Figure 1
Figure 1 Security Check for MyFileAccessor's Constructor
using System.Security.Permissions;
public class MyFileAccessor {
public MyFileAccessor(String path,
bool readOnly) {
path = MakeFullPath(path); // helper fcn
FileIOPermissionAccess desiredAccess =
readOnly ? FileIOPermissionAccess.Read :
FileIOPermissionAccess.AllAccess;
FileIOPermission p =
new FileIOPermission(desiredAccess, path);
p.Demand();
//
•••
open the file
}
// •••
}
Figure 2 Code Access Permissions
Permission |
Description |
SecurityPermission |
This is really a meta-permission, as it governs use of the security infrastructure itself. Several orthogonal permissions are grouped under this category: execution, assertion, unmanaged code, skip verification, serialization formatter, control domain policy, control evidence, control policy, control principal, and control thread. |
FileIOPermission |
Controls read, write, and append access to individual files and directory trees. Can also be used to restrict all access to the file system. |
FileDialogPermission |
Allows read-only access to files only if the file name is specified by the interactive user via a system-provided file dialog box. Typically used when FileIOPermission is not granted. |
IsolatedStorage-FilePermission |
Allows control over the usage of and lifetime configuration settings for isolated storage (as of this writing, the documentation for this permission is missing). |
ReflectionPermission |
Allows expansion of normal reflection privileges. With this permission, you can enumerate all types in an assembly and their contents, including private members. The details of this permission are still being ironed out. |
RegistryPermission |
Controls read, write, and create access to registry keys (including subkeys). Can also be used to restrict all access to the registry. |
EnvironmentPermission |
Controls read and write access to individual environment variables. Can also be used to restrict all access to an environment. |
UIPermission |
Can be used to restrict access to the clipboard (for instance, an application domain might only be able to paste data originating from the same application domain). Can also be used to restrict window usage to "safe" windows in an attempt to avoid attacks that mimic system dialog boxes that ask for sensitive information, such as passwords. |
Figure 5 IsSubsetOf
CodeAccessPermission p1 = new FileIOPermission(
FileIOPermissionAccess.AllAccess,
"c:\\temp");
CodeAccessPermission p2 = new FileIOPermission(
FileIOPermissionAccess.Append,
"c:\\temp\\foo\\bar.txt");
if (p1.IsSubsetOf(p2))
System.Console.WriteLine("p1 is subset of p2");
else if (p2.IsSubsetOf(p1))
System.Console.WriteLine("p2 is subset of p1");
else
System.Console.WriteLine("no subset");
Figure 6 Setting Access Permissions
using System.Security.Permissions;
using System.Security;
public interface IUserPluggableAlgorithm {
int Calculate(int a, int b);
}
// code snippet that uses the algorithm
PermissionSet ps =
new PermissionSet(PermissionState.None);
ps.AddPermission(new FileIOPermission(
FileIOPermissionAccess.AllAccess,
"c:\\sensitiveStuff"));
ps.AddPermission(new FileIOPermission(
FileIOPermissionAccess.AllAccess,
"c:\\moreSensitiveStuff"));
ps.AddPermission(new EnvironmentPermission(
PermissionState.Unrestricted));
ps.AddPermission(new UIPermission(
PermissionState.Unrestricted));
ps.Deny(); // deny these permissions
int result = a.Calculate(42, 64);
CodeAccessPermission.RevertDeny();
//
•••
continue doing work
Figure 7 Error Logging Service
using System;
using System.IO;
public class ErrorLogger {
public static void Log(String s) {
const String fname = "c:\\temp\\errlog.txt";
FileStream logStream = new FileStream(fname,
FileMode.Append, FileAccess.Write);
StreamWriter logWriter =
new StreamWriter(logStream);
logWriter.Write(s);
logWriter.Close();
logStream.Close();
}
}
Figure 8 ErrorLogger2 Class
public class ErrorLogger2 {
public static void Log(String s) {
const String fname = "c:\\temp\\errlog.txt";
FileIOPermission p = new FileIOPermission(
FileIOPermissionAccess.Append, fname);
p.Assert();
FileStream logStream = new FileStream(fname,
FileMode.Append, FileAccess.Write);
StreamWriter logWriter =
new StreamWriter(logStream);
logWriter.Write(s);
logWriter.Close();
logStream.Close();
}
}
Figure 9 ErrorLogger3 Class
public class ErrorLogger3 {
const String fname = "c:\\temp\\errlog.txt";
[FileIOPermission(SecurityAction.Assert,
Append=fname)
]
public static void Log(String s) {
FileStream logStream = new FileStream(fname,
FileMode.Append, FileAccess.Write);
StreamWriter logWriter =
new StreamWriter(logStream);
logWriter.Write(s);
logWriter.Close();
logStream.Close();
}
}
Figure 10 SecurityAction Enumeration
Permission |
When |
Target |
Notes |
LinkDemand |
JIT time |
class, method |
check immediate caller |
InheritanceDemand |
load time |
class, method |
check subclasses |
Demand |
load time |
class, method |
check all callers |
Assert |
runtime |
class, method |
|
Deny |
runtime |
class, method |
|
PermitOnly |
runtime |
class, method |
|
RequestMinimum |
grant time |
assembly |
need these to run |
RequestOptional |
grant time |
assembly |
would like these |
RequestRefuse |
grant time |
assembly |
don't want these |