File: Base\System\Windows\Interop\MSG.cs
Project: wpf\src\WindowsBase.csproj (WindowsBase)
//------------------------------------------------------------------------------
// <copyright file="MSG.cs" company="Microsoft">
//     Copyright (c) Microsoft Corporation.  All rights reserved.
// </copyright>
//------------------------------------------------------------------------------
 
using System;
using System.Runtime.InteropServices;
using System.Diagnostics.CodeAnalysis;
using System.Security;
using MS.Internal.WindowsBase;
    
namespace System.Windows.Interop
{
    
    /// <summary>
    /// This class is the managed version of the Win32 MSG datatype.
    /// </summary>
    /// <remarks>
    /// For Avalon/Microsoft interop to work, Microsoft needs to be able to modify MSG structs as they are
    /// processed, so they are passed by ref (it's also a perf gain)
    ///
    /// - but in the Partial Trust scenario, this would be a security vulnerability; allowing partially trusted code
    ///    to intercept and arbitrarily change MSG contents could potentially create a spoofing opportunity.
    ///
    /// - so rather than try to secure all posible current and future extensibility points against untrusted code
    ///    getting write access to a MSG struct during message processing, we decided the simpler,  more performant, and 
    ///    more secure, both now and going forward, solution was to secure write access to the MSG struct directly
    ///    at the source.
    ///
    /// - get access is unrestricted and should in-line nicely for zero perf cost
    ///
    /// - set access is restricted via a call to SecurityHelper.DemandUnrestrictedUIPermission, which is optimized
    ///    to a no-op in the Full Trust scenario, and will throw a security exception in the Partial Trust scenario
    ///
    /// - NOTE: This breaks Avalon/Microsoft interop in the Partial Trust scenario, but that's not a supported
    ///              scenario anyway.
    /// </remarks>
    [SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly")]
    [SuppressMessage("Microsoft.Naming", "CA1705:LongAcronymsShouldBePascalCased")]
    [SuppressMessage("Microsoft.Performance", "CA1815:OverrideEqualsAndOperatorEqualsOnValueTypes")]
    [StructLayout(LayoutKind.Sequential)]
    [Serializable]
    public struct MSG
    {
        /// <SecurityNote>
        ///     Critical: Setting critical data
        /// </SecurityNote>
        [SecurityCritical]
        [FriendAccessAllowed] // Built into Base, used by Core or Framework.
        internal MSG(IntPtr hwnd, int message, IntPtr wParam, IntPtr lParam, int time, int pt_x, int pt_y)
        {
            _hwnd = hwnd;
            _message = message;
            _wParam = wParam;
            _lParam = lParam;
            _time = time;
            _pt_x = pt_x;
            _pt_y = pt_y;
        }
        
        //
        // Public Properties:
        //
        
        /// <summary> 
        ///     The handle of the window to which the message was sent. 
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code as that may be exploited for spoofing purposes
        ///     PublicOK: This data is safe for Partial Trust code to read (getter), There is a demand on the setter to block Partial Trust code
        /// </SecurityNote>
        [SuppressMessage("Microsoft.Design", "CA1051:DoNotDeclareVisibleInstanceFields")]
        [SuppressMessage("Microsoft.Security", "CA2111:PointersShouldNotBeVisible")]
        [SuppressMessage("Microsoft.Reliability", "CA2006:UseSafeHandleToEncapsulateNativeResources")]
        public IntPtr hwnd
        {
            [SecurityCritical]
            get
            {
                return _hwnd;
            }
            [SecurityCritical]
            set
            {
                SecurityHelper.DemandUnrestrictedUIPermission();
                _hwnd = value;   
            }
            
        }
        
         /// <summary> 
         ///    The Value of the window message. 
         /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code as that may be exploited for spoofing purposes
        ///     PublicOK: This data is safe for Partial Trust code to read (getter), There is a demand on the setter to block Partial Trust code
        /// </SecurityNote>
        public int message
        {
            [SecurityCritical]
            get
            {
                return _message;
            }
            [SecurityCritical]
            set
            {
                SecurityHelper.DemandUnrestrictedUIPermission();
                _message = value;   
            }
            
        }
 
        /// <summary> 
        ///     The wParam of the window message. 
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code as that may be exploited for spoofing purposes
        ///     PublicOK: This data is safe for Partial Trust code to read (getter), There is a demand on the setter to block Partial Trust code
        /// </SecurityNote>
        [SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly")]
        [SuppressMessage("Microsoft.Security", "CA2111:PointersShouldNotBeVisible")]
        [SuppressMessage("Microsoft.Reliability", "CA2006:UseSafeHandleToEncapsulateNativeResources")]
        public IntPtr wParam
        {
            [SecurityCritical]
            get
            {
                return _wParam;
            }
            [SecurityCritical]
            set
            {
                SecurityHelper.DemandUnrestrictedUIPermission();
                _wParam = value;   
            }
            
        }
 
        /// <summary> 
        ///     The lParam of the window message. 
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code as that may be exploited for spoofing purposes
        ///     PublicOK: This data is safe for Partial Trust code to read (getter), There is a demand on the setter to block Partial Trust code
        /// </SecurityNote>
        [SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly")]
        [SuppressMessage("Microsoft.Security", "CA2111:PointersShouldNotBeVisible")]
        [SuppressMessage("Microsoft.Reliability", "CA2006:UseSafeHandleToEncapsulateNativeResources")]
        public IntPtr lParam
        {
            [SecurityCritical]
            get
            {
                return _lParam;
            }
            [SecurityCritical]
            set
            {
                SecurityHelper.DemandUnrestrictedUIPermission();
                _lParam = value;   
            }
            
        }
 
        /// <summary>
        ///     The time the window message was sent.
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code as that may be exploited for spoofing purposes
        ///     PublicOK: This data is safe for Partial Trust code to read (getter), There is a demand on the setter to block Partial Trust code
        /// </SecurityNote>
        public int time
        {
            [SecurityCritical]
            get
            {
                return _time;
            }
            [SecurityCritical]
            set
            {
                SecurityHelper.DemandUnrestrictedUIPermission();
                _time = value;   
            }
            
        }
 
        // In the original Win32, pt was a by-Value POINT structure
        /// <summary> 
        ///     The X coordinate of the message POINT struct. 
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code as that may be exploited for spoofing purposes
        ///     PublicOK: This data is safe for Partial Trust code to read (getter), There is a demand on the setter to block Partial Trust code
        /// </SecurityNote>
        [SuppressMessage("Microsoft.Naming", "CA1706:ShortAcronymsShouldBeUpperCased")]
        [SuppressMessage("Microsoft.Naming", "CA1707:IdentifiersShouldNotContainUnderscores")]
        public int pt_x
        {
            [SecurityCritical]
            get
            {
                return _pt_x;
            }
            [SecurityCritical]
            set
            {
                SecurityHelper.DemandUnrestrictedUIPermission();
                _pt_x = value;   
            }
            
        }
 
        /// <summary> 
        ///     The Y coordinate of the message POINT struct. 
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code as that may be exploited for spoofing purposes
        ///     PublicOK: This data is safe for Partial Trust code to read (getter), There is a demand on the setter to block Partial Trust code
        /// </SecurityNote>
        [SuppressMessage("Microsoft.Naming", "CA1706:ShortAcronymsShouldBeUpperCased")]
        [SuppressMessage("Microsoft.Naming", "CA1707:IdentifiersShouldNotContainUnderscores")]
        public int pt_y
        {
            [SecurityCritical]
            get
            {
                return _pt_y;
            }
            [SecurityCritical]
            set
            {
                SecurityHelper.DemandUnrestrictedUIPermission();
                _pt_y = value;   
            }
            
        }
 
        //
        // Internal data:
        // - do not alter the number, order or size of ANY of this members!
        // - they must agree EXACTLY with the native Win32 MSG structure
 
        /// <summary>
        ///     The handle of the window to which the message was sent. 
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code for spoofing purposes
        /// </SecurityNote>
        [SecurityCritical]
        private IntPtr _hwnd;
 
        /// <summary>
        ///     The Value of the window message. 
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code for spoofing purposes
        /// </SecurityNote>
        [SecurityCritical]
        private int _message;
 
        /// <summary>
        ///     The wParam of the window message. 
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code for spoofing purposes
        /// </SecurityNote>
        [SecurityCritical]
        private IntPtr _wParam;
 
        /// <summary>
        ///     The lParam of the window message. 
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code for spoofing purposes
        /// </SecurityNote>
        [SecurityCritical]
        private IntPtr _lParam;
 
        /// <summary>
        ///     The time the window message was sent.
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code for spoofing purposes
        /// </SecurityNote>
        [SecurityCritical]
        private int _time;
 
        /// <summary>
        ///     The X coordinate of the message POINT struct. 
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code for spoofing purposes
        /// </SecurityNote>
        [SecurityCritical]
        private int _pt_x;
 
        /// <summary>
        ///     The Y coordinate of the message POINT struct. 
        /// </summary>
        /// <SecurityNote>
        ///     Critical: This data can not be modified by Partial Trust code for spoofing purposes
        /// </SecurityNote>
        [SecurityCritical]
        private int _pt_y;
 
    }
}