Restricting a Components Access to Files and Directories

It is very probable in the .NET world that components are going to call one another, and you may not be sure what the component you're using may try to do when you call a method. The .NET code access security mechanism lets you specify exactly what components can and cannot do by using permissions.

Here's an example: My program wants to use a class called AccessIt, which I know accesses the local disk. I'm not sure exactly what it is going to try to access, and I want to restrict the component so that it can only use the c:\temp directory.

The following program shows you how I can accomplish this restriction:

Imports System.Security

Imports System.Security.Permissions

Imports System.IO

Module Module1

Sub Main()

' Create an empty permission set

Dim p As New PermissionSet(PermissionState.None)

' Give access to one directory p.AddPermission(New FileIOPermission( _

FileIOPermissionAccess.AllAccess, "c:\temp"))

' Change the permissions p.PermitOnly()

' Do the operation

Dim a As New AccessIt()

' Remove the restriction

CodeAccessPermission.RevertPermitOnly() End Sub

Class AccessIt Public Sub DoIt() ' Try to access some data. Try

Dim sr As New StreamReader("c:\tcl\Directions1.htm") Console.WriteLine("File open OK") Catch e As Exception

Console.WriteLine("File open failed: " + e.ToString()) End Try End Sub End Class End Module

The program starts by importing some namespaces—two for the security system and Systei.IO because I'm going to be using file I/O.

In order to restrict the permissions granted to components, I need to build a custom permission set that specifies the permissions I want to grant. The

Systei.Security.PeriissionSet class represents a set of permissions, and I create one that is initially set to "no access to anything" by specifying the PeriissionState.None parameter.

I can now create one or more permission objects and add them to the PeriissionSet using the AddPeriission() function. Because I'm concerned with access to the file system, I create a FileIOPeriission object that grants all access to the directory c:\temp.

Once I've set up the set of permissions I want to apply, I use the PermissionSet's PermitOnly() to make the set active. This function won't allow any actions except those specified in the PermissionSet, hence the name: It permits only those actions named in the set. This set of permissions remains in force until I revoke them, by calling RevertPermitOnly(), at which time the set of permissions in force reverts to whatever it was originally.

The AccessIt class is very simple, consisting of one method, which tries to open a file in the c:\tcl directory. At the point DoIt() is called, the security permissions only permit operations on c:\temp, so attempting to open this file should fail.

When you run the code, you should find that it does indeed fail, and it shows you a security violation exception, as shown in Figure 7.3.


1-1 li uptrii fklLtid: EytViA. S*£uf ft yiSceiar fi: uE*t opt Ed*; Rc-'i't-si. f#r Chti pc rff-is t iMi ni t vi/r EvttHFi.SmurLi. v-f"«rriix= Jen t .PdlaEtiFarnJ ex Janr rvicnr I. tih.. Ua hx i nn-I .H. 241 J .fl. -n*iiirvil. Public K*yTfrkdi.-fcTTii?«.SfriiMc W? faSl*dI, m.t vr.i a n.faciiF i t \i .iiacur It uhutt inr . rr.innh.=.ctln 1 |Hir i Farnwi ncur it vhtcrLpt or =■■ '[■■-■,< i., i PV i-t«-i % y iw'i yii'wv^i'J j PfrPftltl ^K-iffll uh4-!i)

rfL 3 yrl*n.ixcuK i L y>.fjaiL«fti:c n-iSnu uri I vFjih mo .Ckacht Pom e LimTiikrn |HirnTi*kpn.

mil lini* St-K^Cr+MlfVrkfli iim fcttar-k. IntTZ ikiMVAMV. Jni3Z

Jifc Si. CV.iUfir'.-ft^iFfH tT. Ic t Bp* rP*iw.-.irt if dL S yal* rt. I (I. F L 1c Lir-r a n. .c LuriS'L r iny FLtcrtesi« p»ils. Fi.fcnllc ccxi iecdbi, Pii*tMf<? pl^i't, jut 13 hMfiflTiiii*^ itoale-Mi utiQAtw«.., tcringi rvj^i-Vit

AC .etririElrirt-a FLlditad* n*da . FJ llnftc 9 l Aicrin.

PigflShJiKi xMn?r Jii4.43 hMiifrSia#>

j L Ey3(rh.lDuS£rtrtriRca<fair_.tCteHf (.rift* path. Flit nrl I (i ■ | 4fML-dd liiy_ Bvulenrt rtnLci i hiK-Eirlsi.'ji rcir.ll'jiiyr-arfc rVnir-kc,. j nt hu!fprS|B*> ml Sy^l^n-.IO.SCninmRra'ii-r.^ctpriili-Lii'r LXJ.i h>

m. t UlKB*i,.flrc#c.iIt.b<sit( > in fcKSac ur Lit |i\yifiiea-.H*rtii. J al , vfe- 1 Jna 1%

Firai any Key C.4 Llir>( Eiuuc j L i" -■ i i palli. t iEcnod« p»iJb. M1dIle<

Gt r irt-y pncli. Fiibltad* Fildfteei

Figure 7.3: The SecurityException that results from trying to access a forbidden file.

You can see that the exception was thrown in the StreamReader constructor in the DoIt() function, where it was trying to open the file. Further up the stack trace you can see a call to Demand(), where the I/O code is checking to see whether it has permission to open the file. Because of the permissions in force, it doesn't have permission, so the SecurityException is thrown.

You can see from this program how it is possible for client code—in this case, the Main() function—to control what components can access.

0 0

Post a comment