我正在https://github.com/mono/mono/blob/master/mono/metadata/security-core-clr.c检查该代码。
如果“确保指定的方法可以与反射一起使用,因为透明代码不能调用关键方法”对我来说很好,为什么CoreCLR还会阻止透明代码通过反射调用内部透明方法或属性?!
有关CoreCLR的更多详细信息:http://www.mono-project.com/Moonlight2CoreCLR。
/*
* mono_security_core_clr_ensure_reflection_access_method:
*
* Ensure that the specified method can be used with reflection since
* Transparent code cannot call Critical methods and can only call them
* if they are visible from it's point of view.
*
* A MethodAccessException is thrown if the field is cannot be accessed.
*/
void
mono_security_core_clr_ensure_reflection_access_method (MonoMethod *method)
{
MonoMethod *caller = get_reflection_caller ();
/* CoreCLR restrictions applies to Transparent code/caller */
if (mono_security_core_clr_method_level (caller, TRUE) != MONO_SECURITY_CORE_CLR_TRANSPARENT)
return;
if (mono_security_core_clr_get_options () & MONO_SECURITY_CORE_CLR_OPTIONS_RELAX_REFLECTION) {
if (!mono_security_core_clr_is_platform_image (method->klass->image))
return;
}
/* Transparent code cannot invoke, even using reflection, Critical code */
if (mono_security_core_clr_method_level (method, TRUE) == MONO_SECURITY_CORE_CLR_CRITICAL) {
mono_raise_exception (get_method_access_exception (
"Transparent method %s cannot invoke Critical method %s.",
caller, method));
}
/* also it cannot invoke a method that is not visible from it's (caller) point of view */
if (!check_method_access (caller, method)) {
mono_raise_exception (get_method_access_exception (
"Transparent method %s cannot invoke private/internal method %s.",
caller, method));
}
}
答案 0 :(得分:0)
回答单项目的讨论列表:
在Silverlight中,反射与静态编译一样强大 码。换句话说,如果代码由于成员而无法编译 访问违规,然后反映也无济于事。
虽然此规则不会增加具体的安全性,但它有助于模糊 来自应用程序代码的东西w / out必须用它来装饰成员 [SecurityCritical]。