2 // System.Security.Permissions.ResourcePermissionBase.cs
5 // Jonathan Pryor (jonpryor@vt.edu)
6 // Sebastien Pouliot <sebastien@ximian.com>
9 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
11 // Permission is hereby granted, free of charge, to any person obtaining
12 // a copy of this software and associated documentation files (the
13 // "Software"), to deal in the Software without restriction, including
14 // without limitation the rights to use, copy, modify, merge, publish,
15 // distribute, sublicense, and/or sell copies of the Software, and to
16 // permit persons to whom the Software is furnished to do so, subject to
17 // the following conditions:
19 // The above copyright notice and this permission notice shall be
20 // included in all copies or substantial portions of the Software.
22 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
31 using System.Collections;
32 using System.Globalization;
34 namespace System.Security.Permissions {
37 public abstract class ResourcePermissionBase : CodeAccessPermission, IUnrestrictedPermission {
39 private const int version = 1;
41 private ArrayList _list;
42 private bool _unrestricted;
44 private string[] _tags;
46 protected ResourcePermissionBase ()
48 _list = new ArrayList ();
51 protected ResourcePermissionBase (PermissionState state) : this ()
54 PermissionHelper.CheckPermissionState (state, true);
56 // there are no validation of the permission state
57 // but any invalid value results in a restricted set
59 _unrestricted = (state == PermissionState.Unrestricted);
62 public const string Any = "*";
63 public const string Local = ".";
65 protected Type PermissionAccessType {
69 throw new ArgumentNullException ("PermissionAccessType");
71 throw new ArgumentException ("!Enum", "PermissionAccessType");
76 protected string[] TagNames {
80 throw new ArgumentNullException ("TagNames");
81 if (value.Length == 0)
82 throw new ArgumentException ("Length==0", "TagNames");
87 protected void AddPermissionAccess (ResourcePermissionBaseEntry entry)
91 string msg = Locale.GetText ("Entry already exists.");
92 throw new InvalidOperationException (msg);
98 protected void Clear ()
103 public override IPermission Copy ()
105 ResourcePermissionBase copy = CreateFromType (this.GetType (), _unrestricted);
107 copy._tags = (string[]) _tags.Clone ();
109 // FIXME: shallow or deep copy ?
110 copy._list.AddRange (_list);
114 [MonoTODO ("incomplete - need more test")]
115 public override void FromXml (SecurityElement securityElement)
118 if (securityElement == null)
119 throw new ArgumentNullException ("securityElement");
121 if (securityElement == null)
122 throw new NullReferenceException ("securityElement");
124 CheckSecurityElement (securityElement, "securityElement", version, version);
125 // Note: we do not (yet) care about the return value
126 // as we only accept version 1 (min/max values)
129 _unrestricted = PermissionHelper.IsUnrestricted (securityElement);
130 if ((securityElement.Children == null) || (securityElement.Children.Count < 1))
133 string[] names = new string [1];
134 foreach (SecurityElement child in securityElement.Children) {
135 // TODO: handle multiple names
136 names [0] = child.Attribute ("name");
137 int access = (int) Enum.Parse (PermissionAccessType, child.Attribute ("access"));
138 ResourcePermissionBaseEntry entry = new ResourcePermissionBaseEntry (access, names);
139 AddPermissionAccess (entry);
143 protected ResourcePermissionBaseEntry[] GetPermissionEntries ()
145 ResourcePermissionBaseEntry[] entries = new ResourcePermissionBaseEntry [_list.Count];
146 _list.CopyTo (entries, 0);
150 public override IPermission Intersect (IPermission target)
152 ResourcePermissionBase rpb = Cast (target);
156 bool su = this.IsUnrestricted ();
157 bool tu = rpb.IsUnrestricted ();
159 // if one is empty we return null (unless the other one is unrestricted)
160 if (IsEmpty () && !tu)
162 if (rpb.IsEmpty () && !su)
165 ResourcePermissionBase result = CreateFromType (this.GetType (), (su && tu));
166 foreach (ResourcePermissionBaseEntry entry in _list) {
167 if (tu || rpb.Exists (entry))
168 result.AddPermissionAccess (entry);
170 foreach (ResourcePermissionBaseEntry entry in rpb._list) {
172 if ((su || this.Exists (entry)) && !result.Exists (entry))
173 result.AddPermissionAccess (entry);
178 public override bool IsSubsetOf (IPermission target)
180 if (target == null) {
182 // do not use Cast - different permissions (and earlier Fx) return false :-/
189 ResourcePermissionBase rpb = (target as ResourcePermissionBase);
192 if (rpb.IsUnrestricted ())
194 if (IsUnrestricted ())
195 return rpb.IsUnrestricted ();
196 foreach (ResourcePermissionBaseEntry entry in _list) {
197 if (!rpb.Exists (entry))
203 public bool IsUnrestricted ()
205 return _unrestricted;
208 protected void RemovePermissionAccess (ResourcePermissionBaseEntry entry)
211 for (int i = 0; i < _list.Count; i++) {
212 ResourcePermissionBaseEntry rpbe = (ResourcePermissionBaseEntry) _list [i];
213 if (Equals (entry, rpbe)) {
218 string msg = Locale.GetText ("Entry doesn't exists.");
219 throw new InvalidOperationException (msg);
222 public override SecurityElement ToXml ()
224 SecurityElement se = PermissionHelper.Element (this.GetType (), version);
225 if (IsUnrestricted ()) {
226 se.AddAttribute ("Unrestricted", "true");
229 foreach (ResourcePermissionBaseEntry entry in _list) {
230 SecurityElement container = se;
231 string access = null;
232 if (PermissionAccessType != null)
233 access = Enum.Format (PermissionAccessType, entry.PermissionAccess, "g");
235 for (int i=0; i < _tags.Length; i++) {
236 SecurityElement child = new SecurityElement (_tags [i]);
237 child.AddAttribute ("name", entry.PermissionAccessPath [i]);
239 child.AddAttribute ("access", access);
240 container.AddChild (child);
248 public override IPermission Union (IPermission target)
250 ResourcePermissionBase rpb = Cast (target);
253 if (IsEmpty () && rpb.IsEmpty ())
260 bool unrestricted = (IsUnrestricted () || rpb.IsUnrestricted ());
261 ResourcePermissionBase result = CreateFromType (this.GetType (), unrestricted);
262 // strangely unrestricted union doesn't process the elements (while intersect does)
264 foreach (ResourcePermissionBaseEntry entry in _list) {
265 result.AddPermissionAccess (entry);
267 foreach (ResourcePermissionBaseEntry entry in rpb._list) {
269 if (!result.Exists (entry))
270 result.AddPermissionAccess (entry);
278 private bool IsEmpty ()
280 return (!_unrestricted && (_list.Count == 0));
283 private ResourcePermissionBase Cast (IPermission target)
288 ResourcePermissionBase rp = (target as ResourcePermissionBase);
290 PermissionHelper.ThrowInvalidPermission (target, typeof (ResourcePermissionBase));
296 internal void CheckEntry (ResourcePermissionBaseEntry entry)
299 throw new ArgumentNullException ("entry");
300 if ((entry.PermissionAccessPath == null) || (entry.PermissionAccessPath.Length != _tags.Length)) {
301 string msg = Locale.GetText ("Entry doesn't match TagNames");
302 throw new InvalidOperationException (msg);
306 internal bool Equals (ResourcePermissionBaseEntry entry1, ResourcePermissionBaseEntry entry2)
308 if (entry1.PermissionAccess != entry2.PermissionAccess)
310 if (entry1.PermissionAccessPath.Length != entry2.PermissionAccessPath.Length)
312 for (int i=0; i < entry1.PermissionAccessPath.Length; i++) {
313 if (entry1.PermissionAccessPath [i] != entry2.PermissionAccessPath [i])
319 internal bool Exists (ResourcePermissionBaseEntry entry)
321 if (_list.Count == 0)
323 foreach (ResourcePermissionBaseEntry rpbe in _list) {
324 if (Equals (rpbe, entry))
330 // logic isn't identical to PermissionHelper.CheckSecurityElement
331 // - no throw on version mismatch
332 internal int CheckSecurityElement (SecurityElement se, string parameterName, int minimumVersion, int maximumVersion)
335 throw new ArgumentNullException (parameterName);
337 // Tag is case-sensitive
338 if (se.Tag != "IPermission") {
339 string msg = String.Format (Locale.GetText ("Invalid tag {0}"), se.Tag);
340 throw new ArgumentException (msg, parameterName);
343 // Note: we do not care about the class attribute at
344 // this stage (in fact we don't even if the class
345 // attribute is present or not). Anyway the object has
346 // already be created, with success, if we're loading it
348 // we assume minimum version if no version number is supplied
349 int version = minimumVersion;
350 string v = se.Attribute ("version");
353 version = Int32.Parse (v);
355 catch (Exception e) {
356 string msg = Locale.GetText ("Couldn't parse version from '{0}'.");
357 msg = String.Format (msg, v);
358 throw new ArgumentException (msg, parameterName, e);
362 if ((version < minimumVersion) || (version > maximumVersion)) {
363 string msg = Locale.GetText ("Unknown version '{0}', expected versions between ['{1}','{2}'].");
364 msg = String.Format (msg, version, minimumVersion, maximumVersion);
365 throw new ArgumentException (msg, parameterName);
373 private static char[] invalidChars = new char[] { '\t', '\n', '\v', '\f', '\r', ' ', '\\', '\x160' };
375 internal static void ValidateMachineName (string name)
377 // FIXME: maybe other checks are required (but not documented)
378 if ((name == null) || (name.Length == 0) || (name.IndexOfAny (invalidChars) != -1)) {
379 string msg = Locale.GetText ("Invalid machine name '{0}'.");
382 msg = String.Format (msg, name);
383 throw new ArgumentException (msg, "MachineName");
387 internal static ResourcePermissionBase CreateFromType (Type type, bool unrestricted)
389 object[] parameters = new object [1];
390 parameters [0] = (object) ((unrestricted) ? PermissionState.Unrestricted : PermissionState.None);
391 // we must return the derived type - this is why an empty constructor is required ;-)
392 return (ResourcePermissionBase) Activator.CreateInstance (type, parameters);