public void RemoveAccessRuleSpecific(FileSystemAccessRule rule)
{
ArgumentNullException.ThrowIfNull(rule);
// If the rule to be removed matches what is there currently then
// remove it unaltered. That is, don't mask off the Synchronize bit
// This is to avoid dangling synchronize bit
AuthorizationRuleCollection rules = GetAccessRules(true, true, rule.IdentityReference.GetType());
for (int i = 0; i < rules.Count; i++)
{
if ((rules[i] is FileSystemAccessRule fsrule) && (fsrule.FileSystemRights == rule.FileSystemRights) &&
(fsrule.IdentityReference == rule.IdentityReference) &&
(fsrule.AccessControlType == rule.AccessControlType))
{
base.RemoveAccessRuleSpecific(rule);
return;
}
}
// Mask off the synchronize bit (that is automatically added for Allow)
// before removing the ACL. The logic here should be same as Deny and hence
// fake a call to AccessMaskFromRights as though the ACL is for Deny
FileSystemAccessRule ruleNew = new FileSystemAccessRule(
rule.IdentityReference,
FileSystemAccessRule.AccessMaskFromRights(rule.FileSystemRights, AccessControlType.Deny),
rule.IsInherited,
rule.InheritanceFlags,
rule.PropagationFlags,
rule.AccessControlType);
base.RemoveAccessRuleSpecific(ruleNew);
}