public abstract class CodeGroup {
// Public Constructors
public CodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy);
// Public Instance Properties
public virtual string AttributeString{get; }
public IList Children{set; get; }
public string Description{set; get; }
public IMembershipCondition MembershipCondition{set; get; }
public abstract string MergeLogic{get; }
public string Name{set; get; }
public virtual string PermissionSetName{get; }
public PolicyStatement PolicyStatement{set; get; }
// Public Instance Methods
public void AddChild(CodeGroup group);
public abstract CodeGroup Copy( );
public bool Equals(CodeGroup cg, bool compareChildren);
public override bool Equals(object o);
// overrides object
public void FromXml(System.Security.SecurityElement e);
public void FromXml(System.Security.SecurityElement e, PolicyLevel level);
public override int GetHashCode( );
// overrides object
public void RemoveChild(CodeGroup group);
public abstract PolicyStatement Resolve(Evidence evidence);
public abstract CodeGroup ResolveMatchingCodeGroups(Evidence evidence);
public SecurityElement ToXml( );
public SecurityElement ToXml(PolicyLevel level);
// Protected Instance Methods
protected virtual void CreateXml(System.Security.SecurityElement element, PolicyLevel level);
protected virtual void ParseXml(System.Security.SecurityElement e, PolicyLevel level);
}
The abstract CodeGroup class provides the base
class from which all concrete code group classes derive. Code groups
are the fundamental building blocks of security policy. Each of the
enterprise, machine, user, and application domain policy levels
consists of a hierarchy of code groups that descend from a single
root CodeGroup object. The root
CodeGroup for a policy level is accessible through
the PolicyLevel.RootCodeGroup property.
Although implementation varies with each concrete subclass, the most
important elements of a CodeGroup are its
membership condition, policy statement, and children. The membership
condition and policy statement can be set at creation as arguments to
the CodeGroup constructor, or later through the
MembershipCondition and
PolicyStatement properties.
The MembershipCondition property takes an object
that implements the IMembershipCondition interface
and provides the logic that determines whether an assembly or
application domain qualifies for membership of the
CodeGroup. The PolicyStatement
property takes a PolicyStatement object that
defines the effect the CodeGroup has on its
members, including the permissions it grants and any attributes that
the CodeGroup has.
Each CodeGroup contains a set of child
CodeGroup objects each child can have its own
children, and so on, establishing the code group tree structure used
during policy resolution. The role of children in the policy
resolution process varies with each subclass, and in some cases, the
order of children is important. The Children
property returns an ordered
System.Collections.IList of child
CodeGroup objects. To add and remove children, use
the AddChild( ) and RemoveChild(
) methods.
The most important method of the CodeGroup class
is Resolve( ), which takes an
Evidence collection as an argument. Policy
resolution of an assembly or application domain consists of the
runtime calling the Resolve( ) method on the root
CodeGroup in each policy level and passing it the
assembly or application domain's
Evidence collection. Although it is not possible
for a program to invoke policy resolution for an assembly or
application domain, Resolve( ) and
ResolveMatchingCodeGroups( ) are useful for
testing the permissions and code group membership an assembly or
application domain would be granted by the
CodeGroup object. Resolve( )
returns a PolicyStatement that represents the net
effect of all code groups in the tree to which the assembly or
application domain qualified for membership.
