We need you! We're working hard on the next version of Developer Fusion - Let us know what you think we should be up to!

The Labs \ Source Viewer \ SSCLI \ System.Security.Policy \ PolicyLevelData

SSCLI
  1. // ==++==
  2. //
  3. //
  4. // Copyright (c) 2006 Microsoft Corporation. All rights reserved.
  5. //
  6. // The use and distribution terms for this software are contained in the file
  7. // named license.txt, which can be found in the root of this distribution.
  8. // By using this software in any fashion, you are agreeing to be bound by the
  9. // terms of this license.
  10. //
  11. // You must not remove this notice, or any other, from this software.
  12. //
  13. //
  14. // ==--==
  16. //
  17. // PolicyLevel.cs
  18. //
  19. // Abstraction for a level of policy (e.g. Enterprise, Machine, User)
  20. //
  22. namespace System.Security.Policy
  23. {
  24.     using Microsoft.Win32;
  25.     using System.Collections;
  26.     using System.Globalization;
  27.     using System.IO;
  28.     using System.Reflection;
  29.     using System.Security.Permissions;
  30.     using System.Security.Util;
  31.     using System.Runtime.InteropServices;
  32.     using System.Runtime.Remoting;
  33.     using System.Runtime.Serialization;
  34.     using System.Runtime.Versioning;
  35.     using System.Text;
  36.     using System.Threading;
  37.    
  38.     // Duplicated in vm\SecurityConfig.h
  39.     [Serializable()]
  40.     internal enum ConfigId
  41.     {
  42.         None = 0,
  43.         MachinePolicyLevel = 1,
  44.         UserPolicyLevel = 2,
  45.         EnterprisePolicyLevel = 3
  46.     }
  47.    
  48.     static internal class PolicyLevelData
  49.     {
  50.         // Note: any changes to the default permission sets means that you
  51.         // must recontemplate the default quick cache settings below.
  52.        
  53.         static internal readonly string s_defaultPermissionSets = "<NamedPermissionSets>" + "<PermissionSet class=\"System.Security.NamedPermissionSet\"" + "version=\"1\" " + "Unrestricted=\"true\" " + "Name=\"FullTrust\" " + "Description=\"{Policy_PS_FullTrust}\"/>" + "<PermissionSet class=\"System.Security.NamedPermissionSet\"" + "version=\"1\" " + "Name=\"Everything\" " + "Description=\"{Policy_PS_Everything}\">" + "<Permission class=\"System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Unrestricted=\"true\"/>" + "<Permission class=\"System.Security.Permissions.EnvironmentPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Unrestricted=\"true\"/>" + "<Permission class=\"System.Security.Permissions.FileIOPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Unrestricted=\"true\"/>" + "<Permission class=\"System.Security.Permissions.FileDialogPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Unrestricted=\"true\"/>" + "<Permission class=\"System.Security.Permissions.ReflectionPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Unrestricted=\"true\"/>" + "<Permission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Flags=\"Assertion, UnmanagedCode, Execution, ControlThread, ControlEvidence, ControlPolicy, ControlAppDomain, SerializationFormatter, ControlDomainPolicy, ControlPrincipal, RemotingConfiguration, Infrastructure, BindingRedirects\"/>" + "<Permission class=\"System.Security.Permissions.UIPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Unrestricted=\"true\"/>" + "<IPermission class=\"System.Net.SocketPermission, System, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Unrestricted=\"true\"/>" + "<IPermission class=\"System.Net.WebPermission, System, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Unrestricted=\"true\"/>" + "<IPermission class=\"System.Net.DnsPermission, System, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Unrestricted=\"true\"/>" + "</PermissionSet>" + "<PermissionSet class=\"System.Security.NamedPermissionSet\"" + "version=\"1\" " + "Name=\"Nothing\" " + "Description=\"{Policy_PS_Nothing}\"/>" + "<PermissionSet class=\"System.Security.NamedPermissionSet\"" + "version=\"1\" " + "Name=\"Execution\" " + "Description=\"{Policy_PS_Execution}\">" + "<Permission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Flags=\"Execution\"/>" + "</PermissionSet>" + "<PermissionSet class=\"System.Security.NamedPermissionSet\"" + "version=\"1\" " + "Name=\"SkipVerification\" " + "Description=\"{Policy_PS_SkipVerification}\">" + "<Permission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Flags=\"SkipVerification\"/>" + "</PermissionSet>" + "</NamedPermissionSets>";
  54.     }
  55.    
  56.     [Serializable()]
  57.     [System.Runtime.InteropServices.ComVisible(true)]
  58.     public sealed class PolicyLevel
  59.     {
  60.         private ArrayList m_fullTrustAssemblies;
  61.         private ArrayList m_namedPermissionSets;
  62.         private CodeGroup m_rootCodeGroup;
  63.         private string m_label;
  64.         [OptionalField(VersionAdded = 2)]
  65.         private PolicyLevelType m_type;
  66.        
  67.         #pragma warning disable 169
  68.         private ConfigId m_configId;
  69.         private bool m_useDefaultCodeGroupsOnReset;
  70.         private bool m_generateQuickCacheOnLoad;
  71.         private bool m_caching;
  72.         private bool m_throwOnLoadError;
  73.         private Encoding m_encoding;
  74.         #pragma warning restore 169
  75.        
  76.         private bool m_loaded;
  77.         private SecurityElement m_permSetElement;
  78.         private string m_path;
  79.        
  80.         private static object s_InternalSyncObject;
  81.         private static object InternalSyncObject {
  82.             get {
  83.                 if (s_InternalSyncObject == null) {
  84.                     object o = new object();
  85.                     Interlocked.CompareExchange(ref s_InternalSyncObject, o, null);
  86.                 }
  87.                 return s_InternalSyncObject;
  88.             }
  89.         }
  90.        
  91.         private static readonly string[] s_FactoryPolicySearchStrings = {"{VERSION}", "{Policy_PS_FullTrust}", "{Policy_PS_Everything}", "{Policy_PS_Nothing}", "{Policy_PS_SkipVerification}", "{Policy_PS_Execution}"};
  92.        
  93.         private static readonly string[] s_InternetPolicySearchStrings = {"{VERSION}", "{Policy_PS_Internet}"};
  94.        
  95.         private static readonly string[] s_LocalIntranetPolicySearchStrings = {"{VERSION}", "{Policy_PS_LocalIntranet}"};
  96.        
  97.         // We use the XML representation to load our default permission sets. This
  98.         // allows us to load permissions that are not defined in mscorlib
  99.        
  100.         private static readonly string s_internetPermissionSet = "<PermissionSet class=\"System.Security.NamedPermissionSet\"" + "version=\"1\" " + "Name=\"Internet\" " + "Description=\"{Policy_PS_Internet}\">" + "<Permission class=\"System.Security.Permissions.FileDialogPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Access=\"Open\"/>" + "<Permission class=\"System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "UserQuota=\"512000\" " + "Allowed=\"ApplicationIsolationByUser\"/>" + "<Permission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Flags=\"Execution\"/>" + "<Permission class=\"System.Security.Permissions.UIPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Window=\"SafeTopLevelWindows\" " + "Clipboard=\"OwnClipboard\"/>" + "</PermissionSet>";
  101.        
  102.         private static readonly string s_localIntranetPermissionSet = "<PermissionSet class=\"System.Security.NamedPermissionSet\"" + "version=\"1\" " + "Name=\"LocalIntranet\" " + "Description=\"{Policy_PS_LocalIntranet}\">" + "<Permission class=\"System.Security.Permissions.EnvironmentPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Read=\"USERNAME\"/>" + "<Permission class=\"System.Security.Permissions.FileDialogPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Unrestricted=\"true\"/>" + "<Permission class=\"System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Allowed=\"AssemblyIsolationByUser\" " + "UserQuota=\"9223372036854775807\" " + "Expiry=\"9223372036854775807\" " + "Permanent=\"true\"/>" + "<Permission class=\"System.Security.Permissions.ReflectionPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Flags=\"ReflectionEmit\"/>" + "<Permission class=\"System.Security.Permissions.SecurityPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Flags=\"Execution, Assertion, BindingRedirects\"/>" + "<Permission class=\"System.Security.Permissions.UIPermission, mscorlib, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Unrestricted=\"true\"/>" + "<IPermission class=\"System.Net.DnsPermission, System, Version={VERSION}, Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken + "\"" + "version=\"1\" " + "Unrestricted=\"true\"/>" + "</PermissionSet>";
  103.        
  104.         private static readonly Version s_mscorlibVersion = Assembly.GetExecutingAssembly().GetVersion();
  105.        
  106.         private static readonly string[] s_reservedNamedPermissionSets = {"FullTrust", "Nothing", "Execution", "SkipVerification", "Internet", "LocalIntranet"};
  107.        
  108.         private static readonly string[] s_extensibleNamedPermissionSets = {"Internet", "LocalIntranet"};
  109.        
  110.         [OnDeserialized()]
  111.         private void OnDeserialized(StreamingContext ctx)
  112.         {
  113.             if (m_label != null)
  114.                 DeriveTypeFromLabel();
  115.         }
  116.        
  117.         private void DeriveTypeFromLabel()
  118.         {
  119.             if (m_label.Equals(Environment.GetResourceString("Policy_PL_User")))
  120.                 m_type = System.Security.PolicyLevelType.User;
  121.             else if (m_label.Equals(Environment.GetResourceString("Policy_PL_Machine")))
  122.                 m_type = System.Security.PolicyLevelType.Machine;
  123.             else if (m_label.Equals(Environment.GetResourceString("Policy_PL_Enterprise")))
  124.                 m_type = System.Security.PolicyLevelType.Enterprise;
  125.             else if (m_label.Equals(Environment.GetResourceString("Policy_PL_AppDomain")))
  126.                 m_type = System.Security.PolicyLevelType.AppDomain;
  127.             else
  128.                 throw new ArgumentException(Environment.GetResourceString("Policy_Default"));
  129.         }
  130.        
  131.         private string DeriveLabelFromType()
  132.         {
  133.             switch (m_type) {
  134.                 case System.Security.PolicyLevelType.User:
  135.                     return Environment.GetResourceString("Policy_PL_User");
  136.                 case System.Security.PolicyLevelType.Machine:
  137.                     return Environment.GetResourceString("Policy_PL_Machine");
  138.                 case System.Security.PolicyLevelType.Enterprise:
  139.                     return Environment.GetResourceString("Policy_PL_Enterprise");
  140.                 case System.Security.PolicyLevelType.AppDomain:
  141.                     return Environment.GetResourceString("Policy_PL_AppDomain");
  142.                 default:
  143.                     throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Arg_EnumIllegalVal"), (int)m_type));
  144.                     break;
  145.             }
  146.         }
  147.        
  148.         //
  149.         // Constructors.
  150.         // No public constructors are exposed. CreateAppDomainLevel is the only public API to create
  151.         // an AppDomain policy level, and it ensures it is an AppDomain policy level.
  152.         //
  153.        
  154.         private PolicyLevel()
  155.         {
  156.         }
  157.        
  158.         internal PolicyLevel(PolicyLevelType type) : this(type, GetLocationFromType(type))
  159.         {
  160.         }
  161.         internal PolicyLevel(PolicyLevelType type, string path) : this(type, path, ConfigId.None)
  162.         {
  163.         }
  164.         internal PolicyLevel(PolicyLevelType type, string path, ConfigId configId)
  165.         {
  166.             m_type = type;
  167.             m_path = path;
  168.             m_loaded = (path == null);
  169.             if (m_path == null) {
  170.                 m_rootCodeGroup = CreateDefaultAllGroup();
  171.                 SetFactoryPermissionSets();
  172.                 SetDefaultFullTrustAssemblies();
  173.             }
  174.             m_configId = configId;
  175.         }
  176.        
  177.         static internal string GetLocationFromType(PolicyLevelType type)
  178.         {
  179.             switch (type) {
  180.                 case PolicyLevelType.User:
  181.                     return Config.UserDirectory + "security.config";
  182.                 case PolicyLevelType.Machine:
  183.                     return Config.MachineDirectory + "security.config";
  184.                 case PolicyLevelType.Enterprise:
  185.                     return Config.MachineDirectory + "enterprisesec.config";
  186.                 default:
  187.                     return null;
  188.             }
  189.         }
  190.        
  191.         public static PolicyLevel CreateAppDomainLevel()
  192.         {
  193.             return new PolicyLevel(System.Security.PolicyLevelType.AppDomain);
  194.         }
  195.        
  196.         public string Label {
  197.             get {
  198.                 if (m_label == null)
  199.                     m_label = DeriveLabelFromType();
  200.                 return m_label;
  201.             }
  202.         }
  203.        
  204.         //
  205.         // Public properties and methods.
  206.         //
  207.        
  208.         [ComVisible(false)]
  209.         public PolicyLevelType Type {
  210.             get { return m_type; }
  211.         }
  212.        
  213.         internal ConfigId ConfigId {
  214.             get { return m_configId; }
  215.         }
  216.        
  217.         internal string Path {
  218.             get { return m_path; }
  219.         }
  220.        
  221.         public string StoreLocation {
  222.             [SecurityPermissionAttribute(SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy)]
  223.             get { return GetLocationFromType(m_type); }
  224.         }
  225.        
  226.         public CodeGroup RootCodeGroup {
  227.             get {
  228.                 CheckLoaded();
  229.                 return m_rootCodeGroup;
  230.             }
  231.             set {
  232.                 if (value == null)
  233.                     throw new ArgumentNullException("RootCodeGroup");
  234.                
  235.                 CheckLoaded();
  236.                 m_rootCodeGroup = value.Copy();
  237.             }
  238.         }
  239.        
  240.         public IList NamedPermissionSets {
  241.             get {
  242.                 CheckLoaded();
  243.                 LoadAllPermissionSets();
  244.                
  245.                 ArrayList newList = new ArrayList(m_namedPermissionSets.Count);
  246.                
  247.                 IEnumerator enumerator = m_namedPermissionSets.GetEnumerator();
  248.                 while (enumerator.MoveNext()) {
  249.                     newList.Add(((NamedPermissionSet)enumerator.Current).Copy());
  250.                 }
  251.                
  252.                 return newList;
  253.             }
  254.         }
  255.        
  256.         public CodeGroup ResolveMatchingCodeGroups(Evidence evidence)
  257.         {
  258.             if (evidence == null)
  259.                 throw new ArgumentNullException("evidence");
  260.            
  261.             return this.RootCodeGroup.ResolveMatchingCodeGroups(evidence);
  262.         }
  263.        
  264.         [Obsolete("Because all GAC assemblies always get full trust, the full trust list is no longer meaningful. You should install any assemblies that are used in security policy in the GAC to ensure they are trusted.")]
  265.         public void AddFullTrustAssembly(StrongName sn)
  266.         {
  267.             if (sn == null)
  268.                 throw new ArgumentNullException("sn");
  269.            
  270.             AddFullTrustAssembly(new StrongNameMembershipCondition(sn.PublicKey, sn.Name, sn.Version));
  271.         }
  272.        
  273.         [Obsolete("Because all GAC assemblies always get full trust, the full trust list is no longer meaningful. You should install any assemblies that are used in security policy in the GAC to ensure they are trusted.")]
  274.         public void AddFullTrustAssembly(StrongNameMembershipCondition snMC)
  275.         {
  276.             if (snMC == null)
  277.                 throw new ArgumentNullException("snMC");
  278.            
  279.             CheckLoaded();
  280.            
  281.             IEnumerator enumerator = m_fullTrustAssemblies.GetEnumerator();
  282.             while (enumerator.MoveNext()) {
  283.                 if (((StrongNameMembershipCondition)enumerator.Current).Equals(snMC))
  284.                     throw new ArgumentException(Environment.GetResourceString("Argument_AssemblyAlreadyFullTrust"));
  285.             }
  286.            
  287.             lock (m_fullTrustAssemblies) {
  288.                 m_fullTrustAssemblies.Add(snMC);
  289.             }
  290.         }
  291.        
  292.         [Obsolete("Because all GAC assemblies always get full trust, the full trust list is no longer meaningful. You should install any assemblies that are used in security policy in the GAC to ensure they are trusted.")]
  293.         public void RemoveFullTrustAssembly(StrongName sn)
  294.         {
  295.             if (sn == null)
  296.                 throw new ArgumentNullException("assembly");
  297.            
  298.             RemoveFullTrustAssembly(new StrongNameMembershipCondition(sn.PublicKey, sn.Name, sn.Version));
  299.         }
  300.        
  301.         [Obsolete("Because all GAC assemblies always get full trust, the full trust list is no longer meaningful. You should install any assemblies that are used in security policy in the GAC to ensure they are trusted.")]
  302.         public void RemoveFullTrustAssembly(StrongNameMembershipCondition snMC)
  303.         {
  304.             if (snMC == null)
  305.                 throw new ArgumentNullException("snMC");
  306.            
  307.             CheckLoaded();
  308.            
  309.             object toRemove = null;
  310.             IEnumerator enumerator = m_fullTrustAssemblies.GetEnumerator();
  311.            
  312.             while (enumerator.MoveNext()) {
  313.                 if (((StrongNameMembershipCondition)enumerator.Current).Equals(snMC)) {
  314.                     toRemove = enumerator.Current;
  315.                     break;
  316.                 }
  317.             }
  318.            
  319.             if (toRemove == null)
  320.                 throw new ArgumentException(Environment.GetResourceString("Argument_AssemblyNotFullTrust"));
  321.            
  322.             lock (m_fullTrustAssemblies) {
  323.                 m_fullTrustAssemblies.Remove(toRemove);
  324.             }
  325.         }
  326.        
  327.         [Obsolete("Because all GAC assemblies always get full trust, the full trust list is no longer meaningful. You should install any assemblies that are used in security policy in the GAC to ensure they are trusted.")]
  328.         public IList FullTrustAssemblies {
  329.             get {
  330.                 CheckLoaded();
  331.                 return new ArrayList(m_fullTrustAssemblies);
  332.             }
  333.         }
  334.        
  335.         public void AddNamedPermissionSet(NamedPermissionSet permSet)
  336.         {
  337.             if (permSet == null)
  338.                 throw new ArgumentNullException("permSet");
  339.            
  340.             CheckLoaded();
  341.             LoadAllPermissionSets();
  342.            
  343.             lock (this) {
  344.                 IEnumerator enumerator = m_namedPermissionSets.GetEnumerator();
  345.                 while (enumerator.MoveNext()) {
  346.                     if (((NamedPermissionSet)enumerator.Current).Name.Equals(permSet.Name))
  347.                         throw new ArgumentException(Environment.GetResourceString("Argument_DuplicateName"));
  348.                 }
  349.                
  350.                 NamedPermissionSet npsCopy = (NamedPermissionSet)permSet.Copy();
  351.                 npsCopy.IgnoreTypeLoadFailures = true;
  352.                 m_namedPermissionSets.Add(npsCopy);
  353.             }
  354.         }
  355.        
  356.         public NamedPermissionSet RemoveNamedPermissionSet(NamedPermissionSet permSet)
  357.         {
  358.             if (permSet == null)
  359.                 throw new ArgumentNullException("permSet");
  360.            
  361.             return RemoveNamedPermissionSet(permSet.Name);
  362.         }
  363.        
  364.         public NamedPermissionSet RemoveNamedPermissionSet(string name)
  365.         {
  366.             CheckLoaded();
  367.             LoadAllPermissionSets();
  368.            
  369.             if (name == null)
  370.                 throw new ArgumentNullException("name");
  371.            
  372.             int permSetIndex = -1;
  373.            
  374.             // First, make sure it's not a reserved permission set.
  375.             for (int index = 0; index < s_reservedNamedPermissionSets.Length; ++index) {
  376.                 if (s_reservedNamedPermissionSets[index].Equals(name))
  377.                     throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Argument_ReservedNPMS"), name));
  378.             }
  379.            
  380.             // Then, find out if a named permission set of that name exists
  381.             // and remember its index;
  382.            
  383.             ArrayList namedPermissionSets = m_namedPermissionSets;
  384.            
  385.             for (int index = 0; index < namedPermissionSets.Count; ++index) {
  386.                 if (((NamedPermissionSet)namedPermissionSets[index]).Name.Equals(name)) {
  387.                     permSetIndex = index;
  388.                     break;
  389.                 }
  390.             }
  391.            
  392.             if (permSetIndex == -1)
  393.                 throw new ArgumentException(Environment.GetResourceString("Argument_NoNPMS"));
  394.            
  395.             // Now, as best as we can in the face of custom CodeGroups figure
  396.             // out if the permission set is in use. If it is we don't allow
  397.             // it to be removed.
  398.            
  399.             ArrayList groups = new ArrayList();
  400.             groups.Add(this.m_rootCodeGroup);
  401.            
  402.             for (int index = 0; index < groups.Count; ++index) {
  403.                 CodeGroup group = (CodeGroup)groups[index];
  404.                
  405.                 if (group.PermissionSetName != null && group.PermissionSetName.Equals(name)) {
  406.                     throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Argument_NPMSInUse"), name));
  407.                 }
  408.                
  409.                 IEnumerator childEnumerator = group.Children.GetEnumerator();
  410.                
  411.                 if (childEnumerator != null) {
  412.                     while (childEnumerator.MoveNext()) {
  413.                         groups.Add(childEnumerator.Current);
  414.                     }
  415.                 }
  416.             }
  417.            
  418.             NamedPermissionSet permSet = (NamedPermissionSet)namedPermissionSets[permSetIndex];
  419.             namedPermissionSets.RemoveAt(permSetIndex);
  420.             return permSet;
  421.         }
  422.        
  423.         public NamedPermissionSet ChangeNamedPermissionSet(string name, PermissionSet pSet)
  424.         {
  425.             if (name == null)
  426.                 throw new ArgumentNullException("name");
  427.             if (pSet == null)
  428.                 throw new ArgumentNullException("pSet");
  429.            
  430.             // First, make sure it's not a reserved permission set.
  431.             for (int index = 0; index < s_reservedNamedPermissionSets.Length; ++index) {
  432.                 if (s_reservedNamedPermissionSets[index].Equals(name))
  433.                     throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Argument_ReservedNPMS"), name));
  434.             }
  435.            
  436.             // Get the current permission set (don't copy it).
  437.             NamedPermissionSet currentPSet = GetNamedPermissionSetInternal(name);
  438.            
  439.             // If the permission set doesn't exist, throw an argument exception
  440.             if (currentPSet == null)
  441.                 throw new ArgumentException(Environment.GetResourceString("Argument_NoNPMS"));
  442.            
  443.             // Copy the current permission set so that we can return it.
  444.             NamedPermissionSet retval = (NamedPermissionSet)currentPSet.Copy();
  445.            
  446.             // Reset the permission set
  447.             currentPSet.Reset();
  448.             currentPSet.SetUnrestricted(pSet.IsUnrestricted());
  449.            
  450.             IEnumerator enumerator = pSet.GetEnumerator();
  451.             while (enumerator.MoveNext()) {
  452.                 currentPSet.SetPermission(((IPermission)enumerator.Current).Copy());
  453.             }
  454.            
  455.             if (pSet is NamedPermissionSet) {
  456.                 currentPSet.Description = ((NamedPermissionSet)pSet).Description;
  457.             }
  458.            
  459.             return retval;
  460.         }
  461.        
  462.         public NamedPermissionSet GetNamedPermissionSet(string name)
  463.         {
  464.             if (name == null)
  465.                 throw new ArgumentNullException("name");
  466.            
  467.             NamedPermissionSet permSet = GetNamedPermissionSetInternal(name);
  468.            
  469.             // Copy it so that no corruption can occur.
  470.             if (permSet != null)
  471.                 return new NamedPermissionSet(permSet);
  472.             else
  473.                 return null;
  474.         }
  475.        
  476.         public void Recover()
  477.         {
  478.             if (m_configId == ConfigId.None)
  479.                 throw new PolicyException(Environment.GetResourceString("Policy_RecoverNotFileBased"));
  480.            
  481.             lock (this) {
  482.                 // This call will safely swap the files.
  483.                 if (!Config.RecoverData(m_configId))
  484.                     throw new PolicyException(Environment.GetResourceString("Policy_RecoverNoConfigFile"));
  485.                
  486.                 // Now we need to blank out the level
  487.                 m_loaded = false;
  488.                 m_rootCodeGroup = null;
  489.                 m_namedPermissionSets = null;
  490.                 m_fullTrustAssemblies = new ArrayList();
  491.             }
  492.         }
  493.        
  494.         public void Reset()
  495.         {
  496.             SetDefault();
  497.         }
  498.        
  499.         public PolicyStatement Resolve(Evidence evidence)
  500.         {
  501.             return Resolve(evidence, 0, null);
  502.         }
  503.        
  504.         public SecurityElement ToXml()
  505.         {
  506.             // Make sure we have loaded everything and that all the
  507.             // permission sets are loaded.
  508.            
  509.             CheckLoaded();
  510.             LoadAllPermissionSets();
  511.            
  512.             IEnumerator enumerator;
  513.             SecurityElement e = new SecurityElement("PolicyLevel");
  514.             e.AddAttribute("version", "1");
  515.            
  516.             Hashtable classes = new Hashtable();
  517.             lock (this) {
  518.                 SecurityElement elPermSets = new SecurityElement("NamedPermissionSets");
  519.                 enumerator = m_namedPermissionSets.GetEnumerator();
  520.                 while (enumerator.MoveNext()) {
  521.                     elPermSets.AddChild(NormalizeClassDeep(((NamedPermissionSet)enumerator.Current).ToXml(), classes));
  522.                 }
  523.                
  524.                 SecurityElement elCodeGroup = NormalizeClassDeep(m_rootCodeGroup.ToXml(this), classes);
  525.                
  526.                 SecurityElement elFullTrust = new SecurityElement("FullTrustAssemblies");
  527.                 enumerator = m_fullTrustAssemblies.GetEnumerator();
  528.                 while (enumerator.MoveNext()) {
  529.                     elFullTrust.AddChild(NormalizeClassDeep(((StrongNameMembershipCondition)enumerator.Current).ToXml(), classes));
  530.                 }
  531.                
  532.                 SecurityElement elClasses = new SecurityElement("SecurityClasses");
  533.                 IDictionaryEnumerator dicEnumerator = classes.GetEnumerator();
  534.                 while (dicEnumerator.MoveNext()) {
  535.                     SecurityElement elClass = new SecurityElement("SecurityClass");
  536.                     elClass.AddAttribute("Name", (string)dicEnumerator.Value);
  537.                     elClass.AddAttribute("Description", (string)dicEnumerator.Key);
  538.                     elClasses.AddChild(elClass);
  539.                 }
  540.                
  541.                 e.AddChild(elClasses);
  542.                 e.AddChild(elPermSets);
  543.                 e.AddChild(elCodeGroup);
  544.                 e.AddChild(elFullTrust);
  545.             }
  546.            
  547.             return e;
  548.         }
  549.        
  550.         public void FromXml(SecurityElement e)
  551.         {
  552.             if (e == null)
  553.                 throw new ArgumentNullException("e");
  554.            
  555.             Hashtable classes;
  556.             lock (this) {
  557.                 ArrayList fullTrustAssemblies = new ArrayList();
  558.                
  559.                 SecurityElement eClasses = e.SearchForChildByTag("SecurityClasses");
  560.                 if (eClasses != null) {
  561.                     classes = new Hashtable();
  562.                     IEnumerator enumerator = eClasses.Children.GetEnumerator();
  563.                     while (enumerator.MoveNext()) {
  564.                         SecurityElement current = (SecurityElement)enumerator.Current;
  565.                         if (current.Tag.Equals("SecurityClass")) {
  566.                             string name = current.Attribute("Name");
  567.                             string description = current.Attribute("Description");
  568.                            
  569.                             if (name != null && description != null)
  570.                                 classes.Add(name, description);
  571.                         }
  572.                     }
  573.                 }
  574.                 else {
  575.                     classes = null;
  576.                 }
  577.                
  578.                 SecurityElement elFullTrust = e.SearchForChildByTag("FullTrustAssemblies");
  579.                 if (elFullTrust != null && elFullTrust.InternalChildren != null) {
  580.                     string className = typeof(System.Security.Policy.StrongNameMembershipCondition).AssemblyQualifiedName;
  581.                    
  582.                     IEnumerator enumerator = elFullTrust.Children.GetEnumerator();
  583.                     while (enumerator.MoveNext()) {
  584.                         StrongNameMembershipCondition sn = new StrongNameMembershipCondition();
  585.                         sn.FromXml((SecurityElement)enumerator.Current);
  586.                         fullTrustAssemblies.Add(sn);
  587.                     }
  588.                 }
  589.                
  590.                 m_fullTrustAssemblies = fullTrustAssemblies;
  591.                
  592.                 ArrayList namedPermissionSets = new ArrayList();
  593.                
  594.                 SecurityElement elPermSets = e.SearchForChildByTag("NamedPermissionSets");
  595.                 SecurityElement permSetElement = null;
  596.                
  597.                 // Here we just find the parent element for the named permission sets and
  598.                 // store it so that we can lazily load them later.
  599.                
  600.                 if (elPermSets != null && elPermSets.InternalChildren != null) {
  601.                     permSetElement = UnnormalizeClassDeep(elPermSets, classes);
  602.                    
  603.                     // Call FindElement for each of the reserved sets (this removes their xml from
  604.                     // permSetElement).
  605.                    
  606.                     FindElement(permSetElement, "FullTrust");
  607.                     FindElement(permSetElement, "SkipVerification");
  608.                     FindElement(permSetElement, "Execution");
  609.                     FindElement(permSetElement, "Nothing");
  610.                     FindElement(permSetElement, "Internet");
  611.                     FindElement(permSetElement, "LocalIntranet");
  612.                 }
  613.                
  614.                 if (permSetElement == null)
  615.                     permSetElement = new SecurityElement("NamedPermissionSets");
  616.                
  617.                 // Then we add in the immutable permission sets (this prevents any alterations
  618.                 // to them in the XML file from impacting the runtime versions).
  619.                
  620.                 namedPermissionSets.Add(CreateFullTrustSet());
  621.                 namedPermissionSets.Add(CreateSkipVerificationSet());
  622.                 namedPermissionSets.Add(CreateExecutionSet());
  623.                 namedPermissionSets.Add(CreateNothingSet());
  624.                
  625.                 permSetElement.AddChild(GetInternetElement());
  626.                 permSetElement.AddChild(GetLocalIntranetElement());
  627.                
  628.                 foreach (PermissionSet ps in namedPermissionSets)
  629.                     ps.IgnoreTypeLoadFailures = true;
  630.                
  631.                 m_namedPermissionSets = namedPermissionSets;
  632.                 m_permSetElement = permSetElement;
  633.                
  634.                 // Parse the root code group.
  635.                 SecurityElement elCodeGroup = e.SearchForChildByTag("CodeGroup");
  636.                 if (elCodeGroup == null)
  637.                     throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Argument_InvalidXMLElement"), "CodeGroup", this.GetType().FullName));
  638.                
  639.                 CodeGroup rootCodeGroup = System.Security.Util.XMLUtil.CreateCodeGroup(UnnormalizeClassDeep(elCodeGroup, classes));
  640.                 if (rootCodeGroup == null)
  641.                     throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Argument_InvalidXMLElement"), "CodeGroup", this.GetType().FullName));
  642.                
  643.                 rootCodeGroup.FromXml(elCodeGroup, this);
  644.                 m_rootCodeGroup = rootCodeGroup;
  645.             }
  646.         }
  647.        
  648.         //
  649.         // Internal methods.
  650.         //
  651.        
  652.         static internal PermissionSet GetBuiltInSet(string name)
  653.         {
  654.             // Used by PermissionSetAttribute to create one of the built-in,
  655.             // immutable permission sets.
  656.            
  657.             if (name == null)
  658.                 return null;
  659.             else if (name.Equals("FullTrust"))
  660.                 return CreateFullTrustSet();
  661.             else if (name.Equals("Nothing"))
  662.                 return CreateNothingSet();
  663.             else if (name.Equals("Execution"))
  664.                 return CreateExecutionSet();
  665.             else if (name.Equals("SkipVerification"))
  666.                 return CreateSkipVerificationSet();
  667.             else if (name.Equals("Internet"))
  668.                 return CreateInternetSet();
  669.             else if (name.Equals("LocalIntranet"))
  670.                 return CreateLocalIntranetSet();
  671.             else
  672.                 return null;
  673.         }
  674.        
  675.         internal NamedPermissionSet GetNamedPermissionSetInternal(string name)
  676.         {
  677.             CheckLoaded();
  678.            
  679.             lock (InternalSyncObject) {
  680.                 // First, try to find it in the list.
  681.                 IEnumerator enumerator = m_namedPermissionSets.GetEnumerator();
  682.                 while (enumerator.MoveNext()) {
  683.                     NamedPermissionSet current = (NamedPermissionSet)enumerator.Current;
  684.                     if (current.Name.Equals(name))
  685.                         return current;
  686.                 }
  687.                
  688.                 // We didn't find it in the list, so if we have a stored element
  689.                 // see if it is there.
  690.                
  691.                 if (m_permSetElement != null) {
  692.                     SecurityElement elem = FindElement(name);
  693.                     if (elem != null) {
  694.                         NamedPermissionSet permSet = new NamedPermissionSet();
  695.                         permSet.Name = name;
  696.                         m_namedPermissionSets.Add(permSet);
  697.                         try {
  698.                             // We play it conservative here and just say that we are loading policy
  699.                             // anytime we have to decode a permission set.
  700.                             permSet.FromXml(elem, false, true);
  701.                         }
  702.                         catch {
  703.                             m_namedPermissionSets.Remove(permSet);
  704.                             return null;
  705.                         }
  706.                        
  707.                         if (permSet.Name != null) {
  708.                             return permSet;
  709.                         }
  710.                         else {
  711.                             m_namedPermissionSets.Remove(permSet);
  712.                             return null;
  713.                         }
  714.                     }
  715.                 }
  716.                
  717.                 return null;
  718.             }
  719.         }
  720.        
  721.         internal PolicyStatement Resolve(Evidence evidence, int count, char[] serializedEvidence)
  722.         {
  723.             if (evidence == null)
  724.                 throw new ArgumentNullException("evidence");
  725.         &n