public sealed class PolicyLevel {
// Public Instance Properties
public IList FullTrustAssemblies{get; }
public string Label{get; }
public IList NamedPermissionSets{get; }
public CodeGroup RootCodeGroup{set; get; }
public string StoreLocation{get; }
// Public Static Methods
public static PolicyLevel CreateAppDomainLevel( );
// Public Instance Methods
public void AddFullTrustAssembly(StrongName sn);
public void AddFullTrustAssembly(StrongNameMembershipCondition snMC);
public void AddNamedPermissionSet(System.Security.NamedPermissionSet permSet);
public NamedPermissionSet ChangeNamedPermissionSet(string name, System.Security.PermissionSet pSet);
public void FromXml(System.Security.SecurityElement e);
public NamedPermissionSet GetNamedPermissionSet(string name);
public void Recover( );
public void RemoveFullTrustAssembly(StrongName sn);
public void RemoveFullTrustAssembly(StrongNameMembershipCondition snMC);
public NamedPermissionSet RemoveNamedPermissionSet(System.Security.NamedPermissionSet permSet);
public NamedPermissionSet RemoveNamedPermissionSet(string name);
public void Reset( );
public PolicyStatement Resolve(Evidence evidence);
public CodeGroup ResolveMatchingCodeGroups(Evidence evidence);
public SecurityElement ToXml( );
}
This class represents a security policy level and provides the
ability to access and manipulate the objects that represent its three
key elements: fully trusted assemblies, named permission sets, and
code group hierarchy.
The PolicyLevel class does not implement any
constructors. PolicyLevel objects representing the
current enterprise, machine, and user policy levels are obtained
through the System.Security.SecurityManager.PolicyHierarchy(
) method. The
System.Security.SecurityManager.PolicyHierarchy( )
method returns a System.Collections.IEnumerator
containing PolicyLevel objects for each of the
three policy levels. To retrieve a specific
PolicyLevel, step through the enumerator and test
the value of Label property against the strings
"Enterprise,"
"Machine," and
"User."
It is not possible to obtain a PolicyLevel
representing an existing application domain's policy
level, but the static CreateAppDomainLevel( )
method creates a new PolicyLevel suitable for
assigning to an application domain through the
System.AppDomain.SetAppDomainPolicy( ) method. The
System.AppDomain.SetAppDomainPolicy( ) method can
only be called once; on subsequent calls a
PolicyException is thrown.
The read-only FullTrustAssemblies property returns
a System.Collections.IList containing a set of
StrongNameMembershipCondition objects that
represent the policy level's set of fully trusted
assemblies. The AddFullTrustAssembly( ) and
RemoveFullTrustAssembly( ) methods allow for the
administration of the fully trusted assemblies list.
The read-only NamedPermissionSets property also
returns a System.Collections.IList. This list
contains a set of
System.Security.NamedPermissionSet objects that
represent the named permission sets defined in the policy level. The
AddNamedPermissionSet( ) and
RemoveNamedPermissionSet( ) methods allow for the
administration of the named permission set list. The
ChangeNamedPermissionSet( ) method allows the
contents of a specified named permission set to be easily replaced
with the contents of a
System.Security.PermissionSet without the need to
remove and then add.
The RootCodeGroup property gets or sets the root
CodeGroup of the policy level's
code group tree. Further manipulation of the code group tree is
possible only by using the methods of CodeGroup to
traverse the tree. Assigning a new CodeGroup to
the RootCodeGroup property causes the old root
CodeGroup to be replaced along with the existing
tree. Importantly, when set, the RootCodeGroup
property makes a copy of the new root
CodeGroup, which means that any modifications to
the code group tree through the original CodeGroup
object are not reflected in the policy level's copy.
The Reset( ) method returns a policy level to its
default "out-of-box" configuration,
and the Recover( ) method returns the policy level
to its previously saved state. Although it is not possible to invoke
the runtime's policy resolution process
programmatically, the Resolve( ) and
ResolveMatchingCodeGroups( ) methods are useful
for evaluating the permissions a PolicyLevel would
grant to an assembly or application domain.
