3 // Copyright (c) Microsoft Corporation. All rights reserved.
6 // <OWNER>Microsoft</OWNER>
12 // Representation for code groups used for the policy mechanism.
15 namespace System
.Security
.Policy
{
17 using System
.Collections
;
18 using System
.Globalization
;
19 using System
.Security
.Permissions
;
20 using System
.Security
.Util
;
21 using System
.Runtime
.Serialization
;
22 using System
.Runtime
.Versioning
;
23 using System
.Diagnostics
.Contracts
;
26 [System
.Runtime
.InteropServices
.ComVisible(true)]
27 sealed public class FileCodeGroup
: CodeGroup
, IUnionSemanticCodeGroup
{
28 private FileIOPermissionAccess m_access
;
30 internal FileCodeGroup() : base() {}
32 public FileCodeGroup(IMembershipCondition membershipCondition
, FileIOPermissionAccess access
)
33 : base(membershipCondition
, (PolicyStatement
)null) {
37 [System
.Security
.SecuritySafeCritical
] // auto-generated
38 [ResourceExposure(ResourceScope
.Machine
)]
39 [ResourceConsumption(ResourceScope
.Machine
)]
40 public override PolicyStatement
Resolve(Evidence evidence
) {
42 throw new ArgumentNullException("evidence");
43 Contract
.EndContractBlock();
45 object usedEvidence
= null;
47 if (PolicyManager
.CheckMembershipCondition(MembershipCondition
, evidence
, out usedEvidence
)) {
48 PolicyStatement thisPolicy
= CalculateAssemblyPolicy(evidence
);
50 // If any delay-evidence was used to generate this grant set, then we need to keep track of
51 // that for potentially later forcing it to be verified.
52 IDelayEvaluatedEvidence delayEvidence
= usedEvidence
as IDelayEvaluatedEvidence
;
53 bool delayEvidenceNeedsVerification
= delayEvidence
!= null && !delayEvidence
.IsVerified
;
54 if (delayEvidenceNeedsVerification
) {
55 thisPolicy
.AddDependentEvidence(delayEvidence
);
58 bool foundExclusiveChild
= false;
59 IEnumerator enumerator
= this.Children
.GetEnumerator();
60 while (enumerator
.MoveNext() && !foundExclusiveChild
) {
61 PolicyStatement childPolicy
= PolicyManager
.ResolveCodeGroup(enumerator
.Current
as CodeGroup
,
64 if (childPolicy
!= null) {
65 thisPolicy
.InplaceUnion(childPolicy
);
67 if ((childPolicy
.Attributes
& PolicyStatementAttribute
.Exclusive
) == PolicyStatementAttribute
.Exclusive
) {
68 foundExclusiveChild
= true;
81 [ResourceExposure(ResourceScope
.Machine
)]
82 [ResourceConsumption(ResourceScope
.Machine
)]
83 PolicyStatement IUnionSemanticCodeGroup
.InternalResolve(Evidence evidence
) {
85 throw new ArgumentNullException("evidence");
86 Contract
.EndContractBlock();
88 if (this.MembershipCondition
.Check(evidence
)) {
89 return CalculateAssemblyPolicy(evidence
);
95 public override CodeGroup
ResolveMatchingCodeGroups(Evidence evidence
) {
97 throw new ArgumentNullException("evidence");
98 Contract
.EndContractBlock();
100 if (this.MembershipCondition
.Check(evidence
)) {
101 CodeGroup retGroup
= this.Copy();
102 retGroup
.Children
= new ArrayList();
103 IEnumerator enumerator
= this.Children
.GetEnumerator();
104 while (enumerator
.MoveNext()) {
105 CodeGroup matchingGroups
= ((CodeGroup
)enumerator
.Current
).ResolveMatchingCodeGroups(evidence
);
106 // If the child has a policy, we are done.
107 if (matchingGroups
!= null)
108 retGroup
.AddChild(matchingGroups
);
117 [ResourceExposure(ResourceScope
.Machine
)]
118 [ResourceConsumption(ResourceScope
.Machine
)]
119 internal PolicyStatement
CalculatePolicy(Url url
) {
120 URLString urlString
= url
.GetURLString();
121 if (String
.Compare(urlString
.Scheme
, "file", StringComparison
.OrdinalIgnoreCase
) != 0)
124 string directory
= urlString
.GetDirectoryName();
125 PermissionSet permSet
= new PermissionSet(PermissionState
.None
);
126 permSet
.SetPermission(new FileIOPermission(m_access
, System
.IO
.Path
.GetFullPath(directory
)));
128 return new PolicyStatement(permSet
, PolicyStatementAttribute
.Nothing
);
131 [ResourceExposure(ResourceScope
.Machine
)]
132 [ResourceConsumption(ResourceScope
.Machine
)]
133 private PolicyStatement
CalculateAssemblyPolicy(Evidence evidence
) {
134 PolicyStatement thisPolicy
= null;
136 Url url
= evidence
.GetHostEvidence
<Url
>();
138 thisPolicy
= CalculatePolicy(url
);
141 if (thisPolicy
== null) {
142 thisPolicy
= new PolicyStatement(new PermissionSet(false), PolicyStatementAttribute
.Nothing
);
148 public override CodeGroup
Copy() {
149 FileCodeGroup
group = new FileCodeGroup(this.MembershipCondition
, this.m_access
);
150 group.Name
= this.Name
;
151 group.Description
= this.Description
;
153 IEnumerator enumerator
= this.Children
.GetEnumerator();
154 while (enumerator
.MoveNext()) {
155 group.AddChild((CodeGroup
)enumerator
.Current
);
160 public override string MergeLogic
{
162 return Environment
.GetResourceString("MergeLogic_Union");
166 public override string PermissionSetName
{
168 return Environment
.GetResourceString("FileCodeGroup_PermissionSet", XMLUtil
.BitFieldEnumToString(typeof(FileIOPermissionAccess
), m_access
));
172 public override string AttributeString
{
178 protected override void CreateXml(SecurityElement element
, PolicyLevel level
) {
179 element
.AddAttribute("Access", XMLUtil
.BitFieldEnumToString(typeof(FileIOPermissionAccess
), m_access
));
182 protected override void ParseXml(SecurityElement e
, PolicyLevel level
) {
183 string access
= e
.Attribute("Access");
185 m_access
= (FileIOPermissionAccess
) Enum
.Parse(typeof(FileIOPermissionAccess
), access
);
187 m_access
= FileIOPermissionAccess
.NoAccess
;
190 public override bool Equals(Object o
) {
191 FileCodeGroup that
= (o
as FileCodeGroup
);
192 if (that
!= null && base.Equals(that
)) {
193 if (this.m_access
== that
.m_access
)
199 public override int GetHashCode() {
200 return base.GetHashCode() + m_access
.GetHashCode();
203 internal override string GetTypeName() {
204 return "System.Security.Policy.FileCodeGroup";