none
Accessing private members from a transient assembly or an assembly stored outside of the GAC. RRS feed

  • Question

  • Hello.

     

    An assembly "A" with a level 2 transparency model in a fully trusted appdomain needs to generate at runtime a dynamic assembly "B" to access some private fields of types defined in "A" and its dependencies. "B" can be transient or persisted. Dynamic methods are not a possible alternative.

    * Is it doable in any way ? It seems like the access to non-visible members (private members defined in another type than the caller type) must satisfy extra-rules besides of the permissions set. Indeed, it seems like it is only doable by assemblies stored in the GAC or dynamic methods generated by assemblies with the ReflectionPermissionFlag.MemberAccess permission. I am aware of the article "security issues in reflection emit on MSDN" (http://msdn.microsoft.com/en-us/library/9syytdak.aspx) but it is kinda vague : once persisted, a dynamic assembly should not be different than a regular assembly. Still, this persisted assembly does not seem to be able to access private fields when called by a fully trusted assembly with level 2 transparency model. Maybe because it's not in the GAC ? 

    * If I am correct and there are extra-rules, what are they and are they relevant in a level 2 transparency model, or just a burden of the past ? If they are a burden of the past, are there plans to fix this ? Shouldn't MSDN be more clear about this ?

    * If there are extra-rules, can they be circumvented ? For example, by adding explicit requests for ReflectionPermissionFlag.MemberAccess at the beginning of every method in "B" ?

     

    Any clarification would be greatly appreciated, cheers.

    Monday, April 18, 2011 1:27 PM

Answers

  • At this moment statically compiled code (including dynamic assemblies) cannot bypass visibility checks. If you are running in full trust, you can always use reflection invocation to access things you don’t otherwise have access to. If performance is a concern you can use delegates. But that has some limitations: it cannot be used to access fields or invoke constructors.


    --Trevor H.
    Send files to Hotmail.com: "MS_TREVORH"
    Tuesday, May 10, 2011 4:29 PM
    Moderator

All replies

  • Static accessibility is always enforced in jitted code, unless you are using DynamicMethods where one can opt into to skipVisibility or restrictedSkipVisibility.

    If the private fields you are trying to access are truly “private” fields, then the only choice is to use reflection (FieldInfo.GetValue and FieldInfo.SetValue), and this only works in full trust. If the fields are internal to assembly A, you can make B a friend of A by adding appropriate FriendAccessAllowed attribute on A.

    Could you please tell us:

    1. What is your scenario?
    2. Why is DynamicMethod not an option?

     


    --Trevor H.
    Send files to Hotmail.com: "MS_TREVORH"
    • Marked as answer by Raphaël P Monday, May 16, 2011 6:33 AM
    • Unmarked as answer by Raphaël P Monday, May 16, 2011 6:34 AM
    Tuesday, May 3, 2011 7:48 PM
    Moderator
  • Hello and thank you for your answer. 

     

    I am glad to hear out that a fully trusted code can still use FieldnInfo.GetValue, it could be a workaround in some cases.

     

    To answer your questions, we are creating a library to help with code emission. DynamicMethods are not always an option because the user may want to persist the assembly for caching purposes, or because he wants the generated code to be debuggable, something that cannot be achieved with dynamic methods.

     

    Regarding the access to private members, one of the use cases is the use of the library to build an automatic persister (faster than the BinarySerializer and generating more compact results).

    Saturday, May 7, 2011 10:52 AM
  • At this moment statically compiled code (including dynamic assemblies) cannot bypass visibility checks. If you are running in full trust, you can always use reflection invocation to access things you don’t otherwise have access to. If performance is a concern you can use delegates. But that has some limitations: it cannot be used to access fields or invoke constructors.


    --Trevor H.
    Send files to Hotmail.com: "MS_TREVORH"
    Tuesday, May 10, 2011 4:29 PM
    Moderator