Home/.NET API/System.Security/System.Security.Policy/PolicyStatement

PolicyStatement Class

System.Security.Policy
[Serializable]
public class PolicyStatement : System.Security.ISecurityPolicy
Represents a code group declaration.
Overview
Syntax
Members
Remarks
Example

Overview

The PolicyStatement class represents the outcome of applying a code group to a code assembly. It contains the evidence required to grant permissions to the assembly and the permissions to be granted. When a code group is evaluated, its associated PolicyStatement is returned if the assembly's evidence satisfies the code group's condition.

A PolicyStatement can contain:

  • A set of permissions to be granted to the code.
  • Optional evidence that was used to match the code group.

Syntax

C# Visual Basic C++ 

[SerializableAttribute]
public class PolicyStatement : ISecurityPolicy
{
    // Constructors
    public PolicyStatement(IApplicationIdentity identity, PermissionSet permSet);
    public PolicyStatement(IMembershipCondition membershipCondition, PermissionSet permSet);

    // Properties
    public System.Security.Principal.IIdentity Identity { get; }
    public PermissionSet PermissionSet { get; }
    public System.Collections.IEnumerator PolicyLevels { get; }

    // Methods
    public SecurityElement ToXml();
    public void FromXml(SecurityElement e);
}
                    

<SerializableAttribute>
Public Class PolicyStatement Inherits ISecurityPolicy
    ' Constructors
    Public Sub New(identity As IApplicationIdentity, permSet As PermissionSet)
    Public Sub New(membershipCondition As IMembershipCondition, permSet As PermissionSet)

    ' Properties
    Public ReadOnly Property Identity As System.Security.Principal.IIdentity
    Public ReadOnly Property PermissionSet As PermissionSet
    Public ReadOnly Property PolicyLevels As System.Collections.IEnumerator

    ' Methods
    Public Function ToXml() As SecurityElement
    Public Sub FromXml(e As SecurityElement)
End Class
                    

[SerializableAttribute]
public ref class PolicyStatement : public ISecurityPolicy
{
public:
    // Constructors
    PolicyStatement(IApplicationIdentity^ identity, PermissionSet^ permSet);
    PolicyStatement(IMembershipCondition^ membershipCondition, PermissionSet^ permSet);

    // Properties
    property System::Security::Principal::IIdentity^ Identity { System::Security::Principal::IIdentity^ get(); };
    property PermissionSet^ PermissionSet { PermissionSet^ get(); };
    property System::Collections::IEnumerator^ PolicyLevels { System::Collections::IEnumerator^ get(); };

    // Methods
    virtual SecurityElement^ ToXml() override;
    virtual void FromXml(SecurityElement^ e) override;
};

Members

Constructors

  • PolicyStatement(IApplicationIdentity identity, PermissionSet permSet)
    Initializes a new instance of the PolicyStatement class with the specified application identity and permission set.
    Parameters
    • identity: An IApplicationIdentity object that identifies the application.
    • permSet: A PermissionSet object containing the permissions to grant.
  • PolicyStatement(IMembershipCondition membershipCondition, PermissionSet permSet)
    Initializes a new instance of the PolicyStatement class with the specified membership condition and permission set.
    Parameters
    • membershipCondition: An IMembershipCondition object that specifies the conditions for the code group.
    • permSet: A PermissionSet object containing the permissions to grant.

Properties

  • Identity
    Gets the identity associated with the PolicyStatement.
    public System.Security.Principal.IIdentity Identity { get; }
  • PermissionSet
    Gets the PermissionSet associated with the PolicyStatement.
    public PermissionSet PermissionSet { get; }
  • PolicyLevels
    Gets an enumerator for the policy levels associated with the PolicyStatement.
    public System.Collections.IEnumerator PolicyLevels { get; }

Methods

  • ToXml()
    Creates and returns an XML encoding of the current PolicyStatement object; otherwise, null if the PolicyStatement object is not self-describing.
    public SecurityElement ToXml();
    Returns
    An SecurityElement object that contains an XML encoding of the current PolicyStatement object.
  • FromXml(SecurityElement e)
    Reconstructs a PolicyStatement object from the specified SecurityElement.
    public void FromXml(SecurityElement e);
    Parameters
    • e: A SecurityElement object that represents the PolicyStatement to reconstruct.

Remarks

The PolicyStatement class is fundamental to how the .NET security policy model works. When an assembly is loaded, the runtime inspects its evidence and evaluates it against the code groups configured in the policy hierarchy. For each code group that matches the assembly's evidence, a PolicyStatement is generated. These statements are then merged to determine the final set of permissions granted to the assembly.

Key aspects:

  • Permissions: The PermissionSet property holds the permissions that will be granted if the policy statement is applied.
  • Identity: The Identity property can represent an application identity or other identifying information relevant to the policy.
  • Serialization: The class is marked with the [Serializable] attribute, allowing PolicyStatement objects to be serialized and deserialized, which is crucial for storing and applying security policies.
  • XML Representation: The ToXml and FromXml methods provide a way to convert PolicyStatement objects to and from their XML representations. This is used for configuration and persistence of security policies.

Understanding PolicyStatement is essential for configuring and managing security within .NET applications, especially in scenarios involving code access security (CAS) where fine-grained control over assembly permissions is required.

Example

C# Example


using System;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;

public class PolicyStatementExample
{
    public static void Main(string[] args)
    {
        // Create a new PermissionSet
        PermissionSet permSet = new PermissionSet(PermissionState.Unrestricted);
        permSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted));

        // Create an ApplicationIdentity (example)
        // In a real scenario, this would be derived from assembly evidence.
        IApplicationIdentity appIdentity = new ApplicationIdentity("MyApplication");

        // Create a PolicyStatement
        PolicyStatement statement = new PolicyStatement(appIdentity, permSet);

        Console.WriteLine("Policy Statement Created:");
        Console.WriteLine($"  Identity: {statement.Identity.ToString()}");
        Console.WriteLine($"  Permissions: {statement.PermissionSet.ToString()}");

        // Example of converting to XML
        SecurityElement xmlElement = statement.ToXml();
        Console.WriteLine("\nXML Representation:");
        Console.WriteLine(xmlElement.ToString());

        // Example of creating from XML (requires a valid SecurityElement)
        // For simplicity, we'll just demonstrate the creation and use of the statement.
        // A full FromXml example would involve parsing an existing XML configuration.
    }
}

// Dummy implementation for IApplicationIdentity for demonstration
public class ApplicationIdentity : System.Security.Principal.IIdentity
{
    private string _name;
    public ApplicationIdentity(string name) { _name = name; }
    public string Name => _name;
    public string AuthenticationType => "ApplicationIdentity";
    public bool IsAuthenticated => true;
    public override string ToString() => $"ApplicationIdentity:{_name}";
}