Code:
/ DotNET / DotNET / 8.0 / untmp / WIN_WINDOWS / lh_tools_devdiv_wpf / Windows / wcp / TrustUi / MS / Internal / documents / Application / CriticalFileToken.cs / 1 / CriticalFileToken.cs
//------------------------------------------------------------------------------ //// Copyright (C) Microsoft Corporation. All rights reserved. // //// The CriticalFileToken class ensures file represented is the one the // user has authorized us to manipulate. // // // History: // 08/28/2005: [....]: Initial implementation. //----------------------------------------------------------------------------- using System; using System.Security; using System.Security.Permissions; using MS.Internal.PresentationUI; namespace MS.Internal.Documents.Application { ////// The CriticalFileToken class ensures file represented is the one the /// user has authorized us to manipulate. /// ////// Responsibility: /// Allow XpsViewer to safely pass around information on which file the user /// has authorized us to manipulate on thier behalf. Ensure that the creator /// of the object has the privledge to manipulate the file represented. /// /// Design Comments: /// Many classes need to perform privledged operations files on behalf of the /// user. However only DocObjHost and FilePresentation can assert it is user /// sourced data. /// /// As such we need them to create this 'token' which will will use as the only /// source of authoritative information for which files we are manipulating. /// /// As any SecurityCritical code can create SecurityCriticalData, we add the /// demand for FileIOPermission that represents the rights that will be asserted /// for in conjuction with this data. /// [FriendAccessAllowed] internal sealed class CriticalFileToken { #region Constructors //------------------------------------------------------------------------- // Constructors //------------------------------------------------------------------------- ////// Critical: /// - as this sets the _location which is Critical. /// TreatAsSafe: /// - the caller already has the value /// - the caller must satisfy the demand which this token grants /// [SecurityCritical, SecurityTreatAsSafe] internal CriticalFileToken(Uri location) { string path = location.LocalPath; new FileIOPermission( FileIOPermissionAccess.Read | FileIOPermissionAccess.Write, path) .Demand(); _location = location; } #endregion Constructors #region Object Members //-------------------------------------------------------------------------- // Object Members //------------------------------------------------------------------------- ////// Compares the values. /// ///True if they are equal. ////// Critical: /// - accesses _location /// TreatAsSafe: /// - does not leak information, simple compares to values the caller /// already had /// [SecurityCritical, SecurityTreatAsSafe] public static bool operator ==(CriticalFileToken a, CriticalFileToken b) { bool result = false; if (((object)a) == null) { if (((object)b) == null) { result = true; } } else { if (((object)b) != null) { result = a._location.ToString().Equals( b._location.ToString(), StringComparison.OrdinalIgnoreCase); } } return result; } ////// Compares the values. /// public static bool operator !=(CriticalFileToken a, CriticalFileToken b) { return !(a==b); } ////// Compares the values. /// public override bool Equals(object obj) { return (this == (obj as CriticalFileToken)); } ////// See Object.GetHashCode(); /// public override int GetHashCode() { return base.GetHashCode(); } #endregion Object Members #region Internal Properties //-------------------------------------------------------------------------- // Internal Properties //-------------------------------------------------------------------------- ////// The location for which the creator satisfied ReadWrite access. /// ////// Critical: /// - the location is sensitive data; it could leak information /// about the system; file structure, OS and user. /// internal Uri Location { [SecurityCritical] get { return _location; } } #endregion Internal Properties #region Private Fields //------------------------------------------------------------------------- // Private Fields //-------------------------------------------------------------------------- ////// Critical - by definition as this is a wrapper for Critical data. /// [SecurityCritical] private Uri _location; #endregion Private Fields } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- FactoryGenerator.cs
- DbTypeMap.cs
- COSERVERINFO.cs
- ServiceModelTimeSpanValidator.cs
- FloatUtil.cs
- OneOfConst.cs
- WhitespaceRuleReader.cs
- PaperSource.cs
- DataGridViewImageCell.cs
- ProxyGenerator.cs
- XmlSchemaChoice.cs
- BufferedGraphics.cs
- ScriptResourceAttribute.cs
- TakeQueryOptionExpression.cs
- RegistryPermission.cs
- ListViewItemSelectionChangedEvent.cs
- TextEditorTables.cs
- RNGCryptoServiceProvider.cs
- ValidationPropertyAttribute.cs
- BamlTreeUpdater.cs
- SqlDataSourceConnectionPanel.cs
- InstalledVoice.cs
- LineServicesCallbacks.cs
- CommonDialog.cs
- WebPartDisplayModeEventArgs.cs
- HtmlTableCellCollection.cs
- GlobalItem.cs
- ExtendedProtectionPolicy.cs
- Type.cs
- Subtree.cs
- StructuralCache.cs
- ToolStripSplitStackLayout.cs
- DesignTimeTemplateParser.cs
- Parameter.cs
- ListItemCollection.cs
- HotSpot.cs
- WpfPayload.cs
- HashRepartitionEnumerator.cs
- CodeStatement.cs
- Soap12ServerProtocol.cs
- PictureBox.cs
- OleStrCAMarshaler.cs
- ParameterBuilder.cs
- EventLogPermissionEntry.cs
- BatchParser.cs
- UIElementPropertyUndoUnit.cs
- LinqDataSourceView.cs
- XPathExpr.cs
- FormViewPageEventArgs.cs
- PasswordRecoveryAutoFormat.cs
- ellipse.cs
- DataSourceControlBuilder.cs
- DataListItemEventArgs.cs
- NativeCompoundFileAPIs.cs
- TextContainerHelper.cs
- BindingBase.cs
- RtfControlWordInfo.cs
- DrawingState.cs
- FileDetails.cs
- ClientSideProviderDescription.cs
- DataControlFieldsEditor.cs
- OutgoingWebResponseContext.cs
- PrivilegedConfigurationManager.cs
- XmlNodeChangedEventArgs.cs
- ObjectDataSourceSelectingEventArgs.cs
- MetadataException.cs
- ProfilePropertyNameValidator.cs
- ControllableStoryboardAction.cs
- MessageEventSubscriptionService.cs
- SpellerError.cs
- TypeConverter.cs
- TextComposition.cs
- BitmapCodecInfo.cs
- HtmlEncodedRawTextWriter.cs
- Icon.cs
- SessionIDManager.cs
- CapabilitiesState.cs
- SpellCheck.cs
- PriorityChain.cs
- OptimizerPatterns.cs
- securestring.cs
- TdsValueSetter.cs
- FrameworkElementAutomationPeer.cs
- querybuilder.cs
- SchemaImporterExtensionElement.cs
- ChangePassword.cs
- TextDecoration.cs
- StatusBarAutomationPeer.cs
- EventLogPermissionEntryCollection.cs
- EventMap.cs
- PowerModeChangedEventArgs.cs
- MethodBody.cs
- InstancePersistenceCommandException.cs
- LocalizabilityAttribute.cs
- SqlMethodCallConverter.cs
- Publisher.cs
- NativeMethods.cs
- CodeAttributeDeclaration.cs
- DbMetaDataColumnNames.cs
- SqlProvider.cs