Share via

Figure 1

  • Article

Figure 1 Security Check for MyFileAccessor's Constructor

  using System.Security.Permissions;
public class MyFileAccessor {
  public MyFileAccessor(String  path,
                        bool    readOnly) {
   path = MakeFullPath(path); // helper fcn
    FileIOPermissionAccess desiredAccess =
      readOnly ? FileIOPermissionAccess.Read :
                 FileIOPermissionAccess.AllAccess;
    FileIOPermission p =
      new FileIOPermission(desiredAccess, path);
    p.Demand();
    // 
      ••• 
      open the file
  }
  // •••
}

Figure 2 Code Access Permissions

Permission
 Description
SecurityPermission
 This is really a meta-permission, as it governs use of the security infrastructure itself. Several orthogonal permissions are grouped under this category: execution, assertion, unmanaged code, skip verification, serialization formatter, control domain policy, control evidence, control policy, control principal, and control thread.
FileIOPermission
 Controls read, write, and append access to individual files and directory trees. Can also be used to restrict all access to the file system.
FileDialogPermission
 Allows read-only access to files only if the file name is specified by the interactive user via a system-provided file dialog box. Typically used when FileIOPermission is not granted.
IsolatedStorage-FilePermission
 Allows control over the usage of and lifetime configuration settings for isolated storage (as of this writing, the documentation for this permission is missing).
ReflectionPermission
 Allows expansion of normal reflection privileges. With this permission, you can enumerate all types in an assembly and their contents, including private members. The details of this permission are still being ironed out.
RegistryPermission
 Controls read, write, and create access to registry keys (including subkeys). Can also be used to restrict all access to the registry.
EnvironmentPermission
 Controls read and write access to individual environment variables. Can also be used to restrict all access to an environment.
UIPermission
 Can be used to restrict access to the clipboard (for instance, an application domain might only be able to paste data originating from the same application domain). Can also be used to restrict window usage to "safe" windows in an attempt to avoid attacks that mimic system dialog boxes that ask for sensitive information, such as passwords.

Figure 5 IsSubsetOf

  CodeAccessPermission p1 = new FileIOPermission(
  FileIOPermissionAccess.AllAccess,
  "c:\\temp");
CodeAccessPermission p2 = new FileIOPermission(
  FileIOPermissionAccess.Append,
  "c:\\temp\\foo\\bar.txt");

if (p1.IsSubsetOf(p2))
  System.Console.WriteLine("p1 is subset of p2");
else if (p2.IsSubsetOf(p1))
  System.Console.WriteLine("p2 is subset of p1");
else
  System.Console.WriteLine("no subset");

Figure 6 Setting Access Permissions

  using System.Security.Permissions;
   using System.Security;

public interface IUserPluggableAlgorithm {
  int Calculate(int a, int b);
}

// code snippet that uses the algorithm
PermissionSet ps =
  new PermissionSet(PermissionState.None);
ps.AddPermission(new FileIOPermission(
  FileIOPermissionAccess.AllAccess,
  "c:\\sensitiveStuff"));
ps.AddPermission(new FileIOPermission(
  FileIOPermissionAccess.AllAccess,
  "c:\\moreSensitiveStuff"));
ps.AddPermission(new EnvironmentPermission(
  PermissionState.Unrestricted));
ps.AddPermission(new UIPermission(
  PermissionState.Unrestricted));

ps.Deny();  // deny these permissions
int result = a.Calculate(42, 64);

CodeAccessPermission.RevertDeny();
// 
  ••• 
  continue doing work

Figure 7 Error Logging Service

  using System;
using System.IO;

public class ErrorLogger {
  public static void Log(String s) {
    const String fname = "c:\\temp\\errlog.txt";
    FileStream logStream = new FileStream(fname,
      FileMode.Append, FileAccess.Write);
    StreamWriter logWriter =
      new StreamWriter(logStream);
    logWriter.Write(s);
    logWriter.Close();
    logStream.Close();
  }
}

Figure 8 ErrorLogger2 Class

  public class ErrorLogger2 {
  public static void Log(String s) {
    const String fname = "c:\\temp\\errlog.txt";
    FileIOPermission p = new FileIOPermission(
      FileIOPermissionAccess.Append, fname);
    p.Assert();
    FileStream logStream = new FileStream(fname,
      FileMode.Append, FileAccess.Write);
    StreamWriter logWriter =
      new StreamWriter(logStream);
    logWriter.Write(s);
    logWriter.Close();
    logStream.Close();
  }
}

Figure 9 ErrorLogger3 Class

  public class ErrorLogger3 {
  const String fname = "c:\\temp\\errlog.txt";
  [FileIOPermission(SecurityAction.Assert,
                    Append=fname)
  ]
  public static void Log(String s) {
    FileStream logStream = new FileStream(fname,
      FileMode.Append, FileAccess.Write);
    StreamWriter logWriter =
      new StreamWriter(logStream);
    logWriter.Write(s);
    logWriter.Close();
    logStream.Close();
  }
}

Figure 10 SecurityAction Enumeration

Permission
 When
 Target
 Notes
LinkDemand
 JIT time
 class, method
 check immediate caller
InheritanceDemand
 load time
 class, method
 check subclasses
Demand
 load time
 class, method
 check all callers
Assert
 runtime
 class, method
Deny
 runtime
 class, method
PermitOnly
 runtime
 class, method
RequestMinimum
 grant time
 assembly
 need these to run
RequestOptional
 grant time
 assembly
 would like these
RequestRefuse
 grant time
 assembly
 don't want these