RegistryPermission Class
Controls the ability to access registry variables. This class cannot be inherited.
For a list of all members of this type, see RegistryPermission Members.
System.Object
System.Security.CodeAccessPermission
System.Security.Permissions.RegistryPermission
[Visual Basic] <Serializable> NotInheritable Public Class RegistryPermission Inherits CodeAccessPermission Implements IUnrestrictedPermission [C#] [Serializable] public sealed class RegistryPermission : CodeAccessPermission, IUnrestrictedPermission [C++] [Serializable] public __gc __sealed class RegistryPermission : public CodeAccessPermission, IUnrestrictedPermission [JScript] public Serializable class RegistryPermission extends CodeAccessPermission implements IUnrestrictedPermission
Thread Safety
Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Remarks
RegistryPermission describes protected operations on registry variables. Registry variables should not be stored in memory locations where code without RegistryPermission can access them. If the registry object is passed to an untrusted caller it can be misused.
The allowed registry access types are defined by RegistryPermissionAccess. If more than one type of access is desired, they can be combined using the bitwise OR operation as shown in the code sample that follows.
Registry permission is defined in terms of canonical absolute paths; checks should always be made with canonical pathnames. Key access implies access to all values it contains and all variables under it.
Caution[note] RegistryPermission grants permission for all paths to a key, including both HKEY_CURRENT_USER and HKEY_USERS. To Deny access to a key, you must Deny all possible paths to the key. For example, to Deny access to HKEY_CURRENT_USER\Software\Microsoft\Cryptography, you must Deny HKEY_CURRENT_USER\Software\Microsoft\Cryptography, HKEY_USERS\.......\Software\Microsoft\Cryptography and any other path that you can use to access the key. A better technique to deal with multiple paths is to use a combination of PermitOnly and Deny. For more information on this subject and the use of PermitOnly with Deny, see Canonicalization Problems Using Deny in the Deny topic.
Example
[Visual Basic, C#, C++] After the following code the RegistryPermission f represents permission to read the values from the CentralProcessor key. Read and Write are values of RegistryPermissionAccess.
[Visual Basic] Dim f As New RegistryPermission( _ RegistryPermissionAccess.Read, _ "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0") [C#] RegistryPermission f = new RegistryPermission( RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"); [C++] RegistryPermission* f = new RegistryPermission( RegistryPermissionAccess::Read, S"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0");
[Visual Basic, C#, C++] The following code adds permission to read from and write to the FloatingPointProcessor key to the RegistryPermission f.
[Visual Basic] f.AddPathList( _ RegistryPermissionAccess.Write Or RegistryPermissionAccess.Read, _ "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0") [C#] f.AddPathList( RegistryPermissionAccess.Write | RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0"); [C++] f->AddPathList(static_cast<RegistryPermissionAccess>(RegistryPermissionAccess::Write | RegistryPermissionAccess::Read), S"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0");
[Visual Basic, C#, C++] The RegistryPermission f now represents the permission to read from the CentralProcessor key and to read from and write to the FloatingPointProcessor key.
[Visual Basic, C#, C++] The following example demonstrates many RegistryPermission members.
[Visual Basic] ' This sample demonstrates the IsSubsetOf, Union, Intersect, Copy, ToXml, FromXml ' GetPathList, AddPathList, and SetPathList methods ' of the RegistryPermission class. Imports System Imports System.Security Imports System.Security.Permissions Imports System.Collections Imports Microsoft.VisualBasic <Assembly: CLSCompliant(True)> Public Class RegAPIDemo ' IsSubsetOf determines whether the current permission is a subset of the specified permission. Private Function IsSubsetOfDemo() As Boolean Dim returnValue As Boolean = True Dim reg1, reg2 As String Dim regPerm1, regPerm2 As RegistryPermission Dim regGen1 As New RegGenerator() Dim regGen2 As New RegGenerator() regGen1.ResetIndex() While regGen1.CreateReg(regPerm1, reg1, RegistryPermissionAccess.Read) If regPerm1 Is Nothing Then GoTo ContinueWhile1 End If regGen2.ResetIndex() Console.WriteLine("**********************************************************" & ControlChars.Lf) While regGen2.CreateReg(regPerm2, reg2, RegistryPermissionAccess.AllAccess) Dim firstPermission As String = IIf(reg1 = "" Or reg1 Is Nothing, "null", reg1) Dim secondPermission As String = IIf(reg2 = "" Or reg2 Is Nothing, "null", reg2) If regPerm2 Is Nothing Then GoTo ContinueWhile2 End If Try If regPerm1.IsSubsetOf(regPerm2) Then Console.WriteLine((firstPermission & ControlChars.Lf & _ " is a subset of " & secondPermission & ControlChars.Lf)) Else Console.WriteLine((firstPermission & ControlChars.Lf & _ " is not a subset of " & secondPermission & ControlChars.Lf)) End If Catch e As Exception Console.WriteLine(IIf("An exception was thrown for subset :" & reg1 = "", "null", _ IIf(reg1 & ControlChars.Lf & reg2 = "", "null", reg2 & ControlChars.Lf & e.ToString()))) End Try ContinueWhile2: End While ContinueWhile1: End While Return returnValue End Function 'IsSubsetOfDemo ' Union creates a new permission that is the union of the current permission and ' the specified permission. Private Function UnionDemo() As Boolean Dim returnValue As Boolean = True Dim reg1, reg2 As String Dim regPerm1, regPerm2 As RegistryPermission Dim regIdPerm3 As IPermission Dim regGen1 As New regGenerator() Dim regGen2 As New regGenerator() regGen1.ResetIndex() While regGen1.CreateReg(regPerm1, reg1, RegistryPermissionAccess.Read) If reg1 Is Nothing Then GoTo ContinueWhile1 End If Console.WriteLine("**********************************************************" & ControlChars.Lf) regGen2.ResetIndex() While regGen2.CreateReg(regPerm2, reg2, RegistryPermissionAccess.Read) Try If regPerm2 Is Nothing Then GoTo ContinueWhile2 End If Dim firstPermission As String = IIf(reg1 = "" Or reg1 Is Nothing, "null", reg1) Dim secondPermission As String = IIf(reg2 = "" Or reg2 Is Nothing, "null", reg2) regIdPerm3 = CType(regPerm1.Union(regPerm2), RegistryPermission) regIdPerm3 = regPerm1.Union(regPerm2) If regIdPerm3 Is Nothing Then Console.WriteLine(("The union of " & firstPermission & " and " & ControlChars.Lf & ControlChars.Tab & secondPermission & " is null.")) Else Console.WriteLine(("The union of " & firstPermission & " and " & ControlChars.Lf & ControlChars.Tab & secondPermission & " = " & ControlChars.Lf & ControlChars.Tab & CType(regIdPerm3, RegistryPermission).GetPathList(RegistryPermissionAccess.Read).ToString())) End If Catch e As Exception Console.WriteLine(("An exception was thrown for union :" & e.ToString())) returnValue = False End Try ContinueWhile2: End While ContinueWhile1: End While Return returnValue End Function 'UnionDemo ' Intersect creates and returns a new permission that is the intersection of the ' current permission and the permission specified. Private Function IntersectDemo() As Boolean Dim returnValue As Boolean = True Dim reg1, reg2 As String Dim regPerm1, regPerm2, regIdPerm3 As RegistryPermission Dim regGen1 As New regGenerator() Dim regGen2 As New regGenerator() regGen1.ResetIndex() While regGen1.CreateReg(regPerm1, reg1, RegistryPermissionAccess.Read) If reg1 Is Nothing Then GoTo ContinueWhile1 End If Console.WriteLine("**********************************************************" & ControlChars.Lf) regGen2.ResetIndex() While regGen2.CreateReg(regPerm2, reg2, RegistryPermissionAccess.Read) If regPerm2 Is Nothing Then GoTo ContinueWhile2 End If Dim firstPermission As String = IIf(reg1 = "" Or reg1 Is Nothing, "null", reg1) Dim secondPermission As String = IIf(reg2 = "" Or reg2 Is Nothing, "null", reg2) Try regIdPerm3 = CType(regPerm1.Intersect(regPerm2), RegistryPermission) If Not (regIdPerm3 Is Nothing) AndAlso Not (regIdPerm3.GetPathList(RegistryPermissionAccess.Read) Is Nothing) Then Console.WriteLine(("The intersection of " & firstPermission & " and " & ControlChars.Lf & ControlChars.Tab & secondPermission & " = " & ControlChars.Lf & ControlChars.Tab & CType(regIdPerm3, RegistryPermission).GetPathList(RegistryPermissionAccess.Read).ToString())) Else Console.WriteLine(("The intersection of " & firstPermission & " and " & ControlChars.Lf & ControlChars.Tab & secondPermission & " is null. ")) End If Catch e As Exception Console.WriteLine(("An exception was thrown for intersection : " & e.ToString())) returnValue = False End Try ContinueWhile2: End While ContinueWhile1: End While Return returnValue End Function 'IntersectDemo 'Copy creates and returns an identical copy of the current permission. Private Function CopyDemo() As Boolean Dim returnValue As Boolean = True Dim reg1 As String Dim regPerm1, regPerm2 As RegistryPermission Dim regGen1 As New regGenerator() Dim regGen2 As New regGenerator() regGen1.ResetIndex() While regGen1.CreateReg(regPerm1, reg1, RegistryPermissionAccess.Read) If reg1 Is Nothing Then GoTo ContinueWhile1 End If regGen2.ResetIndex() Try regPerm2 = CType(regPerm1.Copy(), RegistryPermission) If Not (regPerm2 Is Nothing) Then Console.WriteLine(("Result of copy = " & regPerm2.ToString() & ControlChars.Lf)) Else Console.WriteLine("Result of copy is null. " & ControlChars.Lf) End If Catch e As Exception If (True.ToString()) Then If reg1 = "" Then Console.WriteLine("The target RegistryPermission is empty; copy failed.") Else Console.WriteLine(e.ToString()) End If End If GoTo ContinueWhile1 End Try ContinueWhile1: End While Return returnValue End Function 'CopyDemo ' ToXml creates an XML encoding of the permission and its current state; FromXml ' reconstructs a permission with the specified state from the XML encoding. Private Function ToFromXmlDemo() As Boolean Dim returnValue As Boolean = True Dim reg1 As String Dim regPerm1, regPerm2 As RegistryPermission Dim regGen1 As New regGenerator() Dim regGen2 As New regGenerator() regGen1.ResetIndex() While regGen1.CreateReg(regPerm1, reg1, RegistryPermissionAccess.Read) If regPerm1 Is Nothing Then GoTo ContinueWhile1 End If Console.WriteLine("********************************************************" & ControlChars.Lf) regGen2.ResetIndex() Try regPerm2 = New RegistryPermission(PermissionState.None) regPerm2.FromXml(regPerm1.ToXml()) Console.WriteLine(("Result of ToFromXml = " & regPerm2.ToString() & ControlChars.Lf)) Catch e As Exception Console.WriteLine(("ToFromXml failed :" & regPerm1.ToString() & e.ToString())) GoTo ContinueWhile1 End Try ContinueWhile1: End While Return returnValue End Function 'ToFromXmlDemo ' AddPathList adds access for the specified registry variables to the existing state of the permission. ' SetPathList sets new access for the specified registry variable names to the existing state of the permission. ' GetPathList gets paths for all registry variables with the specified RegistryPermissionAccess. Private Function SetGetPathListDemo() As Boolean Try Console.WriteLine("********************************************************" & ControlChars.Lf) Dim regPerm1 As RegistryPermission Console.WriteLine("Creating RegistryPermission with AllAccess rights for 'HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0'") regPerm1 = New RegistryPermission(RegistryPermissionAccess.AllAccess, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0") Console.WriteLine("Adding 'HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION' to the write access list, " & "and " & ControlChars.Lf & " 'HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0' " & "to the read access list.") regPerm1.AddPathList(RegistryPermissionAccess.Write, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION") regPerm1.AddPathList(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0") Console.WriteLine("Read access list before SetPathList = " & regPerm1.GetPathList(RegistryPermissionAccess.Read)) Console.WriteLine("Setting read access rights to " & ControlChars.Lf _ & "'HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0'") regPerm1.SetPathList(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0") Console.WriteLine("Read access list after SetPathList = " _ & ControlChars.Lf & regPerm1.GetPathList(RegistryPermissionAccess.Read)) Console.WriteLine("Write access = " & ControlChars.Lf & regPerm1.GetPathList(RegistryPermissionAccess.Write)) Console.WriteLine("Write access Registry variables = " & ControlChars.Lf & regPerm1.GetPathList(RegistryPermissionAccess.AllAccess)) Catch e As ArgumentException ' RegistryPermissionAccess.AllAccess can not be used as a parameter for GetPathList. Console.WriteLine("An ArgumentException occured as a result of using AllAccess. " _ & "AllAccess cannot be used as a parameter in GetPathList because it represents more than one " _ & "type of registry variable access : " & ControlChars.Lf & e.ToString()) End Try Return True End Function 'SetGetPathListDemo ' Invoke all demos. Public Function RunDemo() As Boolean Dim ret As Boolean = True Dim retTmp As Boolean ' Call IsSubset demo. retTmp = IsSubsetOfDemo() If retTmp Then Console.Out.WriteLine("IsSubset demo completed successfully.") Else Console.Out.WriteLine("IsSubset demo failed.") End If ret = retTmp AndAlso ret ' Call the Union demo. retTmp = UnionDemo() If retTmp Then Console.Out.WriteLine("Union demo completed successfully.") Else Console.Out.WriteLine("Union demo failed.") End If ret = retTmp AndAlso ret ' Call the intersect demo. retTmp = IntersectDemo() If retTmp Then Console.Out.WriteLine("Intersect demo completed successfully.") Else Console.Out.WriteLine("Intersect demo failed.") End If ret = retTmp AndAlso ret ' Call the Copy demo. retTmp = CopyDemo() If retTmp Then Console.Out.WriteLine("Copy demo completed successfully.") Else Console.Out.WriteLine("Copy demo failed.") End If ret = retTmp AndAlso ret ' Call the ToFromXml demo. retTmp = ToFromXmlDemo() If retTmp Then Console.Out.WriteLine("ToFromXml demo completed successfully.") Else Console.Out.WriteLine("ToFromXml demo failed.") End If ret = retTmp AndAlso ret ' Call the GetPathList demo. retTmp = SetGetPathListDemo() If retTmp Then Console.Out.WriteLine("SetGetPathList demo completed successfully.") Else Console.Out.WriteLine("SetGetPathList demo failed.") End If ret = retTmp AndAlso ret Return ret End Function 'RunDemo ' Test harness. Public Overloads Shared Sub Main(ByVal args() As [String]) Try Dim democase As New RegAPIDemo() Dim ret As Boolean = democase.RunDemo() If ret Then Console.Out.WriteLine("The RegisterPermission demo completed successfully.") Console.Out.WriteLine("Press the Enter key to exit.") Dim consoleInput As String = Console.ReadLine() System.Environment.ExitCode = 100 Else Console.Out.WriteLine("The RegisterPermission demo failed") Console.Out.WriteLine("Press the Enter key to exit.") Dim consoleInput As String = Console.ReadLine() System.Environment.ExitCode = 101 End If Catch e As Exception Console.Out.WriteLine("The RegisterPermission demo failed") Console.WriteLine(e.ToString()) Console.Out.WriteLine("Press the Enter key to exit.") Dim consoleInput As String = Console.ReadLine() System.Environment.ExitCode = 101 End Try End Sub 'Main End Class 'RegAPIDemo ' This class generates RegistryPermission objects. Friend Class RegGenerator Private myReg As String() = {"HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0", "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION", "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0"} Private regIndex As Integer = 0 Public Sub New() ResetIndex() End Sub 'New Public Sub ResetIndex() regIndex = 0 End Sub 'ResetIndex ' CreateReg creates a RegistryPermission. Public Function CreateReg(ByRef regPerm As RegistryPermission, ByRef reg As String, ByVal rpa As RegistryPermissionAccess) As Boolean If regIndex = myReg.Length Then regPerm = New RegistryPermission(PermissionState.None) reg = "" regIndex &= 1 Return True End If If regIndex > myReg.Length Then regPerm = Nothing reg = "" Return False End If reg = myReg(regIndex) regIndex = regIndex + 1 Try regPerm = New RegistryPermission(rpa, reg) Return True Catch e As Exception Console.WriteLine(("Cannot create RegistryPermission : " & reg & " " & e.ToString())) regPerm = New RegistryPermission(PermissionState.None) reg = "" Return True End Try End Function 'CreateReg ' End of RegGenerator. [C#] // This sample demonstrates the IsSubsetOf, Union, Intersect, Copy, ToXml, FromXml // GetPathList, AddPathList, and SetPathList methods // of the RegistryPermission class. using System; using System.Security; using System.Security.Permissions; using System.Collections; [assembly:CLSCompliant(true)] public class RegistryPermissionDemo { // IsSubsetOf determines whether the current permission is a subset of the specified permission. private bool IsSubsetOfDemo() { bool returnValue = true; string reg1,reg2; RegistryPermission regPerm1,regPerm2; RegGenerator regGen1 = new RegGenerator(); RegGenerator regGen2 = new RegGenerator(); regGen1.ResetIndex(); while(regGen1.CreateReg(out regPerm1, out reg1, RegistryPermissionAccess.Read)) { if(regPerm1 == null) continue; regGen2.ResetIndex(); Console.WriteLine("**********************************************************\n"); while(regGen2.CreateReg(out regPerm2, out reg2, RegistryPermissionAccess.AllAccess)) { string firstPermission = reg1 == "" | reg1 == null ? "null" : reg1 ; string secondPermission = reg2 == "" | reg2 == null ? "null" : reg2; if(regPerm2 == null) continue; try { if (regPerm1.IsSubsetOf(regPerm2)) { Console.WriteLine(firstPermission +"\n is a subset of " + secondPermission + "\n"); } else { Console.WriteLine(firstPermission +"\n is not a subset of " + secondPermission + "\n"); } } catch(Exception e) { Console.WriteLine("An exception was thrown for subset :" + reg1 == "" ? "null" : reg1 + "\n" + reg2 == "" ? "null" : reg2 +"\n" + e); } } } return returnValue; } // Union creates a new permission that is the union of the current permission and // the specified permission. private bool UnionDemo() { bool returnValue = true; string reg1,reg2; RegistryPermission regPerm1,regPerm2; IPermission regIdPerm3; RegGenerator regGen1 = new RegGenerator(); RegGenerator regGen2 = new RegGenerator(); regGen1.ResetIndex(); while(regGen1.CreateReg(out regPerm1, out reg1, RegistryPermissionAccess.Read)) { if(reg1 == null) continue; Console.WriteLine("**********************************************************\n"); regGen2.ResetIndex(); while(regGen2.CreateReg(out regPerm2, out reg2, RegistryPermissionAccess.Read)) { try { if(regPerm2 == null) continue; string firstPermission = reg1 == "" | reg1 == null ? "null" : reg1 ; string secondPermission = reg2 == "" | reg2 == null ? "null" : reg2; regIdPerm3 = (RegistryPermission)regPerm1.Union(regPerm2); regIdPerm3 = regPerm1.Union(regPerm2); if(regIdPerm3 == null) { Console.WriteLine("The union of " + firstPermission + " and \n\t" + secondPermission + " is null."); } else { Console.WriteLine("The union of " + firstPermission + " and \n\t" + secondPermission + " = \n\t" + ((RegistryPermission)regIdPerm3).GetPathList(RegistryPermissionAccess.Read).ToString()); } } catch(Exception e) { Console.WriteLine("An exception was thrown for union :" + e); returnValue=false; } } } return returnValue; } // Intersect creates and returns a new permission that is the intersection of the // current permission and the permission specified. private bool IntersectDemo() { bool returnValue = true; string reg1,reg2; RegistryPermission regPerm1,regPerm2,regIdPerm3; RegGenerator regGen1 = new RegGenerator(); RegGenerator regGen2 = new RegGenerator(); regGen1.ResetIndex(); while(regGen1.CreateReg(out regPerm1, out reg1, RegistryPermissionAccess.Read)) { if(reg1 == null) continue; Console.WriteLine("**********************************************************\n"); regGen2.ResetIndex(); while(regGen2.CreateReg(out regPerm2, out reg2, RegistryPermissionAccess.Read)) { if(regPerm2 == null) continue; string firstPermission = reg1 == "" | reg1 == null ? "null" : reg1 ; string secondPermission = reg2 == "" | reg2 == null ? "null" : reg2; try { regIdPerm3 = (RegistryPermission)regPerm1.Intersect(regPerm2); if (regIdPerm3 != null && regIdPerm3.GetPathList(RegistryPermissionAccess.Read) != null) { Console.WriteLine("The intersection of " + firstPermission + " and \n\t" + secondPermission + " = \n\t" + ((RegistryPermission)regIdPerm3).GetPathList(RegistryPermissionAccess.Read).ToString()); } else { Console.WriteLine("The intersection of " + firstPermission + " and \n\t" + secondPermission + " is null. "); } } catch(Exception e) { Console.WriteLine("An exception was thrown for intersection : " + e); returnValue=false; } } } return returnValue; } //Copy creates and returns an identical copy of the current permission. private bool CopyDemo() { bool returnValue = true; string reg1; RegistryPermission regPerm1,regPerm2; RegGenerator regGen1 = new RegGenerator(); RegGenerator regGen2 = new RegGenerator(); regGen1.ResetIndex(); while(regGen1.CreateReg(out regPerm1, out reg1, RegistryPermissionAccess.Read)) { if(reg1 == null ) continue; regGen2.ResetIndex(); try { regPerm2 = (RegistryPermission)regPerm1.Copy(); if (regPerm2 != null) { Console.WriteLine("Result of copy = " + regPerm2.ToString() + "\n"); } else { Console.WriteLine("Result of copy is null. \n"); } } catch(Exception e) { { if (reg1 == "") { Console.WriteLine( "The target RegistryPermission is empty; copy failed."); } else Console.WriteLine( e); } continue; } } return returnValue; } // ToXml creates an XML encoding of the permission and its current state; FromXml // reconstructs a permission with the specified state from the XML encoding. private bool ToFromXmlDemo() { bool returnValue = true; string reg1; RegistryPermission regPerm1,regPerm2; RegGenerator regGen1 = new RegGenerator(); RegGenerator regGen2 = new RegGenerator(); regGen1.ResetIndex(); while(regGen1.CreateReg(out regPerm1, out reg1, RegistryPermissionAccess.Read)) { if(regPerm1 == null) continue; Console.WriteLine("********************************************************\n"); regGen2.ResetIndex(); try { regPerm2= new RegistryPermission(PermissionState.None); regPerm2.FromXml(regPerm1.ToXml()); Console.WriteLine("Result of ToFromXml = " +regPerm2.ToString() + "\n"); } catch(Exception e) { Console.WriteLine("ToFromXml failed :" + regPerm1.ToString() + e); continue; } } return returnValue; } // AddPathList adds access for the specified registry variables to the existing state of the permission. // SetPathList sets new access for the specified registry variable names to the existing state of the permission. // GetPathList gets paths for all registry variables with the specified RegistryPermissionAccess. private bool SetGetPathListDemo() { try { Console.WriteLine("********************************************************\n"); RegistryPermission regPerm1; Console.WriteLine("Creating RegistryPermission with AllAccess rights for 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0'"); regPerm1 = new RegistryPermission(RegistryPermissionAccess.AllAccess, "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"); Console.WriteLine("Adding 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION' to the write access list, " + "and \n 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0' " + "to the read access list."); regPerm1.AddPathList(RegistryPermissionAccess.Write, "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION"); regPerm1.AddPathList(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0"); Console.WriteLine("Read access list before SetPathList = " + regPerm1.GetPathList(RegistryPermissionAccess.Read)); Console.WriteLine("Setting read access rights to \n'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0'"); regPerm1.SetPathList(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"); Console.WriteLine("Read access list after SetPathList = \n" + regPerm1.GetPathList(RegistryPermissionAccess.Read)); Console.WriteLine("Write access = \n" + regPerm1.GetPathList(RegistryPermissionAccess.Write)); Console.WriteLine("Write access Registry variables = \n" + regPerm1.GetPathList(RegistryPermissionAccess.AllAccess)); } catch (ArgumentException e) { // RegistryPermissionAccess.AllAccess can not be used as a parameter for GetPathList. Console.WriteLine("An ArgumentException occured as a result of using AllAccess. " + "AllAccess cannot be used as a parameter in GetPathList because it represents more than one " + "type of registry variable access : \n" + e); } return true; } // Invoke all demos. public bool RunDemo() { bool ret=true; bool retTmp; // Call IsSubset demo. if(retTmp= IsSubsetOfDemo())Console.Out.WriteLine("IsSubset demo completed successfully."); else Console.Out.WriteLine("IsSubset demo failed."); ret=retTmp && ret; // Call the Union demo. if(retTmp= UnionDemo())Console.Out.WriteLine("Union demo completed successfully."); else Console.Out.WriteLine("Union demo failed."); ret=retTmp && ret; // Call the intersect demo. if(retTmp= IntersectDemo())Console.Out.WriteLine("Intersect demo completed successfully."); else Console.Out.WriteLine("Intersect demo failed."); ret=retTmp && ret; // Call the Copy demo. if(retTmp= CopyDemo())Console.Out.WriteLine("Copy demo completed successfully."); else Console.Out.WriteLine("Copy demo failed."); ret=retTmp && ret; // Call the ToFromXml demo. if(retTmp= ToFromXmlDemo())Console.Out.WriteLine("ToFromXml demo completed successfully."); else Console.Out.WriteLine("ToFromXml demo failed."); ret=retTmp && ret; // Call the GetPathList demo. if(retTmp= SetGetPathListDemo())Console.Out.WriteLine("SetGetPathList demo completed successfully."); else Console.Out.WriteLine("SetGetPathList demo failed."); ret=retTmp && ret; return ( ret ); } // Test harness. public static void Main(String[] args) { try { RegistryPermissionDemo democase = new RegistryPermissionDemo(); bool ret = democase.RunDemo(); if (ret) { Console.Out.WriteLine("The RegisterPermission demo completed successfully."); Console.Out.WriteLine("Press the Enter key to exit."); string consoleInput = Console.ReadLine(); System.Environment.ExitCode = 100; } else { Console.Out.WriteLine("The RegisterPermission demo failed"); Console.Out.WriteLine("Press the Enter key to exit."); string consoleInput = Console.ReadLine(); System.Environment.ExitCode = 101; } } catch(Exception e) { Console.Out.WriteLine("The RegisterPermission demo failed"); Console.WriteLine(e.ToString()); Console.Out.WriteLine("Press the Enter key to exit."); string consoleInput = Console.ReadLine(); System.Environment.ExitCode = 101; } } } // This class generates RegistryPermission objects. internal class RegGenerator { private string[] myReg = { "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION", "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0"}; private int regIndex = 0; public RegGenerator() { ResetIndex(); } public void ResetIndex() { regIndex = 0; } // CreateReg creates a RegistryPermission. public bool CreateReg(out RegistryPermission regPerm, out string reg, RegistryPermissionAccess rpa) { if(regIndex == myReg.Length) { regPerm = new RegistryPermission(PermissionState.None); reg=""; regIndex++; return true; } if(regIndex > myReg.Length) { regPerm = null; reg = ""; return false; } reg = myReg[regIndex++]; try { regPerm = new RegistryPermission(rpa, reg); return true; } catch(Exception e) { Console.WriteLine("Cannot create RegistryPermission : " + reg +" "+e); regPerm = new RegistryPermission(PermissionState.None); reg=""; return true; } } } // End of RegGenerator. [C++] // This sample demonstrates the IsSubsetOf, Union, Intersect, Copy, ToXml, FromXml // GetPathList, AddPathList, and SetPathList methods // of the RegistryPermission class. #using <mscorlib.dll> using namespace System; using namespace System::Security; using namespace System::Security::Permissions; using namespace System::Collections; using namespace System::Runtime::InteropServices; [assembly:CLSCompliant(true)]; // This class generates RegistryPermission objects. private __gc class RegGenerator { private: String* myReg[]; int regIndex; public: RegGenerator() { String* temp[] = { S"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", S"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION", S"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0"}; myReg = temp; regIndex = 0; ResetIndex(); } void ResetIndex() { regIndex = 0; } // CreateReg creates a RegistryPermission. bool CreateReg([Out] RegistryPermission** regPerm, [Out] String** reg, RegistryPermissionAccess rpa) { if(regIndex == myReg->Length) { *regPerm = new RegistryPermission(PermissionState::None); *reg=S""; regIndex++; return true; } if(regIndex > myReg->Length) { *regPerm = 0; *reg = S""; return false; } *reg = myReg[regIndex++]; try { *regPerm = new RegistryPermission(rpa, *reg); return true; } catch(Exception* e) { Console::WriteLine(S"Cannot create RegistryPermission : {0} {1}", *reg, e); *regPerm = new RegistryPermission(PermissionState::None); *reg=S""; return true; } } }; // End of RegGenerator. public __gc class RegistryPermissionDemo { // IsSubsetOf determines whether the current permission is a subset of the specified permission. private: bool IsSubsetOfDemo() { bool returnValue = true; String* reg1; String* reg2; RegistryPermission* regPerm1; RegistryPermission* regPerm2; RegGenerator* regGen1 = new RegGenerator(); RegGenerator* regGen2 = new RegGenerator(); regGen1->ResetIndex(); while(regGen1->CreateReg(®Perm1, ®1, RegistryPermissionAccess::Read)) { if(regPerm1 == 0) continue; regGen2->ResetIndex(); Console::WriteLine(S"**********************************************************\n"); while(regGen2->CreateReg(®Perm2, ®2, RegistryPermissionAccess::AllAccess)) { String* firstPermission = reg1->Equals(S"") || reg1 == 0 ? S"null" : reg1 ; String* secondPermission = reg2->Equals(S"") || reg2 == 0 ? S"null" : reg2; if(regPerm2 == 0) continue; try { if (regPerm1->IsSubsetOf(regPerm2)) { Console::WriteLine(S"{0}\n is a subset of {1}\n", firstPermission, secondPermission); } else { Console::WriteLine(S"{0}\n is not a subset of {1}\n", firstPermission, secondPermission); } } catch(Exception* e) { Console::WriteLine(S"An exception was thrown for subset :{0}\n{1}\n{2}", reg1->Equals(S"") ? "null" : reg1, reg2->Equals(S"") ? "null" : reg2, e); } } } return returnValue; } // Union creates a new permission that is the union of the current permission and // the specified permission. bool UnionDemo() { bool returnValue = true; String* reg1; String* reg2; RegistryPermission* regPerm1; RegistryPermission* regPerm2; IPermission* regIdPerm3; RegGenerator* regGen1 = new RegGenerator(); RegGenerator* regGen2 = new RegGenerator(); regGen1->ResetIndex(); while(regGen1->CreateReg(®Perm1, ®1, RegistryPermissionAccess::Read)) { if(reg1 == 0) continue; Console::WriteLine(S"**********************************************************\n"); regGen2->ResetIndex(); while(regGen2->CreateReg(®Perm2, ®2, RegistryPermissionAccess::Read)) { try { if(regPerm2 == 0) continue; String* firstPermission = reg1->Equals(S"") || reg1 == 0 ? S"null" : reg1 ; String* secondPermission = reg2->Equals(S"") || reg2 == 0 ? S"null" : reg2; regIdPerm3 = dynamic_cast<RegistryPermission*>(regPerm1->Union(regPerm2)); regIdPerm3 = regPerm1->Union(regPerm2); if(regIdPerm3 == 0) { Console::WriteLine(S"The union of {0} and \n\t{1} is null.", firstPermission, secondPermission); } else { Console::WriteLine(S"The union of {0} and \n\t{1} = \n\t{2}", firstPermission, secondPermission, (dynamic_cast<RegistryPermission*>(regIdPerm3))->GetPathList(RegistryPermissionAccess::Read)); } } catch(Exception* e) { Console::WriteLine(S"An exception was thrown for union :{0}", e); returnValue=false; } } } return returnValue; } // Intersect creates and returns a new permission that is the intersection of the // current permission and the permission specified. bool IntersectDemo() { bool returnValue = true; String* reg1; String* reg2; RegistryPermission* regPerm1; RegistryPermission* regPerm2; RegistryPermission* regIdPerm3; RegGenerator* regGen1 = new RegGenerator(); RegGenerator* regGen2 = new RegGenerator(); regGen1->ResetIndex(); while(regGen1->CreateReg(®Perm1, ®1, RegistryPermissionAccess::Read)) { if(reg1 == 0) continue; Console::WriteLine(S"**********************************************************\n"); regGen2->ResetIndex(); while(regGen2->CreateReg(®Perm2, ®2, RegistryPermissionAccess::Read)) { if(regPerm2 == 0) continue; String* firstPermission = reg1->Equals(S"") || reg1 == 0 ? S"null" : reg1 ; String* secondPermission = reg2->Equals(S"") || reg2 == 0 ? S"null" : reg2; try { regIdPerm3 = dynamic_cast<RegistryPermission*>(regPerm1->Intersect(regPerm2)); if (regIdPerm3 != 0 && regIdPerm3->GetPathList(RegistryPermissionAccess::Read) != 0) { Console::WriteLine(S"The intersection of {0} and \n\t{1} = \n\t{2}", firstPermission, secondPermission, (dynamic_cast<RegistryPermission*>(regIdPerm3))->GetPathList(RegistryPermissionAccess::Read)); } else { Console::WriteLine(S"The intersection of {0} and \n\t{1} is null. ", firstPermission, secondPermission); } } catch(Exception* e) { Console::WriteLine(S"An exception was thrown for intersection : {0}", e); returnValue=false; } } } return returnValue; } //Copy creates and returns an identical copy of the current permission. bool CopyDemo() { bool returnValue = true; String* reg1; RegistryPermission* regPerm1; RegistryPermission* regPerm2; RegGenerator* regGen1 = new RegGenerator(); RegGenerator* regGen2 = new RegGenerator(); regGen1->ResetIndex(); while(regGen1->CreateReg(®Perm1, ®1, RegistryPermissionAccess::Read)) { if(reg1 == 0 ) continue; regGen2->ResetIndex(); try { regPerm2 = dynamic_cast<RegistryPermission*>(regPerm1->Copy()); if (regPerm2 != 0) { Console::WriteLine(S"Result of copy = {0}\n", regPerm2); } else { Console::WriteLine(S"Result of copy is null. \n"); } } catch(Exception* e) { { if (reg1->Equals(S"")) { Console::WriteLine( S"The target RegistryPermission is empty; copy failed."); } else Console::WriteLine( e); } continue; } } return returnValue; } // ToXml creates an XML encoding of the permission and its current state; FromXml // reconstructs a permission with the specified state from the XML encoding. bool ToFromXmlDemo() { bool returnValue = true; String* reg1; RegistryPermission* regPerm1; RegistryPermission* regPerm2; RegGenerator* regGen1 = new RegGenerator(); RegGenerator* regGen2 = new RegGenerator(); regGen1->ResetIndex(); while(regGen1->CreateReg(®Perm1, ®1, RegistryPermissionAccess::Read)) { if(regPerm1 == 0) continue; Console::WriteLine(S"********************************************************\n"); regGen2->ResetIndex(); try { regPerm2= new RegistryPermission(PermissionState::None); regPerm2->FromXml(regPerm1->ToXml()); Console::WriteLine(S"Result of ToFromXml = {0}\n", regPerm2); } catch(Exception* e) { Console::WriteLine(S"ToFromXml failed :{0}{1}", regPerm1, e); continue; } } return returnValue; } // AddPathList adds access for the specified registry variables to the existing state of the permission. // SetPathList sets new access for the specified registry variable names to the existing state of the permission. // GetPathList gets paths for all registry variables with the specified RegistryPermissionAccess. bool SetGetPathListDemo() { try { Console::WriteLine(S"********************************************************\n"); RegistryPermission* regPerm1; Console::WriteLine(S"Creating RegistryPermission with AllAccess rights for 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0'"); regPerm1 = new RegistryPermission(RegistryPermissionAccess::AllAccess, S"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"); Console::WriteLine(S"Adding 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION' to the write access list, and \n 'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0' to the read access list."); regPerm1->AddPathList(RegistryPermissionAccess::Write, S"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION"); regPerm1->AddPathList(RegistryPermissionAccess::Read, S"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0"); Console::WriteLine(S"Read access list before SetPathList = {0}", regPerm1->GetPathList(RegistryPermissionAccess::Read)); Console::WriteLine(S"Setting read access rights to \n'HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0'"); regPerm1->SetPathList(RegistryPermissionAccess::Read, S"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"); Console::WriteLine(S"Read access list after SetPathList = \n{0}", regPerm1->GetPathList(RegistryPermissionAccess::Read)); Console::WriteLine(S"Write access = \n{0}", regPerm1->GetPathList(RegistryPermissionAccess::Write)); Console::WriteLine(S"Write access Registry variables = \n{0}", regPerm1->GetPathList(RegistryPermissionAccess::AllAccess)); } catch (ArgumentException* e) { // RegistryPermissionAccess.AllAccess can not be used as a parameter for GetPathList. Console::WriteLine(S"An ArgumentException occured as a result of using AllAccess. AllAccess cannot be used as a parameter in GetPathList because it represents more than one type of registry variable access : \n{0}", e); } return true; } // Invoke all demos. public: bool RunDemo() { bool ret=true; bool retTmp; // Call IsSubset demo. if(retTmp= IsSubsetOfDemo())Console::Out->WriteLine(S"IsSubset demo completed successfully."); else Console::Out->WriteLine(S"IsSubset demo failed."); ret=retTmp && ret; // Call the Union demo. if(retTmp= UnionDemo())Console::Out->WriteLine(S"Union demo completed successfully."); else Console::Out->WriteLine(S"Union demo failed."); ret=retTmp && ret; // Call the intersect demo. if(retTmp= IntersectDemo())Console::Out->WriteLine(S"Intersect demo completed successfully."); else Console::Out->WriteLine(S"Intersect demo failed."); ret=retTmp && ret; // Call the Copy demo. if(retTmp= CopyDemo())Console::Out->WriteLine(S"Copy demo completed successfully."); else Console::Out->WriteLine(S"Copy demo failed."); ret=retTmp && ret; // Call the ToFromXml demo. if(retTmp= ToFromXmlDemo())Console::Out->WriteLine(S"ToFromXml demo completed successfully."); else Console::Out->WriteLine(S"ToFromXml demo failed."); ret=retTmp && ret; // Call the GetPathList demo. if(retTmp= SetGetPathListDemo())Console::Out->WriteLine(S"SetGetPathList demo completed successfully."); else Console::Out->WriteLine(S"SetGetPathList demo failed."); ret=retTmp && ret; return ( ret ); } }; // Test harness. int main() { try { RegistryPermissionDemo* democase = new RegistryPermissionDemo(); bool ret = democase->RunDemo(); if (ret) { Console::Out->WriteLine(S"The RegisterPermission demo completed successfully."); Console::Out->WriteLine(S"Press the Enter key to exit."); Console::ReadLine(); System::Environment::ExitCode = 100; } else { Console::Out->WriteLine(S"The RegisterPermission demo failed"); Console::Out->WriteLine(S"Press the Enter key to exit."); Console::ReadLine(); System::Environment::ExitCode = 101; } } catch(Exception* e) { Console::Out->WriteLine(S"The RegisterPermission demo failed"); Console::WriteLine(e); Console::Out->WriteLine(S"Press the Enter key to exit."); Console::ReadLine(); System::Environment::ExitCode = 101; } }
[JScript] No example is available for JScript. To view a Visual Basic, C#, or C++ example, click the Language Filter button
in the upper-left corner of the page.
Requirements
Namespace: System.Security.Permissions
Platforms: Windows 98, Windows NT 4.0, Windows Millennium Edition, Windows 2000, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 family
Assembly: Mscorlib (in Mscorlib.dll)
See Also
RegistryPermission Members | System.Security.Permissions Namespace | Permissions | Requesting Permissions | RegistryPermissionAttribute | RegistryPermissionAccess