System.Security.Policy (mscorlib.dll)sealed class
public sealed class PolicyLevel {
// Public Instance Properties
   public IList FullTrustAssemblies{get; }
   public string Label{get; }
   public IList NamedPermissionSets{get; }
   public CodeGroup RootCodeGroup{set; get; }
   public string StoreLocation{get; }
// Public Static Methods
   public static PolicyLevel CreateAppDomainLevel(  );
// Public Instance Methods
   public void AddFullTrustAssembly(StrongName sn);
   public void AddFullTrustAssembly(StrongNameMembershipCondition snMC);
   public void AddNamedPermissionSet(System.Security.NamedPermissionSet permSet);
   public NamedPermissionSet ChangeNamedPermissionSet(string name, System.Security.PermissionSet pSet);
   public void FromXml(System.Security.SecurityElement e);
   public NamedPermissionSet GetNamedPermissionSet(string name);
   public void Recover(  );
   public void RemoveFullTrustAssembly(StrongName sn);
   public void RemoveFullTrustAssembly(StrongNameMembershipCondition snMC);
   public NamedPermissionSet RemoveNamedPermissionSet(System.Security.NamedPermissionSet permSet);
   public NamedPermissionSet RemoveNamedPermissionSet(string name);
   public void Reset(  );
   public PolicyStatement Resolve(Evidence evidence);
   public CodeGroup ResolveMatchingCodeGroups(Evidence evidence);
   public SecurityElement ToXml(  );

This class represents a security policy level and provides the ability to access and manipulate the objects that represent its three key elements: fully trusted assemblies, named permission sets, and code group hierarchy.

The PolicyLevel class does not implement any constructors. PolicyLevel objects representing the current enterprise, machine, and user policy levels are obtained through the System.Security.SecurityManager.PolicyHierarchy( ) method. The System.Security.SecurityManager.PolicyHierarchy( ) method returns a System.Collections.IEnumerator containing PolicyLevel objects for each of the three policy levels. To retrieve a specific PolicyLevel, step through the enumerator and test the value of Label property against the strings "Enterprise," "Machine," and "User."

It is not possible to obtain a PolicyLevel representing an existing application domain's policy level, but the static CreateAppDomainLevel( ) method creates a new PolicyLevel suitable for assigning to an application domain through the System.AppDomain.SetAppDomainPolicy( ) method. The System.AppDomain.SetAppDomainPolicy( ) method can only be called once; on subsequent calls a PolicyException is thrown.

The read-only FullTrustAssemblies property returns a System.Collections.IList containing a set of StrongNameMembershipCondition objects that represent the policy level's set of fully trusted assemblies. The AddFullTrustAssembly( ) and RemoveFullTrustAssembly( ) methods allow for the administration of the fully trusted assemblies list.

The read-only NamedPermissionSets property also returns a System.Collections.IList. This list contains a set of System.Security.NamedPermissionSet objects that represent the named permission sets defined in the policy level. The AddNamedPermissionSet( ) and RemoveNamedPermissionSet( ) methods allow for the administration of the named permission set list. The ChangeNamedPermissionSet( ) method allows the contents of a specified named permission set to be easily replaced with the contents of a System.Security.PermissionSet without the need to remove and then add.

The RootCodeGroup property gets or sets the root CodeGroup of the policy level's code group tree. Further manipulation of the code group tree is possible only by using the methods of CodeGroup to traverse the tree. Assigning a new CodeGroup to the RootCodeGroup property causes the old root CodeGroup to be replaced along with the existing tree. Importantly, when set, the RootCodeGroup property makes a copy of the new root CodeGroup, which means that any modifications to the code group tree through the original CodeGroup object are not reflected in the policy level's copy.

The Reset( ) method returns a policy level to its default "out-of-box" configuration, and the Recover( ) method returns the policy level to its previously saved state. Although it is not possible to invoke the runtime's policy resolution process programmatically, the Resolve( ) and ResolveMatchingCodeGroups( ) methods are useful for evaluating the permissions a PolicyLevel would grant to an assembly or application domain.

Returned By

System.Security.SecurityManager.{LoadPolicyLevelFromFile( ), LoadPolicyLevelFromString( )}

Passed To

Multiple types

    Part V: API Quick Reference