// Form the union of this security set and another. public virtual PermissionSet Union(PermissionSet other) { PermissionSet pset; if (other == null) { pset = new PermissionSet(state); } else if (IsUnrestricted() || other.IsUnrestricted()) { pset = new PermissionSet(PermissionState.Unrestricted); } else { pset = new PermissionSet(PermissionState.None); } foreach (IPermission perm in permissions) { pset.AddPermission(perm); } if (other == null || other.IsEmpty()) { return(pset); } IEnumerator e = other.GetEnumerator(); IPermission permOther, permThis; int index; while (e.MoveNext()) { permOther = (e.Current as IPermission); if (permOther != null) { index = pset.FindPermission(permOther.GetType()); if (index != -1) { permThis = (IPermission)(permissions[index]); permThis = permThis.Union(permOther); if (permThis != null) { pset.SetPermission(permThis); } } else { pset.AddPermission(permOther); } } } return(pset); }
public void GetEnumerator () { PermissionSet ps = new PermissionSet (PermissionState.None); SecurityPermission sp = new SecurityPermission (SecurityPermissionFlag.Assertion); ps.AddPermission (sp); IEnumerator e = ps.GetEnumerator (); Assert.IsNotNull (e, "GetEnumerator"); int i=0; while (e.MoveNext ()) { Assert.IsTrue (e.Current is SecurityPermission, "SecurityPermission"); i++; } Assert.AreEqual (1, i, "Count"); }
private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc, PermissionSet demandSet, out PermissionSet alteredDemandSet) { PermissionSet permSet; // In the common case we are not going to alter the demand set, so just to // be safe we'll set it to null up front. // There's some oddness in here to deal with exceptions. The general idea behind // this is that we need some way of dealing with custom permissions that may not // handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly // (they don't support it, throw null reference exceptions, etc.). alteredDemandSet = null; // An empty demand always succeeds. if (demandSet == null || demandSet.IsEmpty()) { return(StackHalt); } // In the case of permit only, we define an exception to be failure of the check // and therefore we throw a security exception. try { permSet = secDesc.GetPermitOnly(); if (permSet != null) { if (!demandSet.IsSubsetOf(permSet)) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } } } catch (Exception) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } // In the case of denial, we define an exception to be failure of the check // and therefore we throw a security exception. try { permSet = secDesc.GetDenials(); #if _DEBUG if (debug) { DEBUG_OUT("Checking Denials"); DEBUG_OUT("denials set =\n" + permSet.ToXml().ToString()); DEBUG_OUT("demandSet =\n" + demandSet.ToXml().ToString()); } #endif if (permSet != null) { PermissionSet intersection = demandSet.Intersect(permSet); if (intersection != null && !intersection.IsEmpty()) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } } } catch (Exception) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } // The assert case is more complex. Since asserts have the ability to "bleed through" // (where part of a demand is handled by an assertion, but the rest is passed on to // continue the stackwalk), we need to be more careful in handling the "failure" case. // Therefore, if an exception is thrown in performing any operation, we make sure to keep // that permission in the demand set thereby continuing the demand for that permission // walking down the stack. if (secDesc.GetAssertAllPossible()) { return(StackHalt); } permSet = secDesc.GetAssertions(); if (permSet != null) { // If this frame asserts a superset of the demand set we're done try { if (demandSet.IsSubsetOf(permSet)) { return(StackHalt); } } catch (Exception) { } // Determine whether any of the demand set asserted. We do this by // copying the demand set and removing anything in it that is asserted. if (!permSet.IsUnrestricted()) { PermissionSetEnumerator enumerator = (PermissionSetEnumerator)demandSet.GetEnumerator(); while (enumerator.MoveNext()) { IPermission perm = (IPermission)enumerator.Current; int i = enumerator.GetCurrentIndex(); if (perm != null) { bool unrestricted = perm is System.Security.Permissions.IUnrestrictedPermission; IPermission assertPerm = (IPermission)permSet.GetPermission(i, unrestricted); bool removeFromAlteredDemand = false; try { removeFromAlteredDemand = perm.IsSubsetOf(assertPerm); } catch (Exception) { } if (removeFromAlteredDemand) { if (alteredDemandSet == null) { alteredDemandSet = demandSet.Copy(); } alteredDemandSet.RemovePermission(i, unrestricted); } } } } } return(StackContinue); }
private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc, PermissionSet demandSet, out PermissionSet alteredDemandSet) { PermissionSet permSet; // In the common case we are not going to alter the demand set, so just to // be safe we'll set it to null up front. // There's some oddness in here to deal with exceptions. The general idea behind // this is that we need some way of dealing with custom permissions that may not // handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly // (they don't support it, throw null reference exceptions, etc.). alteredDemandSet = null; // An empty demand always succeeds. if (demandSet == null || demandSet.IsEmpty()) return StackHalt; // In the case of permit only, we define an exception to be failure of the check // and therefore we throw a security exception. try { permSet = secDesc.GetPermitOnly(); if (permSet != null) { if (!demandSet.IsSubsetOf(permSet)) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } } } catch (Exception) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } // In the case of denial, we define an exception to be failure of the check // and therefore we throw a security exception. try { permSet = secDesc.GetDenials(); #if _DEBUG if (debug) { DEBUG_OUT("Checking Denials"); DEBUG_OUT("denials set =\n" + permSet.ToXml().ToString() ); DEBUG_OUT("demandSet =\n" + demandSet.ToXml().ToString() ); } #endif if (permSet != null) { PermissionSet intersection = demandSet.Intersect(permSet); if (intersection != null && !intersection.IsEmpty()) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } } } catch (Exception) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } // The assert case is more complex. Since asserts have the ability to "bleed through" // (where part of a demand is handled by an assertion, but the rest is passed on to // continue the stackwalk), we need to be more careful in handling the "failure" case. // Therefore, if an exception is thrown in performing any operation, we make sure to keep // that permission in the demand set thereby continuing the demand for that permission // walking down the stack. if (secDesc.GetAssertAllPossible()) { return StackHalt; } permSet = secDesc.GetAssertions(); if (permSet != null) { // If this frame asserts a superset of the demand set we're done try { if (demandSet.IsSubsetOf( permSet )) return StackHalt; } catch (Exception) { } // Determine whether any of the demand set asserted. We do this by // copying the demand set and removing anything in it that is asserted. if (!permSet.IsUnrestricted()) { PermissionSetEnumerator enumerator = (PermissionSetEnumerator)demandSet.GetEnumerator(); while (enumerator.MoveNext()) { IPermission perm = (IPermission)enumerator.Current; int i = enumerator.GetCurrentIndex(); if (perm != null) { bool unrestricted = perm is System.Security.Permissions.IUnrestrictedPermission; IPermission assertPerm = (IPermission)permSet.GetPermission(i, unrestricted); bool removeFromAlteredDemand = false; try { removeFromAlteredDemand = perm.IsSubsetOf(assertPerm); } catch (Exception) { } if (removeFromAlteredDemand) { if (alteredDemandSet == null) alteredDemandSet = demandSet.Copy(); alteredDemandSet.RemovePermission(i, unrestricted); } } } } } return StackContinue; }
public NamedPermissionSet ChangeNamedPermissionSet(string name, PermissionSet pSet) { if (name == null) { throw new ArgumentNullException("name"); } if (pSet == null) { throw new ArgumentNullException("pSet"); } for (int i = 0; i < s_reservedNamedPermissionSets.Length; i++) { if (s_reservedNamedPermissionSets[i].Equals(name)) { throw new ArgumentException(Environment.GetResourceString("Argument_ReservedNPMS", new object[] { name })); } } NamedPermissionSet namedPermissionSetInternal = this.GetNamedPermissionSetInternal(name); if (namedPermissionSetInternal == null) { throw new ArgumentException(Environment.GetResourceString("Argument_NoNPMS")); } NamedPermissionSet set2 = (NamedPermissionSet) namedPermissionSetInternal.Copy(); namedPermissionSetInternal.Reset(); namedPermissionSetInternal.SetUnrestricted(pSet.IsUnrestricted()); IEnumerator enumerator = pSet.GetEnumerator(); while (enumerator.MoveNext()) { namedPermissionSetInternal.SetPermission(((IPermission) enumerator.Current).Copy()); } if (pSet is NamedPermissionSet) { namedPermissionSetInternal.Description = ((NamedPermissionSet) pSet).Description; } return set2; }
public static void PermissionSetDemo() { Console.WriteLine("Executing Permission Set Demo"); try { // Open a permission set. PermissionSet ps1 = new PermissionSet(PermissionState.None); Console.WriteLine("Adding permission to open a file from a file dialog box."); // Add a permission to the permission set. ps1.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open)); Console.WriteLine("Demanding Permission to open a file."); ps1.Demand(); Console.WriteLine("Demand succeeded."); Console.WriteLine("Adding permission to save a file from a file dialog box."); ps1.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Save)); Console.WriteLine("Demanding permission to open and save a file."); ps1.Demand(); Console.WriteLine("Demand succeeded."); Console.WriteLine("Adding a permission to read environment variable USERNAME."); ps1.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME")); ps1.Demand(); Console.WriteLine("Demand succeeded."); Console.WriteLine("Adding permission to read environment variable COMPUTERNAME."); ps1.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "COMPUTERNAME")); // Demand all the permissions in the set. Console.WriteLine("Demand all permissions."); ps1.Demand(); Console.WriteLine("Demand succeeded."); // Display the number of permissions in the set. Console.WriteLine("Number of permissions = " + ps1.Count); // Display the value of the IsSynchronized property. Console.WriteLine("IsSynchronized property = " + ps1.IsSynchronized); // Display the value of the IsReadOnly property. Console.WriteLine("IsReadOnly property = " + ps1.IsReadOnly); // Display the value of the SyncRoot property. Console.WriteLine("SyncRoot property = " + ps1.SyncRoot); // Display the result of a call to the ContainsNonCodeAccessPermissions method. // Gets a value indicating whether the PermissionSet contains permissions // that are not derived from CodeAccessPermission. // Returns true if the PermissionSet contains permissions that are not // derived from CodeAccessPermission; otherwise, false. Console.WriteLine("ContainsNonCodeAccessPermissions method returned " + ps1.ContainsNonCodeAccessPermissions()); Console.WriteLine("Value of the permission set ToString = \n" + ps1.ToString()); PermissionSet ps2 = new PermissionSet(PermissionState.None); // Create a second permission set and compare it to the first permission set. ps2.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME")); ps2.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Write, "COMPUTERNAME")); Console.WriteLine("Permission set 2 = " + ps2); IEnumerator list = ps1.GetEnumerator(); Console.WriteLine("Permissions in first permission set:"); foreach (var permission in ps1) Console.WriteLine(permission.ToString()); Console.WriteLine("Second permission IsSubSetOf first permission = " + ps2.IsSubsetOf(ps1)); // Display the intersection of two permission sets. PermissionSet ps3 = ps2.Intersect(ps1); Console.WriteLine("The intersection of the first permission set and the second permission set = " + ps3.ToString()); // Create a new permission set. PermissionSet ps4 = new PermissionSet(PermissionState.None); ps4.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, "C:\\Temp\\Testfile.txt")); ps4.AddPermission(new FileIOPermission(FileIOPermissionAccess.Write | FileIOPermissionAccess.Append, "C:\\Temp\\Testfile.txt")); // Display the union of two permission sets. PermissionSet ps5 = ps3.Union(ps4); Console.WriteLine("The union of permission set 3 and permission set 4 = " + ps5.ToString()); // Remove FileIOPermission from the permission set. ps5.RemovePermission(typeof(FileIOPermission)); Console.WriteLine("The last permission set after removing FileIOPermission = " + ps5.ToString()); // Change the permission set using SetPermission ps5.SetPermission(new EnvironmentPermission(EnvironmentPermissionAccess.AllAccess, "USERNAME")); Console.WriteLine("Permission set after SetPermission = " + ps5.ToString()); // Display result of ToXml and FromXml operations. PermissionSet ps6 = new PermissionSet(PermissionState.None); ps6.FromXml(ps5.ToXml()); Console.WriteLine("Result of ToFromXml = " + ps6.ToString() + "\n"); // Display result of PermissionSet.GetEnumerator. IEnumerator psEnumerator = ps1.GetEnumerator(); while (psEnumerator.MoveNext()) { Console.WriteLine(psEnumerator.Current.ToString()); } // Check for an unrestricted permission set. PermissionSet ps7 = new PermissionSet(PermissionState.Unrestricted); Console.WriteLine("Permission set is unrestricted = " + ps7.IsUnrestricted()); // Create and display a copy of a permission set. ps7 = ps5.Copy(); Console.WriteLine("Result of copy = " + ps7.ToString()); } catch (Exception e) { Console.WriteLine(e.Message.ToString()); } }
public void GetEnumerator () { PermissionSet ps = new PermissionSet (PermissionState.None); SecurityPermission sp = new SecurityPermission (SecurityPermissionFlag.Assertion); ps.AddPermission (sp); IEnumerator e = ps.GetEnumerator (); AssertNotNull ("GetEnumerator", e); int i=0; while (e.MoveNext ()) { Assert ("SecurityPermission", e.Current is SecurityPermission); i++; } AssertEquals ("Count", 1, i); }
// Form the intersection of this permission set and another. public virtual PermissionSet Intersect(PermissionSet other) { PermissionSet pset; if(other == null) { pset = new PermissionSet(PermissionState.None); } else if(!IsUnrestricted() || !other.IsUnrestricted()) { pset = new PermissionSet(PermissionState.None); } else { pset = new PermissionSet(PermissionState.Unrestricted); } if(other == null || other.IsEmpty() || IsEmpty()) { return pset; } IEnumerator e = other.GetEnumerator(); IPermission permOther, permThis; int index; while(e.MoveNext()) { permOther = (e.Current as IPermission); if(permOther != null) { index = FindPermission(permOther.GetType()); if(index != -1) { permThis = (IPermission)(permissions[index]); permThis = permThis.Intersect(permOther); if(permThis != null) { pset.AddPermission(permThis); } } } } return pset; }