/// <devdoc>
/// <para>Compares two <see cref='System.Net.SocketPermission'/> instances.</para>
/// </devdoc>
public override bool IsSubsetOf(IPermission target)
{
// Pattern suggested by security engine
if (target == null)
{
return(m_noRestriction == false && m_connectList.Count == 0 && m_acceptList.Count == 0);
}
SocketPermission other = target as SocketPermission;
if (other == null)
{
throw new ArgumentException(SR.GetString(SR.net_perm_target), "target");
}
if (other.IsUnrestricted())
{
return(true);
}
else if (this.IsUnrestricted())
{
return(false);
}
else if (this.m_acceptList.Count + this.m_connectList.Count == 0)
{
return(true);
}
else if (other.m_acceptList.Count + other.m_connectList.Count == 0)
{
return(false);
}
bool result = false;
try {
if (FindSubset(m_connectList, other.m_connectList) &&
FindSubset(m_acceptList, other.m_acceptList))
{
result = true;
}
}
finally {
// This is around a back door into DNS
// Security engine will call isSubsetOf and probably have
// DNS permission asserted. We call DNS resolve.
// Before return do cleanup of DNS results.
// Only "this" needs cleanup, the policy object is not available for
// an application to look at.
this.CleanupDNS();
}
return(result);
}
