private static PermissionSet /*!*/ CreatePermissionSetByName()
{
string name = "Internet";
bool foundName = false;
PermissionSet setIntersection = new PermissionSet(PermissionState.Unrestricted);
// iterate over each policy level
IEnumerator e = SecurityManager.PolicyHierarchy();
while (e.MoveNext())
{
PolicyLevel level = (PolicyLevel)e.Current;
PermissionSet levelSet = level.GetNamedPermissionSet(name);
if (levelSet != null)
{
foundName = true;
setIntersection = setIntersection.Intersect(levelSet);
}
}
if (setIntersection == null || !foundName)
{
setIntersection = new PermissionSet(PermissionState.None);
}
else
{
setIntersection = new NamedPermissionSet(name, setIntersection);
}
return(setIntersection);
}
}// ApplyData
void onPermissionSetChange(Object o, EventArgs e)
{
m_npsCurPermSet = null;
// We need to find the new permission set
IEnumerator permsetEnumerator = m_pl.NamedPermissionSets.GetEnumerator();
while (permsetEnumerator.MoveNext())
{
NamedPermissionSet permSet = (NamedPermissionSet)permsetEnumerator.Current;
if (permSet.Name.Equals(m_cbPermissionSet.Text))
{
m_npsCurPermSet = permSet;
break;
}
}
// If we couldn't find the permission set in the policy, then it must be the
// unnamed one that the codegroup initially had
if (m_npsCurPermSet == null)
{
m_npsCurPermSet = m_npsCreatedPermSet;
}
PutInPermissions(m_npsCurPermSet);
m_btnViewPerm.Enabled = false;
ActivateApply();
}// onPermissionSetChange
private static NamedPermissionSet BuildEverything()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Everything", PermissionState.None);
namedPermissionSet.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new RegistryPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new KeyContainerPermission(PermissionState.Unrestricted));
SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.AllFlags;
securityPermissionFlag &= ~SecurityPermissionFlag.SkipVerification;
namedPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlag));
namedPermissionSet.AddPermission(new UIPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Diagnostics.EventLogPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Diagnostics.PerformanceCounterPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Messaging.MessageQueuePermission, System.Messaging, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.ServiceProcess.ServiceControllerPermission, System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
return(namedPermissionSet);
}
private static NamedPermissionSet BuildExecution()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Execution", PermissionState.None);
namedPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
return(namedPermissionSet);
}
}// ImportCodegroup
private NamedPermissionSet ImportPermissionSet()
{
// We're importing a permission set
NamedPermissionSet nps = null;
try
{
SecurityElement se = SecurityXMLStuff.GetSecurityElementFromXMLFile(PermissionSetFilename);
if (se == null)
{
throw new Exception("Invalid XML");
}
nps = new NamedPermissionSet("Hi");
nps.FromXml(se);
if (nps.Name == null || nps.Name.Length == 0)
{
nps.Name = Security.FindAGoodPermissionSetName(m_pl, "CustomPermissionSet");
}
return(nps);
}
catch (Exception)
{
MessageBox(CResourceStore.GetString("XMLNoPermSet"),
CResourceStore.GetString("XMLNoPermSetTitle"),
MB.ICONEXCLAMATION);
}
return(null);
}// ImportPermissionSet
public void FromXml_NoName()
{
NamedPermissionSet nps = new NamedPermissionSet(name, PermissionState.None);
SecurityElement se = nps.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
w.AddAttribute("class", se.Attribute("class"));
w.AddAttribute("version", "1");
nps.FromXml(w);
// having a null name can badly influence the rest of the class code
Assert.IsNull(nps.Name, "Name");
NamedPermissionSet copy = (NamedPermissionSet)nps.Copy();
Assert.IsNull(copy.Name, "Copy.Name");
copy = nps.Copy("name");
Assert.AreEqual("name", copy.Name, "Copy(Name).Name");
se = nps.ToXml();
Assert.IsNull(se.Attribute("Name"), "Name attribute");
#if NET_2_0
Assert.AreEqual(0, nps.GetHashCode(), "GetHashCode");
Assert.IsTrue(nps.Equals(nps), "Equals-self");
#endif
}
}// CreateChildren
internal CSinglePermissionSet AddPermissionSet(NamedPermissionSet nps)
{
// Make sure we have a unique permission set name
int nCounter = 1;
String sBase = nps.Name;
while (Security.isPermissionSetNameUsed(m_pl, nps.Name))
{
if (nCounter == 1)
{
nps.Name = String.Format(CResourceStore.GetString("CSinglePermissionSet:NewDupPermissionSet"), sBase);
}
else
{
nps.Name = String.Format(CResourceStore.GetString("CSinglePermissionSet:NumNewDupPermissionSet"), nCounter.ToString(), sBase);
}
nCounter++;
}
// Now add the new permission set
m_pl.AddNamedPermissionSet(nps);
CNode node = new CSinglePermissionSet(nps, m_pl, ReadOnly);
int nCookie = CNodeManager.AddNode(ref node);
AddChild(nCookie);
InsertSpecificChild(nCookie);
// Return the node we created
return((CSinglePermissionSet)node);
} // AddPermissionSet
internal static bool HasSqlClientPermission()
{
NamedPermissionSet permissionset = HttpRuntime.NamedPermissionSet;
// If we don't have a NamedPermissionSet, we're in full trust
if (permissionset == null)
{
return(true);
}
// Check that the user has unrestricted SqlClientPermission
IPermission allowedPermission = permissionset.GetPermission(typeof(SqlClientPermission));
if (allowedPermission == null)
{
return(false);
}
IPermission askedPermission = null;
try {
askedPermission = new SqlClientPermission(PermissionState.Unrestricted);
}
catch {
return(false);
}
return(askedPermission.IsSubsetOf(allowedPermission));
}
public void NameNull()
{
NamedPermissionSet nps = new NamedPermissionSet(name);
nps.Name = null;
// strangely this isn't a ArgumentNullException (but so says the doc)
}
public void Name()
{
NamedPermissionSet nps = new NamedPermissionSet(name);
nps.Name = sentinel;
Assert.AreEqual(sentinel, nps.Name, "Name");
}
// Create a builtin permission set by name.
private static PermissionSet CreateBuiltinPermissionSet(String name)
{
NamedPermissionSet set = null;
switch (name)
{
case "Execution":
{
set = new NamedPermissionSet
("Execution", PermissionState.None);
set.Description = _("Arg_PermissionsExecution");
set.AddPermission(new SecurityPermission
(SecurityPermissionFlag.Execution));
}
break;
case "FullTrust":
{
set = new NamedPermissionSet
("FullTrust", PermissionState.Unrestricted);
set.Description = _("Arg_PermissionsFullTrust");
}
break;
case "Internet":
{
set = new NamedPermissionSet
("Internet", PermissionState.None);
set.Description = _("Arg_PermissionsInternet");
}
break;
case "LocalIntranet":
{
set = new NamedPermissionSet
("LocalIntranet", PermissionState.None);
set.Description = _("Arg_PermissionsLocalIntranet");
}
break;
case "Nothing":
{
set = new NamedPermissionSet
("Nothing", PermissionState.None);
set.Description = _("Arg_PermissionsNothing");
}
break;
case "SkipVerification":
{
set = new NamedPermissionSet
("SkipVerification", PermissionState.None);
set.Description = _("Arg_PermissionsSkipVerification");
set.AddPermission(new SecurityPermission
(SecurityPermissionFlag.SkipVerification));
}
break;
}
return(set);
}
public void RemoveNamedPermissionSet_NotFound()
{
PolicyLevel pl = Load(minimal, PolicyLevelType.Machine);
NamedPermissionSet nps = new NamedPermissionSet("Mono", PermissionState.Unrestricted);
pl.RemoveNamedPermissionSet(nps);
}
public static void SetAppDomainPolicy(AppDomain appDomain)
{
// Create an AppDomain policy level.
PolicyLevel pLevel = PolicyLevel.CreateAppDomainLevel();
// The root code group of the policy level combines all
// permissions of its children.
UnionCodeGroup rootCodeGroup;
PermissionSet ps = new PermissionSet(PermissionState.None);
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
rootCodeGroup = new UnionCodeGroup(new AllMembershipCondition(),
new PolicyStatement(ps, PolicyStatementAttribute.Nothing));
NamedPermissionSet localIntranet = FindNamedPermissionSet("LocalIntranet");
// The following code limits all code on this machine to local intranet permissions
// when running in this application domain.
UnionCodeGroup virtualIntranet = new UnionCodeGroup(
new ZoneMembershipCondition(SecurityZone.MyComputer),
new PolicyStatement(localIntranet,
PolicyStatementAttribute.Nothing));
virtualIntranet.Name = "Virtual Intranet";
// Add the code groups to the policy level.
rootCodeGroup.AddChild(virtualIntranet);
pLevel.RootCodeGroup = rootCodeGroup;
appDomain.SetAppDomainPolicy(pLevel);
}
public void FromXml()
{
NamedPermissionSet nps = new NamedPermissionSet(name, PermissionState.None);
SecurityElement se = nps.ToXml();
Assert.IsNotNull(se, "ToXml()");
NamedPermissionSet nps2 = (NamedPermissionSet)nps.Copy();
nps2.FromXml(se);
Assert.AreEqual(name, nps2.Name, "FromXml-Copy.Name");
// strangely it's empty when converted from XML (but null when created)
Assert.AreEqual("", nps2.Description, "FromXml-Copy.Description");
Assert.IsTrue(!nps2.IsUnrestricted(), "FromXml-Copy.IsUnrestricted");
se.AddAttribute("Description", sentinel);
nps2.FromXml(se);
Assert.AreEqual(name, nps2.Name, "FromXml-Add1.Name");
Assert.AreEqual(sentinel, nps2.Description, "FromXml-Add1.Description");
Assert.IsTrue(!nps2.IsUnrestricted(), "FromXml-Add1.IsUnrestricted");
se.AddAttribute("Unrestricted", "true");
nps2.FromXml(se);
Assert.AreEqual(name, nps2.Name, "FromXml-Add2.Name");
Assert.AreEqual(sentinel, nps2.Description, "FromXml-Add2.Description");
Assert.IsTrue(nps2.IsUnrestricted(), "FromXml-Add2.IsUnrestricted");
}
private static NamedPermissionSet BuildLocalIntranet()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.LocalIntranet, PermissionState.None);
nps.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME;USER"));
nps.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission(PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isfp.UserQuota = Int64.MaxValue;
nps.AddPermission(isfp);
nps.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit));
SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
nps.AddPermission(new SecurityPermission(spf));
nps.AddPermission(new UIPermission(PermissionState.Unrestricted));
// DnsPermission requires stuff outside corlib (System)
nps.AddPermission(PermissionBuilder.Create(DnsPermissionClass, PermissionState.Unrestricted));
// PrintingPermission requires stuff outside corlib (System.Drawing)
nps.AddPermission(PermissionBuilder.Create(PrintingPermission("SafePrinting")));
return(nps);
}
private static NamedPermissionSet BuildSkipVerification()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("SkipVerification", PermissionState.None);
namedPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification));
return(namedPermissionSet);
}
internal static bool HasSqlClientPermission()
{
NamedPermissionSet namedPermissionSet = HttpRuntime.NamedPermissionSet;
if (namedPermissionSet == null)
{
return(true);
}
IPermission target = namedPermissionSet.GetPermission(typeof(SqlClientPermission));
if (target == null)
{
return(false);
}
IPermission permission2 = null;
try
{
permission2 = new SqlClientPermission(PermissionState.Unrestricted);
}
catch
{
return(false);
}
return(permission2.IsSubsetOf(target));
}
private static NamedPermissionSet BuildExecution()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.Execution, PermissionState.None);
nps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
return(nps);
}
// Change a named permission set.
public NamedPermissionSet ChangeNamedPermissionSet
(String name, PermissionSet pSet)
{
// Validate the parameters.
if (name == null)
{
throw new ArgumentNullException("name");
}
if (pSet == null)
{
throw new ArgumentNullException("pSet");
}
// Find the existing permission set with this name.
NamedPermissionSet current = GetNamedPermissionSet(name);
if (current == null)
{
throw new ArgumentException
(_("Security_PermissionSetNotFound"));
}
// Make a copy of the previous permission set.
NamedPermissionSet prev =
(NamedPermissionSet)(current.Copy());
// Clear the permission set and recreate it from "pSet".
current.CopyFrom(pSet);
// Return the previsou permission set.
return(prev);
}
// -ap namedxmlfile
// -addpset namedxmlfile
// -ap xmlfile name
// -addpset xmlfile name
static bool AddPermissionSet(string [] args, ref int i)
{
// two syntax - so we first load the XML file and
// if it's not a named XML file, then we use the next
// parameter as it's name
string xmlfile = args [++i];
PermissionSet ps = LoadPermissions(xmlfile);
if ((ps == null) || !Confirm())
{
return(false);
}
NamedPermissionSet nps = null;
if (ps is NamedPermissionSet)
{
nps = (NamedPermissionSet)ps;
}
else
{
nps = new NamedPermissionSet(args [++i], ps);
}
foreach (PolicyLevel pl in Levels)
{
pl.AddNamedPermissionSet(nps);
SecurityManager.SavePolicyLevel(pl);
}
return(true);
}
}// AddMenuItems
internal override void MenuCommand(int nCommandID, Object oResultItem)
{
if (nCommandID == COMMANDS.DUPLICATE_PERMISSIONSET)
{
NamedPermissionSet nps = (NamedPermissionSet)m_psetWrapper.PSet.Copy();
String sBaseName = nps.Name;
nps.Name = String.Format(CResourceStore.GetString("CSinglePermissionSet:PrependtoDupPSets"), nps.Name);
int nCounter = 1;
// make sure it's not already used
while (Security.isPermissionSetNameUsed(m_pl, nps.Name))
{
nCounter++;
nps.Name = String.Format(CResourceStore.GetString("CSinglePermissionSet:NumPrependtoDupPSets"), nCounter.ToString(), sBaseName);
}
CNode node = CNodeManager.GetNodeByHScope(ParentHScopeItem);
CSinglePermissionSet newNode = ((CPermissionSet)node).AddPermissionSet(nps);
newNode.SecurityPolicyChanged();
// Put the selection on the new permission set we just created
CNodeManager.SelectScopeItem(newNode.HScopeItem);
}
else if (nCommandID == COMMANDS.VIEW_PERMISSION)
{
int iResultItem = (int)oResultItem - 1;
// Pop up the Dialog Box for this permission
(new CReadOnlyPermission((IPermission)m_alPermissions[iResultItem])).ShowDialog();
}
else if (nCommandID == COMMANDS.ADD_PERMISSIONS)
{
CAddPermissionsWizard wiz = new CAddPermissionsWizard(m_psetWrapper);
wiz.LaunchWizard(Cookie);
if (wiz.didFinish)
{
SecurityPolicyChanged();
GenerateGivenPermissionsStringList();
CNodeManager.Console.SelectScopeItem(HScopeItem);
}
}
else if (nCommandID == COMMANDS.SHOW_LISTVIEW)
{
m_oResults = this;
RefreshResultView();
m_fShowHTMLPage = false;
}
else if (nCommandID == COMMANDS.SHOW_TASKPAD)
{
m_oResults = m_taskpad;
m_fShowHTMLPage = true;
// The HTML pages comes displayed with this checkbox marked. Make
// sure we update the xml setting
CConfigStore.SetSetting("ShowHTMLForPermissionSet", "yes");
RefreshResultView();
}
}// MenuCommand
/// <summary>Replaces a <see cref="T:System.Security.NamedPermissionSet" /> in the current policy level with the specified <see cref="T:System.Security.PermissionSet" />.</summary>
/// <returns>A copy of the <see cref="T:System.Security.NamedPermissionSet" /> that was replaced.</returns>
/// <param name="name">The name of the <see cref="T:System.Security.NamedPermissionSet" /> to replace. </param>
/// <param name="pSet">The <see cref="T:System.Security.PermissionSet" /> that replaces the <see cref="T:System.Security.NamedPermissionSet" /> specified by the <paramref name="name" /> parameter. </param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="name" /> parameter is null.-or- The <paramref name="pSet" /> parameter is null. </exception>
/// <exception cref="T:System.ArgumentException">The <paramref name="name" /> parameter is equal to the name of a reserved permission set.-or- The <see cref="T:System.Security.PermissionSet" /> specified by the <paramref name="pSet" /> parameter cannot be found. </exception>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="ControlEvidence" />
/// </PermissionSet>
public NamedPermissionSet ChangeNamedPermissionSet(string name, PermissionSet pSet)
{
if (name == null)
{
throw new ArgumentNullException("name");
}
if (pSet == null)
{
throw new ArgumentNullException("pSet");
}
if (DefaultPolicies.ReservedNames.IsReserved(name))
{
throw new ArgumentException(Locale.GetText("Reserved name"));
}
foreach (object obj in this.named_permission_sets)
{
NamedPermissionSet namedPermissionSet = (NamedPermissionSet)obj;
if (name == namedPermissionSet.Name)
{
this.named_permission_sets.Remove(namedPermissionSet);
this.AddNamedPermissionSet(new NamedPermissionSet(name, pSet));
return(namedPermissionSet);
}
}
throw new ArgumentException(Locale.GetText("PermissionSet not found"));
}
}// CNewPermSetWizard
protected override int WizSetActive(IntPtr hwnd)
{
// Make sure this sucker stays null
m_ps = null;
switch (GetPropPage(hwnd))
{
// If this is the first page of our wizard, we want a
// disabled next button to show
case 0:
if (NewPermissionSetName.Equals(""))
{
TurnOnNext(false);
}
else
{
TurnOnNext(true);
}
break;
case 1:
TurnOnFinish(true);
break;
}
return(base.WizSetActive(hwnd));
}// WizSetActive
public void ChangeNamedPermissionSet_NotFound()
{
PolicyLevel pl = Load(minimal, PolicyLevelType.Machine);
NamedPermissionSet nps2 = new NamedPermissionSet("Mono", PermissionState.None);
pl.ChangeNamedPermissionSet("Mono", nps2);
}
/// <summary>Reconstructs a security object with a given state from an XML encoding.</summary>
/// <param name="e">The XML encoding to use to reconstruct the security object. </param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="e" /> parameter is null. </exception>
/// <exception cref="T:System.ArgumentException">The <see cref="T:System.Security.SecurityElement" /> specified by the <paramref name="e" /> parameter is invalid. </exception>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" />
/// </PermissionSet>
public void FromXml(SecurityElement e)
{
if (e == null)
{
throw new ArgumentNullException("e");
}
SecurityElement securityElement = e.SearchForChildByTag("SecurityClasses");
if (securityElement != null && securityElement.Children != null && securityElement.Children.Count > 0)
{
this.fullNames = new Hashtable(securityElement.Children.Count);
foreach (object obj in securityElement.Children)
{
SecurityElement securityElement2 = (SecurityElement)obj;
this.fullNames.Add(securityElement2.Attributes["Name"], securityElement2.Attributes["Description"]);
}
}
SecurityElement securityElement3 = e.SearchForChildByTag("FullTrustAssemblies");
if (securityElement3 != null && securityElement3.Children != null && securityElement3.Children.Count > 0)
{
this.full_trust_assemblies.Clear();
foreach (object obj2 in securityElement3.Children)
{
SecurityElement securityElement4 = (SecurityElement)obj2;
if (securityElement4.Tag != "IMembershipCondition")
{
throw new ArgumentException(Locale.GetText("Invalid XML"));
}
string text = securityElement4.Attribute("class");
if (text.IndexOf("StrongNameMembershipCondition") < 0)
{
throw new ArgumentException(Locale.GetText("Invalid XML - must be StrongNameMembershipCondition"));
}
this.full_trust_assemblies.Add(new StrongNameMembershipCondition(securityElement4));
}
}
SecurityElement securityElement5 = e.SearchForChildByTag("CodeGroup");
if (securityElement5 != null && securityElement5.Children != null && securityElement5.Children.Count > 0)
{
this.root_code_group = CodeGroup.CreateFromXml(securityElement5, this);
SecurityElement securityElement6 = e.SearchForChildByTag("NamedPermissionSets");
if (securityElement6 != null && securityElement6.Children != null && securityElement6.Children.Count > 0)
{
this.named_permission_sets.Clear();
foreach (object obj3 in securityElement6.Children)
{
SecurityElement et = (SecurityElement)obj3;
NamedPermissionSet namedPermissionSet = new NamedPermissionSet();
namedPermissionSet.Resolver = this;
namedPermissionSet.FromXml(et);
this.named_permission_sets.Add(namedPermissionSet);
}
}
return;
}
throw new ArgumentException(Locale.GetText("Missing Root CodeGroup"));
}
// S1006/ImperativeSecurity
public static void Work()
{
NamedPermissionSet permissions = new NamedPermissionSet("Custom");
permissions.Demand();
SecureClass.RevertDocument();
}
// Add an entry to the "named permission sets" list.
public void AddNamedPermissionSet(NamedPermissionSet permSet)
{
if (permSet == null)
{
throw new ArgumentNullException("permSet");
}
namedPermissionSets.Add(permSet);
}
public void FromXml_WrongTagCase()
{
NamedPermissionSet nps = new NamedPermissionSet(name, PermissionState.None);
SecurityElement se = nps.ToXml();
se.Tag = se.Tag.ToUpper(); // instead of PermissionSet
nps.FromXml(se);
}
/// <summary>Removes the specified <see cref="T:System.Security.NamedPermissionSet" /> from the current policy level.</summary>
/// <returns>The <see cref="T:System.Security.NamedPermissionSet" /> that was removed.</returns>
/// <param name="permSet">The <see cref="T:System.Security.NamedPermissionSet" /> to remove from the current policy level. </param>
/// <exception cref="T:System.ArgumentException">The <see cref="T:System.Security.NamedPermissionSet" /> specified by the <paramref name="permSet" /> parameter was not found. </exception>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="permSet" /> parameter is null. </exception>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="ControlEvidence" />
/// </PermissionSet>
public NamedPermissionSet RemoveNamedPermissionSet(NamedPermissionSet permSet)
{
if (permSet == null)
{
throw new ArgumentNullException("permSet");
}
return(this.RemoveNamedPermissionSet(permSet.Name));
}
internal SecurityElement ToXml(PolicyLevel level, string policyClassName)
{
if ((this.m_membershipCondition == null) && (this.m_element != null))
{
this.ParseMembershipCondition();
}
if (this.m_children == null)
{
this.ParseChildren();
}
if ((this.m_policy == null) && (this.m_element != null))
{
this.ParsePolicy();
}
SecurityElement element = new SecurityElement("CodeGroup");
XMLUtil.AddClassAttribute(element, base.GetType(), policyClassName);
element.AddAttribute("version", "1");
element.AddChild(this.m_membershipCondition.ToXml(level));
if (this.m_policy != null)
{
PermissionSet permissionSetNoCopy = this.m_policy.GetPermissionSetNoCopy();
NamedPermissionSet set2 = permissionSetNoCopy as NamedPermissionSet;
if (((set2 != null) && (level != null)) && (level.GetNamedPermissionSetInternal(set2.Name) != null))
{
element.AddAttribute("PermissionSetName", set2.Name);
}
else if (!permissionSetNoCopy.IsEmpty())
{
element.AddChild(permissionSetNoCopy.ToXml());
}
if (this.m_policy.Attributes != PolicyStatementAttribute.Nothing)
{
element.AddAttribute("Attributes", XMLUtil.BitFieldEnumToString(typeof(PolicyStatementAttribute), this.m_policy.Attributes));
}
}
if (this.m_children.Count > 0)
{
lock (this)
{
IEnumerator enumerator = this.m_children.GetEnumerator();
while (enumerator.MoveNext())
{
element.AddChild(((CodeGroup)enumerator.Current).ToXml(level));
}
}
}
if (this.m_name != null)
{
element.AddAttribute("Name", SecurityElement.Escape(this.m_name));
}
if (this.m_description != null)
{
element.AddAttribute("Description", SecurityElement.Escape(this.m_description));
}
this.CreateXml(element, level);
return(element);
}
public static void NamedPermissionSetCallMethods()
{
NamedPermissionSet nps = new NamedPermissionSet("Test");
PermissionSet ps = nps.Copy();
NamedPermissionSet nps2 = nps.Copy("Test");
nps.Equals(nps2);
int hash = nps.GetHashCode();
SecurityElement se = new SecurityElement("");
nps.FromXml(se);
se = nps.ToXml();
}
public static void PolicyLevelCallMethods()
{
Policy.PolicyLevel pl = (Policy.PolicyLevel)Activator.CreateInstance(typeof(Policy.PolicyLevel), true);
NamedPermissionSet nps = new NamedPermissionSet("test");
pl.AddNamedPermissionSet(nps);
nps = pl.ChangeNamedPermissionSet("test", new PermissionSet(new Permissions.PermissionState()));
Policy.PolicyLevel.CreateAppDomainLevel();
nps = pl.GetNamedPermissionSet("test");
pl.Recover();
NamedPermissionSet nps2 = pl.RemoveNamedPermissionSet(nps);
nps2 = pl.RemoveNamedPermissionSet("test");
pl.Reset();
Policy.Evidence evidence = new Policy.Evidence();
Policy.PolicyStatement ps = pl.Resolve(evidence);
Policy.CodeGroup cg = pl.ResolveMatchingCodeGroups(evidence);
SecurityElement se = new SecurityElement("");
pl.FromXml(se);
se = pl.ToXml();
}
private void LoadAllPermissionSets()
{
// This function loads all the permission sets held in the m_permSetElement member.
// This is useful when you know that an arbitrary permission set loaded from
// the config file could be accessed so you just want to forego the lazy load
// and play it safe.
if (m_permSetElement != null && m_permSetElement.m_lChildren != null)
{
Type type = typeof( PolicyLevel );
lock (type)
{
while (m_permSetElement != null && m_permSetElement.m_lChildren.Count != 0)
{
SecurityElement elPermSet = (SecurityElement)m_permSetElement.m_lChildren[m_permSetElement.m_lChildren.Count-1];
m_permSetElement.m_lChildren.RemoveAt( m_permSetElement.m_lChildren.Count-1 );
if (elPermSet.Tag.Equals( "PermissionSet" ) && elPermSet.Attribute( "class" ).Equals( "System.Security.NamedPermissionSet" ))
{
NamedPermissionSet permSet = new NamedPermissionSet();
permSet.FromXmlNameOnly( elPermSet );
if (permSet.Name != null)
{
m_namedPermissionSets.Add( permSet );
try
{
// We play it conservative here and just say that we are loading policy
// anytime we have to decode a permission set.
bool fullyLoaded;
permSet.FromXml( elPermSet, true, out fullyLoaded );
}
catch (Exception)
{
m_namedPermissionSets.Remove( permSet );
}
}
}
}
m_permSetElement = null;
}
}
}
private static NamedPermissionSet CreateFullTrustSet() {
NamedPermissionSet permSet = new NamedPermissionSet("FullTrust", PermissionState.Unrestricted);
permSet.m_descrResource = "Policy_PS_FullTrust";
return permSet;
}
private static NamedPermissionSet CreateNothingSet() {
NamedPermissionSet permSet = new NamedPermissionSet("Nothing", PermissionState.None);
permSet.m_descrResource = "Policy_PS_Nothing";
return permSet;
}
private PermissionSet CreateFromXml (string xml)
{
#if !NET_2_1
SecurityParser sp = new SecurityParser ();
try {
sp.LoadXml (xml);
}
catch (Mono.Xml.SmallXmlParserException xe) {
throw new XmlSyntaxException (xe.Line, xe.ToString ());
}
SecurityElement se = sp.ToXml ();
string className = se.Attribute ("class");
if (className == null)
return null;
PermissionState state = PermissionState.None;
if (CodeAccessPermission.IsUnrestricted (se))
state = PermissionState.Unrestricted;
if (className.EndsWith ("NamedPermissionSet")) {
NamedPermissionSet nps = new NamedPermissionSet (se.Attribute ("Name"), state);
nps.FromXml (se);
return (PermissionSet) nps;
}
else if (className.EndsWith ("PermissionSet")) {
PermissionSet ps = new PermissionSet (state);
ps.FromXml (se);
return ps;
}
#endif
return null;
}
public void AddNamedPermissionSet(NamedPermissionSet permSet)
{
}
internal NamedPermissionSet GetNamedPermissionSetInternal( String name )
{
CheckLoaded( true );
Type type = typeof( PolicyLevel );
lock (type)
{
// First, try to find it in the list.
IEnumerator enumerator = m_namedPermissionSets.GetEnumerator();
while (enumerator.MoveNext())
{
NamedPermissionSet current = (NamedPermissionSet)enumerator.Current;
if (current.Name.Equals( name ))
{
if (!current.IsFullyLoaded())
current.LoadPostponedPermissions();
// don't copy because we know we're not going to do
// anything wrong
return current;
}
}
// We didn't find it in the list, so if we have a stored element
// see if it is there.
if (m_permSetElement != null)
{
SecurityElement elem = FindElement( name );
if (elem != null)
{
bool fullyLoaded;
NamedPermissionSet permSet = new NamedPermissionSet();
permSet.Name = name;
m_namedPermissionSets.Add( permSet );
try
{
// We play it conservative here and just say that we are loading policy
// anytime we have to decode a permission set.
permSet.FromXml( elem, true, out fullyLoaded );
}
catch (Exception)
{
m_namedPermissionSets.Remove( permSet );
return null;
}
if (permSet.Name != null)
{
if (!fullyLoaded)
{
m_namedPermissionSets.Remove( permSet );
InsertElement( elem );
}
return permSet;
}
else
{
m_namedPermissionSets.Remove( permSet );
return null;
}
}
}
return null;
}
}
internal static NamedPermissionSet CreateSkipVerificationSet()
{
NamedPermissionSet permSet;
permSet = new NamedPermissionSet( "SkipVerification", PermissionState.None );
permSet.Description = "Grants right to bypass the verification";
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification));
return permSet;
}
private static NamedPermissionSet BuildExecution ()
{
NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Execution, PermissionState.None);
nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
return nps;
}
private static NamedPermissionSet BuildLocalIntranet ()
{
NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.LocalIntranet, PermissionState.None);
nps.AddPermission (new EnvironmentPermission (EnvironmentPermissionAccess.Read, "USERNAME;USER"));
nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isfp.UserQuota = Int64.MaxValue;
nps.AddPermission (isfp);
nps.AddPermission (new ReflectionPermission (ReflectionPermissionFlag.ReflectionEmit));
SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
nps.AddPermission (new SecurityPermission (spf));
nps.AddPermission (new UIPermission (PermissionState.Unrestricted));
// DnsPermission requires stuff outside corlib (System)
nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
// PrintingPermission requires stuff outside corlib (System.Drawing)
nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
return nps;
}
internal static NamedPermissionSet CreateFullTrustSet()
{
NamedPermissionSet permSet;
permSet = new NamedPermissionSet( "FullTrust", PermissionState.Unrestricted );
permSet.Description = "Allows full access to all resources";
return permSet;
}
internal static NamedPermissionSet CreateNothingSet()
{
NamedPermissionSet permSet;
permSet = new NamedPermissionSet( "Nothing", PermissionState.None );
permSet.Description = "Denies all resources, including the right to execute";
return permSet;
}
internal static NamedPermissionSet CreateExecutionSet()
{
NamedPermissionSet permSet;
permSet = new NamedPermissionSet( "Execution", PermissionState.None );
permSet.Description = "Permits execution";
permSet.AddPermission( new SecurityPermission( SecurityPermissionFlag.Execution ) );
return permSet;
}
private static NamedPermissionSet BuildInternet ()
{
NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Internet, PermissionState.None);
nps.AddPermission (new FileDialogPermission (FileDialogPermissionAccess.Open));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser;
isfp.UserQuota = 512000;
nps.AddPermission (isfp);
nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
nps.AddPermission (new UIPermission (UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));
// PrintingPermission requires stuff outside corlib (System.Drawing)
nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
return nps;
}
// Add an entry to the "named permission sets" list.
public void AddNamedPermissionSet(NamedPermissionSet permSet)
{
if(permSet == null)
{
throw new ArgumentNullException("permSet");
}
namedPermissionSets.Add(permSet);
}
private static NamedPermissionSet BuildEverything ()
{
NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Everything, PermissionState.None);
nps.AddPermission (new EnvironmentPermission (PermissionState.Unrestricted));
nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
nps.AddPermission (new FileIOPermission (PermissionState.Unrestricted));
nps.AddPermission (new IsolatedStorageFilePermission (PermissionState.Unrestricted));
nps.AddPermission (new ReflectionPermission (PermissionState.Unrestricted));
nps.AddPermission (new RegistryPermission (PermissionState.Unrestricted));
nps.AddPermission (new KeyContainerPermission (PermissionState.Unrestricted));
// not quite all in this case
SecurityPermissionFlag spf = SecurityPermissionFlag.AllFlags;
spf &= ~SecurityPermissionFlag.SkipVerification;
nps.AddPermission (new SecurityPermission (spf));
nps.AddPermission (new UIPermission (PermissionState.Unrestricted));
// others requires stuff outside corlib
nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (PrintingPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (EventLogPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (SocketPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (WebPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (PerformanceCounterPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (DirectoryServicesPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (MessageQueuePermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (ServiceControllerPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (OleDbPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (SqlClientPermissionClass, PermissionState.Unrestricted));
// nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted));
// nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted));
return nps;
}
// Remove a named permission set.
public NamedPermissionSet RemoveNamedPermissionSet
(NamedPermissionSet permSet)
{
if(permSet == null)
{
throw new ArgumentNullException("permSet");
}
return RemoveNamedPermissionSet(permSet.Name);
}
/// <include file='doc\PolicyLevel.uex' path='docs/doc[@for="PolicyLevel.RemoveNamedPermissionSet"]/*' />
public NamedPermissionSet RemoveNamedPermissionSet( NamedPermissionSet permSet )
{
CheckLoaded( true );
if (permSet == null)
throw new ArgumentNullException( "permSet" );
return RemoveNamedPermissionSet( permSet.Name );
}
[System.Security.SecurityCritical] // auto-generated
private void LoadAllPermissionSets()
{
// This function loads all the permission sets held in the m_permSetElement member.
// This is useful when you know that an arbitrary permission set loaded from
// the config file could be accessed so you just want to forego the lazy load
// and play it safe.
if (m_permSetElement != null && m_permSetElement.InternalChildren != null) {
lock (InternalSyncObject) {
while (m_permSetElement != null && m_permSetElement.InternalChildren.Count != 0) {
SecurityElement elPermSet = (SecurityElement)m_permSetElement.Children[m_permSetElement.InternalChildren.Count-1];
m_permSetElement.InternalChildren.RemoveAt(m_permSetElement.InternalChildren.Count-1);
if (elPermSet.Tag.Equals("PermissionSet") && elPermSet.Attribute("class").Equals("System.Security.NamedPermissionSet")) {
NamedPermissionSet permSet = new NamedPermissionSet();
permSet.FromXmlNameOnly(elPermSet);
if (permSet.Name != null) {
m_namedPermissionSets.Add(permSet);
try {
permSet.FromXml(elPermSet, false, true);
}
catch {
m_namedPermissionSets.Remove(permSet);
}
}
}
}
m_permSetElement = null;
}
}
}
/// <include file='doc\PolicyLevel.uex' path='docs/doc[@for="PolicyLevel.AddNamedPermissionSet"]/*' />
public void AddNamedPermissionSet( NamedPermissionSet permSet )
{
CheckLoaded( true );
LoadAllPermissionSets();
lock (this)
{
if (permSet == null)
throw new ArgumentNullException("permSet");
IEnumerator enumerator = m_namedPermissionSets.GetEnumerator();
while (enumerator.MoveNext())
{
if (((NamedPermissionSet)enumerator.Current).Name.Equals( permSet.Name ))
{
throw new ArgumentException( Environment.GetResourceString( "Argument_DuplicateName" ) );
}
}
m_namedPermissionSets.Add( permSet.Copy() );
}
}
[System.Security.SecuritySafeCritical] // auto-generated
public void AddNamedPermissionSet(NamedPermissionSet permSet) {
if (permSet == null)
throw new ArgumentNullException("permSet");
Contract.EndContractBlock();
CheckLoaded();
LoadAllPermissionSets();
lock (this) {
IEnumerator enumerator = m_namedPermissionSets.GetEnumerator();
while (enumerator.MoveNext()) {
if (((NamedPermissionSet)enumerator.Current).Name.Equals(permSet.Name))
throw new ArgumentException(Environment.GetResourceString("Argument_DuplicateName"));
}
NamedPermissionSet npsCopy = (NamedPermissionSet)permSet.Copy();
npsCopy.IgnoreTypeLoadFailures = true;
m_namedPermissionSets.Add(npsCopy);
}
}
public NamedPermissionSet(NamedPermissionSet permSet) {}
public NamedPermissionSet RemoveNamedPermissionSet(NamedPermissionSet permSet) {
if (permSet == null)
throw new ArgumentNullException("permSet");
Contract.EndContractBlock();
return RemoveNamedPermissionSet(permSet.Name);
}
public NamedPermissionSet RemoveNamedPermissionSet(NamedPermissionSet permSet)
{
return default(NamedPermissionSet);
}
[System.Security.SecurityCritical] // auto-generated
internal NamedPermissionSet GetNamedPermissionSetInternal(string name) {
CheckLoaded();
lock (InternalSyncObject)
{
// First, try to find it in the list.
foreach (NamedPermissionSet permissionSet in m_namedPermissionSets) {
if (permissionSet.Name.Equals(name)) {
return permissionSet;
}
}
// We didn't find it in the list, so if we have a stored element
// see if it is there.
if (m_permSetElement != null)
{
SecurityElement elem = FindElement(m_permSetElement, name);
if (elem != null)
{
NamedPermissionSet permSet = new NamedPermissionSet();
permSet.Name = name;
m_namedPermissionSets.Add(permSet);
try
{
// We play it conservative here and just say that we are loading policy
// anytime we have to decode a permission set.
permSet.FromXml(elem, false, true);
}
catch
{
m_namedPermissionSets.Remove(permSet);
return null;
}
if (permSet.Name != null)
{
return permSet;
}
else
{
m_namedPermissionSets.Remove(permSet);
}
}
}
}
return null;
}
// Create new code groups using the custom named permission sets previously created.
private static void CreateCodeGroups()
{
// Create instances of the named permission sets created earlier to establish the
// permissions for the new code groups.
NamedPermissionSet companyCodeSet = new NamedPermissionSet("MyCompany",PermissionState.Unrestricted);
NamedPermissionSet departmentCodeSet = new NamedPermissionSet("MyDepartment",PermissionState.Unrestricted);
// Create new code groups using the named permission sets.
PolicyStatement policyMyCompany = new PolicyStatement(companyCodeSet,PolicyStatementAttribute.LevelFinal);
PolicyStatement policyMyDepartment = new PolicyStatement(departmentCodeSet,PolicyStatementAttribute.Exclusive);
// Create new code groups using UnionCodeGroup.
CodeGroup myCompanyZone = new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.Intranet), policyMyCompany);
myCompanyZone.Name = "MyCompanyCodeGroup";
byte[] b1 = { 0, 36, 0, 0, 4, 128, 0, 0, 148, 0, 0, 0, 6, 2, 0, 0, 0, 36, 0, 0, 82, 83, 65, 49, 0, 4, 0, 0, 1, 0, 1, 0, 237, 146, 145, 51, 34, 97, 123, 196, 90, 174, 41, 170, 173, 221, 41, 193, 175, 39, 7, 151, 178, 0, 230, 152, 218, 8, 206, 206, 170,84, 111, 145, 26, 208, 158, 240, 246, 219, 228, 34, 31, 163, 11, 130, 16, 199, 111, 224, 4, 112, 46, 84, 0, 104, 229, 38, 39, 63, 53, 189, 0, 157, 32, 38, 34, 109, 0, 171, 114, 244, 34, 59, 9, 232, 150, 192, 247, 175, 104, 143, 171, 42, 219, 66, 66, 194, 191, 218, 121, 59, 92, 42, 37, 158, 13, 108, 210, 189, 9, 203, 204, 32, 48, 91, 212, 101, 193, 19, 227, 107, 25, 133, 70, 2, 220, 83, 206, 71, 102, 245, 104, 252, 87, 109, 190, 56, 34, 180};
StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob(b1);
CodeGroup myDepartmentZone = new UnionCodeGroup(new StrongNameMembershipCondition(blob, null, null), policyMyDepartment);
myDepartmentZone.Name = "MyDepartmentCodeGroup";
// Move through the policy levels looking for the Machine policy level.
// Create two new code groups at that level.
IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
while(policyEnumerator.MoveNext())
{
// At the Machine level delete already existing copies of the custom code groups,
// then create the new code groups.
PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current;
if (currentLevel.Label == "Machine")
{
// Remove old instances of the custom groups.
DeleteCustomCodeGroups();
// Add the new code groups.
//*******************************************************
// To add a child code group, add the child to the parent prior to adding
// the parent to the root.
myCompanyZone.AddChild(myDepartmentZone);
// Add the parent to the root code group.
currentLevel.RootCodeGroup.AddChild(myCompanyZone);
SecurityManager.SavePolicy();
}
}
// Save the security policy.
SecurityManager.SavePolicy();
Console.WriteLine("Security policy modified.");
Console.WriteLine("New code groups added at the Machine policy level.");
}
private static NamedPermissionSet CreateSkipVerificationSet() {
NamedPermissionSet permSet = new NamedPermissionSet("SkipVerification", PermissionState.None);
permSet.m_descrResource = "Policy_PS_SkipVerification";
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification));
return permSet;
}
public void AddNamedPermissionSet (NamedPermissionSet permSet)
{
if (permSet == null)
throw new ArgumentNullException ("permSet");
foreach (NamedPermissionSet n in named_permission_sets) {
if (permSet.Name == n.Name) {
throw new ArgumentException (
Locale.GetText ("This NamedPermissionSet is the same an existing NamedPermissionSet."));
}
}
named_permission_sets.Add (permSet.Copy ());
}
public void FromXml (SecurityElement e)
{
if (e == null)
throw new ArgumentNullException ("e");
// MS doesn't throw an exception for this case
// if (e.Tag != "PolicyLevel")
// throw new ArgumentException (Locale.GetText ("Invalid XML"));
SecurityElement sc = e.SearchForChildByTag ("SecurityClasses");
if ((sc != null) && (sc.Children != null) && (sc.Children.Count > 0)) {
fullNames = new Hashtable (sc.Children.Count);
foreach (SecurityElement se in sc.Children) {
fullNames.Add (se.Attributes ["Name"], se.Attributes ["Description"]);
}
}
SecurityElement fta = e.SearchForChildByTag ("FullTrustAssemblies");
if ((fta != null) && (fta.Children != null) && (fta.Children.Count > 0)) {
full_trust_assemblies.Clear ();
foreach (SecurityElement se in fta.Children) {
if (se.Tag != "IMembershipCondition")
throw new ArgumentException (Locale.GetText ("Invalid XML"));
string className = se.Attribute ("class");
if (className.IndexOf ("StrongNameMembershipCondition") < 0)
throw new ArgumentException (Locale.GetText ("Invalid XML - must be StrongNameMembershipCondition"));
// we directly use StrongNameMembershipCondition
full_trust_assemblies.Add (new StrongNameMembershipCondition (se));
}
}
SecurityElement cg = e.SearchForChildByTag ("CodeGroup");
if ((cg != null) && (cg.Children != null) && (cg.Children.Count > 0)) {
root_code_group = CodeGroup.CreateFromXml (cg, this);
} else {
throw new ArgumentException (Locale.GetText ("Missing Root CodeGroup"));
}
SecurityElement nps = e.SearchForChildByTag ("NamedPermissionSets");
if ((nps != null) && (nps.Children != null) && (nps.Children.Count > 0)) {
named_permission_sets.Clear ();
foreach (SecurityElement se in nps.Children) {
NamedPermissionSet n = new NamedPermissionSet ();
n.Resolver = this;
n.FromXml (se);
named_permission_sets.Add (n);
}
}
}
