Export (0) Print
Expand All
0 out of 3 rated this helpful - Rate this topic

RegistryPermission Class

Controls the ability to access registry variables. This class cannot be inherited.

Namespace:  System.Security.Permissions
Assembly:  mscorlib (in mscorlib.dll)
[SerializableAttribute]
[ComVisibleAttribute(true)]
public sealed class RegistryPermission : CodeAccessPermission, 
	IUnrestrictedPermission

RegistryPermission describes protected operations on registry variables. Registry variables should not be stored in memory locations where code without RegistryPermission can access them. If the registry object is passed to an untrusted caller it can be misused.

The allowed registry access types are defined by RegistryPermissionAccess. If more than one type of access is desired, they can be combined using the bitwise OR operation as shown in the code sample that follows.

Registry permission is defined in terms of canonical absolute paths; checks should always be made with canonical pathnames. Key access implies access to all values it contains and all variables under it.

Caution noteCaution:

RegistryPermission grants permission for all paths to a key, including both HKEY_CURRENT_USER and HKEY_USERS. To Deny access to a key, you must Deny all possible paths to the key. For example, to Deny access to HKEY_CURRENT_USER\Software\Microsoft\Cryptography, you must Deny HKEY_CURRENT_USER\Software\Microsoft\Cryptography, HKEY_USERS\.......\Software\Microsoft\Cryptography and any other path that you can use to access the key. A better technique to deal with multiple paths is to use a combination of PermitOnly and Deny. For more information on this subject and the use of PermitOnly with Deny, see "Canonicalization Problems Using Deny" in Using the Deny Method.

In the following code example, the RegistryPermission f represents permission to read the values from the CentralProcessor key. Read and Write are RegistryPermissionAccess enumeration values.

RegistryPermission f = new RegistryPermission(
RegistryPermissionAccess.Read, 
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");

The following code example adds permission to read from and write to the FloatingPointProcessor key to the RegistryPermission f.

f.AddPathList(
RegistryPermissionAccess.Write | RegistryPermissionAccess.Read,
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0");

The RegistryPermission f now represents the permission to read from the CentralProcessor key and to read from and write to the FloatingPointProcessor key.

The following code example shows the behavior of the RegistryPermission class methods.

NoteNote:

The code example is intended to show the behavior of the methods, not to demonstrate their use. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications. Generally, only the constructors are used in application code. The created instance validates or controls resource access by using inherited CodeAccessPermission methods such as Demand.

// This sample demonstrates the IsSubsetOf, Union, Intersect, Copy, ToXml, FromXml 
// GetPathList, AddPathList, and SetPathList methods 
// of the RegistryPermission class. 


using System;
using System.Security;
using System.Security.Permissions;
using System.Collections;

[assembly: CLSCompliant(true)]

public class RegistryPermissionDemo
{
    private static RegistryPermission readPerm1 = new RegistryPermission(RegistryPermissionAccess.Read,
        "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
    private static RegistryPermission readPerm2 = new RegistryPermission(RegistryPermissionAccess.Read,
       "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION");
    private static RegistryPermission readPerm3 = new RegistryPermission(RegistryPermissionAccess.Read,
    "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0");
    private static RegistryPermission createPerm1 = new RegistryPermission(RegistryPermissionAccess.Create,
        "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
    private static IPermission readPerm4;

    public static void Main(String[] args)
    {
        IsSubsetOfDemo();
        UnionDemo();
        IntersectDemo();
        CopyDemo();
        ToFromXmlDemo();
        SetGetPathListDemo();
    }

    // IsSubsetOf determines whether the current permission is a subset of the specified permission. 
    private static bool IsSubsetOfDemo()
    {

        bool returnValue = true;

        if (readPerm1.IsSubsetOf(readPerm2))
        {

            Console.WriteLine(readPerm1.GetPathList(RegistryPermissionAccess.Read) +
                "\n is a subset of " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + "\n");
        }
        else
        {
            Console.WriteLine(readPerm1.GetPathList(RegistryPermissionAccess.Read) +
                "\n is not a subset of " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + "\n");
        }
        if (createPerm1.IsSubsetOf(readPerm1))
        {

            Console.WriteLine("RegistryPermissionAccess.Create" +
                "\n is a subset of " + "RegistryPermissionAccess.Read" + "\n");
        }
        else
        {
            Console.WriteLine("RegistryPermissionAccess.Create" +
                "\n is not a subset of " + "RegistryPermissionAccess.Read" + "\n");
        }

        return returnValue;
    }
    // Union creates a new permission that is the union of the current permission and 
    // the specified permission. 
    private static bool UnionDemo()
    {

        bool returnValue = true;
        readPerm3 = (RegistryPermission)readPerm1.Union(readPerm2);

        if (readPerm3 == null)
        {
            Console.WriteLine("The union of \n" +
                readPerm1.GetPathList(RegistryPermissionAccess.Read) + " \nand "
                + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " is null.");
        }
        else
        {
            Console.WriteLine("The union of \n" + readPerm1.GetPathList(RegistryPermissionAccess.Read) +
                " \nand " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " = \n\t"
                + ((RegistryPermission)readPerm3).GetPathList(RegistryPermissionAccess.Read).ToString());
        }

        return returnValue;

    }
    // Intersect creates and returns a new permission that is the intersection of the 
    // current permission and the permission specified. 
    private static bool IntersectDemo()
    {

        bool returnValue = true;

        readPerm3 = (RegistryPermission)readPerm1.Intersect(readPerm2);
        if (readPerm3 != null && readPerm3.GetPathList(RegistryPermissionAccess.Read) != null)
        {

            Console.WriteLine("The intersection of \n" + readPerm1.GetPathList(RegistryPermissionAccess.Read)
                + " \nand " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " = \n\t"
                + ((RegistryPermission)readPerm3).GetPathList(RegistryPermissionAccess.Read).ToString());
        }
        else
        {
            Console.WriteLine("The intersection of \n" + readPerm2.GetPathList(RegistryPermissionAccess.Read)
                + " \nand " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " is null. ");
        }

        return returnValue;

    }
    //Copy creates and returns an identical copy of the current permission. 
    private static bool CopyDemo()
    {

        bool returnValue = true;
        readPerm4 = (RegistryPermission)readPerm1.Copy();
        if (readPerm4 != null)
        {
            Console.WriteLine("Result of copy = " + readPerm4.ToString() + "\n");
        }
        else
        {
            Console.WriteLine("Result of copy is null. \n");
        }
        return returnValue;
    }
    // ToXml creates an XML encoding of the permission and its current state; FromXml 
    // reconstructs a permission with the specified state from the XML encoding. 
    private static bool ToFromXmlDemo()
    {

        bool returnValue = true;
        readPerm2 = new RegistryPermission(PermissionState.None);
        readPerm2.FromXml(readPerm1.ToXml());
        Console.WriteLine("Result of ToFromXml = " + readPerm2.ToString() + "\n");
        return returnValue;

    }
    // AddPathList adds access for the specified registry variables to the existing state of the permission. 
    // SetPathList sets new access for the specified registry variable names to the existing state of the permission. 
    // GetPathList gets paths for all registry variables with the specified RegistryPermissionAccess. 
    private static bool SetGetPathListDemo()
    {
        try
        {
            Console.WriteLine("********************************************************\n");
            RegistryPermission readPerm1;
            Console.WriteLine("Creating RegistryPermission with AllAccess rights for 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0'");
            readPerm1 = new RegistryPermission(RegistryPermissionAccess.AllAccess, "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
            Console.WriteLine("Adding 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION' to the write access list, "
                + "and \n 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0' "
                + "to the read access list.");
            readPerm1.AddPathList(RegistryPermissionAccess.Write, "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION");
            readPerm1.AddPathList(RegistryPermissionAccess.Read,
                "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0");
            Console.WriteLine("Read access list before SetPathList = " +
                readPerm1.GetPathList(RegistryPermissionAccess.Read));
            Console.WriteLine("Setting read access rights to \n'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0'");
            readPerm1.SetPathList(RegistryPermissionAccess.Read,
                "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
            Console.WriteLine("Read access list after SetPathList = \n" +
                readPerm1.GetPathList(RegistryPermissionAccess.Read));
            Console.WriteLine("Write access = \n" +
                readPerm1.GetPathList(RegistryPermissionAccess.Write));
            Console.WriteLine("Write access Registry variables = \n" +
                readPerm1.GetPathList(RegistryPermissionAccess.AllAccess));
        }
        catch (ArgumentException e)
        {
            // RegistryPermissionAccess.AllAccess can not be used as a parameter for GetPathList.
            Console.WriteLine("An ArgumentException occured as a result of using AllAccess. "
                + "AllAccess cannot be used as a parameter in GetPathList because it represents more than one "
                + "type of registry variable access : \n" + e);
        }

        return true;
    }
}
System.Object
  System.Security.CodeAccessPermission
    System.Security.Permissions.RegistryPermission
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.