System.Security.Policy.UnionCodeGroup Class

Summary

Represents a code group whose policy statement is the union of the current code group's policy statement and the policy statement of all its matching child code groups. This class cannot be inherited.

C# Syntax:

[Serializable] public sealed class UnionCodeGroup : CodeGroup

Code groups are the building blocks of code access security policy. Each policy level consists of a root code group that can have child code groups (and so on), forming a tree. Each code group has a membership condition that determines if a given assembly belongs to it or not, based on the evidence for that assembly. Only code groups whose membership conditions match a given assembly and their child code groups apply policy.

UnionCodeGroup is the most common type of code group; the policy statement of all matching child code groups (and by extension their child code groups) are combined with the permission set of the matching parent code group. Thus, if its membership condition matches, this code group forms the union of its policy statement and those of all its child code groups that also match the evidence.

UnionCodeGroup code groups are the code groups created by the CASPOL utility (see ) and the .NET Framework Configuration tool (see the conceptual topic at MSDN: netframeworkadministrationtoolmscorcfgmsc).

System.Security.Policy Namespace See also:
MSDN: codegroups

System.Security.Policy.UnionCodeGroup Member List:

Public Constructors

ctor #1

Initializes a new instance of the UnionCodeGroup class.

Public Properties

AttributeString (inherited from System.Security.Policy.CodeGroup)	Read-only See base class member description: System.Security.Policy.CodeGroup.AttributeString Gets a string representation of the attributes of the policy statement for the code group.
Children (inherited from System.Security.Policy.CodeGroup)	Read-write See base class member description: System.Security.Policy.CodeGroup.Children Gets or sets an ordered list of the child code groups of a code group.
Description (inherited from System.Security.Policy.CodeGroup)	Read-write See base class member description: System.Security.Policy.CodeGroup.Description Gets or sets the description of the code group.
MembershipCondition (inherited from System.Security.Policy.CodeGroup)	Read-write See base class member description: System.Security.Policy.CodeGroup.MembershipCondition Gets or sets the code group's membership condition.
MergeLogic	Read-only Overridden: Gets the merge logic.
Name (inherited from System.Security.Policy.CodeGroup)	Read-write See base class member description: System.Security.Policy.CodeGroup.Name Gets or sets the name of the code group.
PermissionSetName (inherited from System.Security.Policy.CodeGroup)	Read-only See base class member description: System.Security.Policy.CodeGroup.PermissionSetName Gets the name of the named permission set for the code group.
PolicyStatement (inherited from System.Security.Policy.CodeGroup)	Read-write See base class member description: System.Security.Policy.CodeGroup.PolicyStatement Gets or sets the policy statement associated with the code group.

Public Methods

AddChild (inherited from System.Security.Policy.CodeGroup)	See base class member description: System.Security.Policy.CodeGroup.AddChild Adds a child code group to the current code group.
Copy	Overridden: Makes a deep copy of the current code group.
Equals (inherited from System.Security.Policy.CodeGroup)	Overloaded: Equals(object o) See base class member description: System.Security.Policy.CodeGroup.Equals Determines whether the specified code group is equivalent to the current code group.
Equals (inherited from System.Security.Policy.CodeGroup)	Overloaded: Equals(CodeGroup cg, bool compareChildren) See base class member description: System.Security.Policy.CodeGroup.Equals Determines whether the specified code group is equivalent to the current code group, checking the child code groups as well, if specified.
FromXml (inherited from System.Security.Policy.CodeGroup)	Overloaded: FromXml(SecurityElement e) See base class member description: System.Security.Policy.CodeGroup.FromXml Reconstructs a security object with a given state from an XML encoding.
FromXml (inherited from System.Security.Policy.CodeGroup)	Overloaded: FromXml(SecurityElement e, PolicyLevel level) See base class member description: System.Security.Policy.CodeGroup.FromXml Reconstructs a security object with a given state and policy level from an XML encoding.
GetHashCode (inherited from System.Security.Policy.CodeGroup)	See base class member description: System.Security.Policy.CodeGroup.GetHashCode Gets the hash code of the current code group.
GetType (inherited from System.Object)	See base class member description: System.Object.GetType Derived from System.Object, the primary base class for all objects.
RemoveChild (inherited from System.Security.Policy.CodeGroup)	See base class member description: System.Security.Policy.CodeGroup.RemoveChild Removes the specified child code group.
Resolve	Overridden: Resolves policy for the code group and its descendants for a set of evidence.
ResolveMatchingCodeGroups	Overridden: Resolves matching code groups.
ToString (inherited from System.Object)	See base class member description: System.Object.ToString Derived from System.Object, the primary base class for all objects.
ToXml (inherited from System.Security.Policy.CodeGroup)	Overloaded: ToXml() See base class member description: System.Security.Policy.CodeGroup.ToXml Creates an XML encoding of the security object and its current state.
ToXml (inherited from System.Security.Policy.CodeGroup)	Overloaded: ToXml(PolicyLevel level) See base class member description: System.Security.Policy.CodeGroup.ToXml Creates an XML encoding of the security object, its current state, and the policy level within which the code exists.

Protected Methods

CreateXml (inherited from System.Security.Policy.CodeGroup)	See base class member description: System.Security.Policy.CodeGroup.CreateXml When overridden in a derived class, serializes properties and internal state specific to a derived code group and adds the serialization to the specified SecurityElement.
Finalize (inherited from System.Object)	See base class member description: System.Object.Finalize Derived from System.Object, the primary base class for all objects.
MemberwiseClone (inherited from System.Object)	See base class member description: System.Object.MemberwiseClone Derived from System.Object, the primary base class for all objects.
ParseXml (inherited from System.Security.Policy.CodeGroup)	See base class member description: System.Security.Policy.CodeGroup.ParseXml When overridden in a derived class, reconstructs properties and internal state specific to a derived code group from the specified SecurityElement.

Hierarchy:

• System.Object
• System.Security.Policy.CodeGroup
• System.Security.Policy.UnionCodeGroup

System.Security.Policy.UnionCodeGroup Member Details

Summary

Initializes a new instance of the UnionCodeGroup class.

C# Syntax:

public UnionCodeGroup(    IMembershipCondition membershipCondition,    PolicyStatement policy );

membershipCondition

A membership condition that tests evidence to determine whether this code group applies policy.

policy

The policy statement for the code group in the form of a permission set and attributes to grant code that matches the membership condition.

Exceptions

Exception Type	Condition
ArgumentException	The type of the membershipCondition parameter is not valid. -or- The type of the policy parameter is not valid.

This constructor creates a basic code group and should be called from the constructors of custom code groups. You can add child code groups using the CodeGroup.AddChild method.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.AttributeString

Summary

Gets a string representation of the attributes of the policy statement for the code group.

C# Syntax:

public virtual string AttributeString {get;}

The string representation is not localized.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.Children

Summary

Gets or sets an ordered list of the child code groups of a code group.

C# Syntax:

public IList Children {get; set;}

Exceptions

Exception Type	Condition
ArgumentException	An attempt is made to set this property to null.

The order of child code groups is significant for certain code groups.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.Description

Summary

Gets or sets the description of the code group.

C# Syntax:

public string Description {get; set;}

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.MembershipCondition

Summary

Gets or sets the code group's membership condition.

C# Syntax:

public IMembershipCondition MembershipCondition {get; set;}

Exceptions

Exception Type	Condition
ArgumentException	An attempt is made to set this parameter to null.

A membership condition tests evidence and returns a Boolean value that tells whether there is a match.

Return to top

Summary

Gets the merge logic.

C# Syntax:

public override string MergeLogic {get;}

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.Name

Summary

Gets or sets the name of the code group.

C# Syntax:

public string Name {get; set;}

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.PermissionSetName

Summary

Gets the name of the named permission set for the code group.

C# Syntax:

public virtual string PermissionSetName {get;}

This property can be null if the code group contains an unnamed permission set.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.PolicyStatement

Summary

Gets or sets the policy statement associated with the code group.

C# Syntax:

public PolicyStatement PolicyStatement {get; set;}

The policy statement applies to code in assemblies when evidence matches the membership condition.

This property can also be set by passing a policy statement to the constructor.

The following example sets the PolicyStatement for a code group.

        codeGroup.PolicyStatement = new PolicyStatement(new NamedPermissionSet("MyPermissionSet"));

    

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.AddChild

Summary

Adds a child code group to the current code group.

C# Syntax:

public void AddChild(    CodeGroup group );

group

The code group to be added as a child. This new child code group is added to the end of the list.

Exceptions

Exception Type	Condition
ArgumentNullException	The group parameter is null.
ArgumentException	The group parameter is not a valid code group.

Return to top

Summary

Makes a deep copy of the current code group.

C# Syntax:

public override CodeGroup Copy();

Return Value:

An equivalent copy of the current code group, including its membership conditions and child code groups.

This method makes a deep copy of the code group, so that copies of all objects the code group contains are also made.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.CreateXml

Summary

When overridden in a derived class, serializes properties and internal state specific to a derived code group and adds the serialization to the specified SecurityElement.

C# Syntax:

protected virtual void CreateXml(    SecurityElement element,    PolicyLevel level );

element

The XML encoding to which to add the serialization.

level

The policy level within which the code group exists.

CodeGroup.ToXml cannot be overridden. If you need to serialize members specific to a particular implementation of CodeGroup, you must override CodeGroup.CreateXml and serialize your members there. When the code group is serialized, CodeGroup.ToXml calls CodeGroup.CreateXml and adds your serialization to the SecurityElement created by CodeGroup.ToXml.

The XML created using this method is deserialized by the CodeGroup.ParseXml method.

Notes to inheritors: If you implement this method, you must implement the CodeGroup.ParseXml method as well.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.Equals

Summary

Determines whether the specified code group is equivalent to the current code group.

C# Syntax:

public override bool Equals(    object o );

o

The code group to compare with the current code group.

Return Value:

true if the specified code group is equivalent to the current code group; otherwise, false.

Two code groups are equivalent if they have the same CodeGroup.Name, CodeGroup.Description, and CodeGroup.MembershipCondition.

This method tests the top-level code group only, not its child code groups.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.Equals

Summary

Determines whether the specified code group is equivalent to the current code group, checking the child code groups as well, if specified.

C# Syntax:

public bool Equals(    CodeGroup cg,    bool compareChildren );

cg

The code group to compare with the current code group.

compareChildren

true to compare child code groups, as well; otherwise, false.

Return Value:

true if the specified code group is equivalent to the current code group; otherwise, false.

Two code groups are equivalent if they have the same CodeGroup.Name, CodeGroup.Description, and CodeGroup.MembershipCondition.

If the compareChildren parameter is true, this method will only return true if the current code group and all its child code groups are equivalent to the specified code group and all its child code groups.

Return to top

Inherited
See base class member description: System.Object.Finalize

C# Syntax:

~UnionCodeGroup();

For more information on members inherited from System.Object click on the link above.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.FromXml

Summary

Reconstructs a security object with a given state from an XML encoding.

C# Syntax:

public void FromXml(    SecurityElement e );

e

The XML encoding to use to reconstruct the security object.

Exceptions

Exception Type	Condition
ArgumentNullException	The e parameter is null.

Notes to inheritors: CodeGroup.FromXml and CodeGroup.ToXml cannot be overridden. If you need to change the way in which your code group implementation handles XML, override the CodeGroup.ParseXml and CodeGroup.CreateXml methods.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.FromXml

Summary

Reconstructs a security object with a given state and policy level from an XML encoding.

C# Syntax:

public void FromXml(    SecurityElement e,    PolicyLevel level );

e

The XML encoding to use to reconstruct the security object.

level

The policy level within which the code group exists.

Exceptions

Exception Type	Condition
ArgumentNullException	The e parameter is null.

The policy level context is provided for resolution of named permission sets.

Notes to inheritors: CodeGroup.FromXml and CodeGroup.ToXml cannot be overridden. If you need to change the way in which your code group implementation handles XML, override the CodeGroup.ParseXml and CodeGroup.CreateXml methods.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.GetHashCode

Summary

Gets the hash code of the current code group.

C# Syntax:

public override int GetHashCode();

Return Value:

The hash code of the current code group.

Return to top

Inherited
See base class member description: System.Object.GetType

C# Syntax:

public Type GetType();

For more information on members inherited from System.Object click on the link above.

Return to top

Inherited
See base class member description: System.Object.MemberwiseClone

C# Syntax:

protected object MemberwiseClone();

For more information on members inherited from System.Object click on the link above.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.ParseXml

Summary

When overridden in a derived class, reconstructs properties and internal state specific to a derived code group from the specified SecurityElement.

C# Syntax:

protected virtual void ParseXml(    SecurityElement e,    PolicyLevel level );

e

The XML encoding to use to reconstruct the security object.

level

The policy level within which the code group exists.

CodeGroup.FromXml cannot be overridden. If you need to deserialize members specific to a particular implementation of CodeGroup, you must override CodeGroup.ParseXml and deserialize your members there. When the code group is deserialized, CodeGroup.FromXml calls CodeGroup.ParseXml and reconstructs your members from the SecurityElement.

This method deserializes XML created using CodeGroup.CreateXml.

Notes to inheritors: If you implement this method, you must implement the CodeGroup.CreateXml method as well.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.RemoveChild

Summary

Removes the specified child code group.

C# Syntax:

public void RemoveChild(    CodeGroup group );

group

The code group to be removed as a child.

Exceptions

Exception Type	Condition
ArgumentException	The group parameter is not an immediate child code group of the current code group.

Only immediate child code groups can be removed with this method.

Return to top

Summary

Resolves policy for the code group and its descendants for a set of evidence.

C# Syntax:

public override PolicyStatement Resolve(    Evidence evidence );

evidence

The evidence for the assembly.

Return Value:

A policy statement consisting of the permissions granted by the code group with optional attributes, or null if the code group does not apply (the membership condition does not match the specified evidence).

Exceptions

Exception Type	Condition
ArgumentNullException	The evidence parameter is null.
ArgumentException	More than one code group (including the parent code group and any child code groups) is marked PolicyStatementAttribute.Exclusive.

Given evidence for an assembly to be loaded, this method evaluates the code group by first checking the membership condition against the specified evidence. If there is a match, this method returns a policy statement for the code group, including evaluation of child code groups.

For union code groups, all child code groups whose membership condition match the evidence are also resolved and all resulting policy statements form a union with the policy statement of the parent union code group. Each child code group type determines how its child groups are applied, depending on how their respective UnionCodeGroup.Resolve methods work.

The .NET Framework security system uses UnionCodeGroup.Resolve on the policy levels to determine which permissions to grant to loaded code from the resulting policy statements and the code request on the assembly.

The operation of this method is as follows.

If the membership condition does not match the specified evidence, return null; otherwise set the permission set to be returned (P) equal to the code group's policy statement and continue. For each child code group, resolve the code group with the same evidence; if the result is not null, set P = the union of P and the child code group's policy statement. Return P, which is now the union of the current code group's policy statement and all child resolves.

Return to top

Summary

Resolves matching code groups.

C# Syntax:

public override CodeGroup ResolveMatchingCodeGroups(    Evidence evidence );

evidence

The evidence for the assembly.

Return Value:

A CodeGroup.

Exceptions

Exception Type	Condition
ArgumentNullException	The evidence parameter is null.

Given evidence for an assembly to be loaded, this method evaluates the code group by first checking the membership condition against the specified evidence. If there is a match, this method returns a root code group. The code group that is returned contains child code groups, which in turn can have child code groups as necessary to reflect the complete set of code groups that were matched by the evidence provided.

Return to top

Inherited
See base class member description: System.Object.ToString

C# Syntax:

public virtual string ToString();

For more information on members inherited from System.Object click on the link above.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.ToXml

Summary

Creates an XML encoding of the security object and its current state.

C# Syntax:

public SecurityElement ToXml();

Return Value:

An XML encoding of the security object, including any state information.

Notes to inheritors: CodeGroup.FromXml and CodeGroup.ToXml cannot be overridden. If you need to change the way in which your code group implementation handles XML, override the CodeGroup.ParseXml and CodeGroup.CreateXml methods.

Return to top

Inherited
See base class member description: System.Security.Policy.CodeGroup.ToXml

Summary

Creates an XML encoding of the security object, its current state, and the policy level within which the code exists.

C# Syntax:

public SecurityElement ToXml(    PolicyLevel level );

level

The policy level within which the code group exists.

Return Value:

An XML encoding of the security object, including any state information.

The policy level context is provided for resolution of named permission sets.

Notes to inheritors: CodeGroup.FromXml and CodeGroup.ToXml cannot be overridden. If you need to change the way in which your code group implementation handles XML, override the CodeGroup.ParseXml and CodeGroup.CreateXml methods.

Return to top

Top of page