2 // System.Security.Policy.PolicyLevel.cs
5 // Nick Drochak (ndrochak@gol.com)
6 // Duncan Mak (duncan@ximian.com)
7 // Sebastien Pouliot (spouliot@motus.com)
9 // (C) 2001 Nick Drochak
10 // (C) 2003 Duncan Mak, Ximian Inc.
11 // Portions (C) 2004 Motus Technologies Inc. (http://www.motus.com)
15 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
17 // Permission is hereby granted, free of charge, to any person obtaining
18 // a copy of this software and associated documentation files (the
19 // "Software"), to deal in the Software without restriction, including
20 // without limitation the rights to use, copy, modify, merge, publish,
21 // distribute, sublicense, and/or sell copies of the Software, and to
22 // permit persons to whom the Software is furnished to do so, subject to
23 // the following conditions:
25 // The above copyright notice and this permission notice shall be
26 // included in all copies or substantial portions of the Software.
28 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
29 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
30 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
31 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
32 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
33 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
34 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
37 using System.Collections; // for IList
38 using System.Globalization;
40 using System.Reflection;
41 using System.Security;
42 using System.Security.Permissions;
46 namespace System.Security.Policy {
49 public sealed class PolicyLevel {
52 CodeGroup root_code_group;
53 private ArrayList full_trust_assemblies;
54 private ArrayList named_permission_sets;
55 private string _location;
57 internal PolicyLevel (string label)
60 full_trust_assemblies = new ArrayList ();
61 named_permission_sets = new ArrayList ();
64 internal void LoadFromFile (string filename)
66 if (!File.Exists (filename))
67 throw new ArgumentException (Locale.GetText ("file do not exist"));
69 // throw a SecurityException if we don't have Read, Write and PathDiscovery permissions
70 FileIOPermissionAccess access = FileIOPermissionAccess.Read | FileIOPermissionAccess.Write | FileIOPermissionAccess.PathDiscovery;
71 new FileIOPermission (access, filename).Demand ();
73 using (StreamReader sr = File.OpenText (filename)) {
74 string xml = sr.ReadToEnd ();
80 internal void LoadFromString (string xml)
82 SecurityParser parser = new SecurityParser ();
84 // configuration / mscorlib / security / policy / PolicyLevel
85 SecurityElement configuration = parser.ToXml ();
86 if (configuration.Tag != "configuration")
87 throw new ArgumentException (Locale.GetText ("missing <configuration> root element"));
88 SecurityElement mscorlib = (SecurityElement) configuration.Children [0];
89 if (mscorlib.Tag != "mscorlib")
90 throw new ArgumentException (Locale.GetText ("missing <mscorlib> tag"));
91 SecurityElement security = (SecurityElement) mscorlib.Children [0];
92 if (security.Tag != "security")
93 throw new ArgumentException (Locale.GetText ("missing <security> tag"));
94 SecurityElement policy = (SecurityElement) security.Children [0];
95 if (policy.Tag != "policy")
96 throw new ArgumentException (Locale.GetText ("missing <policy> tag"));
97 SecurityElement policyLevel = (SecurityElement) policy.Children [0];
98 FromXml (policyLevel);
103 public IList FullTrustAssemblies
105 get { return full_trust_assemblies; }
108 public string Label {
109 get { return label; }
112 public IList NamedPermissionSets {
113 get { return named_permission_sets; }
116 public CodeGroup RootCodeGroup {
117 get { return root_code_group; }
120 throw new ArgumentNullException ("value");
121 root_code_group = value;
125 public string StoreLocation {
126 get { return _location; }
129 public void AddFullTrustAssembly (StrongName sn)
132 throw new ArgumentNullException ("sn");
134 StrongNameMembershipCondition snMC = new StrongNameMembershipCondition(
135 sn.PublicKey, sn.Name, sn.Version);
137 AddFullTrustAssembly (snMC);
140 public void AddFullTrustAssembly (StrongNameMembershipCondition snMC)
143 throw new ArgumentNullException ("snMC");
145 foreach (StrongNameMembershipCondition sn in full_trust_assemblies) {
146 if (sn.Equals (snMC)) {
147 throw new ArgumentException (Locale.GetText ("sn already has full trust."));
150 full_trust_assemblies.Add (snMC);
153 public void AddNamedPermissionSet (NamedPermissionSet permSet)
156 throw new ArgumentNullException ("permSet");
158 foreach (NamedPermissionSet n in named_permission_sets) {
159 if (permSet.Name == n.Name) {
160 throw new ArgumentException (
161 Locale.GetText ("This NamedPermissionSet is the same an existing NamedPermissionSet."));
164 named_permission_sets.Add (permSet);
167 public NamedPermissionSet ChangeNamedPermissionSet (string name, PermissionSet pSet)
170 throw new ArgumentNullException ("name");
172 throw new ArgumentNullException ("pSet");
173 if (IsReserved (name))
174 throw new ArgumentException (Locale.GetText ("Reserved name"));
176 foreach (NamedPermissionSet n in named_permission_sets) {
177 if (name == n.Name) {
178 named_permission_sets.Remove (n);
179 AddNamedPermissionSet (new NamedPermissionSet (name, pSet));
183 throw new ArgumentException (Locale.GetText ("PermissionSet not found"));
186 public static PolicyLevel CreateAppDomainLevel ()
188 NamedPermissionSet fullTrust = new NamedPermissionSet ("FullTrust", PermissionState.Unrestricted);
189 UnionCodeGroup cg = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (fullTrust));
190 cg.Name = "All_Code";
191 PolicyLevel pl = new PolicyLevel ("AppDomain");
192 pl.RootCodeGroup = cg;
196 public void FromXml (SecurityElement e)
199 throw new ArgumentNullException ("e");
200 // MS doesn't throw an exception for this case
201 // if (e.Tag != "PolicyLevel")
202 // throw new ArgumentException (Locale.GetText ("Invalid XML"));
204 Hashtable fullNames = null;
205 SecurityElement sc = e.SearchForChildByTag ("SecurityClasses");
206 if ((sc != null) && (sc.Children != null) && (sc.Children.Count > 0)) {
207 fullNames = new Hashtable (sc.Children.Count);
208 foreach (SecurityElement se in sc.Children) {
209 fullNames.Add (se.Attributes ["Name"], se.Attributes ["Description"]);
213 SecurityElement nps = e.SearchForChildByTag ("NamedPermissionSets");
214 if ((nps != null) && (nps.Children != null) && (nps.Children.Count > 0)) {
215 named_permission_sets.Clear ();
216 foreach (SecurityElement se in nps.Children) {
217 NamedPermissionSet n = new NamedPermissionSet ();
219 named_permission_sets.Add (n);
223 SecurityElement cg = e.SearchForChildByTag ("CodeGroup");
224 if ((cg != null) && (cg.Children != null) && (cg.Children.Count > 0)) {
225 root_code_group = CodeGroup.CreateFromXml (cg);
228 throw new ArgumentException (Locale.GetText ("Missing Root CodeGroup"));
230 SecurityElement fta = e.SearchForChildByTag ("FullTrustAssemblies");
231 if ((fta != null) && (fta.Children != null) && (fta.Children.Count > 0)) {
232 full_trust_assemblies.Clear ();
233 foreach (SecurityElement se in fta.Children) {
234 if (se.Tag != "IMembershipCondition")
235 throw new ArgumentException (Locale.GetText ("Invalid XML"));
236 string className = (string) se.Attributes ["class"];
237 if (className.IndexOf ("StrongNameMembershipCondition") < 0)
238 throw new ArgumentException (Locale.GetText ("Invalid XML - must be StrongNameMembershipCondition"));
239 // we directly use StrongNameMembershipCondition
240 full_trust_assemblies.Add (new StrongNameMembershipCondition (se));
245 public NamedPermissionSet GetNamedPermissionSet (string name)
248 throw new ArgumentNullException ("name");
250 foreach (NamedPermissionSet n in named_permission_sets)
258 public void Recover ()
260 throw new NotImplementedException ();
263 public void RemoveFullTrustAssembly (StrongName sn)
266 throw new ArgumentNullException ("sn");
268 StrongNameMembershipCondition s = new StrongNameMembershipCondition (sn.PublicKey, sn.Name, sn.Version);
269 RemoveFullTrustAssembly (s);
272 public void RemoveFullTrustAssembly (StrongNameMembershipCondition snMC)
275 throw new ArgumentNullException ("snMC");
277 if (((IList) full_trust_assemblies).Contains (snMC))
278 ((IList) full_trust_assemblies).Remove (snMC);
281 throw new ArgumentException (
282 Locale.GetText ("sn does not have full trust."));
285 public NamedPermissionSet RemoveNamedPermissionSet (NamedPermissionSet permSet)
288 throw new ArgumentNullException (
289 Locale.GetText ("The Argument is null."));
291 if (! ((IList )named_permission_sets).Contains (permSet))
292 throw new ArgumentException (
293 Locale.GetText ("permSet cannot be found."));
295 ((IList) named_permission_sets).Remove (permSet);
300 [MonoTODO ("Check for reserver names")]
301 public NamedPermissionSet RemoveNamedPermissionSet (string name)
304 throw new ArgumentNullException ("name");
307 for (int i = 0; i < named_permission_sets.Count; i++) {
308 NamedPermissionSet current = (NamedPermissionSet) named_permission_sets [i];
310 if (current.Name == name)
316 throw new ArgumentException (
317 Locale.GetText ("Name cannot be found."));
319 NamedPermissionSet retval = (NamedPermissionSet) named_permission_sets [idx];
320 named_permission_sets.RemoveAt (idx);
325 [MonoTODO ("Find out what the default state is")]
328 throw new NotImplementedException ();
332 public PolicyStatement Resolve (Evidence evidence)
334 if (evidence == null)
335 throw new ArgumentNullException ("evidence");
337 throw new NotImplementedException ();
341 public CodeGroup ResolveMatchingCodeGroups (Evidence evidence)
343 if (evidence == null)
344 throw new ArgumentNullException ("evidence");
346 throw new NotImplementedException ();
349 public SecurityElement ToXml ()
351 Hashtable fullNames = new Hashtable ();
352 // only StrongNameMembershipCondition so no need to loop
353 if (full_trust_assemblies.Count > 0) {
354 if (!fullNames.Contains ("StrongNameMembershipCondition")) {
355 fullNames.Add ("StrongNameMembershipCondition", typeof (StrongNameMembershipCondition).FullName);
359 SecurityElement namedPSs = new SecurityElement ("NamedPermissionSets");
360 foreach (NamedPermissionSet nps in named_permission_sets) {
361 SecurityElement se = nps.ToXml ();
362 object objectClass = se.Attributes ["class"];
363 if (!fullNames.Contains (objectClass)) {
364 fullNames.Add (objectClass, nps.GetType ().FullName);
366 namedPSs.AddChild (se);
369 SecurityElement fta = new SecurityElement ("FullTrustAssemblies");
370 foreach (StrongNameMembershipCondition snmc in full_trust_assemblies) {
371 fta.AddChild (snmc.ToXml (this));
374 SecurityElement security_classes = new SecurityElement ("SecurityClasses");
375 if (fullNames.Count > 0) {
376 foreach (DictionaryEntry de in fullNames) {
377 SecurityElement sc = new SecurityElement ("SecurityClass");
378 sc.AddAttribute ("Name", (string)de.Key);
379 sc.AddAttribute ("Description", (string)de.Value);
380 security_classes.AddChild (sc);
384 SecurityElement element = new SecurityElement (typeof (System.Security.Policy.PolicyLevel).Name);
385 element.AddAttribute ("version", "1");
386 element.AddChild (security_classes);
387 element.AddChild (namedPSs);
388 if (root_code_group != null) {
389 element.AddChild (root_code_group.ToXml (this));
391 element.AddChild (fta);
398 internal bool IsReserved (string name)
402 case "LocalIntranet":
404 case "SkipVerification":
408 // FIXME: Are there others ?