3 // Copyright (c) Microsoft Corporation. All rights reserved.
8 // <OWNER>ShawnFa</OWNER>
10 // Defines the interface that all Permission objects must support.
13 namespace System.Security
16 [System.Runtime.InteropServices.ComVisible(true)]
17 public interface IPermission : ISecurityEncodable
19 // NOTE: The constants that used to be defined here were moved to
20 // PermissionsEnum.cs due to CLS restrictions.
22 // The integrity of the security system depends on a means to
23 // copy objects so that references to sensitive objects are not
24 // exposed outside of the runtime. Thus, all permissions must
27 // Makes an exact copy of the Permission.
31 * Methods to support the Installation, Registration, others... PolicyEngine
34 // Policy decisions and runtime mechanisms (for example, Deny)
35 // require a means to retrieve shared state between two
36 // permissions. If there is no shared state between two
37 // instances, then the method should return null.
39 // Could think of the method as GetCommonState,
40 // but leave it as Intersect to avoid gratuitous name changes.
42 // Returns a new permission with the permission-defined intersection
43 // of the two permissions. The intersection is generally defined as
44 // privilege parameters that are included by both 'this' and 'target'.
45 // Returns null if 'target' is null or is of wrong type.
47 IPermission Intersect(IPermission target);
49 // The runtime policy manager also requires a means of combining the
50 // state contained within two permissions of the same type in a logical OR
51 // construct. (The Union of two permission of different type is not defined,
52 // except when one of the two is a CompoundPermission of internal type equal
53 // to the type of the other permission.)
56 IPermission Union(IPermission target);
58 // IsSubsetOf defines a standard mechanism for determining
59 // relative safety between two permission demands of the same type.
60 // If one demand x demands no more than some other demand y, then
61 // x.IsSubsetOf(y) should return true. In this case, if the
62 // demand for y is satisfied, then it is possible to assume that
63 // the demand for x would also be satisfied under the same
64 // circumstances. On the other hand, if x demands something that y
65 // does not, then x.IsSubsetOf(y) should return false; the fact
66 // that x is satisfied by the current security context does not
67 // also imply that the demand for y will also be satisfied.
69 // Returns true if 'this' Permission allows no more access than the
72 bool IsSubsetOf(IPermission target);
74 // The Demand method is the fundamental part of the IPermission
75 // interface from a component developer's perspective. The
76 // permission represents the demand that the developer wants
77 // satisfied, and Demand is the means to invoke the demand.
78 // For each type of permission, the mechanism to verify the
79 // demand will be different. However, to the developer, all
80 // permissions invoke that mechanism through the Demand interface.
81 // Mark this method as requiring a security object on the caller's frame
82 // so the caller won't be inlined (which would mess up stack crawling).
83 [DynamicSecurityMethodAttribute()]