Overview
Represents the root of a code group hierarchy. A code group defines a set of code (assemblies) and the permissions granted to that code. The code group hierarchy is used by the code access security (CAS) policy system to determine the permissions granted to code.
CodeGroup objects are part of the security policy that is applied to assemblies when they are loaded. This policy determines which operations an assembly is allowed to perform.
Syntax
[SerializableAttribute]
public abstract class CodeGroup : ISecurityEncodable,
IIdentityPermissionFactory
Constructors
| Name | Description |
|---|---|
CodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) |
Initializes a new instance of the CodeGroup class with the specified membership condition and policy statement. |
Properties
| Name | Description |
|---|---|
AttributeNames |
Gets a collection of the names of the attributes of the current code group. |
Children |
Gets a collection of the child code groups of the current code group. |
Description |
Gets or sets a description of the current code group. |
Exclusive |
Gets a value indicating whether the current code group is exclusive. |
Name |
Gets or sets the name of the current code group. |
Parent |
Gets or sets the parent code group of the current code group. |
PolicyDescription |
Gets a description of the policy associated with the current code group. |
PolicyStatement |
Gets or sets the policy statement associated with the current code group. |
MembershipCondition |
Gets or sets the membership condition for the current code group. |
Methods
| Name | Description |
|---|---|
AddChild(CodeGroup group) |
Adds a child code group to the current code group. |
Copy() |
Creates and returns a new instance of the CodeGroup class with the same state as the current code group. |
Equals(object obj) |
Determines whether the specified object is equal to the current object. |
FromXml(SecurityElement e) |
Reconstructs a security object with the specified state from an XML encoding. |
GetHashCode() |
Serves as the default hash function. |
GetType() |
Gets the Type of the current instance. |
Merge(CodeGroup group) |
Merges the specified code group into the current code group. |
ParseAttribute(string name, string value) |
Parses an attribute from an XML element and applies it to the current security object. |
RemoveChild(CodeGroup group) |
Removes a child code group from the current code group. |
Resolve(Evidence evidence) |
Resolves the permissions for the code identified by the specified evidence. |
ToXml() |
Encodes the current security object into an XML element and returns it. |
ToString() |
Returns a string that represents the current object. |
Remarks
The CodeGroup class is an abstract class. Concrete implementations of code groups represent different ways of grouping code and assigning permissions. For example, the FileCodeGroup class groups assemblies based on their file location, while the NetCodeGroup class groups assemblies based on their network origin.
The Resolve method is the core of the code group policy evaluation. It recursively traverses the code group hierarchy, checking the membership condition of each code group. If a code group's membership condition matches the evidence provided, its policy statement is applied, and its child code groups are also considered.
Examples
The following example demonstrates how to create a simple code group hierarchy and resolve permissions.
using System;
using System.Security;
using System.Security.Policy;
using System.Security.Principal;
using System.Xml;
public class Example
{
public static void Main(string[] args)
{
// Create a root code group
CodeGroup rootGroup = new FileCodeGroup(
new AllFilesMembershipCondition(),
new PolicyStatement(new PermissionSet(PermissionState.Unrestricted),
new[] { new StrongName[] { } })
);
rootGroup.Name = "MyRootCodeGroup";
rootGroup.Description = "The root of my custom policy.";
// Create a child code group for a specific assembly
IMembershipCondition assemblyCondition = new StrongNameMembershipCondition(
new System.Security.Permissions.StrongNamePublicKeyBlob(new byte[] { /* your public key blob */ }),
null, null);
PolicyStatement assemblyPolicy = new PolicyStatement(
new PermissionSet(SecurityAccess.Allow, new SecurityPermission(SecurityPermissionFlag.Execution)),
new NamedPermissionSet[] { });
CodeGroup specificAssemblyGroup = new UnionCodeGroup(assemblyCondition, assemblyPolicy);
specificAssemblyGroup.Name = "MySpecificAssembly";
specificAssemblyGroup.Description = "Permissions for a specific assembly.";
rootGroup.AddChild(specificAssemblyGroup);
// Example evidence
Evidence evidence = new Evidence();
evidence.AddHost(new GacInstalled()); // Example host evidence
// Resolve permissions
try
{
PermissionSet grantedPermissions = rootGroup.Resolve(evidence);
Console.WriteLine("Granted Permissions:");
Console.WriteLine(grantedPermissions.ToXml().ToString());
}
catch (PolicyException ex)
{
Console.WriteLine("Policy Exception: " + ex.Message);
}
catch (Exception ex)
{
Console.WriteLine("An error occurred: " + ex.Message);
}
}
}
Inheritance Hierarchy
System.Object
System.Security.CodeGroup
System.Security.Policy.AllCodeGroup
System.Security.Policy.FileCodeGroup
System.Security.Policy.NetCodeGroup
System.Security.Policy.PermissionSetCodeGroup
System.Security.Policy.SameSiteCodeGroup
System.Security.Policy.StrongNameCodeGroup
System.Security.Policy.UnionCodeGroup
Requirements
| Assembly | File |
|---|---|
| mscorlib.dll | Assembly referenced in: .NET Framework 2.0, 3.0, 3.5, 4.0, 4.5, 4.6, 4.7, 4.8 |
See Also
Code Access Security Policy
CAS Concepts
System.Security.Policy.IMembershipCondition
System.Security.Policy.PolicyStatement
System.Security.SecurityIdentifier