Investigate WindowsDesktop dependencies on System.Security.Permissions so it can be safely omitted #920
Comments
|
Re System.Xaml, WindowsBase: they forward types to s.s.permissions. Those are the only references they have left. We want those TypeForwardedTo attributes to become dangling references. |
|
This list seems like it contains implementation dependencies as well. I'll look at the CoreFx dependencies on S.S.P and report back the usage. @vatsan-madhavan have you reviewed the DirectoryServices dependency? That seems a bit unusual from PresentationUI. |
There is a People picker UI in PresetationUI that uses DirectoryServices. |
|
This is what I'm seeing:
|
|
System.Drawing.dll is a type-forwards only assembly. I'm sure allowing its dependency on System.Security.Permissions to become a dangling-dependency will be ok. |
|
|
What are folks thoughts on leaving System.Security.Permissions in the ref-pack but making folks use a Reference item in order to get it? |
Seems reasonable to me. We should probably do a test pass for WinForms & WPF to make sure nothing breaks because of the missing S.S.Permissions (we did some testing already in WPF a few days back to validate this fact by manually removing S.S.Permissions manually from the runtime pack).
Given repos below core-setup lock down on Thu 7/25, should we hold this change for start of Preivew 9 (i.e., until Fri, 7/26)? |
I'm not suggesting it be removed from run-time, so run-time behavior shouldn't change, only reference. |
So retain it in both ref and runtime packs, but not include it in any profiles? I'm good with this proposal. |
|
So it looks like omitting it from the framework list does this: Then if I click that helper it just brings up the add-reference dialog without doing anything. Manually adding a simple reference doesn't fix it either, so I guess this isn't a great option, if we leave it out might as well omit it completely from references (what @dagood was originally doing). @nguerrera @dsplaisted in case they have any opinion here. |
|
There's also |
This is what ReferencedByDefault="false" implies. However, the ability to reference them individually isn't implemented yet, or planned to be implemented in 3.0. I don't think we intended to use that for things that are not leaf nodes in the reference closure. We do not expect to have 'You must add a reference to X' errors when consuming things in the default references. That is a pretty bad experience. |
No profile means something very different: if the entire shared framework is referenced, then include it, but there are no subsets which include it. Integration is like this because it pulls in both WPF and WindowsForms. You have to pull in both to use it. |
Right, we don't have this today. We do have this when you consume a desktop library. I believe the extent of this issue if we were to omit S.S.P would be the EncryptedXml API I showed above, the DocumentEvidence property on the same type, and the System.Configuration.Internal.IInternalConfigHost.GetRestrictedPermissions method. These aren't exactly show-stopper APIs. It may be acceptable. We could do the work to more selectively cut this stuff. It would look like cross-compiling ConfigurationManager for netcoreapp3.0 so it doesn't reference S.S.P, pushing down Evidence (to System.Runtime.Extensions or similar) and cross-compiling Crypto.Xml for netcoreapp3.0, then pushing down the permission types from DirectoryServices to S.S.P and allowing the dangling typeforwards. If we did all of this then I think we could maintain our existing precedent for only having dangling type-forwards from reference assemblies. I just can't convince myself that risk/reward of this level of changes is appropriate for this point in the release. |
+1. This sounds like a lot for 3.0 and out of scope for 3.1. If the functionality for individual references is coming in 3.1, then can we live with this until 3.1? Or are we now thinking that SSP should just stay in, and we can reconsider removal in .NET 5? |
|
Is this still a thing? |
|
Yes, please remove System.Security.Permissions from WindowsDesktop. |
|
WPF continues to rely on/use At some point, WPF would have to break those contracts and remove those S.S.P dependencies - and only then this work can be completed. |
|
We could push types into System.Security.Permissions then leave a dangling typeforward. It's not all that unlike mscorlib.dll with dangling type-forwards; only WPF also happens to put type-defs in WindowsBase. Would this impact WPF runtime? |
|
WPF does more than passively expose these types; it uses https://github.com/dotnet/wpf/search?q=xamlaccesslevel For e.g., src/Microsoft.DotNet.Wpf/test/DRT/DrtXaml/DrtXaml/Tests/AdvXamlFeatureTests.cs#L1046-L1053 // Set local assembly on the XOW also (to access internal Ctors)
XamlObjectWriterSettings xowSettings = new XamlObjectWriterSettings();
xowSettings.AccessLevel = System.Xaml.Permissions.XamlAccessLevel.AssemblyAccessTo(localAssembly);
XamlObjectWriter objWriter = new XamlObjectWriter(xamlReader.SchemaContext, xowSettings);
XamlServices.Transform(xamlReader, objWriter);
object o = objWriter.Result;
Test.Elements.Object10 root = (Test.Elements.Object10)o;Ultimately, this would likely require some refactoring of internal DynamicMethodRuntime(XamlRuntimeSettings settings, XamlSchemaContext schemaContext,
XamlAccessLevel accessLevel)
: base(settings, true /*isWriter*/)
{
Debug.Assert(schemaContext != null);
Debug.Assert(accessLevel != null);
_schemaContext = schemaContext;
_localAssembly = Assembly.Load(accessLevel.AssemblyAccessToAssemblyName);
if (accessLevel.PrivateAccessToTypeName != null)
{
_localType = _localAssembly.GetType(accessLevel.PrivateAccessToTypeName, true /*throwOnError*/);
}
} |
|
adding @pchaurasia14 / @singhashish-wpf to follow up on this. |
While trying to remove
System.Security.Permissionsfor https://github.com/dotnet/core-setup/issues/7290, some closure validation errors came up:Some may be caused by having stale dependencies (https://github.com/dotnet/core-setup/issues/7343), but not all (dotnet/core-setup#7324 (comment)):
Once we're sure this is safe (not sure if Core-Setup should be tracking that in particular), we can remove the dependency on
System.Security.Permissionsand add:/cc @ericstj @vatsan-madhavan
The text was updated successfully, but these errors were encountered: