RegistryPermission Class (System.Security.Permissions)

Switch on low bandwidth view

Collapse All

Language Filter

This page is specific to

Microsoft Visual Studio 2008/.NET Framework 3.5

Other versions are also available for the following:

.NET Framework Class Library

RegistryPermission Class

Controls the ability to access registry variables. This class cannot be inherited.

Namespace: System.Security.Permissions
Assembly: mscorlib (in mscorlib.dll)

Syntax

Visual Basic (Declaration)

<SerializableAttribute> _
<ComVisibleAttribute(True)> _
Public NotInheritable Class RegistryPermission _
    Inherits CodeAccessPermission _
    Implements IUnrestrictedPermission

Visual Basic (Usage)

Dim instance As RegistryPermission

[SerializableAttribute]
[ComVisibleAttribute(true)]
public sealed class RegistryPermission : CodeAccessPermission, 
    IUnrestrictedPermission

Visual C++

[SerializableAttribute]
[ComVisibleAttribute(true)]
public ref class RegistryPermission sealed : public CodeAccessPermission, 
    IUnrestrictedPermission

JScript

public final class RegistryPermission extends CodeAccessPermission implements IUnrestrictedPermission

Remarks

RegistryPermission describes protected operations on registry variables. Registry variables should not be stored in memory locations where code without RegistryPermission can access them. If the registry object is passed to an untrusted caller it can be misused.

The allowed registry access types are defined by RegistryPermissionAccess. If more than one type of access is desired, they can be combined using the bitwise OR operation as shown in the code sample that follows.

Registry permission is defined in terms of canonical absolute paths; checks should always be made with canonical pathnames. Key access implies access to all values it contains and all variables under it.

Caution:
RegistryPermission grants permission for all paths to a key, including both HKEY_CURRENT_USER and HKEY_USERS. To Deny access to a key, you must Deny all possible paths to the key. For example, to Deny access to HKEY_CURRENT_USER\Software\Microsoft\Cryptography, you must Deny HKEY_CURRENT_USER\Software\Microsoft\Cryptography, HKEY_USERS\.......\Software\Microsoft\Cryptography and any other path that you can use to access the key. A better technique to deal with multiple paths is to use a combination of PermitOnly and Deny. For more information on this subject and the use of PermitOnly with Deny, see "Canonicalization Problems Using Deny" in Using the Deny Method.

Caution:

RegistryPermission grants permission for all paths to a key, including both HKEY_CURRENT_USER and HKEY_USERS. To Deny access to a key, you must Deny all possible paths to the key. For example, to Deny access to HKEY_CURRENT_USER\Software\Microsoft\Cryptography, you must Deny HKEY_CURRENT_USER\Software\Microsoft\Cryptography, HKEY_USERS\.......\Software\Microsoft\Cryptography and any other path that you can use to access the key. A better technique to deal with multiple paths is to use a combination of PermitOnly and Deny. For more information on this subject and the use of PermitOnly with Deny, see "Canonicalization Problems Using Deny" in Using the Deny Method.

Examples

In the following code example, the RegistryPermission f represents permission to read the values from the CentralProcessor key. Read and Write are RegistryPermissionAccess enumeration values.

Visual Basic

Dim f As New RegistryPermission( _
RegistryPermissionAccess.Read, _
"HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0")

RegistryPermission f = new RegistryPermission(
RegistryPermissionAccess.Read, 
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");

Visual C++

RegistryPermission^ f = gcnew RegistryPermission(
   RegistryPermissionAccess::Read,
   "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0" );

The following code example adds permission to read from and write to the FloatingPointProcessor key to the RegistryPermission f.

Visual Basic

f.AddPathList( _
RegistryPermissionAccess.Write Or RegistryPermissionAccess.Read, _
"HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0")

f.AddPathList(
RegistryPermissionAccess.Write | RegistryPermissionAccess.Read,
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0");

Visual C++

f->AddPathList(
   (RegistryPermissionAccess) (RegistryPermissionAccess::Write | RegistryPermissionAccess::Read),
   "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0" );

The RegistryPermission f now represents the permission to read from the CentralProcessor key and to read from and write to the FloatingPointProcessor key.

The following code example shows the behavior of the RegistryPermission class methods.

Note:
The code example is intended to show the behavior of the methods, not to demonstrate their use. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications. Generally, only the constructors are used in application code. The created instance validates or controls resource access by using inherited CodeAccessPermission methods such as Demand.

Note:

The code example is intended to show the behavior of the methods, not to demonstrate their use. In general, the methods of permission classes are used by the security infrastructure; they are not typically used in applications. Generally, only the constructors are used in application code. The created instance validates or controls resource access by using inherited CodeAccessPermission methods such as Demand.

Visual Basic

' This sample demonstrates the IsSubsetOf, Union, Intersect, Copy, ToXml, FromXml
' GetPathList, AddPathList, and SetPathList methods
' of the RegistryPermission class.

Imports System
Imports System.Security
Imports System.Security.Permissions
Imports System.Collections

Public Class RegistryPermissionDemo
    Private Shared readPerm1 As New RegistryPermission(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0")
    Private Shared readPerm2 As New RegistryPermission(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION")
    Private Shared readPerm3 As New RegistryPermission(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0")
    Private Shared createPerm1 As New RegistryPermission(RegistryPermissionAccess.Create, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0")
    Private Shared readPerm4 As IPermission

    Public Shared Sub Main(ByVal args() As String)

        IsSubsetOfDemo()
        UnionDemo()
        IntersectDemo()
        CopyDemo()
        ToFromXmlDemo()
        SetGetPathListDemo()

    End Sub 'Main
    ' IsSubsetOf determines whether the current permission is a subset of the specified permission.
    Private Shared Function IsSubsetOfDemo() As Boolean

        Dim returnValue As Boolean = True

        If readPerm1.IsSubsetOf(readPerm2) Then

            Console.WriteLine(readPerm1.GetPathList(RegistryPermissionAccess.Read) + vbLf + " is a subset of " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + vbLf)
        Else
            Console.WriteLine(readPerm1.GetPathList(RegistryPermissionAccess.Read) + vbLf + " is not a subset of " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + vbLf)
        End If
        If createPerm1.IsSubsetOf(readPerm1) Then

            Console.WriteLine("RegistryPermissionAccess.Create" + vbLf + " is a subset of " + "RegistryPermissionAccess.Read" + vbLf)
        Else
            Console.WriteLine("RegistryPermissionAccess.Create" + vbLf + " is not a subset of " + "RegistryPermissionAccess.Read" + vbLf)
        End If

        Return returnValue

    End Function 'IsSubsetOfDemo

    ' Union creates a new permission that is the union of the current permission and
    ' the specified permission.
    Private Shared Function UnionDemo() As Boolean

        Dim returnValue As Boolean = True
        readPerm3 = CType(readPerm1.Union(readPerm2), RegistryPermission)

        If readPerm3 Is Nothing Then
            Console.WriteLine("The union of " + vbLf + readPerm1.GetPathList(RegistryPermissionAccess.Read) + " " + vbLf + "and " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " is null.")
        Else
            Console.WriteLine("The union of " + vbLf + readPerm1.GetPathList(RegistryPermissionAccess.Read) + " " + vbLf + "and " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " = " + vbLf + vbTab + CType(readPerm3, RegistryPermission).GetPathList(RegistryPermissionAccess.Read).ToString())
        End If

        Return returnValue

    End Function 'UnionDemo

    ' Intersect creates and returns a new permission that is the intersection of the
    ' current permission and the permission specified.
    Private Shared Function IntersectDemo() As Boolean

        Dim returnValue As Boolean = True

        readPerm3 = CType(readPerm1.Intersect(readPerm2), RegistryPermission)
        If Not (readPerm3 Is Nothing) AndAlso Not (readPerm3.GetPathList(RegistryPermissionAccess.Read) Is Nothing) Then

            Console.WriteLine("The intersection of " + vbLf + readPerm1.GetPathList(RegistryPermissionAccess.Read) + " " + vbLf + "and " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " = " + vbLf + vbTab + CType(readPerm3, RegistryPermission).GetPathList(RegistryPermissionAccess.Read).ToString())
        Else
            Console.WriteLine("The intersection of " + vbLf + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " " + vbLf + "and " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " is null. ")
        End If

        Return returnValue

    End Function 'IntersectDemo

    'Copy creates and returns an identical copy of the current permission.
    Private Shared Function CopyDemo() As Boolean

        Dim returnValue As Boolean = True
        readPerm4 = CType(readPerm1.Copy(), RegistryPermission)
        If Not (readPerm4 Is Nothing) Then
            Console.WriteLine("Result of copy = " + readPerm4.ToXml().ToString() + vbLf)
        Else
            Console.WriteLine("Result of copy is null. " + vbLf)
        End If
        Return returnValue

    End Function 'CopyDemo

    ' ToXml creates an XML encoding of the permission and its current state; FromXml
    ' reconstructs a permission with the specified state from the XML encoding.
    Private Shared Function ToFromXmlDemo() As Boolean

        Dim returnValue As Boolean = True
        readPerm2 = New RegistryPermission(PermissionState.None)
        readPerm2.FromXml(readPerm1.ToXml())
        Console.WriteLine("Result of ToFromXml = " + readPerm2.ToString() + vbLf)

        Return returnValue

    End Function 'ToFromXmlDemo

    ' AddPathList adds access for the specified registry variables to the existing state of the permission.
    ' SetPathList sets new access for the specified registry variable names to the existing state of the permission.
    ' GetPathList gets paths for all registry variables with the specified RegistryPermissionAccess.
    Private Shared Function SetGetPathListDemo() As Boolean
        Try
            Console.WriteLine("********************************************************" + vbLf)
            Dim readPerm1 As RegistryPermission
            Console.WriteLine("Creating RegistryPermission with AllAccess rights for 'HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0'")
            readPerm1 = New RegistryPermission(RegistryPermissionAccess.AllAccess, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0")
            Console.WriteLine("Adding 'HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION' to the write access list, " + "and " + vbLf + " 'HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0' " + "to the read access list.")
            readPerm1.AddPathList(RegistryPermissionAccess.Write, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION")
            readPerm1.AddPathList(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0")
            Console.WriteLine("Read access list before SetPathList = " + readPerm1.GetPathList(RegistryPermissionAccess.Read))
            Console.WriteLine("Setting read access rights to " + vbLf + "'HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0'")
            readPerm1.SetPathList(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0")
            Console.WriteLine("Read access list after SetPathList = " + vbLf + readPerm1.GetPathList(RegistryPermissionAccess.Read))
            Console.WriteLine("Write access = " + vbLf + readPerm1.GetPathList(RegistryPermissionAccess.Write))
            Console.WriteLine("Write access Registry variables = " + vbLf + readPerm1.GetPathList(RegistryPermissionAccess.AllAccess))
        Catch e As ArgumentException
            ' RegistryPermissionAccess.AllAccess can not be used as a parameter for GetPathList.
            Console.WriteLine("An ArgumentException occured as a result of using AllAccess. " + _
            "AllAccess cannot be used as a parameter in GetPathList because it represents more than one " + _
            "type of registry variable access : " + vbLf + e.Message)
        End Try

        Return True

    End Function 'SetGetPathListDemo


End Class 'RegistryPermissionDemo

// This sample demonstrates the IsSubsetOf, Union, Intersect, Copy, ToXml, FromXml
// GetPathList, AddPathList, and SetPathList methods
// of the RegistryPermission class.


using System;
using System.Security;
using System.Security.Permissions;
using System.Collections;

[assembly: CLSCompliant(true)]

public class RegistryPermissionDemo
{
    private static RegistryPermission readPerm1 = new RegistryPermission(RegistryPermissionAccess.Read,
        "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
    private static RegistryPermission readPerm2 = new RegistryPermission(RegistryPermissionAccess.Read,
       "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION");
    private static RegistryPermission readPerm3 = new RegistryPermission(RegistryPermissionAccess.Read,
    "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0");
    private static RegistryPermission createPerm1 = new RegistryPermission(RegistryPermissionAccess.Create,
        "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
    private static IPermission readPerm4;

    public static void Main(String[] args)
    {
        IsSubsetOfDemo();
        UnionDemo();
        IntersectDemo();
        CopyDemo();
        ToFromXmlDemo();
        SetGetPathListDemo();
    }

    // IsSubsetOf determines whether the current permission is a subset of the specified permission.
    private static bool IsSubsetOfDemo()
    {

        bool returnValue = true;

        if (readPerm1.IsSubsetOf(readPerm2))
        {

            Console.WriteLine(readPerm1.GetPathList(RegistryPermissionAccess.Read) +
                "\n is a subset of " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + "\n");
        }
        else
        {
            Console.WriteLine(readPerm1.GetPathList(RegistryPermissionAccess.Read) +
                "\n is not a subset of " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + "\n");
        }
        if (createPerm1.IsSubsetOf(readPerm1))
        {

            Console.WriteLine("RegistryPermissionAccess.Create" +
                "\n is a subset of " + "RegistryPermissionAccess.Read" + "\n");
        }
        else
        {
            Console.WriteLine("RegistryPermissionAccess.Create" +
                "\n is not a subset of " + "RegistryPermissionAccess.Read" + "\n");
        }

        return returnValue;
    }
    // Union creates a new permission that is the union of the current permission and
    // the specified permission.
    private static bool UnionDemo()
    {

        bool returnValue = true;
        readPerm3 = (RegistryPermission)readPerm1.Union(readPerm2);

        if (readPerm3 == null)
        {
            Console.WriteLine("The union of \n" +
                readPerm1.GetPathList(RegistryPermissionAccess.Read) + " \nand "
                + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " is null.");
        }
        else
        {
            Console.WriteLine("The union of \n" + readPerm1.GetPathList(RegistryPermissionAccess.Read) +
                " \nand " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " = \n\t"
                + ((RegistryPermission)readPerm3).GetPathList(RegistryPermissionAccess.Read).ToString());
        }

        return returnValue;

    }
    // Intersect creates and returns a new permission that is the intersection of the
    // current permission and the permission specified.
    private static bool IntersectDemo()
    {

        bool returnValue = true;

        readPerm3 = (RegistryPermission)readPerm1.Intersect(readPerm2);
        if (readPerm3 != null && readPerm3.GetPathList(RegistryPermissionAccess.Read) != null)
        {

            Console.WriteLine("The intersection of \n" + readPerm1.GetPathList(RegistryPermissionAccess.Read)
                + " \nand " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " = \n\t"
                + ((RegistryPermission)readPerm3).GetPathList(RegistryPermissionAccess.Read).ToString());
        }
        else
        {
            Console.WriteLine("The intersection of \n" + readPerm2.GetPathList(RegistryPermissionAccess.Read)
                + " \nand " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " is null. ");
        }

        return returnValue;

    }
    //Copy creates and returns an identical copy of the current permission.
    private static bool CopyDemo()
    {

        bool returnValue = true;
        readPerm4 = (RegistryPermission)readPerm1.Copy();
        if (readPerm4 != null)
        {
            Console.WriteLine("Result of copy = " + readPerm4.ToString() + "\n");
        }
        else
        {
            Console.WriteLine("Result of copy is null. \n");
        }
        return returnValue;
    }
    // ToXml creates an XML encoding of the permission and its current state; FromXml
    // reconstructs a permission with the specified state from the XML encoding.
    private static bool ToFromXmlDemo()
    {

        bool returnValue = true;
        readPerm2 = new RegistryPermission(PermissionState.None);
        readPerm2.FromXml(readPerm1.ToXml());
        Console.WriteLine("Result of ToFromXml = " + readPerm2.ToString() + "\n");
        return returnValue;

    }
    // AddPathList adds access for the specified registry variables to the existing state of the permission.
    // SetPathList sets new access for the specified registry variable names to the existing state of the permission.
    // GetPathList gets paths for all registry variables with the specified RegistryPermissionAccess.
    private static bool SetGetPathListDemo()
    {
        try
        {
            Console.WriteLine("********************************************************\n");
            RegistryPermission readPerm1;
            Console.WriteLine("Creating RegistryPermission with AllAccess rights for 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0'");
            readPerm1 = new RegistryPermission(RegistryPermissionAccess.AllAccess, "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
            Console.WriteLine("Adding 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION' to the write access list, "
                + "and \n 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0' "
                + "to the read access list.");
            readPerm1.AddPathList(RegistryPermissionAccess.Write, "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION");
            readPerm1.AddPathList(RegistryPermissionAccess.Read,
                "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0");
            Console.WriteLine("Read access list before SetPathList = " +
                readPerm1.GetPathList(RegistryPermissionAccess.Read));
            Console.WriteLine("Setting read access rights to \n'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0'");
            readPerm1.SetPathList(RegistryPermissionAccess.Read,
                "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
            Console.WriteLine("Read access list after SetPathList = \n" +
                readPerm1.GetPathList(RegistryPermissionAccess.Read));
            Console.WriteLine("Write access = \n" +
                readPerm1.GetPathList(RegistryPermissionAccess.Write));
            Console.WriteLine("Write access Registry variables = \n" +
                readPerm1.GetPathList(RegistryPermissionAccess.AllAccess));
        }
        catch (ArgumentException e)
        {
            // RegistryPermissionAccess.AllAccess can not be used as a parameter for GetPathList.
            Console.WriteLine("An ArgumentException occured as a result of using AllAccess. "
                + "AllAccess cannot be used as a parameter in GetPathList because it represents more than one "
                + "type of registry variable access : \n" + e);
        }

        return true;
    }
}

Inheritance Hierarchy

System..::.Object
System.Security..::.CodeAccessPermission
System.Security.Permissions..::.RegistryPermission

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Version Information

.NET Framework

Supported in: 3.5, 3.0, 2.0, 1.1, 1.0

Reference

RegistryPermission Members

System.Security.Permissions Namespace

RegistryPermissionAttribute

RegistryPermissionAccess

Other Resources

Security Permissions

Requesting Permissions