This permission controls the ability to access registry keys and values. The permission distinguishes between the following three different types of registry access.
READ: Read-only access to the contents of the key or value.
WRITE: Write access to the contents of the key or value. Also allows for deletion and overwriting.
CREATE: Ability to create new keys or values.
All of these permissions are independent, meaning that rights to one don't imply rights to another. If more than one permission is desired, they can be OR'd together as shown in the code sample below. For instance, write permission does not imply read and create. Registry permission is defined in terms of canonical absolute paths; checks should always be made with canonical path names.
Object
CodeAccessPermission
RegistryPermission
[Visual Basic] NotInheritable Public Class RegistryPermission Inherits CodeAccessPermission Implements IUnrestrictedPermission [C#] public sealed class RegistryPermission : CodeAccessPermission, IUnrestrictedPermission [C++] public __gc __sealed class RegistryPermission : public CodeAccessPermission, IUnrestrictedPermission [JScript] public class RegistryPermission extends CodeAccessPermission, IUnrestrictedPermission
The RegistryPermission describes protected operations on registry keys and value. The security access check is done at the time the registry key is opened. Remember, the check is only performed on the open, so if the registry object is passed to an untrusted caller, then it can be misused. Registry permission access is only checked on the key's open. This means, for example, that file handles should not be stored in global statics where code with less permission might get at them.
The flags specify the actions that can be performed on the key(s) or value(s): Read, Write, and Create. In addition, the actions can be OR'd together to form more complicated access requests.
Key access implies access to all values it contains and all keys and values below it in sub-/subsub-/etc. keys.
Namespace: System.Security.Permissions
Assembly: mscorlib.dll
After these two lines of code, the object f would represent permissions to read the values from the CentralProcessor key and read and write to the FloatingPointProcessor key. The TBD and TBD are an enumerated type that represent the key/value permissions as described above.
[C#]
f = new RegistryPermission( RegistryPermissionAccess.Read, "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0" );
Here is a sample of what a piece of code would look like that used the RegistryPermission object:
[C#]
f.Add( RegistryPermissionAccess.Write | RegistryPermissionAccess.Read, "HARDWARE\\DESCRIPTION\\System\\FloatingPointProcessor\\0" );
RegistryPermission Members | System.Security.Permissions Namespace