string caption, int type); - /// - /// Critical - elevates via a SUC. - /// [DllImport(ExternDll.Uxtheme, CharSet = CharSet.Auto, BestFitMapping = false, EntryPoint = "SetWindowTheme")] public static extern int CriticalSetWindowTheme(HandleRef hWnd, string subAppName, string subIdList); @@ -196,39 +143,21 @@ public enum ProcessDpiAwareness [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, EntryPoint = "CreateCompatibleBitmap", CharSet = CharSet.Auto)] public static extern IntPtr CreateCompatibleBitmap(HandleRef hDC, int width, int height); - /// - /// Critical - elevates via a SUC. Can be used to run arbitrary code. - /// [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, EntryPoint = "CreateCompatibleBitmap", CharSet = CharSet.Auto)] public static extern IntPtr CriticalCreateCompatibleBitmap(HandleRef hDC, int width, int height); - /// - /// Critical - elevates via a SUC. Can be used to run arbitrary code. - /// [DllImport(ExternDll.Gdi32, EntryPoint = "GetStockObject", SetLastError = true, CharSet = CharSet.Auto)] public static extern IntPtr CriticalGetStockObject(int stockObject); - /// - /// Critical - elevates via a SUC. Can be used to run arbitrary code. - /// [DllImport(ExternDll.User32, EntryPoint = "FillRect", SetLastError = true, CharSet = CharSet.Auto)] public static extern int CriticalFillRect(IntPtr hdc, ref NativeMethods.RECT rcFill, IntPtr brush); - /// - /// Critical: This code escalates to unmanaged code permission - /// [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern int GetBitmapBits(HandleRef hbmp, int cbBuffer, byte[] lpvBits); - /// - /// Critical: This code escalates to unmanaged code permission - /// [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern bool ShowWindow(HandleRef hWnd, int nCmdShow); - /// - /// Critical: This code escalates to unmanaged code permission - /// public static void DeleteObject(HandleRef hObject) { HandleCollector.Remove((IntPtr)hObject, NativeMethods.CommonHandles.GDI); @@ -239,9 +168,6 @@ public static void DeleteObject(HandleRef hObject) } } - /// - /// Critical: This code escalates to unmanaged code permission via a call to IntDeleteObject - /// public static bool DeleteObjectNoThrow(HandleRef hObject) { HandleCollector.Remove((IntPtr)hObject, NativeMethods.CommonHandles.GDI); @@ -258,9 +184,6 @@ public static bool DeleteObjectNoThrow(HandleRef hObject) } - /// - /// Critical: This code escalates to unmanaged code permission - /// [DllImport(ExternDll.Gdi32, SetLastError=true, ExactSpelling = true, EntryPoint="DeleteObject", CharSet=System.Runtime.InteropServices.CharSet.Auto)] public static extern bool IntDeleteObject(HandleRef hObject); @@ -268,48 +191,30 @@ public static bool DeleteObjectNoThrow(HandleRef hObject) [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern IntPtr SelectObject(HandleRef hdc, IntPtr obj); - /// - /// Critical: This code escalates to unmanaged code permission - /// [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern IntPtr SelectObject(HandleRef hdc, NativeMethods.BitmapHandle obj); - /// - /// Critical: This code escalates to unmanaged code permission - /// [DllImport(ExternDll.Gdi32, EntryPoint="SelectObject", SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern IntPtr CriticalSelectObject(HandleRef hdc, IntPtr obj); [DllImport(ExternDll.User32, CharSet = System.Runtime.InteropServices.CharSet.Auto, BestFitMapping = false, SetLastError = true)] public static extern int GetClipboardFormatName(int format, StringBuilder lpString, int cchMax); - /// - /// This code elevates to unmanaged code permission - /// [DllImport(ExternDll.User32, SetLastError = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, BestFitMapping = false)] public static extern int RegisterClipboardFormat(string format); [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern bool BitBlt(HandleRef hDC, int x, int y, int nWidth, int nHeight, HandleRef hSrcDC, int xSrc, int ySrc, int dwRop); - /// - /// This code elevates to unmanaged code permission - /// [DllImport(ExternDll.User32, EntryPoint="PrintWindow", SetLastError = true, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern bool CriticalPrintWindow(HandleRef hWnd, HandleRef hDC, int flags); - /// - /// This code elevates to unmanaged code permission - /// [DllImport(ExternDll.User32, EntryPoint="RedrawWindow", ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern bool CriticalRedrawWindow(HandleRef hWnd, IntPtr lprcUpdate, IntPtr hrgnUpdate, int flags); [DllImport(ExternDll.Shell32, CharSet=CharSet.Auto, BestFitMapping = false)] public static extern int DragQueryFile(HandleRef hDrop, int iFile, StringBuilder lpszFile, int cch); - /// - /// Critical - elevates via a SUC. - /// [DllImport(ExternDll.Shell32, CharSet=CharSet.Auto, BestFitMapping = false)] public static extern IntPtr ShellExecute(HandleRef hwnd, string lpOperation, string lpFile, string lpParameters, string lpDirectory, int nShowCmd); @@ -351,9 +256,6 @@ internal enum ShellExecuteFlags SEE_MASK_WAITFORINPUTIDLE = 0x02000000 }; - /// - /// Critical - elevates via SUC. Starts a new process. - /// [DllImport(ExternDll.Shell32, CharSet = CharSet.Unicode, SetLastError = true)] internal static extern bool ShellExecuteEx([In, Out] ShellExecuteInfo lpExecInfo); @@ -361,38 +263,19 @@ internal enum ShellExecuteFlags public const int MB_COMPOSITE = 0x00000002; public const int MB_USEGLYPHCHARS = 0x00000004; public const int MB_ERR_INVALID_CHARS = 0x00000008; - /// - /// Critical - elevates via a SUC. - /// [DllImport(ExternDll.Kernel32, ExactSpelling=true, CharSet=CharSet.Unicode, SetLastError=true)] public static extern int MultiByteToWideChar(int CodePage, int dwFlags, byte[] lpMultiByteStr, int cchMultiByte, [Out, MarshalAs(UnmanagedType.LPWStr)] StringBuilder lpWideCharStr, int cchWideChar); - /// - /// Critical - elevates (via SuppressUnmanagedCodeSecurity). - /// [DllImport(ExternDll.Kernel32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Unicode)] public static extern int WideCharToMultiByte(int codePage, int flags, [MarshalAs(UnmanagedType.LPWStr)]string wideStr, int chars, [In,Out]byte[] pOutBytes, int bufferBytes, IntPtr defaultChar, IntPtr pDefaultUsed); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, ExactSpelling=true, EntryPoint="RtlMoveMemory", CharSet=CharSet.Unicode)] public static extern void CopyMemoryW(IntPtr pdst, string psrc, int cb); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, EntryPoint = "RtlMoveMemory", CharSet = CharSet.Unicode)] public static extern void CopyMemoryW(IntPtr pdst, char[] psrc, int cb); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, ExactSpelling=true, EntryPoint="RtlMoveMemory")] public static extern void CopyMemory(IntPtr pdst, byte[] psrc, int cb); #if BASE_NATIVEMETHODS - /// - /// Critical as this code performs an elevation due to an unmanaged code call. Also this - /// information can be used to exploit the system. - /// [DllImport(ExternDll.User32, EntryPoint="GetKeyboardState", CharSet=CharSet.Auto, SetLastError=true)] private static extern int IntGetKeyboardState(byte [] keystate); public static void GetKeyboardState(byte [] keystate) @@ -410,15 +293,9 @@ public static void GetKeyboardState(byte [] keystate) #endif #if !DRT && !UIAUTOMATIONTYPES - /// - /// Critical: This code elevates to unmanaged code permission - /// [DllImport(ExternDll.Kernel32, EntryPoint = "GetModuleFileName", CharSet=CharSet.Unicode, SetLastError = true)] private static extern int IntGetModuleFileName(HandleRef hModule, StringBuilder buffer, int length); - /// - /// Critical: This code elevates to unmanaged code permission by calling into IntGetModuleFileName - /// internal static string GetModuleFileName(HandleRef hModule) { // .Net is currently far behind Windows with regard to supporting paths longer than MAX_PATH. @@ -453,24 +330,15 @@ internal static string GetModuleFileName(HandleRef hModule) #if BASE_NATIVEMETHODS - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern bool TranslateMessage([In, Out] ref System.Windows.Interop.MSG msg); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, CharSet=CharSet.Auto)] public static extern IntPtr DispatchMessage([In] ref System.Windows.Interop.MSG msg); #endif #if BASE_NATIVEMETHODS - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, CharSet=CharSet.Auto, EntryPoint="PostThreadMessage", SetLastError=true)] private static extern int IntPostThreadMessage(int id, int msg, IntPtr wparam, IntPtr lparam); public static void PostThreadMessage(int id, int msg, IntPtr wparam, IntPtr lparam) @@ -482,21 +350,12 @@ public static void PostThreadMessage(int id, int msg, IntPtr wparam, IntPtr lpar } #endif - /// - /// Critical - This code elevates to unmanaged code. - /// [DllImport("oleacc.dll")] internal static extern int ObjectFromLresult(IntPtr lResult, ref Guid iid, IntPtr wParam, [In, Out] ref IAccessible ppvObject); - /// - /// Critical - This code elevates to unmanaged code. - /// [DllImport("user32.dll")] internal static extern bool IsWinEventHookInstalled(int winevent); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Ole32, EntryPoint="OleInitialize")] private static extern int IntOleInitialize(IntPtr val); @@ -505,9 +364,6 @@ public static int OleInitialize() return IntOleInitialize(IntPtr.Zero); } - /// - /// Critical: SUC. Inherently unsafe. - /// [DllImport(ExternDll.Ole32)] public static extern int CoRegisterPSClsid(ref Guid riid, ref Guid rclsid); @@ -515,18 +371,12 @@ public static int OleInitialize() [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public extern static bool EnumThreadWindows(int dwThreadId, NativeMethods.EnumThreadWindowsCallback lpfn, HandleRef lParam); - /// - /// Critical: This code calls into unmanaged code which elevates - /// [DllImport(ExternDll.Ole32, ExactSpelling=true, CharSet=CharSet.Auto, SetLastError=true)] public static extern int OleUninitialize(); [DllImport(ExternDll.Kernel32, EntryPoint="CloseHandle", CharSet=CharSet.Auto, SetLastError=true)] private static extern bool IntCloseHandle(HandleRef handle); - /// - /// Critical: Closes a passed in handle, LinkDemand on Marshal.GetLastWin32Error - /// public static bool CloseHandleNoThrow(HandleRef handle) { HandleCollector.Remove((IntPtr)handle, NativeMethods.CommonHandles.Kernel); @@ -543,9 +393,6 @@ public static bool CloseHandleNoThrow(HandleRef handle) } - /// - /// Critical as this code performs an UnmanagedCodeSecurity elevation. - /// [DllImport(ExternDll.Ole32, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern int CreateStreamOnHGlobal(IntPtr hGlobal, bool fDeleteOnRelease, ref System.Runtime.InteropServices.ComTypes.IStream istream); @@ -554,17 +401,9 @@ public static bool CloseHandleNoThrow(HandleRef handle) private static extern IntPtr IntCreateCompatibleDC(HandleRef hDC); - /// - /// Critical - elevates via a SUC. Can be used to run arbitrary code. - /// [DllImport(ExternDll.Gdi32, SetLastError=true, EntryPoint="CreateCompatibleDC", CharSet=CharSet.Auto)] public static extern IntPtr CriticalCreateCompatibleDC(HandleRef hDC); - /// - /// Critical: LinkDemand on Win32Exception constructor - /// TreatAsSafe: Throwing an exception isn't unsafe - /// Note: If SupressUnmanagedCodeSecurity attribute is ever added to IntCreateCompatibleDC, we need to be Critical - /// public static IntPtr CreateCompatibleDC(HandleRef hDC) { IntPtr h = IntCreateCompatibleDC(hDC); @@ -580,11 +419,6 @@ public static IntPtr CreateCompatibleDC(HandleRef hDC) [DllImport(ExternDll.Kernel32, EntryPoint="UnmapViewOfFile", CharSet=CharSet.Auto, SetLastError=true)] private static extern bool IntUnmapViewOfFile(HandleRef pvBaseAddress); /* - /// - /// Critical: LinkDemand on Win32Exception constructor - /// TreatAsSafe: Throwing an exception isn't unsafe - /// Note: If SupressUnmanagedCodeSecurity attribute is ever added to IntUnmapViewOfFile, we need to be Critical - /// public static void UnmapViewOfFile(HandleRef pvBaseAddress) { HandleCollector.Remove((IntPtr)pvBaseAddress, NativeMethods.CommonHandles.Kernel); @@ -594,9 +428,6 @@ public static void UnmapViewOfFile(HandleRef pvBaseAddress) } } */ - /// - /// Critical: Unmaps a file handle, LinkDemand on Marshal.GetLastWin32Error - /// public static bool UnmapViewOfFileNoThrow(HandleRef pvBaseAddress) { HandleCollector.Remove((IntPtr)pvBaseAddress, NativeMethods.CommonHandles.Kernel); @@ -613,9 +444,6 @@ public static bool UnmapViewOfFileNoThrow(HandleRef pvBaseAddress) } - /// - /// Critical: This code calls into unmanaged code which elevates - /// public static bool EnableWindow(HandleRef hWnd, bool enable) { bool result = NativeMethodsSetLastError.EnableWindow(hWnd, enable); @@ -631,9 +459,6 @@ public static bool EnableWindow(HandleRef hWnd, bool enable) return result; } - /// - /// Critical: This code calls into unmanaged code which elevates - /// public static bool EnableWindowNoThrow(HandleRef hWnd, bool enable) { // This method is not throwing because the caller don't want to fail after calling this. @@ -645,21 +470,12 @@ public static bool EnableWindowNoThrow(HandleRef hWnd, bool enable) [DllImport(ExternDll.Gdi32, SetLastError=true, CharSet=CharSet.Auto)] public static extern int GetObject(HandleRef hObject, int nSize, [In, Out] NativeMethods.BITMAP bm); - /// - /// Critical: This code returns the window which has focus and elevates to unmanaged code - /// [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern IntPtr GetFocus(); - /// - /// Critical - this code elevates via SUC. - /// [DllImport(ExternDll.User32, EntryPoint = "GetCursorPos", ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] private static extern bool IntGetCursorPos([In, Out] NativeMethods.POINT pt); - /// - /// Critical - calls a critical function. - /// internal static bool GetCursorPos([In, Out] NativeMethods.POINT pt) { bool returnValue = IntGetCursorPos(pt); @@ -670,15 +486,9 @@ internal static bool GetCursorPos([In, Out] NativeMethods.POINT pt) return returnValue; } - /// - /// Critical - this code elevates via SUC. - /// [DllImport(ExternDll.User32, EntryPoint = "GetCursorPos", ExactSpelling = true, CharSet = CharSet.Auto)] private static extern bool IntTryGetCursorPos([In, Out] NativeMethods.POINT pt); - /// - /// Critical - calls a critical function. - /// internal static bool TryGetCursorPos([In, Out] NativeMethods.POINT pt) { bool returnValue = IntTryGetCursorPos(pt); @@ -697,35 +507,18 @@ internal static bool TryGetCursorPos([In, Out] NativeMethods.POINT pt) } #if BASE_NATIVEMETHODS || CORE_NATIVEMETHODS || FRAMEWORK_NATIVEMETHODS - /// - /// Critical:Unmanaged code that gets the state of the keyboard keys - /// This can be exploited to get keyboard state. - /// [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=System.Runtime.InteropServices.CharSet.Auto)] public static extern int GetWindowThreadProcessId(HandleRef hWnd, out int lpdwProcessId); - /// - /// Critical:Unmanaged code that gets the state of the keyboard keys - /// This can be exploited to get keyboard state. - /// [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern short GetKeyState(int keyCode); - /// - /// Critical:Elevates to Unmanaged code permission - /// [DllImport(ExternDll.Ole32, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto, PreserveSig = false)] public static extern void DoDragDrop(IComDataObject dataObject, UnsafeNativeMethods.IOleDropSource dropSource, int allowedEffects, int[] finalEffect); - /// - /// Critical - this code elevates via SUC. - /// [DllImport(ExternDll.Ole32, ExactSpelling=true, CharSet=CharSet.Auto)] internal static extern void ReleaseStgMedium(ref STGMEDIUM medium); - /// - /// Critical - this code elevates via SUC. - /// [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=System.Runtime.InteropServices.CharSet.Auto)] public static extern bool InvalidateRect(HandleRef hWnd, IntPtr rect, bool erase); @@ -733,9 +526,6 @@ internal static bool TryGetCursorPos([In, Out] NativeMethods.POINT pt) #endif - /// - /// SecurityCritical due to a call to SetLastError and calls GetWindowText - /// internal static int GetWindowText(HandleRef hWnd, [Out] StringBuilder lpString, int nMaxCount) { int returnValue = NativeMethodsSetLastError.GetWindowText(hWnd, lpString, nMaxCount); @@ -750,9 +540,6 @@ internal static int GetWindowText(HandleRef hWnd, [Out] StringBuilder lpString, return returnValue; } - /// - /// SecurityCritical due to a call to SetLastError - /// internal static int GetWindowTextLength(HandleRef hWnd) { int returnValue = NativeMethodsSetLastError.GetWindowTextLength(hWnd); @@ -767,123 +554,66 @@ internal static int GetWindowTextLength(HandleRef hWnd) return returnValue; } - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr GlobalAlloc(int uFlags, IntPtr dwBytes); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr GlobalReAlloc(HandleRef handle, IntPtr bytes, int flags); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr GlobalLock(HandleRef handle); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern bool GlobalUnlock(HandleRef handle); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr GlobalFree(HandleRef handle); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern IntPtr GlobalSize(HandleRef handle); #if BASE_NATIVEMETHODS || CORE_NATIVEMETHODS || FRAMEWORK_NATIVEMETHODS - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet=CharSet.Auto)] public static extern bool ImmSetConversionStatus(HandleRef hIMC, int conversion, int sentence); - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet=CharSet.Auto)] public static extern bool ImmGetConversionStatus(HandleRef hIMC, ref int conversion, ref int sentence); - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern IntPtr ImmGetContext(HandleRef hWnd); - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern bool ImmReleaseContext(HandleRef hWnd, HandleRef hIMC); - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet=CharSet.Auto)] public static extern IntPtr ImmAssociateContext(HandleRef hWnd, HandleRef hIMC); - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern bool ImmSetOpenStatus(HandleRef hIMC, bool open); - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern bool ImmGetOpenStatus(HandleRef hIMC); - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern bool ImmNotifyIME(HandleRef hIMC, int dwAction, int dwIndex, int dwValue); - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet=CharSet.Auto)] public static extern int ImmGetProperty(HandleRef hkl, int flags); // ImmGetCompositionString for result and composition strings - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmGetCompositionString(HandleRef hIMC, int dwIndex, char[] lpBuf, int dwBufLen); // ImmGetCompositionString for display attributes - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmGetCompositionString(HandleRef hIMC, int dwIndex, byte[] lpBuf, int dwBufLen); // ImmGetCompositionString for clause information - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmGetCompositionString(HandleRef hIMC, int dwIndex, int[] lpBuf, int dwBufLen); // ImmGetCompositionString for query information - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmGetCompositionString(HandleRef hIMC, int dwIndex, IntPtr lpBuf, int dwBufLen); @@ -896,15 +626,9 @@ internal static int GetWindowTextLength(HandleRef hWnd) [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmConfigureIME(HandleRef hkl, HandleRef hwnd, int dwData, [In] ref NativeMethods.REGISTERWORD registerWord); - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmSetCompositionWindow(HandleRef hIMC, [In, Out] ref NativeMethods.COMPOSITIONFORM compform); - /// - /// Critical:This code causes an elevation of privilige to unmanaged code - /// [DllImport(ExternDll.Imm32, CharSet = CharSet.Auto)] public static extern int ImmSetCandidateWindow(HandleRef hIMC, [In, Out] ref NativeMethods.CANDIDATEFORM candform); @@ -912,9 +636,6 @@ internal static int GetWindowTextLength(HandleRef hWnd) public static extern IntPtr ImmGetDefaultIMEWnd(HandleRef hwnd); #endif - /// - /// Critical - calls SetFocusWrapper (the real PInvoke method) - /// internal static IntPtr SetFocus(HandleRef hWnd) { IntPtr result = IntPtr.Zero; @@ -927,18 +648,12 @@ internal static IntPtr SetFocus(HandleRef hWnd) return result; } - /// - /// Critical - calls SetFocusWrapper (the real PInvoke method) - /// internal static bool TrySetFocus(HandleRef hWnd) { IntPtr result = IntPtr.Zero; return TrySetFocus(hWnd, ref result); } - /// - /// Critical - calls SetFocusWrapper (the real PInvoke method) - /// internal static bool TrySetFocus(HandleRef hWnd, ref IntPtr result) { result = NativeMethodsSetLastError.SetFocus(hWnd); @@ -952,9 +667,6 @@ internal static bool TrySetFocus(HandleRef hWnd, ref IntPtr result) return true; } - /// - /// Critical - This code returns a critical resource and calls critical code. - /// internal static IntPtr GetParent(HandleRef hWnd) { IntPtr retVal = NativeMethodsSetLastError.GetParent(hWnd); @@ -968,15 +680,9 @@ internal static IntPtr GetParent(HandleRef hWnd) return retVal; } - /// - /// Critical - This code returns a critical resource and causes unmanaged code elevation. - /// [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern IntPtr GetAncestor(HandleRef hWnd, int flags); - /// - /// Critical - This code causes unmanaged code elevation. - /// [DllImport(ExternDll.User32, SetLastError = true, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern bool IsChild(HandleRef hWndParent, HandleRef hwnd); @@ -992,21 +698,12 @@ internal static IntPtr GetParent(HandleRef hWnd) //****************** - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern IntPtr SetParent(HandleRef hWnd, HandleRef hWndParent); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, EntryPoint = "GetModuleHandle", CharSet = CharSet.Auto, BestFitMapping = false, ThrowOnUnmappableChar = true, SetLastError = true)] private static extern IntPtr IntGetModuleHandle(string modName); - /// - /// Critical as this code performs an elevation. - /// internal static IntPtr GetModuleHandle(string modName) { IntPtr retVal = IntGetModuleHandle(modName); @@ -1020,28 +717,16 @@ internal static IntPtr GetModuleHandle(string modName) } - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, CharSet=CharSet.Auto)] public static extern IntPtr CallWindowProc(IntPtr wndProc, IntPtr hWnd, int msg, IntPtr wParam, IntPtr lParam); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, CharSet = CharSet.Unicode, EntryPoint = "DefWindowProcW")] public static extern IntPtr DefWindowProc(IntPtr hWnd, Int32 Msg, IntPtr wParam, IntPtr lParam); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, SetLastError=true, EntryPoint="GetProcAddress", CharSet=CharSet.Ansi, BestFitMapping=false)] public static extern IntPtr IntGetProcAddress(HandleRef hModule, string lpProcName); - /// - /// Critical - calls IntGetProcAddress (the real PInvoke method) - /// public static IntPtr GetProcAddress(HandleRef hModule, string lpProcName) { IntPtr result = IntGetProcAddress(hModule, lpProcName); @@ -1060,15 +745,9 @@ public static IntPtr GetProcAddress(HandleRef hModule, string lpProcName) // the functions consecutively from 1 to N (where N is the number of exported functions), an error can // occur where GetProcAddress returns an invalid, non-NULL address, even though there is no function with the specified ordinal. - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, EntryPoint="GetProcAddress", CharSet=CharSet.Ansi, BestFitMapping=false)] public static extern IntPtr GetProcAddressNoThrow(HandleRef hModule, string lpProcName); - /// - /// Critical: as suppressing UnmanagedCodeSecurity - /// [DllImport(ExternDll.Kernel32, CharSet = CharSet.Unicode)] public static extern IntPtr LoadLibrary(string lpFileName); @@ -1274,58 +953,31 @@ internal static extern bool GetModuleHandleEx( internal static extern bool FreeLibrary([In] IntPtr hModule); #if !DRT && !UIAUTOMATIONTYPES - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32)] public static extern int GetSystemMetrics(SM nIndex); #endif - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, SetLastError = true, CharSet=CharSet.Auto, BestFitMapping = false)] public static extern bool SystemParametersInfo(int nAction, int nParam, ref NativeMethods.RECT rc, int nUpdate); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false)] public static extern bool SystemParametersInfo(int nAction, int nParam, ref int value, int ignore); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false)] public static extern bool SystemParametersInfo(int nAction, int nParam, ref bool value, int ignore); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false)] public static extern bool SystemParametersInfo(int nAction, int nParam, ref NativeMethods.HIGHCONTRAST_I rc, int nUpdate); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false)] public static extern bool SystemParametersInfo(int nAction, int nParam, [In, Out] NativeMethods.NONCLIENTMETRICS metrics, int nUpdate); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, CharSet = CharSet.Auto, ExactSpelling = true)] public static extern bool GetSystemPowerStatus(ref NativeMethods.SYSTEM_POWER_STATUS systemPowerStatus); - /// - /// Critical - performs an elevation via SUC. - /// [DllImport(ExternDll.User32, EntryPoint="ClientToScreen", SetLastError=true, ExactSpelling=true, CharSet=CharSet.Auto)] private static extern int IntClientToScreen(HandleRef hWnd, [In, Out] NativeMethods.POINT pt); - /// - /// Critical calls critical code - IntClientToScreen - /// public static void ClientToScreen(HandleRef hWnd, [In, Out] NativeMethods.POINT pt) { if(IntClientToScreen(hWnd, pt) == 0) @@ -1334,36 +986,19 @@ public static void ClientToScreen(HandleRef hWnd, [In, Out] NativeMethods.POINT } } - /// - /// Critical:Elevates to Unmanaged code permission - /// [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern IntPtr GetDesktopWindow(); - /// - /// Critical:Elevates to Unmanaged code permission and can be used to - /// change the foreground window. - /// [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern IntPtr GetForegroundWindow(); - /// - /// Critical:Elevates to Unmanaged code permission - /// [DllImport(ExternDll.Ole32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern int RegisterDragDrop(HandleRef hwnd, UnsafeNativeMethods.IOleDropTarget target); - /// - /// Critical:Elevates to Unmanaged code permission - /// [DllImport(ExternDll.Ole32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern int RevokeDragDrop(HandleRef hwnd); #if !DRT && !UIAUTOMATIONTYPES - /// - /// Critical:Elevates to Unmanaged code permission and can be used to - /// get information of messages in queues. - /// [DllImport(ExternDll.User32, CharSet=CharSet.Auto)] public static extern bool PeekMessage([In, Out] ref System.Windows.Interop.MSG msg, HandleRef hwnd, WindowMessage msgMin, WindowMessage msgMax, int remove); @@ -1373,15 +1008,9 @@ public static void ClientToScreen(HandleRef hWnd, [In, Out] NativeMethods.POINT #endif - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, EntryPoint = "PostMessage", CharSet = CharSet.Auto, SetLastError = true)] private static extern bool IntPostMessage(HandleRef hwnd, WindowMessage msg, IntPtr wparam, IntPtr lparam); - /// - /// Critical as this code performs an elevation. - /// internal static void PostMessage(HandleRef hwnd, WindowMessage msg, IntPtr wparam, IntPtr lparam) { if (!IntPostMessage(hwnd, msg, wparam, lparam)) @@ -1390,56 +1019,29 @@ internal static void PostMessage(HandleRef hwnd, WindowMessage msg, IntPtr wpara } } - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, EntryPoint = "PostMessage", CharSet = CharSet.Auto)] internal static extern bool TryPostMessage(HandleRef hwnd, WindowMessage msg, IntPtr wparam, IntPtr lparam); #endif #if BASE_NATIVEMETHODS || CORE_NATIVEMETHODS - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern void NotifyWinEvent(int winEvent, HandleRef hwnd, int objType, int objID); #endif - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, ExactSpelling = true, EntryPoint = "BeginPaint", CharSet = CharSet.Auto)] private static extern IntPtr IntBeginPaint(HandleRef hWnd, [In, Out] ref NativeMethods.PAINTSTRUCT lpPaint); - /// - /// Critical as this code performs an elevation. via the call to IntBeginPaint - /// public static IntPtr BeginPaint(HandleRef hWnd, [In, Out, MarshalAs(UnmanagedType.LPStruct)] ref NativeMethods.PAINTSTRUCT lpPaint) { return HandleCollector.Add(IntBeginPaint(hWnd, ref lpPaint), NativeMethods.CommonHandles.HDC); } - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, ExactSpelling = true, EntryPoint = "EndPaint", CharSet = CharSet.Auto)] private static extern bool IntEndPaint(HandleRef hWnd, ref NativeMethods.PAINTSTRUCT lpPaint); - /// - /// Critical as this code performs an elevation via the call to IntEndPaint. - /// public static bool EndPaint(HandleRef hWnd, [In, MarshalAs(UnmanagedType.LPStruct)] ref NativeMethods.PAINTSTRUCT lpPaint) { HandleCollector.Remove(lpPaint.hdc, NativeMethods.CommonHandles.HDC); return IntEndPaint(hWnd, ref lpPaint); } - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, SetLastError = true, ExactSpelling = true, EntryPoint = "GetDC", CharSet = CharSet.Auto)] private static extern IntPtr IntGetDC(HandleRef hWnd); - /// - /// Critical as this code performs an elevation. The call to handle collector is - /// by itself not dangerous because handle collector simply - /// stores a count of the number of instances of a given - /// handle and not the handle itself. - /// public static IntPtr GetDC(HandleRef hWnd) { IntPtr hDc = IntGetDC(hWnd); @@ -1451,77 +1053,42 @@ public static IntPtr GetDC(HandleRef hWnd) return HandleCollector.Add(hDc, NativeMethods.CommonHandles.HDC); } - /// - /// Critical as this code performs an elevation.The call to handle collector - /// is by itself not dangerous because handle collector simply - /// stores a count of the number of instances of a given handle and not the handle itself. - /// [DllImport(ExternDll.User32, ExactSpelling = true, EntryPoint = "ReleaseDC", CharSet = CharSet.Auto)] private static extern int IntReleaseDC(HandleRef hWnd, HandleRef hDC); - /// - /// Critical as this code performs an elevation. - /// public static int ReleaseDC(HandleRef hWnd, HandleRef hDC) { HandleCollector.Remove((IntPtr)hDC, NativeMethods.CommonHandles.HDC); return IntReleaseDC(hWnd, hDC); } - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern int GetDeviceCaps(HandleRef hDC, int nIndex); - /// - /// Critical as this code performs an elevation to unmanaged code - /// [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern IntPtr GetActiveWindow(); - /// - /// Critical as this code performs an elevation to unmanaged code - /// [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern bool SetForegroundWindow(HandleRef hWnd); // Begin API Additions to support common dialog controls - /// - /// Critical as this code performs an elevation to unmanaged code - /// [DllImport(ExternDll.Comdlg32, SetLastError = true, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] internal static extern int CommDlgExtendedError(); - /// - /// Critical as this code performs an elevation to unmanaged code - /// [DllImport(ExternDll.Comdlg32, SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool GetOpenFileName([In, Out] NativeMethods.OPENFILENAME_I ofn); - /// - /// Critical as this code performs an elevation to unmanaged code - /// [DllImport(ExternDll.Comdlg32, SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool GetSaveFileName([In, Out] NativeMethods.OPENFILENAME_I ofn); // End Common Dialog API Additions - /// - /// Critical as this code performs an elevation. - /// [return:MarshalAs(UnmanagedType.Bool)] [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto, SetLastError=true)] public static extern bool SetLayeredWindowAttributes(HandleRef hwnd, int crKey, byte bAlpha, int dwFlags); - /// - /// Critical as this code performs an elevation. - /// [return: MarshalAs(UnmanagedType.Bool)] [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] public static extern bool UpdateLayeredWindow(IntPtr hwnd, IntPtr hdcDst, NativeMethods.POINT pptDst, NativeMethods.POINT pSizeDst, IntPtr hdcSrc, NativeMethods.POINT pptSrc, int crKey, ref NativeMethods.BLENDFUNCTION pBlend, int dwFlags); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, SetLastError = true)] public static extern IntPtr SetActiveWindow(HandleRef hWnd); @@ -1532,29 +1099,17 @@ public static int ReleaseDC(HandleRef hWnd, HandleRef hDC) { public static extern IntPtr SetCursor(HandleRef hcursor); #endif - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, ExactSpelling=true, EntryPoint="DestroyCursor", CharSet=CharSet.Auto)] private static extern bool IntDestroyCursor(IntPtr hCurs); - /// - /// Critical calls IntDestroyCursor - /// public static bool DestroyCursor(IntPtr hCurs) { return IntDestroyCursor(hCurs); } - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, EntryPoint="DestroyIcon", CharSet=System.Runtime.InteropServices.CharSet.Auto, SetLastError=true)] private static extern bool IntDestroyIcon(IntPtr hIcon); - /// - /// Critical: calls a critical method (IntDestroyIcon) - /// public static bool DestroyIcon(IntPtr hIcon) { bool result = IntDestroyIcon(hIcon); @@ -1573,15 +1128,9 @@ public static bool DestroyIcon(IntPtr hIcon) return result; } - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Gdi32, EntryPoint="DeleteObject", CharSet=System.Runtime.InteropServices.CharSet.Auto, SetLastError=true)] private static extern bool IntDeleteObject(IntPtr hObject); - /// - /// Critical: calls a critical method (IntDeleteObject) - /// public static bool DeleteObject(IntPtr hObject) { bool result = IntDeleteObject(hObject); @@ -1601,14 +1150,8 @@ public static bool DeleteObject(IntPtr hObject) } #if BASE_NATIVEMETHODS || CORE_NATIVEMETHODS || FRAMEWORK_NATIVEMETHODS - /// - /// Critical as suppressing UnmanagedCodeSecurity - /// [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, EntryPoint = "CreateDIBSection")] private static extern NativeMethods.BitmapHandle PrivateCreateDIBSection(HandleRef hdc, ref NativeMethods.BITMAPINFO bitmapInfo, int iUsage, ref IntPtr ppvBits, SafeFileMappingHandle hSection, int dwOffset); - /// - /// Critical - The method invokes PrivateCreateDIBSection. - /// internal static NativeMethods.BitmapHandle CreateDIBSection(HandleRef hdc, ref NativeMethods.BITMAPINFO bitmapInfo, int iUsage, ref IntPtr ppvBits, SafeFileMappingHandle hSection, int dwOffset) { if (hSection == null) @@ -1629,14 +1172,8 @@ internal static NativeMethods.BitmapHandle CreateDIBSection(HandleRef hdc, ref N } #endif - /// - /// Critical as suppressing UnmanagedCodeSecurity - /// [DllImport(ExternDll.Gdi32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, EntryPoint = "CreateBitmap")] private static extern NativeMethods.BitmapHandle PrivateCreateBitmap(int width, int height, int planes, int bitsPerPixel, byte[] lpvBits); - /// - /// Critical - The method invokes PrivateCreateBitmap. - /// internal static NativeMethods.BitmapHandle CreateBitmap(int width, int height, int planes, int bitsPerPixel, byte[] lpvBits) { NativeMethods.BitmapHandle hBitmap = PrivateCreateBitmap(width, height, planes, bitsPerPixel, lpvBits); @@ -1650,14 +1187,8 @@ internal static NativeMethods.BitmapHandle CreateBitmap(int width, int height, i return hBitmap; } - /// - /// Critical as suppressing UnmanagedCodeSecurity - /// [DllImport(ExternDll.User32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, EntryPoint = "DestroyIcon")] private static extern bool PrivateDestroyIcon(HandleRef handle); - /// - /// Critical - The method invokes PrivateDestroyIcon. - /// internal static bool DestroyIcon(HandleRef handle) { HandleCollector.Remove((IntPtr)handle, NativeMethods.CommonHandles.Icon); @@ -1673,14 +1204,8 @@ internal static bool DestroyIcon(HandleRef handle) return result; } - /// - /// Critical as suppressing UnmanagedCodeSecurity - /// [DllImport(ExternDll.User32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, EntryPoint = "CreateIconIndirect")] private static extern NativeMethods.IconHandle PrivateCreateIconIndirect([In, MarshalAs(UnmanagedType.LPStruct)]NativeMethods.ICONINFO iconInfo); - /// - /// Critical - The method invokes PrivateCreateIconIndirect. - /// internal static NativeMethods.IconHandle CreateIconIndirect([In, MarshalAs(UnmanagedType.LPStruct)]NativeMethods.ICONINFO iconInfo) { NativeMethods.IconHandle hIcon = PrivateCreateIconIndirect(iconInfo); @@ -1694,20 +1219,12 @@ internal static NativeMethods.IconHandle CreateIconIndirect([In, MarshalAs(Unman return hIcon; } - /// - /// Critical: This code elevates to unmanaged code - /// [DllImport(ExternDll.User32, ExactSpelling=true, CharSet=CharSet.Auto)] public static extern bool IsWindow(HandleRef hWnd); #if BASE_NATIVEMETHODS [DllImport(ExternDll.Gdi32, SetLastError=true, ExactSpelling=true, EntryPoint="DeleteDC", CharSet=CharSet.Auto)] private static extern bool IntDeleteDC(HandleRef hDC); - /// - /// Critical: LinkDemand on Win32Exception constructor - /// TreatAsSafe: Throwing an exception isn't unsafe - /// Note: If SupressUnmanagedCodeSecurity attribute is ever added to IntDeleteDC, we need to be Critical - /// public static void DeleteDC(HandleRef hDC) { HandleCollector.Remove((IntPtr)hDC, NativeMethods.CommonHandles.HDC); @@ -1718,15 +1235,9 @@ public static void DeleteDC(HandleRef hDC) } - /// - /// Critical: This code elevates to unmanaged code - /// [DllImport(ExternDll.Gdi32, SetLastError=true, ExactSpelling=true, EntryPoint="DeleteDC", CharSet=CharSet.Auto)] private static extern bool IntCriticalDeleteDC(HandleRef hDC); - /// - /// Critical: This code elevates to unmanaged code - /// public static void CriticalDeleteDC(HandleRef hDC) { HandleCollector.Remove((IntPtr)hDC, NativeMethods.CommonHandles.HDC); @@ -1740,14 +1251,8 @@ public static void CriticalDeleteDC(HandleRef hDC) #if BASE_NATIVEMETHODS - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, SetLastError=true, EntryPoint="GetMessageW", ExactSpelling=true, CharSet=CharSet.Unicode)] private static extern int IntGetMessageW([In, Out] ref System.Windows.Interop.MSG msg, HandleRef hWnd, int uMsgFilterMin, int uMsgFilterMax); - /// - /// Critical - calls IntGetMessageW (the real PInvoke method) - /// public static bool GetMessageW([In, Out] ref System.Windows.Interop.MSG msg, HandleRef hWnd, int uMsgFilterMin, int uMsgFilterMax) { bool boolResult = false; @@ -1773,32 +1278,20 @@ public static bool GetMessageW([In, Out] ref System.Windows.Interop.MSG msg, Han #if BASE_NATIVEMETHODS - /// - /// Critical: This code elevates via a SUC to call into unmanaged Code and can get the HWND of windows at any arbitrary point on the screen - /// [DllImport(ExternDll.User32, EntryPoint="WindowFromPoint", ExactSpelling=true, CharSet=CharSet.Auto)] private static extern IntPtr IntWindowFromPoint(POINTSTRUCT pt); - /// - /// Critical: This calls WindowFromPoint(POINTSTRUCT) which is marked SecurityCritical - /// public static IntPtr WindowFromPoint(int x, int y) { POINTSTRUCT ps = new POINTSTRUCT(x, y); return IntWindowFromPoint(ps); } #endif - /// - /// Critical: This code elevates to call into unmanaged Code - /// [DllImport(ExternDll.User32, EntryPoint="CreateWindowEx", CharSet=CharSet.Auto, BestFitMapping = false, SetLastError=true)] public static extern IntPtr IntCreateWindowEx(int dwExStyle, string lpszClassName, string lpszWindowName, int style, int x, int y, int width, int height, HandleRef hWndParent, HandleRef hMenu, HandleRef hInst, [MarshalAs(UnmanagedType.AsAny)] object pvParam); - /// - /// Critical: This code elevates to call into unmanaged Code by calling IntCreateWindowEx - /// public static IntPtr CreateWindowEx(int dwExStyle, string lpszClassName, string lpszWindowName, int style, int x, int y, int width, int height, HandleRef hWndParent, HandleRef hMenu, HandleRef hInst, [MarshalAs(UnmanagedType.AsAny)]object pvParam) { @@ -1812,15 +1305,9 @@ public static IntPtr CreateWindowEx(int dwExStyle, string lpszClassName, return retVal; } - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, SetLastError = true, EntryPoint="DestroyWindow", CharSet=CharSet.Auto)] public static extern bool IntDestroyWindow(HandleRef hWnd); - /// - /// Critical - calls Security Critical method - /// public static void DestroyWindow(HandleRef hWnd) { if(!IntDestroyWindow(hWnd)) @@ -1828,26 +1315,14 @@ public static void DestroyWindow(HandleRef hWnd) throw new Win32Exception(); } } - /// - /// Critical - elevates via a SUC. - /// [DllImport(ExternDll.User32)] internal static extern IntPtr SetWinEventHook(int eventMin, int eventMax, IntPtr hmodWinEventProc, NativeMethods.WinEventProcDef WinEventReentrancyFilter, uint idProcess, uint idThread, int dwFlags); - /// - /// Critical - elevates via a SUC. - /// [DllImport(ExternDll.User32)] internal static extern bool UnhookWinEvent(IntPtr winEventHook); - /// - /// Critical - Delegate invoked by elevated (via a SUC) pinvoke. - /// public delegate bool EnumChildrenCallback(IntPtr hwnd, IntPtr lParam); - /// - /// Critical - elevates via a SUC. - /// public static void EnumChildWindows(HandleRef hwndParent, EnumChildrenCallback lpEnumFunc, HandleRef lParam) { // http://msdn.microsoft.com/en-us/library/ms633494(VS.85).aspx @@ -1855,27 +1330,15 @@ public static void EnumChildWindows(HandleRef hwndParent, EnumChildrenCallback l IntEnumChildWindows(hwndParent, lpEnumFunc, lParam); } - /// - /// Critical - elevates via a SUC. - /// [DllImport(ExternDll.User32, EntryPoint = "EnumChildWindows", ExactSpelling = true)] private static extern bool IntEnumChildWindows(HandleRef hwndParent, EnumChildrenCallback lpEnumFunc, HandleRef lParam); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, SetLastError = true, CharSet = CharSet.Auto)] public static extern int GetWindowRgn(HandleRef hWnd, HandleRef hRgn); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, SetLastError = true, CharSet = CharSet.Auto)] public static extern bool PtInRegion(HandleRef hRgn, int X, int Y); - /// - /// Critical as this code performs an elevation. - /// [DllImport("gdi32.dll", CharSet = CharSet.Auto, SetLastError = true, ExactSpelling = true)] public static extern IntPtr CreateRectRgn(int x1, int y1, int x2, int y2); @@ -1892,9 +1355,6 @@ public enum EXTENDED_NAME_FORMAT { NameServicePrincipal = 10 } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("00000122-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleDropTarget { @@ -1934,9 +1394,6 @@ int OleDrop( ref int pdwEffect); } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("00000121-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleDropSource { @@ -1953,9 +1410,6 @@ int OleGiveFeedback( int dwEffect); } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ ComImport(), @@ -1999,9 +1453,6 @@ int TranslateAccelerator( } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("00000118-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleClientSite { @@ -2031,9 +1482,6 @@ int GetMoniker( int RequestNewObjectLayout(); } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("00000119-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleInPlaceSite { @@ -2088,9 +1536,6 @@ int OnPosRectChange( NativeMethods.COMRECT lprcPosRect); } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("9BFBBC02-EFF1-101A-84ED-00AA00341D07"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IPropertyNotifySink { @@ -2100,9 +1545,6 @@ public interface IPropertyNotifySink { int OnRequestEdit(int dispID); } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("00000100-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IEnumUnknown { @@ -2127,9 +1569,6 @@ void Clone( out IEnumUnknown ppenum); } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("0000011B-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleContainer { @@ -2157,9 +1596,6 @@ int LockContainer( bool fLock); } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("00000116-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleInPlaceFrame { @@ -2285,9 +1721,6 @@ public enum OLECMDF { OLECMDF_DEFHIDEONCTXTMENU = 0x20 } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("00000115-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleInPlaceUIWindow { @@ -2319,26 +1752,17 @@ void SetActiveObject( string pszObjName); } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("00000117-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleInPlaceActiveObject { - /// - /// Critical: SUC. Exposes a native window handle. - /// [PreserveSig] int GetWindow(out IntPtr hwnd); void ContextSensitiveHelp( int fEnterMode); - /// - /// Critical: This code escalates to unmanaged code permission - /// [PreserveSig] int TranslateAccelerator( [In] @@ -2361,9 +1785,6 @@ void EnableModeless( int fEnable); } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("00000114-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleWindow { @@ -2377,9 +1798,6 @@ void ContextSensitiveHelp( int fEnterMode); } - /// - /// Critical - elevates via a SUC. - /// [ComImport(), Guid("00000113-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -2412,9 +1830,6 @@ void SetObjectRects( } - /// - /// Critical - elevates via a SUC. - /// [ComImport(), Guid("00000112-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -2546,9 +1961,6 @@ int SetColorScheme( NativeMethods.tagLOGPALETTE pLogpal); } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("1C2056CC-5EF4-101B-8BC8-00AA003E3B29"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IOleInPlaceObjectWindowless { @@ -2692,9 +2104,6 @@ int GetDropTarget( }; - /// - /// Critical - elevates via a SUC. - /// [ComImport(), Guid("B196B288-BAB4-101A-B69C-00AA00341D07"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -2723,9 +2132,6 @@ int FreezeEvents( } - /// - /// Critical - elevates via a SUC. - /// [ComImport(), Guid("B196B286-BAB4-101A-B69C-00AA00341D07"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -2758,15 +2164,9 @@ int Unadvise( } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("00020404-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IEnumVariant { - /// - /// Critical: This code elevates to call unmanaged code - /// [PreserveSig] int Next( [In, MarshalAs(UnmanagedType.U4)] @@ -2780,9 +2180,6 @@ void Skip( [In, MarshalAs(UnmanagedType.U4)] int celt); - /// - /// Critical: This code elevates to call unmanaged code - /// void Reset(); void Clone( @@ -2790,9 +2187,6 @@ void Clone( UnsafeNativeMethods.IEnumVariant[] ppenum); } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("00000104-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IEnumOLEVERB { @@ -2822,9 +2216,6 @@ void Clone( } - /// - /// Critical:Elevates to Unmanaged code permission - /// // This interface has different parameter marshaling from System.Runtime.InteropServices.ComTypes.IStream. // They are incompatable. But type cast will succeed because they have the same guid. @@ -2902,9 +2293,6 @@ void Stat( } - /// - /// Critical - elevates via a SUC. - /// [ComImport(), Guid("B196B284-BAB4-101A-B69C-00AA00341D07"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -2919,9 +2307,6 @@ public interface IConnectionPointContainer } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("B196B285-BAB4-101A-B69C-00AA00341D07"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IEnumConnectionPoints { @@ -2937,9 +2322,6 @@ public interface IEnumConnectionPoints { } #if !DRT && !UIAUTOMATIONTYPES - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("00020400-0000-0000-C000-000000000046"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IDispatch { @@ -2955,9 +2337,6 @@ ITypeInfo GetTypeInfo( [In, MarshalAs(UnmanagedType.U4)] int lcid); - /// - /// Critical elevates via a SUC. - /// [PreserveSig] HR GetIDsOfNames( [In] @@ -2972,9 +2351,6 @@ HR GetIDsOfNames( int[] rgDispId); - /// - /// Critical elevates via a SUC. - /// [PreserveSig] HR Invoke( @@ -2998,9 +2374,6 @@ HR Invoke( } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("A6EF9860-C720-11D0-9337-00A0C90DCAA9"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IDispatchEx : IDispatch { @@ -3016,9 +2389,6 @@ public interface IDispatchEx : IDispatch { [In, MarshalAs(UnmanagedType.U4)] int lcid); - /// - /// Critical elevates via a SUC. - /// [PreserveSig] new HR GetIDsOfNames( [In] @@ -3033,9 +2403,6 @@ public interface IDispatchEx : IDispatch { int[] rgDispId); - /// - /// Critical elevates via a SUC. - /// [PreserveSig] new HR Invoke( int dispIdMember, @@ -3056,18 +2423,12 @@ public interface IDispatchEx : IDispatch { #endregion - /// - /// Critical elevates via a SUC. - /// [PreserveSig] HR GetDispID( string name, int nameProperties, [Out] out int dispId); - /// - /// Critical elevates via a SUC. - /// [PreserveSig] HR InvokeEx( int dispId, @@ -3083,49 +2444,25 @@ HR InvokeEx( [In, Out] NativeMethods.EXCEPINFO exceptionInfo, IServiceProvider serviceProvider); - /// - /// Critical elevates via a SUC. - /// void DeleteMemberByName(string name, int flags); - /// - /// Critical elevates via a SUC. - /// void DeleteMemberByDispID(int dispId); - /// - /// Critical elevates via a SUC. - /// int GetMemberProperties(int dispId, int propFlags); - /// - /// Critical elevates via a SUC. - /// string GetMemberName(int dispId); - /// - /// Critical elevates via a SUC. - /// int GetNextDispID(int enumFlags, int dispId); - /// - /// Critical elevates via a SUC. - /// [return: MarshalAs(UnmanagedType.IUnknown)] object GetNameSpaceParent(); } - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("6D5140C1-7436-11CE-8034-00AA006009FA"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] public interface IServiceProvider { - /// - /// Critical elevates via a SUC. - /// [return: MarshalAs(UnmanagedType.IUnknown)] object QueryService(ref Guid service, ref Guid riid); @@ -3134,9 +2471,6 @@ public interface IServiceProvider { #endif #region WebBrowser Related Definitions - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("D30C1661-CDAF-11d0-8A3E-00C04FC9E26E"), TypeLibType(TypeLibTypeFlags.FHidden | TypeLibTypeFlags.FDual | TypeLibTypeFlags.FOleAutomation)] @@ -3145,15 +2479,9 @@ public interface IWebBrowser2 // // IWebBrowser members - /// - /// Critical elevates via a SUC. - /// [DispId(100)] void GoBack(); - /// - /// Critical elevates via a SUC. - /// [DispId(101)] void GoForward(); @@ -3166,15 +2494,9 @@ void Navigate([In] string Url, [In] ref object flags, [In] ref object targetFrameName, [In] ref object postData, [In] ref object headers); - /// - /// Critical elevates via a SUC. - /// [DispId(-550)] void Refresh(); - /// - /// Critical elevates via a SUC. - /// [DispId(105)] void Refresh2([In] ref object level); @@ -3187,9 +2509,6 @@ void Navigate([In] string Url, [In] ref object flags, [DispId(202)] object Container { [return: MarshalAs(UnmanagedType.IDispatch)]get;} - /// - /// Critical elevates via a SUC. - /// [DispId(203)] object Document { [return: MarshalAs(UnmanagedType.IDispatch)] get;} @@ -3209,9 +2528,6 @@ void Navigate([In] string Url, [In] ref object flags, [DispId(210)] string LocationName { get;} - /// - /// Critical elevates via a SUC. - /// [DispId(211)] string LocationURL { get;} @@ -3251,9 +2567,6 @@ string LocationURL { // // IWebBrowser2 members - /// - /// Critical elevates via a SUC. - /// [DispId(500)] void Navigate2([In] ref object URL, [In] ref object flags, [In] ref object targetFrameName, [In] ref object postData, @@ -3372,9 +2685,6 @@ void NavigateError([In, MarshalAs(UnmanagedType.IDispatch)] object pDisp, // Used to control the webbrowser appearance and provide DTE to script via window.external - /// - /// Critical:Elevates to Unmanaged code permission - /// [ ComImport(), Guid("BD3F23C0-D43E-11CF-893B-00AA00BDCE1A"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] @@ -3499,9 +2809,6 @@ int FilterDataObject( } - /// - /// Critical: elevates via SUC. - /// [ComImport, Guid("3050F21F-98B5-11CF-BB82-00AA00BDCE0B"), InterfaceType(ComInterfaceType.InterfaceIsDual)] internal interface IHTMLElementCollection @@ -3517,26 +2824,15 @@ internal interface IHTMLElementCollection object Tags(object tagName); }; - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport, Guid("626FC520-A41E-11CF-A731-00A0C9082637"), InterfaceType(ComInterfaceType.InterfaceIsDual)] internal interface IHTMLDocument { - /// - /// Critical elevates via a SUC. - /// [return: MarshalAs(UnmanagedType.IDispatch)] object GetScript(); } - /// - /// Critical: elevates via SUC. - /// If the document is not cross-domain relative to the host application, all methods on this interface - /// can be considered 'safe for scripting'. - /// [ComImport, Guid("332C4425-26CB-11D0-B483-00C04FD90119"), InterfaceType(ComInterfaceType.InterfaceIsDual)] internal interface IHTMLDocument2: IHTMLDocument { @@ -3664,9 +2960,6 @@ internal interface IHTMLDocument2: IHTMLDocument object CreateStyleSheet(string bstrHref, int lIndex); }; - /// - /// Critical: elevates via SUC. - /// [ComImport, InterfaceType(ComInterfaceType.InterfaceIsDual), Guid("163BB1E0-6E00-11CF-837A-48DC04C10000")] internal interface IHTMLLocation { @@ -3691,9 +2984,6 @@ internal interface IHTMLLocation void Assign(string bstr); }; - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport, Guid("3050f6cf-98b5-11cf-bb82-00aa00bdce0b"), InterfaceType(ComInterfaceType.InterfaceIsDual)] internal interface IHTMLWindow4 @@ -3704,19 +2994,12 @@ internal interface IHTMLWindow4 internal static class ArrayToVARIANTHelper { - /// - /// Critical - Calls Marshal.OffsetOf(), which has a LinkDemand for unmanaged code. - /// TreatAsSafe - This is not exploitable. - /// static ArrayToVARIANTHelper() { VariantSize = (int)Marshal.OffsetOf(typeof(FindSizeOfVariant), "b"); } // Convert a object[] into an array of VARIANT, allocated with CoTask allocators. - /// - /// Critical: Calls Marshal.GetNativeVariantForObject(), which has a LinkDemand for unmanaged code. - /// public unsafe static IntPtr ArrayToVARIANTVector(object[] args) { IntPtr mem = IntPtr.Zero; @@ -3746,9 +3029,6 @@ public unsafe static IntPtr ArrayToVARIANTVector(object[] args) } // Free a Variant array created with the above function - /// - /// Critical: Calls Marshal.FreeCoTaskMem(), which has a LinkDemand for unmanaged code. - /// /// The allocated memory to be freed. /// The length of the Variant vector to be cleared. public unsafe static void FreeVARIANTVector(IntPtr mem, int len) @@ -3789,15 +3069,9 @@ private struct FindSizeOfVariant private static readonly int VariantSize; } - /// - /// Critical - This code causes unmanaged code elevation. - /// [DllImport(ExternDll.Oleaut32, PreserveSig=true)] private static extern int VariantClear(IntPtr pObject); - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComImport(), Guid("7FD52380-4E07-101B-AE2D-08002B2EC713"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)] internal interface IPersistStreamInit @@ -3809,9 +3083,6 @@ void GetClassID( [PreserveSig] int IsDirty(); - /// - /// Critical elevates via a SUC. - /// void Load( [In, MarshalAs(UnmanagedType.Interface)] System.Runtime.InteropServices.ComTypes.IStream pstm); @@ -3850,9 +3121,6 @@ internal enum BrowserNavConstants : uint #if never // // Used to control the webbrowser security - /// - /// Critical:Elevates to Unmanaged code permission - /// [ComVisible(true), ComImport(), Guid("79eac9ee-baf9-11ce-8c82-00aa004ba90b"), InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown), CLSCompliant(false)] @@ -3872,18 +3140,12 @@ [PreserveSig] int ProcessUrlAction(string url, int action, #endif #endregion WebBrowser Related Definitions - /// - /// Critical: as suppressing UnmanagedCodeSecurity - /// [DllImport(ExternDll.User32, SetLastError=true, CharSet=CharSet.Auto)] public static extern uint GetRawInputDeviceList( [In, Out] NativeMethods.RAWINPUTDEVICELIST[] ridl, [In, Out] ref uint numDevices, uint sizeInBytes); - /// - /// Critical: as suppressing UnmanagedCodeSecurity - /// [DllImport(ExternDll.User32, SetLastError=true, CharSet=CharSet.Auto)] public static extern uint GetRawInputDeviceInfo( IntPtr hDevice, diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsOther.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsOther.cs index 14dd848ab06..279ee3e65c8 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsOther.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/UnsafeNativeMethodsOther.cs @@ -44,15 +44,9 @@ namespace MS.Win32 public partial class UnsafeNativeMethods { - /// - /// Critical: This elevates to unmanaged code permission - /// [DllImport(ExternDll.Kernel32, CharSet=CharSet.Unicode, SetLastError=true, EntryPoint="GetTempFileName")] internal static extern uint _GetTempFileName(string tmpPath, string prefix, uint uniqueIdOrZero, StringBuilder tmpFileName); - /// - /// Critical: This elevates to unmanaged code permission - /// internal static uint GetTempFileName(string tmpPath, string prefix, uint uniqueIdOrZero, StringBuilder tmpFileName) { uint result = _GetTempFileName(tmpPath, prefix, uniqueIdOrZero, tmpFileName); @@ -64,9 +58,6 @@ internal static uint GetTempFileName(string tmpPath, string prefix, uint uniqueI return result; } - /// - /// Critical: This elevates to unmanaged code permission - /// [DllImport(ExternDll.Shell32, CharSet = System.Runtime.InteropServices.CharSet.Auto, BestFitMapping = false, ThrowOnUnmappableChar = true)] internal static extern int ExtractIconEx( string szExeFileName, @@ -75,33 +66,18 @@ internal static extern int ExtractIconEx( out NativeMethods.IconHandle phiconSmall, int nIcons); - /// - /// Critical: This elevates to unmanaged code permission - /// [DllImport(ExternDll.User32, CharSet = System.Runtime.InteropServices.CharSet.Auto, SetLastError=true)] internal static extern NativeMethods.IconHandle CreateIcon(IntPtr hInstance, int nWidth, int nHeight, byte cPlanes, byte cBitsPixel, byte[] lpbANDbits, byte[] lpbXORbits); - /// - /// Critical: This elevates to unmanaged code permission - /// [DllImport(ExternDll.User32, SetLastError = true)] public static extern bool CreateCaret(HandleRef hwnd, NativeMethods.BitmapHandle hbitmap, int width, int height); - /// - /// Critical: This elevates to unmanaged code permission - /// [DllImport(ExternDll.User32, SetLastError = true)] public static extern bool ShowCaret(HandleRef hwnd); - /// - /// Critical: This elevates to unmanaged code permission - /// [DllImport(ExternDll.User32, SetLastError = true)] public static extern bool HideCaret(HandleRef hwnd); - /// - /// Critical: This elevates to unmanaged code permission - /// [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Auto)] public static extern bool ShowWindowAsync(HandleRef hWnd, int nCmdShow); @@ -122,29 +98,12 @@ internal static extern NativeMethods.IconHandle LoadImage( IntPtr hinst, string stName, int nType, int cxDesired, int cyDesired, int nFlags); */ - /// - /// Critical - performs an elevation. - /// - /// Could be a candidate for safe - as the only information disclosed is whether - /// a certain security measure is on or off. - /// Likely this determination could be made by trying certain actions and failing. - /// [DllImport( ExternDll.Urlmon, ExactSpelling=true)] internal static extern int CoInternetIsFeatureEnabled( int featureEntry , int dwFlags ); - /// - /// Critical - performs an elevation. - /// [DllImport( ExternDll.Urlmon, ExactSpelling=true)] internal static extern int CoInternetSetFeatureEnabled( int featureEntry , int dwFlags, bool fEnable ); - /// - /// Critical - performs an elevation. - /// - /// Could be a candidate for safe - as the only information disclosed is whether - /// a certain security measure is on or off. - /// Likely this determination could be made by trying certain actions and failing. - /// [DllImport( ExternDll.Urlmon, ExactSpelling=true)] internal static extern int CoInternetIsFeatureZoneElevationEnabled( [MarshalAs(UnmanagedType.LPWStr)] string szFromURL, @@ -154,20 +113,11 @@ int dwFlags ); - /// - /// Critical - call is SUC'ed - /// [DllImport(ExternDll.PresentationHostDll, EntryPoint = "ProcessUnhandledException")] internal static extern void ProcessUnhandledException_DLL([MarshalAs(UnmanagedType.BStr)] string errMsg); - /// - /// Critical - performs an elevation. - /// [DllImport(ExternDll.Kernel32, CharSet=CharSet.Unicode)] internal static extern bool GetVersionEx([In, Out] NativeMethods.OSVERSIONINFOEX ver); - /// - /// Critical - performs an elevation. - /// [DllImport( ExternDll.Urlmon, ExactSpelling=true)] internal static extern int CoInternetCreateSecurityManager( [MarshalAs(UnmanagedType.Interface)] object pIServiceProvider, @@ -177,9 +127,6 @@ internal static extern int CoInternetCreateSecurityManager( - /// - /// Critical - performs an elevation. - /// [ComImport, ComVisible(false), Guid("79eac9ee-baf9-11ce-8c82-00aa004ba90b"), System.Runtime.InteropServices.InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] internal interface IInternetSecurityManager { @@ -187,9 +134,6 @@ internal interface IInternetSecurityManager unsafe void GetSecuritySite( /* [out] */ void **ppSite); - /// - /// Critical - performs an elevation. - /// void MapUrlToZone( [In, MarshalAs(UnmanagedType.BStr)] string pwszUrl, @@ -234,9 +178,6 @@ unsafe void QueryCustomPolicy( internal static extern IntPtr LocalFree(IntPtr hMem); #if BASE_NATIVEMETHODS - /// - /// SecurityCritical: This code returns a critical resource obtained under an elevation. - /// [DllImport(ExternDll.Kernel32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false, ThrowOnUnmappableChar = true)] internal unsafe static extern SafeFileHandle CreateFile( string lpFileName, @@ -250,28 +191,17 @@ internal unsafe static extern SafeFileHandle CreateFile( #if BASE_NATIVEMETHODS - /// - /// Critical: This code is critical because it can be used to - /// pass and force arbitrary data into the tree. We should - /// consider yanking it out all the way - /// [DllImport(ExternDll.User32, CharSet = CharSet.Auto)] internal static extern IntPtr GetMessageExtraInfo(); #endif #if BASE_NATIVEMETHODS - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, EntryPoint="WaitForMultipleObjectsEx", SetLastError = true, CharSet = CharSet.Auto)] private static extern int IntWaitForMultipleObjectsEx(int nCount, IntPtr[] pHandles, bool bWaitAll, int dwMilliseconds, bool bAlertable); public const int WAIT_FAILED = unchecked((int)0xFFFFFFFF); - /// - /// Critical - calls IntWaitForMultipleObjectsEx (the real PInvoke method) - /// internal static int WaitForMultipleObjectsEx(int nCount, IntPtr[] pHandles, bool bWaitAll, int dwMilliseconds, bool bAlertable) { int result = IntWaitForMultipleObjectsEx(nCount, pHandles, bWaitAll, dwMilliseconds, bAlertable); @@ -283,15 +213,9 @@ internal static int WaitForMultipleObjectsEx(int nCount, IntPtr[] pHandles, bool return result; } - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, EntryPoint="MsgWaitForMultipleObjectsEx", SetLastError=true, ExactSpelling = true, CharSet = CharSet.Auto)] private static extern int IntMsgWaitForMultipleObjectsEx(int nCount, IntPtr[] pHandles, int dwMilliseconds, int dwWakeMask, int dwFlags); - /// - /// Critical - calls IntMsgWaitForMultipleObjectsEx (the real PInvoke method) - /// internal static int MsgWaitForMultipleObjectsEx(int nCount, IntPtr[] pHandles, int dwMilliseconds, int dwWakeMask, int dwFlags) { int result = IntMsgWaitForMultipleObjectsEx(nCount, pHandles, dwMilliseconds, dwWakeMask, dwFlags); @@ -304,15 +228,9 @@ internal static int MsgWaitForMultipleObjectsEx(int nCount, IntPtr[] pHandles, i } #endif - /// - /// Critical: This code elevates to unmanaged code permission - /// [DllImport(ExternDll.User32, EntryPoint="RegisterClassEx", CharSet=CharSet.Unicode, SetLastError=true, BestFitMapping=false)] internal static extern UInt16 IntRegisterClassEx(NativeMethods.WNDCLASSEX_D wc_d); - /// - /// Critical - calls IntRegisterClassEx (the real PInvoke method) - /// internal static UInt16 RegisterClassEx(NativeMethods.WNDCLASSEX_D wc_d) { UInt16 result = IntRegisterClassEx(wc_d); @@ -324,15 +242,9 @@ internal static UInt16 RegisterClassEx(NativeMethods.WNDCLASSEX_D wc_d) return result; } - /// - /// Critical: This code elevates to unmanaged code permission - /// [DllImport(ExternDll.User32, EntryPoint="UnregisterClass",CharSet = CharSet.Auto, SetLastError = true, BestFitMapping=false)] internal static extern int IntUnregisterClass(IntPtr atomString /*lpClassName*/ , IntPtr hInstance); - /// - /// Critical - calls IntUnregisterClass (the real PInvoke method) - /// internal static void UnregisterClass(IntPtr atomString /*lpClassName*/ , IntPtr hInstance) { int result = IntUnregisterClass(atomString, hInstance); @@ -344,25 +256,16 @@ internal static void UnregisterClass(IntPtr atomString /*lpClassName*/ , IntPtr #if !DRT - /// - /// Critical - performs an elevation. - /// [DllImport("user32.dll", EntryPoint="ChangeWindowMessageFilter", SetLastError=true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool IntChangeWindowMessageFilter(WindowMessage message, MSGFLT dwFlag); - /// - /// Critical - performs an elevation. - /// [DllImport("user32.dll", EntryPoint = "ChangeWindowMessageFilterEx", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool IntChangeWindowMessageFilterEx(IntPtr hwnd, WindowMessage message, MSGFLT action, [In, Out, Optional] ref CHANGEFILTERSTRUCT pChangeFilterStruct); // Note that processes at or below SECURITY_MANDATORY_LOW_RID are not allowed to change the message filter. // If those processes call this function, it will fail and generate the extended error code, ERROR_ACCESS_DENIED. - /// - /// Critical - calls SecurityCritical methods IntChangeWindowMessageFilter and IntChangeWindowMessageFilterEx. - /// internal static MS.Internal.Interop.HRESULT ChangeWindowMessageFilterEx(IntPtr hwnd, WindowMessage message, MSGFLT action, out MSGFLTINFO extStatus) { extStatus = MSGFLTINFO.NONE; @@ -397,15 +300,9 @@ internal static MS.Internal.Interop.HRESULT ChangeWindowMessageFilterEx(IntPtr h return MS.Internal.Interop.HRESULT.S_OK; } - /// - /// Critical - performs an elevation. - /// [DllImport(ExternDll.Urlmon, ExactSpelling = true, CharSet = System.Runtime.InteropServices.CharSet.Ansi, BestFitMapping = false, ThrowOnUnmappableChar = true)] private static extern MS.Internal.Interop.HRESULT ObtainUserAgentString(int dwOption, StringBuilder userAgent, ref int length); - /// - /// Critical - performs an elevation. - /// internal static string ObtainUserAgentString() { int length = MS.Win32.NativeMethods.MAX_PATH; @@ -436,22 +333,12 @@ internal static string ObtainUserAgentString() // note that this method exists in UnsafeNativeMethodsCLR.cs but with a different signature // using a HandleRef for the hWnd instead of an IntPtr, and not using an IntPtr for lParam - /// - /// Critical: This code has the ability to send a message to the wndproc. It exists purely for - /// the secure close scenario. For any other scenario please use the SendMessage call - /// [DllImport(ExternDll.User32,EntryPoint="SendMessage", CharSet = CharSet.Auto)] internal static extern IntPtr UnsafeSendMessage(IntPtr hWnd, WindowMessage msg, IntPtr wParam, IntPtr lParam); - /// - /// Critical: Registering for system broadcast messages - /// [DllImport(ExternDll.User32,EntryPoint="RegisterPowerSettingNotification")] unsafe internal static extern IntPtr RegisterPowerSettingNotification(IntPtr hRecipient, Guid *pGuid, int Flags); - /// - /// Critical: Unregistering for system broadcast messages - /// [DllImport(ExternDll.User32,EntryPoint="UnregisterPowerSettingNotification")] unsafe internal static extern IntPtr UnregisterPowerSettingNotification(IntPtr hPowerNotify); @@ -464,16 +351,10 @@ internal static string ObtainUserAgentString() */ // private DllImport - that takes an IconHandle. - /// - /// Critical: This code causes elevation to unmanaged code - /// [DllImport(ExternDll.User32, CharSet = CharSet.Auto, SetLastError = true)] internal static extern IntPtr SendMessage( HandleRef hWnd, WindowMessage msg, IntPtr wParam, NativeMethods.IconHandle iconHandle ); #endif - /// - /// Critical: This code causes elevation to unmanaged code - /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Auto)] internal static extern void SetLastError(int dwErrorCode); @@ -486,34 +367,20 @@ internal static string ObtainUserAgentString() /// /// /// - /// - /// Critical: This code calls into unmanaged code - /// [DllImport("user32.dll")] public static extern bool GetLayeredWindowAttributes( HandleRef hwnd, IntPtr pcrKey, IntPtr pbAlpha, IntPtr pdwFlags); internal sealed class SafeFileMappingHandle : SafeHandleZeroOrMinusOneIsInvalid { - /// - /// Critical: base class enforces link demand and inheritance demand - /// internal SafeFileMappingHandle(IntPtr handle) : base(false) { SetHandle(handle); } - /// - /// Critical: base class enforces link demand and inheritance demand - /// TreatAsSafe: Creating this is ok, accessing the pointer is bad - /// internal SafeFileMappingHandle() : base(true) { } - /// - /// Critical: base class enforces link demand and inheritance demand - /// TreatAsSafe: This call is safe - /// public override bool IsInvalid { get @@ -522,10 +389,6 @@ public override bool IsInvalid } } - /// - /// Critical - as this function does an elevation to close a handle. - /// TreatAsSafe - as this can at best be used to destabilize one's own app. - /// protected override bool ReleaseHandle() { new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert(); @@ -541,15 +404,8 @@ protected override bool ReleaseHandle() } internal sealed class SafeViewOfFileHandle : SafeHandleZeroOrMinusOneIsInvalid { - /// - /// Critical: This code calls into a base class which link demands for unmanaged code - /// TreatAsSafe:Creating this is ok it is acessing the pointers in it that can be risky - /// internal SafeViewOfFileHandle() : base(true) { } - /// - /// Critical: This code accesses an unsafe object (pointer) and returns it as a pointer - /// internal unsafe void* Memory { get @@ -559,10 +415,6 @@ internal unsafe void* Memory } } - /// - /// Critical - as this function does an elevation to close a handle. - /// TreatAsSafe - as this can at best be used to destabilize one's own app. - /// override protected bool ReleaseHandle() { new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert(); @@ -577,25 +429,14 @@ override protected bool ReleaseHandle() } } - /// - /// SecurityCritical: This code returns critical resource obtained under an elevation. - /// [DllImport(ExternDll.Kernel32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false, ThrowOnUnmappableChar = true)] internal unsafe static extern SafeFileMappingHandle CreateFileMapping(SafeFileHandle hFile, NativeMethods.SECURITY_ATTRIBUTES lpFileMappingAttributes, int flProtect, uint dwMaximumSizeHigh, uint dwMaximumSizeLow, string lpName); - /// - /// SecurityCritical: This code returns a critical resource obtained under an elevation. - /// [DllImport(ExternDll.Kernel32, SetLastError = true)] internal static extern SafeViewOfFileHandle MapViewOfFileEx(SafeFileMappingHandle hFileMappingObject, int dwDesiredAccess, int dwFileOffsetHigh, int dwFileOffsetLow, IntPtr dwNumberOfBytesToMap, IntPtr lpBaseAddress); #endif // BASE_NATIVEMETHODS - /// - /// Critical: LinkDemand on Marshal.GetLastWin32Error - /// TreatAsSafe: Getting an error code isn't unsafe - /// Note: If a SupressUnmanagedCodeSecurity attribute is ever added to IntsetWindowLong(Ptr), we'd need to be Critical - /// internal static IntPtr SetWindowLong(HandleRef hWnd, int nIndex, IntPtr dwNewLong) { IntPtr result = IntPtr.Zero; @@ -615,9 +456,6 @@ internal static IntPtr SetWindowLong(HandleRef hWnd, int nIndex, IntPtr dwNewLon return result; } - /// - /// Critical - it calls IntCriticalSetWindowLongPtr() / IntCriticalSetWindowLong(), which are Critical - /// internal static IntPtr CriticalSetWindowLong(HandleRef hWnd, int nIndex, IntPtr dwNewLong) { IntPtr result = IntPtr.Zero; @@ -637,9 +475,6 @@ internal static IntPtr CriticalSetWindowLong(HandleRef hWnd, int nIndex, IntPtr return result; } - /// - /// Critical - This calls SetLatError() and IntCriticalSetWindowLongPtr() / IntCriticalSetWindowLong(), which are Critical - /// internal static IntPtr CriticalSetWindowLong(HandleRef hWnd, int nIndex, NativeMethods.WndProc dwNewLong) { int errorCode; @@ -668,9 +503,6 @@ internal static IntPtr CriticalSetWindowLong(HandleRef hWnd, int nIndex, NativeM return retVal; } - /// - /// SecurityCritical: This code happens to return a critical resource and causes unmanaged code elevation - /// internal static IntPtr GetWindowLongPtr(HandleRef hWnd, int nIndex ) { IntPtr result = IntPtr.Zero; @@ -703,9 +535,6 @@ internal static IntPtr GetWindowLongPtr(HandleRef hWnd, int nIndex ) return result; } - /// - /// SecurityCritical: This code happens to return a critical resource and causes unmanaged code elevation - /// internal static Int32 GetWindowLong(HandleRef hWnd, int nIndex ) { int iResult = 0; @@ -740,10 +569,6 @@ internal static Int32 GetWindowLong(HandleRef hWnd, int nIndex ) return iResult; } - /// - /// Critical: Call critical method IntGetWindowLongWndProc and IntGetWindowLongWndProcPtr that causes unmanaged code elevation. - /// LinkDemand on Win32Exception constructor but throwing an exception isn't unsafe - /// internal static NativeMethods.WndProc GetWindowLongWndProc(HandleRef hWnd) { NativeMethods.WndProc returnValue = null; @@ -770,9 +595,6 @@ internal static NativeMethods.WndProc GetWindowLongWndProc(HandleRef hWnd) return returnValue; } - /// - /// Critical - Unmanaged code permission is supressed. - /// [DllImport("winmm.dll", CharSet = CharSet.Unicode)] internal static extern bool PlaySound([In]string soundName, IntPtr hmod, SafeNativeMethods.PlaySoundFlags soundFlags); @@ -788,16 +610,10 @@ internal const uint // See also Application.Get/SetCookie(). //!!! - /// - /// SecurityCritical - calls unmanaged code. - /// [DllImport(ExternDll.Wininet, SetLastError=true, ExactSpelling=true, EntryPoint="InternetGetCookieExW", CharSet=CharSet.Unicode)] internal static extern bool InternetGetCookieEx([In]string Url, [In]string cookieName, [Out] StringBuilder cookieData, [In, Out] ref UInt32 pchCookieData, uint flags, IntPtr reserved); - /// - /// SecurityCritical - calls unmanaged code. - /// [DllImport(ExternDll.Wininet, SetLastError = true, ExactSpelling = true, EntryPoint = "InternetSetCookieExW", CharSet = CharSet.Unicode)] internal static extern uint InternetSetCookieEx([In]string Url, [In]string CookieName, [In]string cookieData, uint flags, [In] string p3pHeader); @@ -810,15 +626,9 @@ internal static extern bool InternetGetCookieEx([In]string Url, [In]string cooki ///////////////////////////// // needed by Framework - /// - /// Critical - calls unmanaged code - /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, CharSet = CharSet.Unicode)] internal static extern int GetLocaleInfoW(int locale, int type, string data, int dataSize); - /// - /// Critical - calls unmanaged code - /// [DllImport(ExternDll.Kernel32, ExactSpelling = true, SetLastError = true)] internal static extern int FindNLSString(int locale, uint flags, [MarshalAs(UnmanagedType.LPWStr)]string sourceString, int sourceCount, [MarshalAs(UnmanagedType.LPWStr)]string findString, int findCount, out int found); @@ -838,11 +648,6 @@ internal static extern bool InternetGetCookieEx([In]string Url, [In]string cooki [DllImport(ExternDll.User32, EntryPoint = "SetWindowText", CharSet = CharSet.Auto, SetLastError = true, BestFitMapping = false)] private static extern bool IntSetWindowText(HandleRef hWnd, string text); - /// - /// Critical: LinkDemand on Win32Exception constructor - /// TreatAsSafe: Throwing an exception isn't unsafe - /// Note: If a SupressUnmanagedCodeSecurity attribute is ever added to IntSetWindowText, we'd need to be Critical - /// internal static void SetWindowText(HandleRef hWnd, string text) { if (IntSetWindowText(hWnd, text) == false) @@ -850,9 +655,6 @@ internal static void SetWindowText(HandleRef hWnd, string text) throw new Win32Exception(); } } - /// - /// Critical: This code calls into unmanaged code - /// [DllImport(ExternDll.User32, EntryPoint = "GetIconInfo", CharSet = CharSet.Auto, SetLastError = true)] [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] private static extern bool GetIconInfoImpl(HandleRef hIcon, [Out] ICONINFO_IMPL piconinfo); @@ -871,9 +673,6 @@ internal class ICONINFO_IMPL // note that a different-signature version of this method is defined in SafeNativeMethodsCLR.cs, but // this appears to be an intentional override of the functionality. Seems odd if the real method // is really safe to reimplement it in an unsafe manner. Need to review this. - /// - /// Critical: This code calls into unmanaged code GetIconInfoImpl - /// internal static void GetIconInfo(HandleRef hIcon, out NativeMethods.ICONINFO piconinfo) { bool success = false; @@ -925,11 +724,6 @@ internal static void GetIconInfo(HandleRef hIcon, out NativeMethods.ICONINFO pic private static extern bool IntGetWindowPlacement(HandleRef hWnd, ref NativeMethods.WINDOWPLACEMENT placement); // note: this method exists in UnsafeNativeMethodsCLR.cs, but that method does not have the if/throw implemntation - /// - /// Critical: LinkDemand on Win32Exception constructor - /// TreatAsSafe: Throwing an exception isn't unsafe - /// Note: If a SupressUnmanagedCodeSecurity attribute is ever added to IntGetWindowPlacement, we'd need to be Critical - /// internal static void GetWindowPlacement(HandleRef hWnd, ref NativeMethods.WINDOWPLACEMENT placement) { if (IntGetWindowPlacement(hWnd, ref placement) == false) @@ -943,11 +737,6 @@ internal static void GetWindowPlacement(HandleRef hWnd, ref NativeMethods.WINDOW private static extern bool IntSetWindowPlacement(HandleRef hWnd, [In] ref NativeMethods.WINDOWPLACEMENT placement); // note: this method appears in UnsafeNativeMethodsCLR.cs but does not have the if/throw block - /// - /// Critical: LinkDemand on Win32Exception constructor - /// Note: If a SupressUnmanagedCodeSecurity attribute is ever added to IntSetWindowPlacement, we'd need to be Critical - /// TreatAsSafe: Throwing an exception isn't unsafe - /// internal static void SetWindowPlacement(HandleRef hWnd, [In] ref NativeMethods.WINDOWPLACEMENT placement) { if (IntSetWindowPlacement(hWnd, ref placement) == false) @@ -963,15 +752,9 @@ internal static void SetWindowPlacement(HandleRef hWnd, [In] ref NativeMethods.W // [In, Out] ref ulong nSize); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, CharSet = CharSet.Auto, BestFitMapping = false)] internal static extern bool SystemParametersInfo(int nAction, int nParam, [In, Out] NativeMethods.ANIMATIONINFO anim, int nUpdate); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, CharSet = CharSet.Auto, BestFitMapping = false, ThrowOnUnmappableChar = true)] internal static extern bool SystemParametersInfo(int nAction, int nParam, [In, Out] NativeMethods.ICONMETRICS metrics, int nUpdate); @@ -1088,9 +871,6 @@ public static extern bool EndPanningFeedback( #if BASE_NATIVEMETHODS - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.User32, ExactSpelling = true, CharSet = CharSet.Auto, SetLastError = true)] internal static extern int GetMouseMovePointsEx( uint cbSize, @@ -1126,9 +906,6 @@ internal unsafe struct LARGE_INTEGER internal long QuadPart; } - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, SetLastError = true)] internal static extern bool GetFileSizeEx( SafeFileHandle hFile, @@ -1254,9 +1031,6 @@ IntPtr securityDescriptorSize // SD size internal const int SDDL_REVISION = SDDL_REVISION_1; - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, SetLastError = true, CharSet = CharSet.Auto, BestFitMapping = false, ThrowOnUnmappableChar = true)] internal static extern SafeFileMappingHandle OpenFileMapping( int dwDesiredAccess, @@ -1264,9 +1038,6 @@ internal static extern SafeFileMappingHandle OpenFileMapping( string lpName ); - /// - /// Critical as this code performs an elevation. - /// [DllImport(ExternDll.Kernel32, SetLastError = true)] internal static extern IntPtr VirtualAlloc( IntPtr lpAddress, @@ -1290,9 +1061,6 @@ internal unsafe struct MOUSEQUERY internal IntPtr hwnd; } - /// - /// Critical as this code performs an elevation (via SuppressUnmanagedCodeSecurity) - /// [DllImport(ExternDll.Ole32, ExactSpelling = true, CharSet = CharSet.Auto)] public static extern int OleIsCurrentClipboard(IComDataObject pDataObj); @@ -1319,10 +1087,6 @@ internal static bool NtSuccess(int err) return err >= STATUS_SUCCESS; } - /// - /// Critical: LinkDemand on Win32Exception constructor - /// TreatAsSafe: Throwing an exception isn't unsafe - /// internal static void NtCheck(int err) { if (!NtSuccess(err)) @@ -1342,9 +1106,6 @@ internal static void NtCheck(int err) // COM Helper Methods // - /// - /// Critical: Satisfies a LinkDemand on releasecom call. - /// internal static int SafeReleaseComObject(object o) { int refCount = 0; @@ -1362,9 +1123,6 @@ internal static int SafeReleaseComObject(object o) } #if WINDOWS_BASE - /// - /// Critical as this code performs an elevation. - /// [DllImport(DllImport.Wininet, EntryPoint = "GetUrlCacheConfigInfoW", SetLastError=true)] internal static extern bool GetUrlCacheConfigInfo( ref NativeMethods.InternetCacheConfigInfo pInternetCacheConfigInfo, @@ -1373,32 +1131,20 @@ internal static extern bool GetUrlCacheConfigInfo( ); #endif - /// - /// Critical: takes an hwnd, calls unmanaged code - /// [DllImport("WtsApi32.dll")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WTSRegisterSessionNotification(IntPtr hwnd, uint dwFlags); - /// - /// Critical: takes an hwnd, calls unmanaged code - /// [DllImport("WtsApi32.dll")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool WTSUnRegisterSessionNotification(IntPtr hwnd); - /// - /// Critical: Calls unmanaged code. Returns native process handle. - /// [DllImport(ExternDll.Kernel32, SetLastError = true)] public static extern IntPtr GetCurrentProcess(); public const int DUPLICATE_CLOSE_SOURCE = 1; public const int DUPLICATE_SAME_ACCESS = 2; - /// - /// Critical: Calls unmanaged code. Returns native process handle. - /// [DllImport(ExternDll.Kernel32, SetLastError = true)] public static extern bool DuplicateHandle( IntPtr hSourceProcess, @@ -1446,17 +1192,11 @@ public unsafe struct PROFILE { public NativeMethods.ProfileType dwType; // profile type - /// - /// Critical: Pointer field. - /// public void* pProfileData; // either the filename of the profile or buffer containing profile depending upon dwtype public uint cbDataSize; // size in bytes of pProfileData }; /// The IsIconic function determines whether the specified window is minimized (iconic). - /// - /// Critical: Calls unmanaged code. - /// [DllImport(ExternDll.User32)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool IsIconic(IntPtr hWnd); @@ -1491,9 +1231,6 @@ public struct MOUSEHOOKSTRUCT public delegate IntPtr HookProc(int code, IntPtr wParam, IntPtr lParam); - /// - /// Critical: Calls unmanaged code. - /// public static HandleRef SetWindowsHookEx(HookType idHook, HookProc lpfn, IntPtr hMod, int dwThreadId) { IntPtr result = IntSetWindowsHookEx(idHook, lpfn, hMod, dwThreadId); @@ -1505,21 +1242,12 @@ public static HandleRef SetWindowsHookEx(HookType idHook, HookProc lpfn, IntPtr return new HandleRef(lpfn, result); } - /// - /// Critical: Calls unmanaged code. - /// [DllImport(ExternDll.User32, EntryPoint = "SetWindowsHookExW", SetLastError = true)] private static extern IntPtr IntSetWindowsHookEx(HookType idHook, HookProc lpfn, IntPtr hMod, int dwThreadId); - /// - /// Critical: Calls unmanaged code. - /// [DllImport(ExternDll.User32, SetLastError = true)] public static extern bool UnhookWindowsHookEx(HandleRef hhk); - /// - /// Critical: Calls unmanaged code. - /// [DllImport(ExternDll.User32, SetLastError = true)] public static extern IntPtr CallNextHookEx(HandleRef hhk, int nCode, IntPtr wParam, IntPtr lParam); } From f7a57f664bc17afba7e0b01fec6fc2a8b0bb7d01 Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Thu, 20 Jun 2019 13:06:57 -0700 Subject: [PATCH 4/7] removed attributes --- .../src/DirectWriteForwarder/CPP/DirectWriteForwarder.cpp | 8 -------- .../System/Windows/Generated/ContentElement.cs | 1 - .../System/Windows/Generated/UIElement.cs | 1 - .../System/Windows/Generated/UIElement3D.cs | 1 - .../PresentationCore/System/Windows/Input/InputManager.cs | 1 - 5 files changed, 12 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DirectWriteForwarder.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DirectWriteForwarder.cpp index 8131a32ece5..b3af9d457b7 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DirectWriteForwarder.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DirectWriteForwarder.cpp @@ -31,11 +31,3 @@ #include "DWriteWrapper\ItemProps.cpp" #include "DWriteWrapper\ItemizerHelper.h" #include "DWriteWrapper\IClassification.h" - -// VC 14.14 updated msvcurt def of this function with SecurityCritical but didn't ship the update to the header that defines this function. -// Apply it ourselves until the new UCRT headers are available. -[System::Security::SecurityCritical] -extern unsigned __int64* __CRTDECL __local_stdio_printf_options(void); - -[System::Security::SecurityCritical] -extern unsigned __int64* __CRTDECL __local_stdio_scanf_options(void); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Generated/ContentElement.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Generated/ContentElement.cs index 4cd0b35bc80..8e759c3065f 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Generated/ContentElement.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Generated/ContentElement.cs @@ -443,7 +443,6 @@ internal void RaiseEvent(RoutedEventArgs args, bool trusted) } } - [MS.Internal.Permissions.UserInitiatedRoutedEventPermissionAttribute(SecurityAction.Assert)] internal void RaiseTrustedEvent(RoutedEventArgs args) { if (args == null) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Generated/UIElement.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Generated/UIElement.cs index c1fc44c4f0b..1bfdf9c69b1 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Generated/UIElement.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Generated/UIElement.cs @@ -443,7 +443,6 @@ internal void RaiseEvent(RoutedEventArgs args, bool trusted) } } - [MS.Internal.Permissions.UserInitiatedRoutedEventPermissionAttribute(SecurityAction.Assert)] internal void RaiseTrustedEvent(RoutedEventArgs args) { if (args == null) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Generated/UIElement3D.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Generated/UIElement3D.cs index 25605fafa03..2c3bb2b5041 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Generated/UIElement3D.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Generated/UIElement3D.cs @@ -231,7 +231,6 @@ internal void RaiseEvent(RoutedEventArgs args, bool trusted) } } - [MS.Internal.Permissions.UserInitiatedRoutedEventPermissionAttribute(SecurityAction.Assert)] internal void RaiseTrustedEvent(RoutedEventArgs args) { if (args == null) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputManager.cs b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputManager.cs index 1e10a9df6f0..c195b3c958a 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputManager.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationCore/System/Windows/Input/InputManager.cs @@ -963,7 +963,6 @@ private bool ProcessStagingArea() return handled; } - [MS.Internal.Permissions.UserInitiatedRoutedEventPermissionAttribute(SecurityAction.Assert)] private void RaiseProcessInputEventHandlers(ProcessInputEventHandler postProcessInput, ProcessInputEventArgs processInputEventArgs) { processInputEventArgs.StagingItem.Input.MarkAsUserInitiated(); From 2ce2af57b643902a88fa0c36c4a6f076dfd9098b Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Thu, 20 Jun 2019 14:23:35 -0700 Subject: [PATCH 5/7] removed attributes --- .../src/Shared/MS/Win32/NativeMethodsOther.cs | 1 - .../test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs | 1 - .../test/DRT/DrtXaml/XamlTestClasses/Elements.cs | 1 - 3 files changed, 3 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/NativeMethodsOther.cs b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/NativeMethodsOther.cs index 70162212627..f95f9b9e768 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/NativeMethodsOther.cs +++ b/src/Microsoft.DotNet.Wpf/src/Shared/MS/Win32/NativeMethodsOther.cs @@ -573,7 +573,6 @@ private static int SizeOf() } } - [HostProtection(SecurityAction.LinkDemand, MayLeakOnAbort=true)] internal sealed class SafeLocalMemHandle : SafeHandleZeroOrMinusOneIsInvalid { public SafeLocalMemHandle() : base(true) diff --git a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs index 4f3779f0f4e..a4119aab0ad 100644 --- a/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs +++ b/src/Microsoft.DotNet.Wpf/test/Common/DRT/TestServices/MS/Win32/NativeMethodsOther.cs @@ -574,7 +574,6 @@ private static int SizeOf() } } - [HostProtection(SecurityAction.LinkDemand, MayLeakOnAbort=true)] internal sealed class SafeLocalMemHandle : SafeHandleZeroOrMinusOneIsInvalid { public SafeLocalMemHandle() : base(true) diff --git a/src/Microsoft.DotNet.Wpf/test/DRT/DrtXaml/XamlTestClasses/Elements.cs b/src/Microsoft.DotNet.Wpf/test/DRT/DrtXaml/XamlTestClasses/Elements.cs index dd551e6d3af..1c06c028a2d 100644 --- a/src/Microsoft.DotNet.Wpf/test/DRT/DrtXaml/XamlTestClasses/Elements.cs +++ b/src/Microsoft.DotNet.Wpf/test/DRT/DrtXaml/XamlTestClasses/Elements.cs @@ -13,7 +13,6 @@ using System.Xaml; using System.Security; -[assembly: AllowPartiallyTrustedCallers] [assembly: XmlnsDefinition("http://testroot", "")] public class ClassInRootNamespace From ac251d3641c064cba16f01ea324c128bf6046c5b Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Thu, 20 Jun 2019 14:38:01 -0700 Subject: [PATCH 6/7] removed attributes --- .../src/PresentationFramework/MS/Internal/WeakHashtable.cs | 1 - .../src/PresentationFramework/MS/Internal/WeakObjectHashtable.cs | 1 - src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx | 1 + 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/WeakHashtable.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/WeakHashtable.cs index c2f9c9e9aa0..2abe7fedb71 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/WeakHashtable.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/WeakHashtable.cs @@ -20,7 +20,6 @@ namespace MS.Internal /// It monitors memory usage and will periodically scavenge the /// hash table to clean out dead references. /// - [HostProtection(SharedState = true)] internal sealed class WeakHashtable : Hashtable, IWeakHashtable { private static IEqualityComparer _comparer = new WeakKeyComparer(); diff --git a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/WeakObjectHashtable.cs b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/WeakObjectHashtable.cs index 2f3c028731c..c480384fa52 100644 --- a/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/WeakObjectHashtable.cs +++ b/src/Microsoft.DotNet.Wpf/src/PresentationFramework/MS/Internal/WeakObjectHashtable.cs @@ -25,7 +25,6 @@ namespace MS.Internal /// It monitors memory usage and will periodically scavenge the /// hash table to clean out dead references. /// - [HostProtection(SharedState = true)] internal sealed class WeakObjectHashtable : Hashtable, IWeakHashtable { private static IEqualityComparer _comparer = new WeakKeyComparer(); diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx b/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx index ea58a47cabc..0cdc8ae6f9e 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx +++ b/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx @@ -68,6 +68,7 @@ LONG ReadRegistryString(__in HKEY rootKey, __in LPCWSTR keyName, __in LPCWSTR va #if _MANAGED #endif // Warning 4714 (__forceinline function not inlined) +// is expected here because WPFUtils::GetWPFInstallPath is marked with [SecurityCritical] // and tries to inline HRESULT_FROM_WIN32. // inlining is prevented when the caller or the callee // are marked with any security attribute (critical, safecritical, treatassafecritical). From 8e1cc5c6254e4f464c0cadaa584045a0bb6983be Mon Sep 17 00:00:00 2001 From: Dilip Ojha Date: Sun, 23 Jun 2019 20:00:45 -0700 Subject: [PATCH 7/7] addressed comments --- .../CPP/DWriteWrapper/TextAnalyzer.cpp | 15 --------------- .../src/Shared/cpp/Utils.cxx | 17 ----------------- .../src/System.Xaml/GlobalSuppressions.cs | 5 ----- 3 files changed, 37 deletions(-) diff --git a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.cpp b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.cpp index 96fa69094ca..c06c4bc8ddf 100644 --- a/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.cpp +++ b/src/Microsoft.DotNet.Wpf/src/DirectWriteForwarder/CPP/DWriteWrapper/TextAnalyzer.cpp @@ -276,19 +276,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } } -// Warning 4714 (__forceinline function not inlined) -// and tries to inline HRESULT_FROM_WIN32. -// inlining is prevented when the caller or the callee -// are marked with any security attribute (critical, safecritical, treatassafecritical). -// This is over conservative and misses inlining opportunities occasionaly, -// but currently there is no way of determining accurately the transparency level of a function -// in the native compiler since there are no public APIs provided by CLR at the moment. -// Replicating CLR transparency rules on the native side is not ideal either. -// The solution chosen is to allow inlining only when there is clear evidence -// for the caller and the callee to be transparent. -#pragma warning (push) -#pragma warning (disable : 4714) - void TextAnalyzer::GetGlyphs( __in_ecount(textLength) const WCHAR* textString, UINT32 textLength, @@ -471,8 +458,6 @@ namespace MS { namespace Internal { namespace Text { namespace TextInterface } } -#pragma warning (pop) - void TextAnalyzer::GetGlyphPlacementsForControlCharacters( __in_ecount(textLength) const WCHAR* pTextString, UINT32 textLength, diff --git a/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx b/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx index 0cdc8ae6f9e..ccec10ce6fe 100644 --- a/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx +++ b/src/Microsoft.DotNet.Wpf/src/Shared/cpp/Utils.cxx @@ -65,22 +65,6 @@ LONG ReadRegistryString(__in HKEY rootKey, __in LPCWSTR keyName, __in LPCWSTR va return result; } -#if _MANAGED -#endif -// Warning 4714 (__forceinline function not inlined) -// is expected here because WPFUtils::GetWPFInstallPath is marked with [SecurityCritical] -// and tries to inline HRESULT_FROM_WIN32. -// inlining is prevented when the caller or the callee -// are marked with any security attribute (critical, safecritical, treatassafecritical). -// This is over conservative and misses inlining opportunities occasionaly, -// but currently there is no way of determining accurately the transparency level of a function -// in the native compiler since there are no public APIs provided by CLR at the moment. -// Replicating CLR transparency rules on the native side is not ideal either. -// The solution chosen is to allow inlining only when there is clear evidence -// for the caller and the callee to be transparent. -#pragma warning (push) -#pragma warning (disable : 4714) - HRESULT GetWPFInstallPath(__out_ecount(cchMaxPath) LPWSTR pszPath, size_t cchMaxPath) { HRESULT hr = S_OK; @@ -156,6 +140,5 @@ HRESULT GetWPFInstallPath(__out_ecount(cchMaxPath) LPWSTR pszPath, size_t cchMax return hr; } -#pragma warning (pop) }//namespace diff --git a/src/Microsoft.DotNet.Wpf/src/System.Xaml/GlobalSuppressions.cs b/src/Microsoft.DotNet.Wpf/src/System.Xaml/GlobalSuppressions.cs index 23b6a9a1548..de4077293a0 100644 --- a/src/Microsoft.DotNet.Wpf/src/System.Xaml/GlobalSuppressions.cs +++ b/src/Microsoft.DotNet.Wpf/src/System.Xaml/GlobalSuppressions.cs @@ -122,8 +122,3 @@ [module: SuppressMessage("Microsoft.Reliability", "CA2001:AvoidCallingProblematicMethods", MessageId = "System.Reflection.Assembly.LoadFile", Scope = "member", Target = "System.Xaml.ReflectionHelper.#LoadAssemblyHelper(System.String,System.String)")] [module: SuppressMessage("Microsoft.Reliability", "CA2001:AvoidCallingProblematicMethods", MessageId = "System.Reflection.Assembly.LoadWithPartialName", Scope = "member", Target = "System.Xaml.XamlSchemaContext.#ResolveAssembly(System.String)", Justification = "Need to support load of assemblies from GAC by short name.")] #endregion - -#region Microsoft.Security Suppressions -[module: SuppressMessage("Microsoft.Security", "CA2103:ReviewImperativeSecurity", Scope = "member", Target = "MS.Internal.Xaml.Runtime.DynamicMethodRuntime.#.ctor(MS.Internal.Xaml.Runtime.XamlRuntimeSettings,System.Xaml.XamlSchemaContext,System.Xaml.Permissions.XamlAccessLevel)", Justification = "Reviewed by Microsoft.")] -[module: SuppressMessage("Microsoft.Security", "CA2106:SecureAsserts", Scope = "member", Target = "MS.Internal.Utility.PerfServiceProxy.#InitializeGetId()", Justification = "Doesn't make sense with security transparency system. Reviewed by Microsoft")] -#endregion