File: src\Framework\MS\Internal\Interop\InternalDispatchObject.cs
Project: wpf\PresentationFramework.csproj (PresentationFramework)
//------------------------------------------------------------------------------
// <copyright file="InternalDispatchObject.cs" company="Microsoft">
//      Copyright (c) Microsoft Corporation.  All rights reserved.
// </copyright>                                                                
//
// Description:  
//      InternalDispatchObject facilitates implementing a COM dispinterface using a non-public 
//      corresponding managed interface definition (of type ComInterfaceType.InterfaceIsIDispatch). 
//      (For example, we use this to implement DWebBrowserEvents2 without making it a public interface
//      type in the framework.)
//
//      If a public managed interface definition is available, CLR's built-in implementation of
//      IDispatch suffices. It maps IDispatch calls to Reflection calls. But reflecting on non-public
//      members causes a demand for ReflectionPermission/MemberAccess against the caller of the 
//      Reflection API. In a partial-trust AppDomain, and oddly only with some particular transitions 
//      between managed-native-managed stack frames, this demand fails. Given that this occurs with
//      substantially equivalent callstacks in terms of CAS (Asserts) and managed<->native transitions,
//      there is probably an obscure CLR bug somewhere at the intersection of its IDispatch 
//      implementation, Reflection and CAS. And there seems to be no explicit suggestion in 
//      documentation that this scenario is supported in the first place.
//
//      By implementing IReflect, any object can provide its own reflection implementation. And it 
//      turns out CLR's IDispatch "front end" will happily use such an implementation. We don't need
//      to explicitly assert any ReflectionPermission in this arrangement as long as we are targeting
//      an internally visible interface type. (The built-in reflection system performs the equivalent
//      of a LinkDemand against the caller of the reflection API.) This, however, creates a potentially
//      dangerous security situation.
//
//      CAUTION!!! Do not expose any InternalDispatchObject-derived object instance to untrusted code,
//          unless the implementation of the dispinterface is entirely safe. Such objects should be 
//          passed only to native code, to be invoked via IDispatch.
//
//          Because IReflect is a public interface and has no (link)demands on it and because 
//          InternalDispatchObject's internal invocation of relection satisfies the reflection system's
//          ReflectionPermission demand, the implementaiton of the given dispinterface effectively
//          becomes publicly accessible. (Putting a LinkDemand on InternalDispatchObject.InvokeMember()
//          would have no effect because it can be called via IReflect, and LinkDemands are evaluated
//          based on static type info. And putting a full Demand would defeat the whole purpose of
//          InternalDispatchObject.)
//
// History
//      04/30/08 - Microsoft - Created
// 
//------------------------------------------------------------------------------
 
using System;
using System.Security;
using System.Reflection;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Globalization;
 
namespace MS.Internal.Interop
{
 
/// <SecurityNote>
/// InternalDispatchObject-derived objects are potentially unsafe to expose to untrusted code.
/// The IDispInterface implementation members should be treated as publicly accessible.
/// </SecurityNote>
internal abstract class InternalDispatchObject<IDispInterface> : IReflect
{
    /// <summary>
    /// DISPID->MethodInfo map used by InvokeMember()
    /// </summary>
    private Dictionary<int, MethodInfo> _dispId2MethodMap;
 
    /// <SecurityNote>
    /// Critical - to help ensure whoever creates an instance of this class doesn't expose it.
    /// </SecurityNote>
    [SecurityCritical]
    protected InternalDispatchObject()
    {
        // Populate _dispId2MethodMap with the MethodInfos for the interface, keyed by DISPID.
        // There is no support for properties (yet).
        MethodInfo[] methods = typeof(IDispInterface).GetMethods();
        _dispId2MethodMap = new Dictionary<int, MethodInfo>(methods.Length);
        foreach (MethodInfo method in methods)
        {
            int dispid = ((DispIdAttribute[])method.GetCustomAttributes(typeof(DispIdAttribute), false))[0].Value;
            _dispId2MethodMap[dispid] = method;
        }
    }
 
    FieldInfo IReflect.GetField(string name, BindingFlags bindingAttr)
    {
        throw new NotImplementedException();
    }
    FieldInfo[] IReflect.GetFields(BindingFlags bindingAttr)
    {
        return null;
    }
    MemberInfo[] IReflect.GetMember(string name, BindingFlags bindingAttr)
    {
        throw new NotImplementedException();
    }
    MemberInfo[] IReflect.GetMembers(BindingFlags bindingAttr)
    {
        throw new NotImplementedException();
    }
    MethodInfo IReflect.GetMethod(string name, BindingFlags bindingAttr)
    {
        throw new NotImplementedException();
    }
    MethodInfo IReflect.GetMethod(string name, BindingFlags bindingAttr, Binder binder, Type[] types, ParameterModifier[] modifiers)
    {
        throw new NotImplementedException();
    }
    MethodInfo[] IReflect.GetMethods(BindingFlags bindingAttr)
    {
        // It doesn't help to return typeof(IDispInterface).GetMethods(), because the CLR's IDispatch layer
        // ignores non-visible MethodInfos (DispatchInfo::SynchWithManagedView(), in clr\src\VM\DispatchInfo.cpp).
        // For all "unknown" DISPIDs, IReflect.InvokeMember() is passed a method name like "[DISPID=<id>]", 
        // which we parse.
        return null;
    }
    PropertyInfo[] IReflect.GetProperties(BindingFlags bindingAttr)
    {
        return null;
    }
    PropertyInfo IReflect.GetProperty(string name, BindingFlags bindingAttr, Binder binder, Type returnType, Type[] types, ParameterModifier[] modifiers)
    {
        throw new NotImplementedException();
    }
    PropertyInfo IReflect.GetProperty(string name, BindingFlags bindingAttr)
    {
        throw new NotImplementedException();
    }
 
    /// <SecurityNote>
    /// Critical: Performs Reflection against a non-public type.
    /// NOT PublicOK! This method is intrinsically unsafe. Because it can be called via the public IReflect,
    ///     instances of this class should not be exposed to untrusted code. (Full explanation above.)
    /// </SecurityNote>
    object IReflect.InvokeMember(string name, BindingFlags invokeAttr, Binder binder, object target, object[] args, ParameterModifier[] modifiers, System.Globalization.CultureInfo culture, string[] namedParameters)
    {
        // We never expect to get a real method name here--see the explanation in GetMethods().
        if (name.StartsWith("[DISPID=", StringComparison.OrdinalIgnoreCase))
        {
            int dispid = int.Parse(name.Substring(8, name.Length-9), CultureInfo.InvariantCulture);
            MethodInfo method;
            if (_dispId2MethodMap.TryGetValue(dispid, out method))
            {
                return method.Invoke(this, invokeAttr, binder, args, culture);
            }
        }
        // This exception can be thrown if IDispInterface doesn't declare a method with a particular DISPID, 
        // but the real COM interface has it and the event source is trying to invoke it. For a call coming via
        // the native IDispatch, such an error is usually ignorable.
        throw new MissingMethodException(GetType().Name, name);
    }
    
    Type IReflect.UnderlyingSystemType
    {
        get { return typeof(IDispInterface); }
    }
};
 
}//namespace