internal PermissionSet CodeGroupResolve (Evidence evidence, bool systemPolicy) {
PermissionSet grant = null;
PolicyStatement policy;
PolicyLevel currentLevel = null;
IEnumerator levelEnumerator = PolicyLevels.GetEnumerator();
char[] serializedEvidence = MakeEvidenceArray(evidence, false);
int count = evidence.Count;
bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null);
bool testApplicationLevels = false;
while (levelEnumerator.MoveNext())
{
currentLevel = (PolicyLevel)levelEnumerator.Current;
if (systemPolicy) {
if (currentLevel.Type == PolicyLevelType.AppDomain)
continue;
} else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain)
continue;
policy = currentLevel.Resolve(evidence, count, serializedEvidence);
// If the grant is "AllPossible", the intersection is just the other permission set.
// Otherwise, do an inplace intersection (since we know we can alter the grant set since
// it is a copy of the first policy statement's permission set).
if (grant == null)
grant = policy.PermissionSet;
else
grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
if (grant == null || grant.FastIsEmpty())
{
break;
}
else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
{
if (currentLevel.Type != PolicyLevelType.AppDomain)
{
testApplicationLevels = true;
}
break;
}
}
if (grant != null && testApplicationLevels)
{
PolicyLevel appDomainLevel = null;
for (int i = PolicyLevels.Count - 1; i >= 0; --i)
{
currentLevel = (PolicyLevel) PolicyLevels[i];
if (currentLevel.Type == PolicyLevelType.AppDomain)
{
appDomainLevel = currentLevel;
break;
}
}
if (appDomainLevel != null)
{
policy = appDomainLevel.Resolve(evidence, count, serializedEvidence);
grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
}
}
if (grant == null)
grant = new PermissionSet(PermissionState.None);
// Each piece of evidence can possibly create an identity permission that we
// need to add to our grant set. Therefore, for all pieces of evidence that
// implement the IIdentityPermissionFactory interface, ask it for its
// adjoining identity permission and add it to the grant.
if (!CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() || !grant.IsUnrestricted()) {
IEnumerator enumerator = evidence.GetHostEnumerator();
while (enumerator.MoveNext())
{
Object obj = enumerator.Current;
IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
if (factory != null)
{
IPermission perm = factory.CreateIdentityPermission( evidence );
if (perm != null)
grant.AddPermission( perm );
}
}
}
grant.IgnoreTypeLoadFailures = true;
return grant;
}