Add DisablePrivilegedAccess option.

In restricted CAS environment including browser based SIlverlight Application,
non-public member access via reflection causes runtime error.
This should be opt-out because:
* Some people may decide to grant reflection permission for interoperability.
* But many people should decide to use public entities/DTOs instead of permission grant.

This option gives selection for app developers.

This commit also adds unit test in full trust mode.

Author: yfakariya

CHANGES.txt

@@ -623,6 +623,7 @@ Release 0.9.0 (planned)
   * Users of serializer code generator API can specify TextWriter to output. This may improve tooling chain.
   * Users of serializer code generator API can suppress [DebuggerNonUserCode] attribute to enable debugger step in.
   * SerializerRepository API now expose ContainsFor and GetRegisteredSerializers methods to investigate registered serializers.
+  * SerializationContext.DisablePrivilegedAccess for restricted environment like Silverlight to select between granting permission or relinquish non-public access.
 
   BUG FIXES
   * The generated code for the type which has Tuple typed member uses old PackHelper API.
@@ -633,4 +634,5 @@ Release 0.9.0 (planned)
   * Fix some built-in serializers throws InvalidOperationException instead of SerializationException for type errors. Issue #204
   * Fix a combination of readonly members and collection members incorrect code generation when the type also have deserialization constructor. Issue #207.
   * Fix Windows Native build error. Issue #206.
+  * Fix built-in collection serializers such as List<T> serializer causes SecurityException when the program run in restricted environment like Silverlight. Issue #205.
 

MsgPack.Windows.sln

@@ -62,6 +62,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "nunit.framework-sl-5.0", "t
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "nunitlite-sl-5.0", "test\NUnitLite\NUnitFramework\nunitlite\nunitlite-sl-5.0.csproj", "{0A5F920A-1BF5-4DAC-B799-0C618B203797}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MsgPack.UnitTest.Silverlight.5.FullTrust", "test\MsgPack.UnitTest.Silverlight.5.FullTrust\MsgPack.UnitTest.Silverlight.5.FullTrust.csproj", "{26A3F930-FDAF-4886-9111-D326A6F68E82}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		CodeAnalysis|Any CPU = CodeAnalysis|Any CPU
@@ -650,6 +652,46 @@ Global
 		{0A5F920A-1BF5-4DAC-B799-0C618B203797}.Release|x64.Build.0 = Release|Any CPU
 		{0A5F920A-1BF5-4DAC-B799-0C618B203797}.Release|x86.ActiveCfg = Release|Any CPU
 		{0A5F920A-1BF5-4DAC-B799-0C618B203797}.Release|x86.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.CodeAnalysis|Any CPU.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.CodeAnalysis|Any CPU.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.CodeAnalysis|ARM.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.CodeAnalysis|ARM.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.CodeAnalysis|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.CodeAnalysis|Mixed Platforms.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.CodeAnalysis|x64.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.CodeAnalysis|x64.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.CodeAnalysis|x86.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.CodeAnalysis|x86.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Debug|ARM.ActiveCfg = Debug|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Debug|ARM.Build.0 = Debug|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Debug|x64.Build.0 = Debug|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Debug|x86.Build.0 = Debug|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.PerformanceTest|Any CPU.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.PerformanceTest|Any CPU.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.PerformanceTest|ARM.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.PerformanceTest|ARM.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.PerformanceTest|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.PerformanceTest|Mixed Platforms.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.PerformanceTest|x64.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.PerformanceTest|x64.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.PerformanceTest|x86.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.PerformanceTest|x86.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Release|Any CPU.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Release|ARM.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Release|ARM.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Release|Mixed Platforms.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Release|x64.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Release|x64.Build.0 = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Release|x86.ActiveCfg = Release|Any CPU
+		{26A3F930-FDAF-4886-9111-D326A6F68E82}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -677,5 +719,6 @@ Global
 		{17D0F223-E156-42CF-ACA8-815733FE094F} = {9600C37E-439F-43D7-9D12-3AB0BEF7D906}
 		{3DEB15F9-E7DA-403F-B6D3-A8499310397F} = {9600C37E-439F-43D7-9D12-3AB0BEF7D906}
 		{0A5F920A-1BF5-4DAC-B799-0C618B203797} = {9600C37E-439F-43D7-9D12-3AB0BEF7D906}
+		{26A3F930-FDAF-4886-9111-D326A6F68E82} = {9600C37E-439F-43D7-9D12-3AB0BEF7D906}
 	EndGlobalSection
 EndGlobal

Sync.Test.xml

@@ -55,6 +55,15 @@
     <Exclude File="*.tt" />
     <Exclude File="*.ttinclude" />
   </Project>
+  
+  <Project Name="MsgPack.UnitTest.Silverlight.5.FullTrust" Base="MsgPack.UnitTest.Silverlight.5">
+    <Preserve Path="Properties\*" />
+    <Preserve File="*.config" />
+    <Preserve File="*.json" />
+    <Preserve File="*.mpac" />
+    <Preserve Path="App.xaml" />
+    <Preserve Path="App.xaml.cs" />
+  </Project>
 
   <Project Name="MsgPack.UnitTest.Xamarin.iOS" Base="MsgPack.UnitTest">
     <Preserve Path="Properties\*" />

src/MsgPack/ReflectionAbstractions.cs

@@ -134,6 +134,16 @@ public static bool GetIsPublic( this Type source )
 #endif // NETSTANDARD1_1 || NETSTANDARD1_3
 		}
 
+		[System.Diagnostics.CodeAnalysis.SuppressMessage( "Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode", Justification = "Wrong detection" )]
+		public static bool GetIsNestedPublic( this Type source )
+		{
+#if NETSTANDARD1_1 || NETSTANDARD1_3
+			return source.GetTypeInfo().IsNestedPublic;
+#else
+			return source.IsNestedPublic;
+#endif // NETSTANDARD1_1 || NETSTANDARD1_3
+		}
+
 #if DEBUG
 		public static bool GetIsPrimitive( this Type source )
 		{

src/MsgPack/Serialization/ReflectionSerializers/ReflectionSerializerHelper.cs

@@ -237,6 +237,8 @@ public static void GetMetadata(
 			out DataMemberContract[] contracts,
 			out MessagePackSerializer[] serializers )
 		{
+			SerializationTarget.VerifyCanSerializeTargetType( context, targetType );
+
 			getters = new Func<object, object>[ members.Count ];
 			setters = new Action<object, object>[ members.Count ];
 			memberInfos = new MemberInfo[ members.Count ];
@@ -259,15 +261,28 @@ public static void GetMetadata(
 				FieldInfo asField;
 				if ( ( asField = member.Member as FieldInfo ) != null )
 				{
+					if ( context.SerializerOptions.DisablePrivilegedAccess && !asField.GetIsPublic() )
+					{
+						continue;
+					}
+
 					getters[ i ] = asField.GetValue;
-					setters[ i ] = asField.SetValue;
+					if ( !asField.IsInitOnly )
+					{
+						setters[ i ] = asField.SetValue;
+					}
 				}
 				else
 				{
 					var property = member.Member as PropertyInfo;
 #if DEBUG
 					Contract.Assert( property != null, "member.Member is PropertyInfo" );
 #endif // DEBUG
+					if ( context.SerializerOptions.DisablePrivilegedAccess && !property.GetIsPublic() )
+					{
+						continue;
+					}
+
 					var getter = property.GetGetMethod( true );
 					if ( getter == null )
 					{
@@ -276,7 +291,7 @@ public static void GetMetadata(
 
 					getters[ i ] = target => getter.InvokePreservingExceptionType( target, null );
 					var setter = property.GetSetMethod( true );
-					if ( setter != null )
+					if ( setter != null && ( !context.SerializerOptions.DisablePrivilegedAccess || setter.GetIsPublic() ) )
 					{
 						setters[ i ] = ( target, value ) => setter.InvokePreservingExceptionType( target, new[] { value } );
 					}

src/MsgPack/Serialization/SerializationTarget.cs

@@ -56,6 +56,7 @@ internal class SerializationTarget
 		private static readonly string MessagePackDeserializationConstructorAttributeTypeName = typeof( MessagePackDeserializationConstructorAttribute ).FullName;
 		private static readonly string[] EmptyStrings = new string[ 0 ];
 		private static readonly SerializingMember[] EmptyMembers = new SerializingMember[ 0 ];
+		private static readonly Assembly ThisAssembly = typeof( SerializationTarget ).GetAssembly();
 
 		public IList<SerializingMember> Members { get; private set; }
 
@@ -155,17 +156,27 @@ public static void VerifyType( Type targetType )
 			}
 		}
 
+		public static void VerifyCanSerializeTargetType( SerializationContext context, Type targetType )
+		{
+			if ( context.SerializerOptions.DisablePrivilegedAccess && !targetType.GetIsPublic() && !targetType.GetIsNestedPublic() && !ThisAssembly.Equals( targetType.GetAssembly() ) )
+			{
+				throw new SerializationException( String.Format( CultureInfo.CurrentCulture, "Cannot serialize type '{0}' because it is not public to the serializer.", targetType ) );
+			}
+		}
+
 		public static SerializationTarget Prepare( SerializationContext context, Type targetType )
 		{
+			VerifyCanSerializeTargetType( context, targetType );
+
 			var getters = GetTargetMembers( targetType ).OrderBy( entry => entry.Contract.Id ).ToArray();
 
 			if ( getters.Length == 0 )
 			{
 				throw new SerializationException( String.Format( CultureInfo.CurrentCulture, "Cannot serialize type '{0}' because it does not have any serializable fields nor properties.", targetType ) );
 			}
 
-			var memberCandidates = getters.Where( entry => CheckTargetEligibility( entry.Member ) ).ToArray();
 			bool? canDeserialize;
+			var memberCandidates = getters.Where( entry => CheckTargetEligibility( context, entry.Member ) ).ToArray();
 
 			if ( memberCandidates.Length == 0 )
 			{
@@ -495,7 +506,7 @@ private static SerializationException NewTypeCannotBeSerializedException( Type t
 		}
 
 
-		private static bool CheckTargetEligibility( MemberInfo member )
+		private static bool CheckTargetEligibility( SerializationContext context, MemberInfo member )
 		{
 			var asProperty = member as PropertyInfo;
 			var asField = member as FieldInfo;
@@ -510,12 +521,22 @@ private static bool CheckTargetEligibility( MemberInfo member )
 				}
 
 #if !NETSTANDARD1_1 && !NETSTANDARD1_3
-				if ( asProperty.GetSetMethod( true ) != null )
+				var setter = asProperty.GetSetMethod( true );
 #else
-				if ( asProperty.SetMethod != null )
+				var setter = asProperty.SetMethod;
 #endif // !NETSTANDARD1_1 && !NETSTANDARD1_3
+				if ( setter != null )
 				{
-					return true;
+					if ( setter.GetIsPublic() )
+					{
+						return true;
+					}
+
+					if ( !context.SerializerOptions.DisablePrivilegedAccess )
+					{
+						// Can deserialize non-public setter if privileged.
+						return true;
+					}
 				}
 
 				returnType = asProperty.PropertyType;

src/MsgPack/Serialization/SerializerOptions.cs

@@ -137,6 +137,47 @@ public bool DisableRuntimeCodeGeneration
 		}
 #endif // !AOT
 
+#if !FEATURE_CONCURRENT
+		private volatile bool _isNonPublicAccessDisabled;
+#else
+		private bool _isNonPublicAccessDisabled;
+#endif // !FEATURE_CONCURRENT
+
+		/// <summary>
+		///		Gets or sets a value indicating whether generated and/or reflection serializers should not access non public members via privileged reflection.
+		/// </summary>
+		/// <value>
+		///		<c>true</c> if privileged reflection access is disabled; otherwise, <c>false</c>. Defaults to <c>false</c>.
+		/// </value>
+		/// <remarks>
+		///		The privileged reflection means:
+		///		<list type="bullet">
+		///			<item>Access for non-public fields or property accessors via reflection. This operation requires <c>ReflectionPermission</c> of <c>MemberAccess</c> or <c>RestrictedMemberAccess</c>.</item>
+		///			<item>Writing values for init only fields via reflection. This operation requires <c>SecurityPermission</c> of <c>SerializationFormatter</c>.</item>
+		///		</list>
+		///		If the program run on non-privileged Silverlight environment or restricted desktop CLR,
+		///		serialization and deserialization should fail with <c>SecurityException</c>.
+		/// </remarks>
+		public bool DisablePrivilegedAccess
+		{
+			get
+			{
+#if !FEATURE_CONCURRENT
+				return this._isNonPublicAccessDisabled;
+#else
+				return Volatile.Read( ref this._isNonPublicAccessDisabled );
+#endif // !FEATURE_CONCURRENT
+			}
+			set
+			{
+#if !FEATURE_CONCURRENT
+				this._isNonPublicAccessDisabled = value;
+#else
+				Volatile.Write( ref this._isNonPublicAccessDisabled, value );
+#endif // !FEATURE_CONCURRENT
+			}
+		}
+
 #if FEATURE_TAP
 
 		private bool _withAsync;