private List<ApplicationAccessRule> GetAccessRules()
{
List<ApplicationAccessRule> rules = new List<ApplicationAccessRule>();
// check for rules specified in the installer configuration.
bool hasAdmin = false;
if (InstallConfig.AccessRules != null)
{
for (int ii = 0; ii < InstallConfig.AccessRules.Count; ii++)
{
ApplicationAccessRule rule = InstallConfig.AccessRules[ii];
if (rule.Right == ApplicationAccessRight.Configure && rule.RuleType == AccessControlType.Allow)
{
hasAdmin = true;
break;
}
}
rules = InstallConfig.AccessRules;
}
// provide some default rules.
if (rules.Count == 0)
{
// give user run access.
ApplicationAccessRule rule = new ApplicationAccessRule();
rule.RuleType = AccessControlType.Allow;
rule.Right = ApplicationAccessRight.Run;
rule.IdentityName = WellKnownSids.Users;
rules.Add(rule);
// ensure service can access.
if (InstallConfig.InstallAsService)
{
rule = new ApplicationAccessRule();
rule.RuleType = AccessControlType.Allow;
rule.Right = ApplicationAccessRight.Run;
rule.IdentityName = WellKnownSids.NetworkService;
rules.Add(rule);
rule = new ApplicationAccessRule();
rule.RuleType = AccessControlType.Allow;
rule.Right = ApplicationAccessRight.Run;
rule.IdentityName = WellKnownSids.LocalService;
rules.Add(rule);
}
}
// ensure someone can change the configuration later.
if (!hasAdmin)
{
ApplicationAccessRule rule = new ApplicationAccessRule();
rule.RuleType = AccessControlType.Allow;
rule.Right = ApplicationAccessRight.Configure;
rule.IdentityName = WellKnownSids.Administrators;
rules.Add(rule);
}
return rules;
}