PolicyLevel::Resolve Method (Evidence^)

 

Resolves policy based on evidence for the policy level, and returns the resulting PolicyStatement.

Namespace:   System.Security.Policy
Assembly:  mscorlib (in mscorlib.dll)

public:
PolicyStatement^ Resolve(
	Evidence^ evidence
)

Parameters

evidence
Type: System.Security.Policy::Evidence^

The Evidence used to resolve the PolicyLevel.

Exception Condition
PolicyException

The policy level contains multiple matching code groups marked as exclusive.

ArgumentNullException

The evidence parameter is null.

Resolve is the basic policy evaluation operation for policy levels. Given a set of evidence as input, this method tests membership conditions of code groups starting at the root and working down as matched. The combination of permissions resulting from the matching code groups produces a PolicyStatement that is returned.

In granting permissions to code, security policy uses the resolved policy statements for all applicable policy levels, together with the code request for permissions.

The following code shows the use of the Resolve method. This code example is part of a larger example provided for the PolicyLevel class.

// Demonstrate the use of ResolvePolicy for the supplied evidence and a specified policy level.
void CheckEvidence( PolicyLevel^ pLevel, Evidence^ evidence )
{
   // Display the code groups to which the evidence belongs.
   Console::WriteLine( "\tResolvePolicy for the given evidence: " );
   IEnumerator^ codeGroup = evidence->GetEnumerator();
   while ( codeGroup->MoveNext() )
   {
      Console::WriteLine( "\t\t{0}", (dynamic_cast<CodeGroup^>(codeGroup->Current))->Name );
   }

   Console::WriteLine( "The current evidence belongs to the following root CodeGroup:" );

   // pLevel is the current PolicyLevel, evidence is the Evidence to be resolved.
   CodeGroup^ cg1 = pLevel->ResolveMatchingCodeGroups( evidence );
   Console::WriteLine( "{0} Level", pLevel->Label );
   Console::WriteLine( "\tRoot CodeGroup = {0}", cg1->Name );

   // Show how Resolve is used to determine the set of permissions that 
   // the security system grants to code, based on the evidence.
   // Show the granted permissions. 
   Console::WriteLine( "\nCurrent permissions granted:" );
   PolicyStatement^ pState = pLevel->Resolve( evidence );
   Console::WriteLine( pState->ToXml() );
   return;
}

.NET Framework
Available since 1.1
Return to top
Show: