System.Security.PolicyManager.CodeGroupResolve C# (CSharp) Method

PolicyManager Class Documentation Usage Examples Of System.Security.PolicyManager::CodeGroupResolve Show file Open project: gbarnett/shared-source-cli-2.0

CodeGroupResolve() private method

private CodeGroupResolve ( Evidence evidence, bool systemPolicy ) : PermissionSet
evidence	System.Security.Policy.Evidence
systemPolicy	bool
return	PermissionSet

        internal PermissionSet CodeGroupResolve (Evidence evidence, bool systemPolicy) {
            PermissionSet grant = null;
            PolicyStatement policy;
            PolicyLevel currentLevel = null;

            IEnumerator levelEnumerator = PolicyLevels.GetEnumerator();

            char[] serializedEvidence = MakeEvidenceArray(evidence, false);
            int count = evidence.Count;

            bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null);
            bool testApplicationLevels = false;
            while (levelEnumerator.MoveNext())
            {
                currentLevel = (PolicyLevel)levelEnumerator.Current;
                if (systemPolicy) {
                    if (currentLevel.Type == PolicyLevelType.AppDomain)
                        continue;
                } else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain)
                    continue;

                policy = currentLevel.Resolve(evidence, count, serializedEvidence);

                // If the grant is "AllPossible", the intersection is just the other permission set.
                // Otherwise, do an inplace intersection (since we know we can alter the grant set since
                // it is a copy of the first policy statement's permission set).

                if (grant == null)
                    grant = policy.PermissionSet;
                else
                    grant.InplaceIntersect(policy.GetPermissionSetNoCopy());

                if (grant == null || grant.FastIsEmpty())
                {
                    break;
                }
                else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
                {
                    if (currentLevel.Type != PolicyLevelType.AppDomain)
                    {
                        testApplicationLevels = true;
                    }
                    break;
                }
            }

            if (grant != null && testApplicationLevels)
            {
                PolicyLevel appDomainLevel = null;

                for (int i = PolicyLevels.Count - 1; i >= 0; --i)
                {
                    currentLevel = (PolicyLevel) PolicyLevels[i];
                    if (currentLevel.Type == PolicyLevelType.AppDomain)
                    {
                        appDomainLevel = currentLevel;
                        break;
                    }
                }

                if (appDomainLevel != null)
                {
                    policy = appDomainLevel.Resolve(evidence, count, serializedEvidence);
                    grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
                }
            }

            if (grant == null)
                grant = new PermissionSet(PermissionState.None);

            // Each piece of evidence can possibly create an identity permission that we
            // need to add to our grant set.  Therefore, for all pieces of evidence that
            // implement the IIdentityPermissionFactory interface, ask it for its
            // adjoining identity permission and add it to the grant.

            if (!CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() || !grant.IsUnrestricted()) {
                IEnumerator enumerator = evidence.GetHostEnumerator();
                while (enumerator.MoveNext())
                {
                    Object obj = enumerator.Current;
                    IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
                    if (factory != null)
                    {
                        IPermission perm = factory.CreateIdentityPermission( evidence );
                        if (perm != null)
                            grant.AddPermission( perm );
                    }
                }
            }

            grant.IgnoreTypeLoadFailures = true;
            return grant;
        }

Usage Example

Example #1

Show file

File: securitymanager.cs Project: zh454771942/shared-source-cli-2.0

        //
        // This method resolves the policy for the specified evidence, but it
        // ignores the AppDomain level even when one is available in the current policy.
        //

        public static PermissionSet ResolveSystemPolicy(Evidence evidence)
        {
            if (PolicyManager.IsGacAssembly(evidence))
            {
                return(new PermissionSet(PermissionState.Unrestricted));
            }

            return(polmgr.CodeGroupResolve(evidence, true));
        }

All Usage Examples Of System.Security.PolicyManager::CodeGroupResolve

PolicyManager

AddLevel

CanUseQuickCache

CodeGroupResolve

EncodeLevel

GenerateQuickCache

IsGacAssembly

MakeEvidenceArray

PolicyHierarchy

PolicyManager

Resolve

ResolveCodeGroups

ResolveHelper

Save

TestPolicyStatement

_DebugOut