I have just read about this article about Code Access Security. It has such an example in it:
using System.Security.Permissions;
public class MyFileAccessor
{
public MyFileAccessor(String path, bool readOnly)
{
path = MakeFullPath(path); // helper fcn
FileIOPermissionAccess desiredAccess = readOnly
? FileIOPermissionAccess.Read
: FileIOPermissionAccess.AllAccess;
FileIOPermission p = new FileIOPermission(desiredAccess, path);
p.Demand();
//
•••
open the file
}
// •••
}
What if I didn't use the FileIOPermissionAccess type and never includ code like p.Demand() in my code at all? In other words, if I want to do something bad, why should I bother to ask permission for that? Isn't it kind of a joke? OR did I take it wrong?
Code Access Security (CAS), in the Microsoft . NET framework, is Microsoft's solution to prevent untrusted code from performing privileged actions. When the CLR loads an assembly it will obtain evidence for the assembly and use this to identify the code group that the assembly belongs to.
CAS provides evidence-based security built on a layer above the security provided by the Windows operating system. While Windows is based on the permissions of the user, CAS is based on the evidence for the assembly.
The Code Access Security (CAS) Policy tool (Caspol.exe) enables users and administrators to modify security policy for the machine policy level, the user policy level, and the enterprise policy level.
A link demand only checks the immediate caller (direct caller) of your code. That means it doesn't perform a stack walk. Linking occurs when your code is bound to a type reference, including function pointer references and method calls. A link demand can only be applied declaratively.
Well, yes, the example is a bit of a joke, you'd never write something like this yourself. What's missing is the really important part, the code that // opens the file. A realistic version of it would, say, pinvoke CreateFile().
The point being that Windows doesn't know anything about CAS. So if you provide a utility function like this and you want to enforce the CAS rules then you have to verify that your calling code has the required permission. Of course, this kind of code really only belongs in the .NET framework. Have a look-see at FileStream.Init() and note FileIOPermission being demanded there before the CreateFile call.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With