// Form the union of this security set and another.
public virtual PermissionSet Union(PermissionSet other)
{
PermissionSet pset;
if (other == null)
{
pset = new PermissionSet(state);
}
else if (IsUnrestricted() || other.IsUnrestricted())
{
pset = new PermissionSet(PermissionState.Unrestricted);
}
else
{
pset = new PermissionSet(PermissionState.None);
}
foreach (IPermission perm in permissions)
{
pset.AddPermission(perm);
}
if (other == null || other.IsEmpty())
{
return(pset);
}
IEnumerator e = other.GetEnumerator();
IPermission permOther, permThis;
int index;
while (e.MoveNext())
{
permOther = (e.Current as IPermission);
if (permOther != null)
{
index = pset.FindPermission(permOther.GetType());
if (index != -1)
{
permThis = (IPermission)(permissions[index]);
permThis = permThis.Union(permOther);
if (permThis != null)
{
pset.SetPermission(permThis);
}
}
else
{
pset.AddPermission(permOther);
}
}
}
return(pset);
}
public void GetEnumerator ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
SecurityPermission sp = new SecurityPermission (SecurityPermissionFlag.Assertion);
ps.AddPermission (sp);
IEnumerator e = ps.GetEnumerator ();
Assert.IsNotNull (e, "GetEnumerator");
int i=0;
while (e.MoveNext ()) {
Assert.IsTrue (e.Current is SecurityPermission, "SecurityPermission");
i++;
}
Assert.AreEqual (1, i, "Count");
}
private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc,
PermissionSet demandSet,
out PermissionSet alteredDemandSet)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
alteredDemandSet = null;
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
{
return(StackHalt);
}
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetPermitOnly();
if (permSet != null)
{
if (!demandSet.IsSubsetOf(permSet))
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetDenials();
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking Denials");
DEBUG_OUT("denials set =\n" + permSet.ToXml().ToString());
DEBUG_OUT("demandSet =\n" + demandSet.ToXml().ToString());
}
#endif
if (permSet != null)
{
PermissionSet intersection = demandSet.Intersect(permSet);
if (intersection != null && !intersection.IsEmpty())
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (secDesc.GetAssertAllPossible())
{
return(StackHalt);
}
permSet = secDesc.GetAssertions();
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
try
{
if (demandSet.IsSubsetOf(permSet))
{
return(StackHalt);
}
}
catch (Exception)
{
}
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSetEnumerator enumerator = (PermissionSetEnumerator)demandSet.GetEnumerator();
while (enumerator.MoveNext())
{
IPermission perm
= (IPermission)enumerator.Current;
int i = enumerator.GetCurrentIndex();
if (perm != null)
{
bool unrestricted = perm is System.Security.Permissions.IUnrestrictedPermission;
IPermission assertPerm
= (IPermission)permSet.GetPermission(i, unrestricted);
bool removeFromAlteredDemand = false;
try
{
removeFromAlteredDemand = perm.IsSubsetOf(assertPerm);
}
catch (Exception)
{
}
if (removeFromAlteredDemand)
{
if (alteredDemandSet == null)
{
alteredDemandSet = demandSet.Copy();
}
alteredDemandSet.RemovePermission(i, unrestricted);
}
}
}
}
}
return(StackContinue);
}
private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc,
PermissionSet demandSet,
out PermissionSet alteredDemandSet)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
alteredDemandSet = null;
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
return StackHalt;
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetPermitOnly();
if (permSet != null)
{
if (!demandSet.IsSubsetOf(permSet))
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetDenials();
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking Denials");
DEBUG_OUT("denials set =\n" + permSet.ToXml().ToString() );
DEBUG_OUT("demandSet =\n" + demandSet.ToXml().ToString() );
}
#endif
if (permSet != null)
{
PermissionSet intersection = demandSet.Intersect(permSet);
if (intersection != null && !intersection.IsEmpty())
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (secDesc.GetAssertAllPossible())
{
return StackHalt;
}
permSet = secDesc.GetAssertions();
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
try
{
if (demandSet.IsSubsetOf( permSet ))
return StackHalt;
}
catch (Exception)
{
}
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSetEnumerator enumerator = (PermissionSetEnumerator)demandSet.GetEnumerator();
while (enumerator.MoveNext())
{
IPermission perm
= (IPermission)enumerator.Current;
int i = enumerator.GetCurrentIndex();
if (perm != null)
{
bool unrestricted = perm is System.Security.Permissions.IUnrestrictedPermission;
IPermission assertPerm
= (IPermission)permSet.GetPermission(i, unrestricted);
bool removeFromAlteredDemand = false;
try
{
removeFromAlteredDemand = perm.IsSubsetOf(assertPerm);
}
catch (Exception)
{
}
if (removeFromAlteredDemand)
{
if (alteredDemandSet == null)
alteredDemandSet = demandSet.Copy();
alteredDemandSet.RemovePermission(i, unrestricted);
}
}
}
}
}
return StackContinue;
}
public NamedPermissionSet ChangeNamedPermissionSet(string name, PermissionSet pSet)
{
if (name == null)
{
throw new ArgumentNullException("name");
}
if (pSet == null)
{
throw new ArgumentNullException("pSet");
}
for (int i = 0; i < s_reservedNamedPermissionSets.Length; i++)
{
if (s_reservedNamedPermissionSets[i].Equals(name))
{
throw new ArgumentException(Environment.GetResourceString("Argument_ReservedNPMS", new object[] { name }));
}
}
NamedPermissionSet namedPermissionSetInternal = this.GetNamedPermissionSetInternal(name);
if (namedPermissionSetInternal == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_NoNPMS"));
}
NamedPermissionSet set2 = (NamedPermissionSet) namedPermissionSetInternal.Copy();
namedPermissionSetInternal.Reset();
namedPermissionSetInternal.SetUnrestricted(pSet.IsUnrestricted());
IEnumerator enumerator = pSet.GetEnumerator();
while (enumerator.MoveNext())
{
namedPermissionSetInternal.SetPermission(((IPermission) enumerator.Current).Copy());
}
if (pSet is NamedPermissionSet)
{
namedPermissionSetInternal.Description = ((NamedPermissionSet) pSet).Description;
}
return set2;
}
public static void PermissionSetDemo()
{
Console.WriteLine("Executing Permission Set Demo");
try
{
// Open a permission set.
PermissionSet ps1 = new PermissionSet(PermissionState.None);
Console.WriteLine("Adding permission to open a file from a file dialog box.");
// Add a permission to the permission set.
ps1.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open));
Console.WriteLine("Demanding Permission to open a file.");
ps1.Demand();
Console.WriteLine("Demand succeeded.");
Console.WriteLine("Adding permission to save a file from a file dialog box.");
ps1.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Save));
Console.WriteLine("Demanding permission to open and save a file.");
ps1.Demand();
Console.WriteLine("Demand succeeded.");
Console.WriteLine("Adding a permission to read environment variable USERNAME.");
ps1.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"));
ps1.Demand();
Console.WriteLine("Demand succeeded.");
Console.WriteLine("Adding permission to read environment variable COMPUTERNAME.");
ps1.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "COMPUTERNAME"));
// Demand all the permissions in the set.
Console.WriteLine("Demand all permissions.");
ps1.Demand();
Console.WriteLine("Demand succeeded.");
// Display the number of permissions in the set.
Console.WriteLine("Number of permissions = " + ps1.Count);
// Display the value of the IsSynchronized property.
Console.WriteLine("IsSynchronized property = " + ps1.IsSynchronized);
// Display the value of the IsReadOnly property.
Console.WriteLine("IsReadOnly property = " + ps1.IsReadOnly);
// Display the value of the SyncRoot property.
Console.WriteLine("SyncRoot property = " + ps1.SyncRoot);
// Display the result of a call to the ContainsNonCodeAccessPermissions method.
// Gets a value indicating whether the PermissionSet contains permissions
// that are not derived from CodeAccessPermission.
// Returns true if the PermissionSet contains permissions that are not
// derived from CodeAccessPermission; otherwise, false.
Console.WriteLine("ContainsNonCodeAccessPermissions method returned " + ps1.ContainsNonCodeAccessPermissions());
Console.WriteLine("Value of the permission set ToString = \n" + ps1.ToString());
PermissionSet ps2 = new PermissionSet(PermissionState.None);
// Create a second permission set and compare it to the first permission set.
ps2.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"));
ps2.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Write, "COMPUTERNAME"));
Console.WriteLine("Permission set 2 = " + ps2);
IEnumerator list = ps1.GetEnumerator();
Console.WriteLine("Permissions in first permission set:");
foreach (var permission in ps1)
Console.WriteLine(permission.ToString());
Console.WriteLine("Second permission IsSubSetOf first permission = " + ps2.IsSubsetOf(ps1));
// Display the intersection of two permission sets.
PermissionSet ps3 = ps2.Intersect(ps1);
Console.WriteLine("The intersection of the first permission set and the second permission set = " + ps3.ToString());
// Create a new permission set.
PermissionSet ps4 = new PermissionSet(PermissionState.None);
ps4.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, "C:\\Temp\\Testfile.txt"));
ps4.AddPermission(new FileIOPermission(FileIOPermissionAccess.Write | FileIOPermissionAccess.Append, "C:\\Temp\\Testfile.txt"));
// Display the union of two permission sets.
PermissionSet ps5 = ps3.Union(ps4);
Console.WriteLine("The union of permission set 3 and permission set 4 = " + ps5.ToString());
// Remove FileIOPermission from the permission set.
ps5.RemovePermission(typeof(FileIOPermission));
Console.WriteLine("The last permission set after removing FileIOPermission = " + ps5.ToString());
// Change the permission set using SetPermission
ps5.SetPermission(new EnvironmentPermission(EnvironmentPermissionAccess.AllAccess, "USERNAME"));
Console.WriteLine("Permission set after SetPermission = " + ps5.ToString());
// Display result of ToXml and FromXml operations.
PermissionSet ps6 = new PermissionSet(PermissionState.None);
ps6.FromXml(ps5.ToXml());
Console.WriteLine("Result of ToFromXml = " + ps6.ToString() + "\n");
// Display result of PermissionSet.GetEnumerator.
IEnumerator psEnumerator = ps1.GetEnumerator();
while (psEnumerator.MoveNext())
{
Console.WriteLine(psEnumerator.Current.ToString());
}
// Check for an unrestricted permission set.
PermissionSet ps7 = new PermissionSet(PermissionState.Unrestricted);
Console.WriteLine("Permission set is unrestricted = " + ps7.IsUnrestricted());
// Create and display a copy of a permission set.
ps7 = ps5.Copy();
Console.WriteLine("Result of copy = " + ps7.ToString());
}
catch (Exception e)
{
Console.WriteLine(e.Message.ToString());
}
}
public void GetEnumerator ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
SecurityPermission sp = new SecurityPermission (SecurityPermissionFlag.Assertion);
ps.AddPermission (sp);
IEnumerator e = ps.GetEnumerator ();
AssertNotNull ("GetEnumerator", e);
int i=0;
while (e.MoveNext ()) {
Assert ("SecurityPermission", e.Current is SecurityPermission);
i++;
}
AssertEquals ("Count", 1, i);
}
// Form the intersection of this permission set and another.
public virtual PermissionSet Intersect(PermissionSet other)
{
PermissionSet pset;
if(other == null)
{
pset = new PermissionSet(PermissionState.None);
}
else if(!IsUnrestricted() || !other.IsUnrestricted())
{
pset = new PermissionSet(PermissionState.None);
}
else
{
pset = new PermissionSet(PermissionState.Unrestricted);
}
if(other == null || other.IsEmpty() || IsEmpty())
{
return pset;
}
IEnumerator e = other.GetEnumerator();
IPermission permOther, permThis;
int index;
while(e.MoveNext())
{
permOther = (e.Current as IPermission);
if(permOther != null)
{
index = FindPermission(permOther.GetType());
if(index != -1)
{
permThis = (IPermission)(permissions[index]);
permThis = permThis.Intersect(permOther);
if(permThis != null)
{
pset.AddPermission(permThis);
}
}
}
}
return pset;
}
