FileCodeGroup Class
Grants permission to manipulate files located in the code assemblies to code assemblies that match the membership condition. This class cannot be inherited.
Assembly: mscorlib (in mscorlib.dll)
The FileCodeGroup type exposes the following members.
| Name | Description | |
|---|---|---|
![]() | AttributeString | Gets a string representation of the attributes of the policy statement for the code group. (Overrides CodeGroup::AttributeString.) |
![]() | Children | Gets or sets an ordered list of the child code groups of a code group. (Inherited from CodeGroup.) |
![]() | Description | Gets or sets the description of the code group. (Inherited from CodeGroup.) |
![]() | MembershipCondition | Gets or sets the code group's membership condition. (Inherited from CodeGroup.) |
![]() | MergeLogic | Gets the merge logic. (Overrides CodeGroup::MergeLogic.) |
![]() | Name | Gets or sets the name of the code group. (Inherited from CodeGroup.) |
![]() | PermissionSetName | Gets the name of the named permission set for the code group. (Overrides CodeGroup::PermissionSetName.) |
![]() | PolicyStatement | Gets or sets the policy statement associated with the code group. (Inherited from CodeGroup.) |
| Name | Description | |
|---|---|---|
![]() | AddChild | Adds a child code group to the current code group. (Inherited from CodeGroup.) |
![]() | Copy | Makes a deep copy of the current code group. (Overrides CodeGroup::Copy().) |
![]() | CreateXml | When overridden in a derived class, serializes properties and internal state specific to a derived code group and adds the serialization to the specified SecurityElement. (Inherited from CodeGroup.) |
![]() | Equals(Object) | Determines whether the specified code group is equivalent to the current code group. (Overrides CodeGroup::Equals(Object).) |
![]() | Equals(CodeGroup, Boolean) | Determines whether the specified code group is equivalent to the current code group, checking the child code groups as well, if specified. (Inherited from CodeGroup.) |
![]() | Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.) |
![]() | FromXml(SecurityElement) | Reconstructs a security object with a given state from an XML encoding. (Inherited from CodeGroup.) |
![]() | FromXml(SecurityElement, PolicyLevel) | Reconstructs a security object with a given state and policy level from an XML encoding. (Inherited from CodeGroup.) |
![]() | GetHashCode | Gets the hash code of the current code group. (Overrides CodeGroup::GetHashCode().) |
![]() | GetType | Gets the Type of the current instance. (Inherited from Object.) |
![]() | MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
![]() | ParseXml | When overridden in a derived class, reconstructs properties and internal state specific to a derived code group from the specified SecurityElement. (Inherited from CodeGroup.) |
![]() | RemoveChild | Removes the specified child code group. (Inherited from CodeGroup.) |
![]() | Resolve | Resolves policy for the code group and its descendants for a set of evidence. (Overrides CodeGroup::Resolve(Evidence).) |
![]() | ResolveMatchingCodeGroups | Resolves matching code groups. (Overrides CodeGroup::ResolveMatchingCodeGroups(Evidence).) |
![]() | ToString | Returns a string that represents the current object. (Inherited from Object.) |
![]() | ToXml() | Creates an XML encoding of the security object and its current state. (Inherited from CodeGroup.) |
![]() | ToXml(PolicyLevel) | Creates an XML encoding of the security object, its current state, and the policy level within which the code exists. (Inherited from CodeGroup.) |
Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that can have child code groups. Each child code group can have their own child code groups; this behavior extends to any number of levels, forming a tree. Each code group has a membership condition that determines if a given assembly belongs to it based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly and their child code groups apply policy.
FileCodeGroup has the same child matching semantics as UnionCodeGroup. However, FileCodeGroup returns a permission set containing a dynamically-calculated FileIOPermission that grants file access to the directory from which the code is run; UnionCodeGroup only returns a static permission set. The type of file access granted is passed as a parameter to the constructor.
This code group only matches assemblies run over a file protocol, that is, assemblies that have URLs that point to a file or UNC path.
The following example shows the use of members of the FileCodeGroup class.
using namespace System; using namespace System::Security; using namespace System::Security::Policy; using namespace System::Security::Permissions; using namespace System::Reflection; ref class Members { public: [STAThread] static void Main() { FileCodeGroup^ fileCodeGroup = constructDefaultGroup(); // Create a deep copy of the FileCodeGroup. FileCodeGroup^ copyCodeGroup = dynamic_cast<FileCodeGroup^>(fileCodeGroup->Copy()); CompareTwoCodeGroups( fileCodeGroup, copyCodeGroup ); addPolicy( &fileCodeGroup ); addXmlMember( &fileCodeGroup ); updateMembershipCondition( &fileCodeGroup ); addChildCodeGroup( &fileCodeGroup ); Console::Write( L"Comparing the resolved code group " ); Console::WriteLine( L"with the initial code group." ); FileCodeGroup^ resolvedCodeGroup = ResolveGroupToEvidence( fileCodeGroup ); if ( CompareTwoCodeGroups( fileCodeGroup, resolvedCodeGroup ) ) { PrintCodeGroup( resolvedCodeGroup ); } else { PrintCodeGroup( fileCodeGroup ); } Console::WriteLine( L"This sample completed successfully; press Enter to exit." ); Console::ReadLine(); } private: // Construct a new FileCodeGroup with Read, Write, Append // and PathDiscovery access. static FileCodeGroup^ constructDefaultGroup() { // Construct a new file code group that has complete access to // files in the specified path. FileCodeGroup^ fileCodeGroup = gcnew FileCodeGroup( gcnew AllMembershipCondition,FileIOPermissionAccess::AllAccess ); // Set the name of the file code group. fileCodeGroup->Name = L"TempCodeGroup"; // Set the description of the file code group. fileCodeGroup->Description = L"Temp folder permissions group"; // Retrieve the string representation of the fileCodeGroup�s // attributes. FileCodeGroup does not use AttributeString, so the // value should be null. if ( fileCodeGroup->AttributeString != nullptr ) { throw gcnew NullReferenceException( L"The AttributeString property should be null." ); } return fileCodeGroup; } // Add file permission to restrict write access to all files on the // local machine. static void addPolicy( interior_ptr<FileCodeGroup^> fileCodeGroup ) { // Set the PolicyStatement property to a policy with read access to // the root directory of drive C. FileIOPermission^ rootFilePermissions = gcnew FileIOPermission( PermissionState::None ); rootFilePermissions->AllLocalFiles = FileIOPermissionAccess::Read; rootFilePermissions->SetPathList( FileIOPermissionAccess::Read, L"C:\\" ); NamedPermissionSet^ namedPermissions = gcnew NamedPermissionSet( L"RootPermissions" ); namedPermissions->AddPermission( rootFilePermissions ); ( *fileCodeGroup )->PolicyStatement = gcnew PolicyStatement( namedPermissions ); } // Set the membership condition of the specified FileCodeGroup // to the Intranet zone. static void updateMembershipCondition( interior_ptr<FileCodeGroup^> fileCodeGroup ) { ZoneMembershipCondition^ zoneCondition = gcnew ZoneMembershipCondition( SecurityZone::Intranet ); ( *fileCodeGroup )->MembershipCondition = zoneCondition; } // Add a child group with read-access file permission to the specified // code group. static void addChildCodeGroup( interior_ptr<FileCodeGroup^> fileCodeGroup ) { // Create a file code group with read-access permission. FileCodeGroup^ tempFolderCodeGroup = gcnew FileCodeGroup( gcnew AllMembershipCondition,FileIOPermissionAccess::Read ); // Set the name of the child code group and add it to // the specified code group. tempFolderCodeGroup->Name = L"Read-only group"; ( *fileCodeGroup )->AddChild( tempFolderCodeGroup ); } // Compare the two specified file code groups for equality. static bool CompareTwoCodeGroups( FileCodeGroup^ firstCodeGroup, FileCodeGroup^ secondCodeGroup ) { if ( firstCodeGroup->Equals( secondCodeGroup ) ) { Console::WriteLine( L"The two code groups are equal." ); return true; } else { Console::WriteLine( L"The two code groups are not equal." ); return false; } } // Retrieve the resolved policy based on Evidence from the executing // assembly found in the specified code group. static String^ ResolveEvidence( CodeGroup^ fileCodeGroup ) { String^ policyString = L""; // Resolve the policy based on evidence in the executing assembly. Assembly^ assembly = Assembly::GetExecutingAssembly(); Evidence^ executingEvidence = assembly->Evidence; PolicyStatement^ policy = fileCodeGroup->Resolve( executingEvidence ); if ( policy != nullptr ) { policyString = policy->ToString(); } return policyString; } // Retrieve the resolved code group based on the Evidence from // the executing assembly found in the specified code group. static FileCodeGroup^ ResolveGroupToEvidence( FileCodeGroup^ fileCodeGroup ) { // Resolve matching code groups to the executing assembly. Assembly^ assembly = Assembly::GetExecutingAssembly(); Evidence^ evidence = assembly->Evidence; CodeGroup^ codeGroup = fileCodeGroup->ResolveMatchingCodeGroups( evidence ); return dynamic_cast<FileCodeGroup^>(codeGroup); } // If a domain attribute is not found in the specified FileCodeGroup, // add a child XML element identifying a custom membership condition. static void addXmlMember( interior_ptr<FileCodeGroup^> fileCodeGroup ) { SecurityElement^ xmlElement = ( *fileCodeGroup )->ToXml(); SecurityElement^ rootElement = gcnew SecurityElement( L"CodeGroup" ); if ( xmlElement->Attribute(L"domain") == nullptr ) { SecurityElement^ newElement = gcnew SecurityElement( L"CustomMembershipCondition" ); newElement->AddAttribute( L"class", L"CustomMembershipCondition" ); newElement->AddAttribute( L"version", L"1" ); newElement->AddAttribute( L"domain", L"contoso.com" ); rootElement->AddChild( newElement ); ( *fileCodeGroup )->FromXml( rootElement ); } Console::WriteLine( L"Added a custom membership condition:" ); Console::WriteLine( rootElement ); } // Print the properties of the specified code group to the console. static void PrintCodeGroup( CodeGroup^ codeGroup ) { // Compare the type of the specified object with the FileCodeGroup // type. if ( !codeGroup->GetType()->Equals( FileCodeGroup::typeid ) ) { throw gcnew ArgumentException( L"Expected the FileCodeGroup type." ); } String^ codeGroupName = codeGroup->Name; String^ membershipCondition = codeGroup->MembershipCondition->ToString(); String^ permissionSetName = codeGroup->PermissionSetName; int hashCode = codeGroup->GetHashCode(); String^ mergeLogic = L""; if ( codeGroup->MergeLogic->Equals( L"Union" ) ) { mergeLogic = L" with Union merge logic"; } // Retrieve the class path for FileCodeGroup. String^ fileGroupClass = codeGroup->ToString(); // Write summary to the console window. Console::WriteLine( L"\n*** {0} summary ***", fileGroupClass ); Console::Write( L"A FileCodeGroup named " ); Console::Write( L"{0}{1}", codeGroupName, mergeLogic ); Console::Write( L" has been created with hash code{0}.", hashCode ); Console::Write( L"This code group contains a {0}", membershipCondition ); Console::Write( L" membership condition with the " ); Console::Write( L"{0} permission set. ", permissionSetName ); Console::Write( L"The code group has the following security policy: " ); Console::WriteLine( ResolveEvidence( codeGroup ) ); int childCount = codeGroup->Children->Count; if ( childCount > 0 ) { Console::Write( L"There are {0}", childCount ); Console::WriteLine( L" child code groups in this code group." ); // Iterate through the child code groups to display their names // and remove them from the specified code group. for ( int i = 0; i < childCount; i++ ) { // Get child code group as type FileCodeGroup. FileCodeGroup^ childCodeGroup = dynamic_cast<FileCodeGroup^>(codeGroup->Children->default[ i ]); Console::Write( L"Removing the {0}.", childCodeGroup->Name ); // Remove child code group. codeGroup->RemoveChild( childCodeGroup ); } Console::WriteLine(); } else { Console::Write( L"There are no child code groups" ); Console::WriteLine( L" in this code group." ); } } }; int main() { Members::Main(); } // // This sample produces the following output: // // The two code groups are equal. // Added a custom membership condition: // <CodeGroup> // <CustomMembershipCondition class="CustomMembershipCondition" // version="1" // domain="contoso.com"/> // </CodeGroup> // Comparing the resolved code group with the initial code group. // The two code groups are not equal. // // *** System.Security.Policy.FileCodeGroup summary *** // A FileCodeGroup named with Union merge logic has been created with hash // code 113151473. This code group contains a Zone - Intranet membership // condition with the Same directory FileIO - NoAccess permission set. The // code group has the following security policy: // There are 1 child code groups in this code group. // Removing the Read-only group. // This sample completed successfully; press Enter to exit.
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
