Remove most CAS and Security transparency related attributes

[danmoseley]

Fixes https://github.com/dotnet/corefx/issues/12592

Remove CAS and Security Transparency attributes, and related message suppressions and pragma disable 618's with the exception of (1) no changes to Compression and Immutable and (2) no changes to SecurityCritical in refs (only removed some SecurityPermission's)

Are there any other OOBs that I should exclude? System.Net.Http was mentioned in #14383, should I reverse the couple changes there?

@jkotas @stephentoub @JeremyKuhne @davidsh

[jkotas]

Rollback src/System.Diagnostics.Tracing/src/... as usual...

[danmoseley]

Oh, that's frozen in corefx also? Sure...

[davidsh]

Are there any other OOBs that I should exclude? System.Net.Http was mentioned in #14383, should I reverse the couple changes there?

You need to exclude System.Net.Http and all sources that it brings in from src/Common like tracing (DiagnosticSource, EventSource) and any other common files. Otherwise, we will break CAS on the 'net46' build of System.Net.Http.

And to verify your changes, you should run the 'secannotate' tool against the 'net46' binary of System.Net.Http. It needs to continue to show 0 errors. @morganbr can advise.

[davidsh]

cc: @karelz

[danmoseley]

I reverted all changes to files which are compiled into S.N.Http. That includes NetEventSource.Common.cs.

Is it acceptable to put #if NET46 around those? eg

#if NET46    
    [SecuritySafeCritical]
#endif

[davidsh]

Is it acceptable to put #if NET46 around those? eg

Yes. The current source code already uses that convention in places.

[davidsh]

Although for files like HttpClientHandler.Net46.cs, you shouldn't need any 'if NET46' because the whole file is only compiled if it is building NET46.

[davidsh]

nit: I think it is unnecessary to put any if-def wrappers in this file. This file is already only compiled for the NET46 build.

[danmoseley]

I decided to do it anyway so that if and when someone makes a similar pass again (as we paste in more reference source, more are brought in) it's quite clear they don't need to delete this one.

[danmoseley]

@morganbr can you advise about the security check tool mentioned above.

[edit - I found it -- I"ll run it]

[morganbr]

If this gets used in OOBs, it can affect correctness or performance.

[danmoseley]

We want to leave all attributes in all Common code? Or just those used in OOBs (which was my goal)?

[morganbr]

I don't know which ones get used in OOBs. We only need attributes in files that get used in OOBs (and perhaps ones that would get used in the future).

[morganbr]

I believe SafeCritical is important in contracts as well

[danmoseley]

@jkotas ?

[jkotas]

There is no difference between SafeCritical and transparent (ie no annotation) in the contract.

In other words, changing from SafeCritical to transparent or vice versa, is not a contract breaking change.

[morganbr]

There are a couple differences related to inheritance documented at https://msdn.microsoft.com/en-us/library/dd233102(v=vs.110).aspx

[jkotas]

Yes, but those only matter at runtime. They do not matter at compile time where the contracts are consumed.

[morganbr]

Please don't remove FXCop suppressions -- those affect our ability to sign off on the code.

[danmoseley]

I removed this because it relates to LinkDemands, which is CAS. Does it have another purpose?

A public or protected type contains public fields and is secured by a Link Demands.

[morganbr]

The tooling we use for security signoffs doesn't know that we don't use CAS. Suppressions help us weed out the noise.

[danmoseley]

But it's triggered by the presence of a link demand, right? Which we don't have. It doesn't just trigger on all public or protected type contains public fields

[morganbr]

ComVisible is used for interop, not security. Are these intended to be in this change?

[danmoseley]

Yes, per Jan's comments in https://github.com/dotnet/corefx/issues/12592

[danmoseley]

@ericstj , @joperezr pointed out there are more than these 3 oobs. In my naive grep, many apply to desktop:

C:\git\corefx\src>for /f %i in ('dir /s/b *pkgproj') do @(echo %i & @type %i > out & @\t\grep -i "supportedframework.*net4" out)
C:\git\corefx\src\Microsoft.CSharp\pkg\Microsoft.CSharp.pkgproj
      <SupportedFramework>net463;netcoreapp2.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\Microsoft.VisualBasic\pkg\Microsoft.VisualBasic.pkgproj
      <SupportedFramework>net45;netcore45;netcoreapp1.0;wpa81;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\Microsoft.Win32.Registry\pkg\Microsoft.Win32.Registry.pkgproj
      <SupportedFramework>net463;netcoreapp2.0</SupportedFramework>
C:\git\corefx\src\Microsoft.Win32.Registry.AccessControl\pkg\Microsoft.Win32.Registry.AccessControl.pkgproj
      <SupportedFramework>net46;netcoreapp1.0</SupportedFramework>
C:\git\corefx\src\Native\pkg\runtime.native.System.Data.SqlClient.sni\runtime.native.System.Data.SqlClient.sni.pkgproj
C:\git\corefx\src\Native\pkg\runtime.native.System.Data.SqlClient.sni\win\runtime.native.System.Data.SqlClient.sni.pkgproj
C:\git\corefx\src\System.Buffers\pkg\System.Buffers.pkgproj
      <SupportedFramework>net45;netcore45;netcoreapp1.0;wpa81;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.CodeDom\pkg\System.CodeDom.pkgproj
      <SupportedFramework>net461;netcoreapp2.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Collections.Immutable\pkg\System.Collections.Immutable.pkgproj
      <SupportedFramework>net45;netcore45;netcoreapp1.0;wp8;wpa81;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.ComponentModel.Annotations\pkg\System.ComponentModel.Annotations.pkgproj
      <SupportedFramework>net463;netcoreapp2.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Composition\pkg\System.Composition.pkgproj
C:\git\corefx\src\System.Composition.AttributedModel\pkg\System.Composition.AttributedModel.pkgproj
      <SupportedFramework>net45;netcore45;netcoreapp1.0;wp8;wpa81;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Composition.Convention\pkg\System.Composition.Convention.pkgproj
      <SupportedFramework>net45;netcore45;netcoreapp1.0;wp8;wpa81;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Composition.Hosting\pkg\System.Composition.Hosting.pkgproj
      <SupportedFramework>net45;netcore45;netcoreapp1.0;wp8;wpa81;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Composition.Runtime\pkg\System.Composition.Runtime.pkgproj
      <SupportedFramework>net45;netcore45;netcoreapp1.0;wp8;wpa81;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Composition.TypedParts\pkg\System.Composition.TypedParts.pkgproj
      <SupportedFramework>net45;netcore45;netcoreapp1.0;wp8;wpa81;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Configuration.ConfigurationManager\pkg\System.Configuration.ConfigurationManager.pkgproj
      <SupportedFramework>netcoreapp2.0;net461;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Data.SqlClient\pkg\System.Data.SqlClient.pkgproj
      <SupportedFramework>net463;netcoreapp2.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Diagnostics.DiagnosticSource\pkg\System.Diagnostics.DiagnosticSource.pkgproj
      <SupportedFramework>net46;net45;netcore45;netcoreapp1.0;wpa81;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.DirectoryServices\pkg\System.DirectoryServices.pkgproj
C:\git\corefx\src\System.DirectoryServices.AccountManagement\pkg\System.DirectoryServices.AccountManagement.pkgproj
C:\git\corefx\src\System.DirectoryServices.Protocols\pkg\System.DirectoryServices.Protocols.pkgproj
C:\git\corefx\src\System.IO.Compression\pkg\System.IO.Compression.pkgproj
      <SupportedFramework>netcoreapp2.0;net463;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.IO.FileSystem.AccessControl\pkg\System.IO.FileSystem.AccessControl.pkgproj
      <SupportedFramework>net46;netcoreapp1.0</SupportedFramework>
C:\git\corefx\src\System.IO.Packaging\pkg\System.IO.Packaging.pkgproj
      <SupportedFramework>net46;netcore50;netcoreapp1.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.IO.Pipes.AccessControl\pkg\System.IO.Pipes.AccessControl.pkgproj
      <SupportedFramework>net46;netcoreapp1.0</SupportedFramework>
C:\git\corefx\src\System.IO.Ports\pkg\System.IO.Ports.pkgproj
      <SupportedFramework>net463;netcoreapp2.0</SupportedFramework>
C:\git\corefx\src\System.Json\pkg\System.Json.pkgproj
      <SupportedFramework>net45;netcore45;netcoreapp1.0;wp8;wpa81;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Memory\pkg\System.Memory.pkgproj
      <SupportedFramework>net45;netcore45;wp8;wpa81;netcoreapp1.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Net.Http\pkg\System.Net.Http.pkgproj
      <SupportedFramework>net46</SupportedFramework>
C:\git\corefx\src\System.Net.Http.Rtc\pkg\System.Net.Http.Rtc.pkgproj
C:\git\corefx\src\System.Net.Http.WinHttpHandler\pkg\System.Net.Http.WinHttpHandler.pkgproj
      <SupportedFramework>net46;netcoreapp1.0</SupportedFramework>
C:\git\corefx\src\System.Numerics.Vectors.WindowsRuntime\pkg\System.Numerics.Vectors.WindowsRuntime.pkgproj
C:\git\corefx\src\System.Reflection.Context\pkg\System.Reflection.Context.pkgproj
      <SupportedFramework>net45;netcore45;wpa81;netcoreapp1.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Reflection.DispatchProxy\pkg\System.Reflection.DispatchProxy.pkgproj
      <SupportedFramework>net46;netcore50;netcoreapp1.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Reflection.Metadata\pkg\System.Reflection.Metadata.pkgproj
      <SupportedFramework>net45;netcore45;netcoreapp1.0;wpa81;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Runtime.CompilerServices.Unsafe\pkg\System.Runtime.CompilerServices.Unsafe.pkgproj
      <SupportedFramework>net45;netcore45;wp8;wpa81;netcoreapp1.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Runtime.InteropServices.RuntimeInformation\pkg\System.Runtime.InteropServices.RuntimeInformation.pkgproj
      <SupportedFramework>net45;netcore45;wpa81;netcoreapp1.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Runtime.WindowsRuntime\pkg\System.Runtime.WindowsRuntime.pkgproj
C:\git\corefx\src\System.Runtime.WindowsRuntime.UI.Xaml\pkg\System.Runtime.WindowsRuntime.UI.Xaml.pkgproj
C:\git\corefx\src\System.Security.AccessControl\pkg\System.Security.AccessControl.pkgproj
      <SupportedFramework>net463;netcoreapp2.0</SupportedFramework>
C:\git\corefx\src\System.Security.Cryptography.OpenSsl\pkg\System.Security.Cryptography.OpenSsl.pkgproj
      <SupportedFramework>net461;netcoreapp2.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Security.Cryptography.Pkcs\pkg\System.Security.Cryptography.Pkcs.pkgproj
      <SupportedFramework>net46;netcore50;netcoreapp1.0</SupportedFramework>
C:\git\corefx\src\System.Security.Cryptography.ProtectedData\pkg\System.Security.Cryptography.ProtectedData.pkgproj
      <SupportedFramework>net46;netcore50;netcoreapp1.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Security.Cryptography.Xml\pkg\System.Security.Cryptography.Xml.pkgproj
      <SupportedFramework>net462;netcoreapp2.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Security.Permissions\pkg\System.Security.Permissions.pkgproj
      <SupportedFramework>netcoreapp2.0;net461;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Security.Principal.Windows\pkg\System.Security.Principal.Windows.pkgproj
      <SupportedFramework>net463;netcoreapp2.0</SupportedFramework>
C:\git\corefx\src\System.ServiceProcess.ServiceController\pkg\System.ServiceProcess.ServiceController.pkgproj
      <SupportedFramework>net463;netcoreapp2.0</SupportedFramework>
C:\git\corefx\src\System.Text.Encoding.CodePages\pkg\System.Text.Encoding.CodePages.pkgproj
      <SupportedFramework>net461;netcoreapp2.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Text.Encodings.Web\pkg\System.Text.Encodings.Web.pkgproj
      <SupportedFramework>net45;netcore45;wp8;wpa81;netcoreapp1.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Threading.AccessControl\pkg\System.Threading.AccessControl.pkgproj
      <SupportedFramework>net46;netcoreapp1.0</SupportedFramework>
C:\git\corefx\src\System.Threading.Tasks.Dataflow\pkg\System.Threading.Tasks.Dataflow.pkgproj
      <SupportedFramework>net45;netcore45;wp8;wpa81;netcoreapp1.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Threading.Tasks.Extensions\pkg\System.Threading.Tasks.Extensions.pkgproj
      <SupportedFramework>net45;netcore45;netcoreapp1.0;wpa81;wp8;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.Transactions\pkg\System.Transactions.pkgproj
      <SupportedFramework>net461;netcoreapp2.0;$(AllXamarinFrameworks)</SupportedFramework>
C:\git\corefx\src\System.ValueTuple\pkg\System.ValueTuple.pkgproj
      <SupportedFramework>net45;netcore45;netcoreapp1.0;wp8;wpa81;$(AllXamarinFrameworks)</SupportedFramework>

Will we actually support these on desktop? If not, which? @karelz

[jkotas]

In my naive grep, many apply to desktop:

These are OOB packages. Most of them do not actually have any actual corefx code in them for desktop - they just contain forwarders for desktop.

[danmoseley]

@weshaggard for above question about OOB.s

[davidsh]

@danmosemsft

This is what a successful (no errors) secannotate tool shows when there are no errors in CAS attributes for System.Net.Http for the 'net46' binary.

[danmoseley]

OK, well neither the net46 nor netfx flavors (not sure if both are relevant) of S.N.Http have any errors when I do that on the latest commit.

[danmoseley]

OK so it seems what I need to do is examine anything that builds for net46/netfx to determine what is not a pure runtime facade (ie actually has types in) and #if NETFX the attributes in those.

Apparently @ericstj is cleaning out some of these desktop facades that CoreFX builds so I'll sit on this PR until that is done and then rebase and do the analysis above.

[morganbr]

@danmosemsft that sounds pretty good. You can confirm by running secannotate over whatever does build for net46/netfx.

[danmoseley]

@ericstj what is the issue # for the work you are doing that this depends on (to clear up the pkgprojs wedon't need)

[ericstj]

@danmosemsft Anything we need for packaging is currently committed and builds with the AllConfigurations build. Also pkgprojs have been cleaned up for some time. All remaining ones we expect to ship. The PR that enables build of these pkgrpojs is currently pending: #16191

[danmoseley]

OK, so I should avoid touching any security annotations on any contract with a pkgproj - right?

[jkotas]

avoid touching any security annotations on any contract with a pkgproj - right?

You will leave most of the cruft in with this filter. For example, the security annotations can be deleted under \corefx\src\System.DirectoryServices.* - because of the implementation is ,NET Core specific - even though it has pkgproj files.

I believe https://github.com/dotnet/corefx/issues/12592#issuecomment-253971384 is still accurate way how to identify where it is fine to clean it up.

[danmoseley]

I just won't have time to do this anytime soon unfortunately. Maybe I or someone else can reheat this in future.