We define a permission object to control what code is permitted to use IsolatedStorage, and if so to what degree. Future versions may include other restrictions in this permission, however for Beta1 we only:
This is a code access permission and all callers (subject to overrides) must have the appropriate permission for the applicable usage level. Note that all callers do not need to have the signature evidence, as described in detail – see section 4.1.
The granted permission for Quota of the assembly or domain is all that applies to a given isolated storage use. It is not necessary for a full stack walk to have every permission satisfy the quota.
Other aspects of the isolated storage permission are stack walked and all callers must have necessary permission to do operation.
IsolatedStoragePermission is a standard permission object in System.Security.Permissions namespace that defines allowed usage of the IsolatedStorage feature.
The permission state consists of these level (following) corresponding to the permission granted to code to use this feature, and a Boolean flag designating if the code is allowed to mark data to be retained indefinitely or not (see section 2.3.2).
This Boolean flag in the permission corresponds to having permission to request guaranteed retention of data, as described in section 2.3.3.
IsolatedStoragePermission defines the abstract class for any kind of isolated storage use: IsolatedFilePermission derives from this and defines permission to use isolated storage within the file system.
enum IsolatedStorageContainment { // Issue: do we order these as below or allow combinations of // separate levels of user use? None = 0, DomainIsolationByUser=1, AssemblyIsolationByUser=2, AdministerIsolatedStorageByUser=5, UnrestrictedIsolatedStorage=7 }; abstract class IsolatedStoragePermission { // c’tor IsolatedStoragePermission ( enum IsolatedStorageContainment UsageAllowed, Boolean PermanentData); // properties long UserQuota {set;get;} long ExpirationDays {set;get;} bool PermanentData {set;get;} enum IsolatedStorageContainment UsageAllowed {set;get;} } class IsolatedStorageFilePermission : IsolatedStoragePermission {}
The permission object defines the highest level of usage allowed for the code. Thus, CheckDemand (IPermission d) checks that d.UsageAllowed <= this.UsageAllowed.
The Quota limit defines maximum size of isolated storage use by the code granted the permission. For files the quota is in bytes (for other types it may be in different units).