RegistryPermission Class
Assembly: mscorlib (in mscorlib.dll)
'Declaration <SerializableAttribute> _ <ComVisibleAttribute(True)> _ Public NotInheritable Class RegistryPermission Inherits CodeAccessPermission Implements IUnrestrictedPermission 'Usage Dim instance As RegistryPermission
/** @attribute SerializableAttribute() */ /** @attribute ComVisibleAttribute(true) */ public final class RegistryPermission extends CodeAccessPermission implements IUnrestrictedPermission
SerializableAttribute ComVisibleAttribute(true) public final class RegistryPermission extends CodeAccessPermission implements IUnrestrictedPermission
RegistryPermission describes protected operations on registry variables. Registry variables should not be stored in memory locations where code without RegistryPermission can access them. If the registry object is passed to an untrusted caller it can be misused.
The allowed registry access types are defined by RegistryPermissionAccess. If more than one type of access is desired, they can be combined using the bitwise OR operation as shown in the code sample that follows.
Registry permission is defined in terms of canonical absolute paths; checks should always be made with canonical pathnames. Key access implies access to all values it contains and all variables under it.
Caution |
|---|
| RegistryPermission grants permission for all paths to a key, including both HKEY_CURRENT_USER and HKEY_USERS. To Deny access to a key, you must Deny all possible paths to the key. For example, to Deny access to HKEY_CURRENT_USER\Software\Microsoft\Cryptography, you must Deny HKEY_CURRENT_USER\Software\Microsoft\Cryptography, HKEY_USERS\.......\Software\Microsoft\Cryptography and any other path that you can use to access the key. A better technique to deal with multiple paths is to use a combination of PermitOnly and Deny. For more information on this subject and the use of PermitOnly with Deny, see "Canonicalization Problems Using Deny" in Using the Deny Method. |
In the following code example, the RegistryPermissionf represents permission to read the values from the CentralProcessor key. Read and Write are RegistryPermissionAccess enumeration values.
Dim f As New RegistryPermission( _ RegistryPermissionAccess.Read, _ "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0")
RegistryPermission f =
new RegistryPermission(RegistryPermissionAccess.Read,
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\"
+ "System\\CentralProcessor\\0");
The following code example adds permission to read from and write to the FloatingPointProcessor key to the RegistryPermissionf.
f.AddPathList( _ RegistryPermissionAccess.Write Or RegistryPermissionAccess.Read, _ "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0")
f.AddPathList(RegistryPermissionAccess.Write |
RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\\HARDWARE\\"
+ "DESCRIPTION\\System\\FloatingPointProcessor\\0");
The RegistryPermissionf now represents the permission to read from the CentralProcessor key and to read from and write to the FloatingPointProcessor key.
The following code example demonstrates the behavior of the RegistryPermission methods. The purpose of this example is to show the results of the methods, not to show how the methods are used.
' This sample demonstrates the IsSubsetOf, Union, Intersect, Copy, ToXml, FromXml ' GetPathList, AddPathList, and SetPathList methods ' of the RegistryPermission class. Imports System Imports System.Security Imports System.Security.Permissions Imports System.Collections Public Class RegistryPermissionDemo Private readPerm1 As New RegistryPermission(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0") Private readPerm2 As New RegistryPermission(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION") Private readPerm3 As New RegistryPermission(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0") Private createPerm1 As New RegistryPermission(RegistryPermissionAccess.Create, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0") Private readPerm4 As IPermission ' IsSubsetOf determines whether the current permission is a subset of the specified permission. Private Function IsSubsetOfDemo() As Boolean Dim returnValue As Boolean = True If readPerm1.IsSubsetOf(readPerm2) Then Console.WriteLine(readPerm1.GetPathList(RegistryPermissionAccess.Read) + vbLf + " is a subset of " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + vbLf) Else Console.WriteLine(readPerm1.GetPathList(RegistryPermissionAccess.Read) + vbLf + " is not a subset of " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + vbLf) End If If createPerm1.IsSubsetOf(readPerm1) Then Console.WriteLine("RegistryPermissionAccess.Create" + vbLf + " is a subset of " + "RegistryPermissionAccess.Read" + vbLf) Else Console.WriteLine("RegistryPermissionAccess.Create" + vbLf + " is not a subset of " + "RegistryPermissionAccess.Read" + vbLf) End If Return returnValue End Function 'IsSubsetOfDemo ' Union creates a new permission that is the union of the current permission and ' the specified permission. Private Function UnionDemo() As Boolean Dim returnValue As Boolean = True readPerm3 = CType(readPerm1.Union(readPerm2), RegistryPermission) If readPerm3 Is Nothing Then Console.WriteLine("The union of " + vbLf + readPerm1.GetPathList(RegistryPermissionAccess.Read) + " " + vbLf + "and " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " is null.") Else Console.WriteLine("The union of " + vbLf + readPerm1.GetPathList(RegistryPermissionAccess.Read) + " " + vbLf + "and " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " = " + vbLf + vbTab + CType(readPerm3, RegistryPermission).GetPathList(RegistryPermissionAccess.Read).ToString()) End If Return returnValue End Function 'UnionDemo ' Intersect creates and returns a new permission that is the intersection of the ' current permission and the permission specified. Private Function IntersectDemo() As Boolean Dim returnValue As Boolean = True readPerm3 = CType(readPerm1.Intersect(readPerm2), RegistryPermission) If Not (readPerm3 Is Nothing) AndAlso Not (readPerm3.GetPathList(RegistryPermissionAccess.Read) Is Nothing) Then Console.WriteLine("The intersection of " + vbLf + readPerm1.GetPathList(RegistryPermissionAccess.Read) + " " + vbLf + "and " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " = " + vbLf + vbTab + CType(readPerm3, RegistryPermission).GetPathList(RegistryPermissionAccess.Read).ToString()) Else Console.WriteLine("The intersection of " + vbLf + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " " + vbLf + "and " + readPerm2.GetPathList(RegistryPermissionAccess.Read) + " is null. ") End If Return returnValue End Function 'IntersectDemo 'Copy creates and returns an identical copy of the current permission. Private Function CopyDemo() As Boolean Dim returnValue As Boolean = True readPerm4 = CType(readPerm1.Copy(), RegistryPermission) If Not (readPerm4 Is Nothing) Then Console.WriteLine("Result of copy = " + readPerm4.ToXml().ToString() + vbLf) Else Console.WriteLine("Result of copy is null. " + vbLf) End If Return returnValue End Function 'CopyDemo ' ToXml creates an XML encoding of the permission and its current state; FromXml ' reconstructs a permission with the specified state from the XML encoding. Private Function ToFromXmlDemo() As Boolean Dim returnValue As Boolean = True readPerm2 = New RegistryPermission(PermissionState.None) readPerm2.FromXml(readPerm1.ToXml()) Console.WriteLine("Result of ToFromXml = " + readPerm2.ToString() + vbLf) Return returnValue End Function 'ToFromXmlDemo ' AddPathList adds access for the specified registry variables to the existing state of the permission. ' SetPathList sets new access for the specified registry variable names to the existing state of the permission. ' GetPathList gets paths for all registry variables with the specified RegistryPermissionAccess. Private Function SetGetPathListDemo() As Boolean Try Console.WriteLine("********************************************************" + vbLf) Dim readPerm1 As RegistryPermission Console.WriteLine("Creating RegistryPermission with AllAccess rights for 'HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0'") readPerm1 = New RegistryPermission(RegistryPermissionAccess.AllAccess, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0") Console.WriteLine("Adding 'HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION' to the write access list, " + "and " + vbLf + " 'HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0' " + "to the read access list.") readPerm1.AddPathList(RegistryPermissionAccess.Write, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION") readPerm1.AddPathList(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0") Console.WriteLine("Read access list before SetPathList = " + readPerm1.GetPathList(RegistryPermissionAccess.Read)) Console.WriteLine("Setting read access rights to " + vbLf + "'HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0'") readPerm1.SetPathList(RegistryPermissionAccess.Read, "HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0") Console.WriteLine("Read access list after SetPathList = " + vbLf + readPerm1.GetPathList(RegistryPermissionAccess.Read)) Console.WriteLine("Write access = " + vbLf + readPerm1.GetPathList(RegistryPermissionAccess.Write)) Console.WriteLine("Write access Registry variables = " + vbLf + readPerm1.GetPathList(RegistryPermissionAccess.AllAccess)) Catch e As ArgumentException ' RegistryPermissionAccess.AllAccess can not be used as a parameter for GetPathList. Console.WriteLine("An ArgumentException occured as a result of using AllAccess. " + _ "AllAccess cannot be used as a parameter in GetPathList because it represents more than one " + _ "type of registry variable access : " + vbLf + e.Message) End Try Return True End Function 'SetGetPathListDemo ' Invoke all demos. Public Function RunDemo() As Boolean Dim ret As Boolean = True Dim retTmp As Boolean ' Call IsSubset demo. If IsSubsetOfDemo() Then Console.Out.WriteLine("IsSubset demo completed successfully.") Else Console.Out.WriteLine("IsSubset demo failed.") End If ret = retTmp AndAlso ret ' Call the Union demo. retTmp = UnionDemo() If retTmp Then Console.Out.WriteLine("Union demo completed successfully.") Else Console.Out.WriteLine("Union demo failed.") End If ret = retTmp AndAlso ret ' Call the intersect demo. retTmp = UnionDemo() If retTmp Then Console.Out.WriteLine("Intersect demo completed successfully.") Else Console.Out.WriteLine("Intersect demo failed.") End If ret = retTmp AndAlso ret ' Call the Copy demo. retTmp = CopyDemo() If retTmp Then Console.Out.WriteLine("Copy demo completed successfully.") Else Console.Out.WriteLine("Copy demo failed.") End If ret = retTmp AndAlso ret ' Call the ToFromXml demo. retTmp = ToFromXmlDemo() If retTmp Then Console.Out.WriteLine("ToFromXml demo completed successfully.") Else Console.Out.WriteLine("ToFromXml demo failed.") End If ret = retTmp AndAlso ret ' Call the GetPathList demo. retTmp = SetGetPathListDemo() If retTmp Then Console.Out.WriteLine("SetGetPathList demo completed successfully.") Else Console.Out.WriteLine("SetGetPathList demo failed.") End If ret = retTmp AndAlso ret Return ret End Function 'RunDemo ' Test harness. Public Shared Sub Main(ByVal args() As String) Try Dim democase As New RegistryPermissionDemo() Dim ret As Boolean = democase.RunDemo() If ret Then Console.Out.WriteLine("The RegisterPermission demo completed successfully.") Console.Out.WriteLine("Press the Enter key to exit.") Dim consoleInput As String = Console.ReadLine() System.Environment.ExitCode = 100 Else Console.Out.WriteLine("The RegisterPermission demo failed") Console.Out.WriteLine("Press the Enter key to exit.") Dim consoleInput As String = Console.ReadLine() System.Environment.ExitCode = 101 End If Catch e As Exception Console.Out.WriteLine("The RegisterPermission demo failed") Console.WriteLine(e.ToString()) Console.Out.WriteLine("Press the Enter key to exit.") Dim consoleInput As String = Console.ReadLine() System.Environment.ExitCode = 101 End Try End Sub 'Main End Class 'RegistryPermissionDemo
Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.
Caution