Permissions

Permissions in Code Access Security (CAS)

Permissions in .NET's Code Access Security (CAS) refer to the rights or privileges granted to an assembly or piece of code to access system resources, such as file systems, the network, or the registry. These permissions are based on the identity of the code, which is determined by evidence. The goal of CAS is to protect a system by ensuring that code runs with the minimum necessary privileges, thus reducing the risk of malicious code or bugs that could cause harm.

Key Concepts of Permissions in CAS

1. Permission Sets

   • Permissions in CAS are grouped into permission sets, which define a collection of permissions that can be assigned to an assembly or code group. Each permission set can contain one or more specific permissions.
   • The permission set can specify whether the assembly can access specific system resources (like files, databases, etc.), perform certain operations (like executing code or using reflection), or access network resources.

2. Permissions and Code Groups

   • Code groups categorize code based on its evidence (such as its URL, strong name, or publisher). Each code group is associated with a permission set, which defines what operations the code within that group can perform.
   • For example, code that is trusted may be granted full permissions, while code from an untrusted source may be given restricted permissions.

Types of Permissions in CAS

There are several types of permissions in CAS, which correspond to different resources or actions that code can access. Some common permission types include:

1. FileIOPermission

• FileIOPermission controls the ability to read from and write to the file system. It determines what files and directories an assembly can access.
• Example:
  • A program might be granted permission to read from a particular directory but not to modify files within it.
• Example Usage:

  FileIOPermission filePermission = new FileIOPermission(FileIOPermissionAccess.Read, @"C:\Documents");
  filePermission.Demand();
  

2. SecurityPermission

• SecurityPermission grants permissions related to code access security itself. It can control things like modifying security policies, running with elevated privileges, and enabling security features such as reflection.
• Example: It can allow or restrict the ability to bypass security checks.
• Example Usage:

  SecurityPermission securityPermission = new SecurityPermission(SecurityPermissionFlag.ControlEvidence);
  securityPermission.Demand();
  

3. ReflectionPermission

• ReflectionPermission is used to control the ability of code to inspect and interact with other code at runtime (e.g., using reflection to access private members of a class).
• Example Usage:

  ReflectionPermission reflectionPermission = new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess);
  reflectionPermission.Demand();
  

4. UIPermission

• UIPermission controls the ability to interact with the user interface, including showing windows, dialog boxes, or interacting with the clipboard.
• Example: Code that runs in a background process might be restricted from interacting with the user interface.
• Example Usage:

  UIPermission uiPermission = new UIPermission(UIPermissionWindow.AllWindows);
  uiPermission.Demand();
  

5. WebPermission

• WebPermission governs access to web resources, such as making HTTP requests or accessing web servers. This permission is relevant in scenarios where code needs to communicate over the network, especially for applications that interact with remote servers.
• Example Usage:

  WebPermission webPermission = new WebPermission(NetworkAccess.Connect, "http://example.com");
  webPermission.Demand();
  

6. EnvironmentPermission

• EnvironmentPermission controls access to environmental variables and system settings, like retrieving the machine name, the current directory, or other system environment information.
• Example Usage:

  EnvironmentPermission environmentPermission = new EnvironmentPermission(EnvironmentPermissionAccess.Read, "TEMP");
  environmentPermission.Demand();
  

7. PermissionSet

• A PermissionSet is a collection of one or more permissions. It can be granted to assemblies or code groups and determines what operations the code can perform based on the permissions in the set.
• Example: You might create a permission set that includes FileIOPermission (for file access) and UIPermission (for user interface access).
• Example Usage:

  PermissionSet permissionSet = new PermissionSet(PermissionState.None);
  permissionSet.Add(new FileIOPermission(FileIOPermissionAccess.Read, @"C:\Documents"));
  permissionSet.Add(new UIPermission(UIPermissionWindow.AllWindows));
  

8. PrincipalPermission

• PrincipalPermission allows code to demand that the calling user has a specific role or identity. This is useful in scenarios where the application needs to ensure that only users with the correct credentials or roles can execute certain actions.
• Example Usage:

  PrincipalPermission principalPermission = new PrincipalPermission("Admin", null);
  principalPermission.Demand();
  

9. SqlClientPermission

• SqlClientPermission governs access to SQL databases. It specifies whether an assembly is allowed to connect to a SQL server, perform SQL operations, or access certain data.
• Example Usage:

  SqlClientPermission sqlPermission = new SqlClientPermission(PermissionState.Unrestricted);
  sqlPermission.Demand();
  

3. Permission Actions

Permissions are typically used with the Demand() method in the .NET framework. When code attempts to execute a security-sensitive operation, it demands the permissions it requires. If the calling code does not have the necessary permissions, a SecurityException is thrown.

• Demand(): This method checks whether the code has the required permissions. If not, it throws a SecurityException.
• Assert(): This method is used to bypass the runtime’s security check if the code can assert that it has specific permissions.
• Deny(): This method is used to deny permission for the rest of the code to access a certain resource, even if other code may have that permission.
• PermitOnly(): This method restricts the code to only the permissions specified, blocking all other permissions.

4. How Permissions Work with Code Groups

Permissions in CAS are typically assigned through code groups. A code group categorizes code based on its evidence (e.g., strong name, URL, publisher), and each code group is linked to a permission set that specifies what resources or actions that code can access.

For example:

• FullTrust permission allows unrestricted access to all resources.
• ExecutionOnly permission only allows the code to run, but without access to resources such as files or the network.

Example of Using Permissions with Code Groups

Consider the following example of a code group configuration in the security policy, where different permissions are applied based on the code's evidence:

<codeGroup class="UnionCodeGroup" version="1" PermissionSetName="FullTrust">
    <membershipConditions>
        <strongNameMembershipCondition publicKey="publicKeyBytes" />
    </membershipConditions>
</codeGroup>
<codeGroup class="UnionCodeGroup" version="1" PermissionSetName="ExecutionOnly">
    <membershipConditions>
        <urlMembershipCondition url="http://*" />
    </membershipConditions>
</codeGroup>

• FullTrust: Code from a specific strong name gets full access to resources.
• ExecutionOnly: Code from a web URL gets restricted permissions, such as the ability to execute but not to interact with system resources.

5. Permission Levels and Granularity

.NET allows fine-grained control over what resources an assembly can access. Permissions can be assigned at various levels of granularity:

• Granular Permissions: Permissions like FileIOPermission, UIPermission, SecurityPermission, etc., allow specific control over particular resources.
• Permission Sets: These are collections of individual permissions that can be applied together.

6. Security Policy and Permissions

The security policy defines which permissions are granted to code based on the code's evidence. The .NET runtime evaluates the security policy and assigns the appropriate permission set to each assembly based on its evidence. Security policy files, such as machine.config or app.config, map evidence to permission sets and code groups.

Conclusion

Permissions in Code Access Security (CAS) are critical for managing and enforcing security within the .NET Framework. Permissions determine what actions an assembly can perform, ensuring that it can only access resources it is allowed to use. By defining permission sets and associating them with code groups based on evidence, developers can control which code is trusted and what resources it can access, thus maintaining a secure environment.