Imported Upstream version 3.6.0

Former-commit-id: da6be194a6b1221998fc28233f2503bd61dd9d14

mcs/class/corlib/System.Security.Policy/AllMembershipCondition.cs

@@ -0,0 +1,92 @@
+//
+// System.Security.Policy.AllMembershipCondition.cs
+//
+// Authors:
+//	Ajay kumar Dwivedi (adwiv@yahoo.com)
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Runtime.InteropServices;
+
+namespace System.Security.Policy {
+
+	[Serializable]
+	[ComVisible (true)]
+	public sealed class AllMembershipCondition : IMembershipCondition, IConstantMembershipCondition {
+
+		private readonly int version = 1;
+
+		public AllMembershipCondition ()
+		{
+		}
+
+		// Always returns true
+		public bool Check (Evidence evidence)
+		{
+			return true;
+		}
+
+		public IMembershipCondition Copy ()
+		{
+			return new AllMembershipCondition ();
+		}
+
+		public override bool Equals (object o)
+		{
+			return (o is AllMembershipCondition);
+		}
+ 
+		public void FromXml (SecurityElement e)
+		{
+			FromXml (e, null);
+		}
+
+		public void FromXml (SecurityElement e, PolicyLevel level)
+		{
+			MembershipConditionHelper.CheckSecurityElement (e, "e", version, version);
+		}
+
+		public override int GetHashCode ()
+		{
+			return typeof (AllMembershipCondition).GetHashCode ();
+		}
+
+		public override string ToString ()
+		{
+			return "All code";
+		}
+
+		public SecurityElement ToXml ()
+		{
+			return ToXml (null);
+		}
+
+		public SecurityElement ToXml (PolicyLevel level)
+		{
+			SecurityElement se = MembershipConditionHelper.Element (typeof (AllMembershipCondition), version);
+			// nothing to add
+			return se;
+		}
+	}
+}

mcs/class/corlib/System.Security.Policy/ApplicationDirectory.cs

@@ -0,0 +1,136 @@
+//
+// System.Security.Policy.ApplicationDirectory.cs
+//
+// Authors:
+//	Jackson Harper (Jackson@LatitudeGeo.com)
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2002 Jackson Harper, All rights reserved.
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Globalization;
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Text;
+
+using Mono.Security;
+
+namespace System.Security.Policy {
+
+	[Serializable]
+	[ComVisible (true)]
+	public sealed class ApplicationDirectory :
+#if NET_4_0
+		EvidenceBase,
+#endif
+		IBuiltInEvidence {
+		
+		private string directory;
+
+		//
+		// Public Constructors
+		//
+		
+		public ApplicationDirectory (string name)
+		{
+			if (null == name)
+				throw new ArgumentNullException ("name");
+			if (name.Length < 1)
+				throw new FormatException (Locale.GetText ("Empty"));
+			directory = name;
+		}
+
+		//
+		// Public Properties
+		//
+		
+		public string Directory {
+			get { return directory; }
+		}
+		
+		//
+		// Public Methods
+		//
+		
+		public object Copy ()
+		{	
+			return new ApplicationDirectory (this.Directory);
+		}
+		
+		public override bool Equals (object o)
+		{
+			ApplicationDirectory compare = (o as ApplicationDirectory);
+			if (compare != null) {
+				// MS "by design" behaviour (see FDBK14362)
+				ThrowOnInvalid (compare.directory);
+				// no C14N or other mojo here (it's done elsewhere)
+				return (directory == compare.directory);
+			}
+			return false;
+		}
+		
+		public override int GetHashCode ()
+		{
+			return Directory.GetHashCode ();
+		}
+		
+		public override string ToString ()
+		{
+			// MS "by design" behaviour (see FDBK14362)
+			ThrowOnInvalid (Directory);
+			SecurityElement element = new SecurityElement ("System.Security.Policy.ApplicationDirectory");
+			element.AddAttribute ("version", "1");
+			element.AddChild (new SecurityElement ("Directory", directory));
+			return element.ToString ();
+		}
+
+		// interface IBuiltInEvidence
+
+		int IBuiltInEvidence.GetRequiredSize (bool verbose) 
+		{
+			return ((verbose) ? 3 : 1) + directory.Length;
+		}
+
+		[MonoTODO ("IBuiltInEvidence")]
+		int IBuiltInEvidence.InitFromBuffer (char [] buffer, int position) 
+		{
+			return 0;
+		}
+
+		[MonoTODO ("IBuiltInEvidence")]
+		int IBuiltInEvidence.OutputToBuffer (char [] buffer, int position, bool verbose) 
+		{
+			return 0;
+		}
+
+		// internal stuff
+
+		private void ThrowOnInvalid (string appdir) 
+		{
+			if (appdir.IndexOfAny (Path.InvalidPathChars) != -1) {
+				string msg = Locale.GetText ("Invalid character(s) in directory {0}");
+				throw new ArgumentException (String.Format (msg, appdir), "other");
+			}
+		}
+	}
+}

mcs/class/corlib/System.Security.Policy/ApplicationDirectoryMembershipCondition.cs

@@ -0,0 +1,129 @@
+//
+// System.Security.Policy.ApplicationDirectoryMembershipCondition
+//
+// Authors:
+//	Nick Drochak (ndrochak@gol.com)
+//	Jackson Harper (Jackson@LatitudeGeo.com)
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2002 Nick Drochak, All rights reserved.
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Collections;
+using System.Globalization;
+using System.IO;
+using System.Reflection;
+using System.Runtime.InteropServices;
+
+using Mono.Security;
+
+namespace System.Security.Policy {
+
+	[Serializable]
+	[ComVisible (true)]
+	public sealed class ApplicationDirectoryMembershipCondition : IConstantMembershipCondition, IMembershipCondition {
+
+		private readonly int version = 1;
+
+		public ApplicationDirectoryMembershipCondition ()
+		{
+		}
+
+		// Methods
+		public bool Check (Evidence evidence)
+		{
+			if (evidence == null)
+				return false;
+
+			string codebase = Assembly.GetCallingAssembly ().CodeBase;
+			Uri local = new Uri (codebase);
+			Url ucode = new Url (codebase);
+
+			// *both* ApplicationDirectory and Url must be in *Host* evidences
+			bool adir = false;
+			bool url = false;
+			IEnumerator e = evidence.GetHostEnumerator ();
+			while (e.MoveNext ()) {
+				object o = e.Current;
+
+				if (!adir && (o is ApplicationDirectory)) {
+					ApplicationDirectory ad = (o as ApplicationDirectory);
+					string s = ad.Directory;
+					adir = (String.Compare (s, 0, local.ToString (), 0, s.Length, true, CultureInfo.InvariantCulture) == 0);
+				}
+				else if (!url && (o is Url)) {
+					url = ucode.Equals (o);
+				}
+
+				// got both ?
+				if (adir && url)
+					return true;
+			}
+			return false;
+		}
+
+		public IMembershipCondition Copy () 
+		{ 
+			return new ApplicationDirectoryMembershipCondition ();
+		}
+		
+		public override bool Equals (object o) 
+		{ 
+			return (o is ApplicationDirectoryMembershipCondition); 
+		}
+		
+		public void FromXml (SecurityElement e)
+		{
+			FromXml (e, null);
+		}
+		
+		public void FromXml (SecurityElement e, PolicyLevel level)
+		{
+			MembershipConditionHelper.CheckSecurityElement (e, "e", version, version);
+		}
+		
+		// All instances of ApplicationDirectoryMembershipCondition are equal so they should
+		// have the same hashcode
+		public override int GetHashCode () 
+		{ 
+			return typeof (ApplicationDirectoryMembershipCondition).GetHashCode ();
+		}
+		
+		public override string ToString () 
+		{ 
+			return "ApplicationDirectory";
+		}
+		
+		public SecurityElement ToXml () 
+		{ 
+			return ToXml (null);
+		}
+		
+		public SecurityElement ToXml (PolicyLevel level) 
+		{
+			SecurityElement se = MembershipConditionHelper.Element (typeof (ApplicationDirectoryMembershipCondition), version);
+			// nothing to add
+			return se;
+		}
+	}
+}

mcs/class/corlib/System.Security.Policy/ApplicationSecurityInfo.cs

@@ -0,0 +1,92 @@
+//
+// System.Security.Policy.ApplicationSecurityInfo class
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+
+using System.Runtime.InteropServices;
+using System.Security.Permissions;
+
+namespace System.Security.Policy {
+
+	[ComVisible (true)]
+	public sealed class ApplicationSecurityInfo {
+
+//		private ActivationContext _context;
+		private Evidence _evidence;
+		private ApplicationId _appid;
+		private PermissionSet _defaultSet;
+		private ApplicationId _deployid;
+
+		public ApplicationSecurityInfo (ActivationContext activationContext)
+		{
+			if (activationContext == null)
+				throw new ArgumentNullException ("activationContext");
+//			_context = activationContext;
+		}
+
+		public Evidence ApplicationEvidence {
+			get { return _evidence; }
+			set {
+				if (value == null)
+					throw new ArgumentNullException ("ApplicationEvidence");
+				_evidence = value;
+			}
+		}
+
+		public ApplicationId ApplicationId {
+			get { return _appid; }
+			set {
+				if (value == null)
+					throw new ArgumentNullException ("ApplicationId");
+				_appid = value;
+			}
+		}
+
+		public PermissionSet DefaultRequestSet {
+			get {
+				if (_defaultSet == null)
+					return new PermissionSet (PermissionState.None);
+				return _defaultSet; // FIXME: copy or reference ?
+			}
+			set {
+				if (value == null)
+					throw new ArgumentNullException ("DefaultRequestSet");
+				_defaultSet = value;
+			}
+		}
+
+		public ApplicationId DeploymentId {
+			get { return _deployid; }
+			set {
+				if (value == null)
+					throw new ArgumentNullException ("DeploymentId");
+				_deployid = value;
+			}
+		}
+	}
+}
+

mcs/class/corlib/System.Security.Policy/ApplicationSecurityManager.cs

@@ -0,0 +1,80 @@
+//
+// System.Security.Policy.ApplicationSecurityManager class
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+
+using System.Runtime.InteropServices;
+using System.Security.Permissions;
+
+namespace System.Security.Policy {
+
+	[ComVisible (true)]
+	public static class ApplicationSecurityManager {
+
+//		private const string config = "ApplicationTrust.config";
+
+		static private IApplicationTrustManager _appTrustManager;
+		static private ApplicationTrustCollection _userAppTrusts;
+
+		// properties
+
+		// FIXME replace MonoTrustManager with one inside SWF"
+		public static IApplicationTrustManager ApplicationTrustManager {
+			[SecurityPermission (SecurityAction.Demand, ControlPolicy = true)]
+			get {
+				if (_appTrustManager == null) {
+					_appTrustManager = new MonoTrustManager ();
+				}
+				return _appTrustManager;
+			}
+		}
+
+		public static ApplicationTrustCollection UserApplicationTrusts {
+			get {
+				if (_userAppTrusts == null) {
+					_userAppTrusts = new ApplicationTrustCollection ();
+				}
+				return _userAppTrusts;
+			}
+		}
+
+		// methods
+
+		[MonoTODO ("Missing application manifest support")]
+		[SecurityPermission (SecurityAction.Demand, ControlPolicy = true, ControlEvidence = true)]
+		public static bool DetermineApplicationTrust (ActivationContext activationContext, TrustManagerContext context)
+		{
+// FIXME: a null activationContext throw a NullReferenceException but calling directly the ApplicationTrustManager.DetermineApplicationTrust doesn't
+			if (activationContext == null)
+				throw new NullReferenceException ("activationContext");
+//				throw new ArgumentNullException ("activationContext");
+			ApplicationTrust at = ApplicationTrustManager.DetermineApplicationTrust (activationContext, context);
+			return at.IsApplicationTrustedToRun;
+		}
+	}
+}
+

mcs/class/corlib/System.Security.Policy/ApplicationTrust.cs

@@ -0,0 +1,225 @@
+//
+// System.Security.Policy.ApplicationTrust.cs
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+
+using System.IO;
+using System.Runtime.InteropServices;
+using System.Runtime.Serialization.Formatters.Binary;
+using System.Security.Permissions;
+
+using Mono.Security.Cryptography;
+using System.Collections.Generic;
+
+namespace System.Security.Policy
+{
+	[Serializable]
+	[ComVisible (true)]
+	public sealed class ApplicationTrust :
+#if NET_4_0
+		EvidenceBase,
+#endif
+		ISecurityEncodable {
+
+		private ApplicationIdentity _appid;
+		private PolicyStatement _defaultPolicy;
+		private object _xtranfo;
+		private bool _trustrun;
+		private bool _persist;
+		IList<StrongName> fullTrustAssemblies;
+
+		public ApplicationTrust ()
+		{
+			fullTrustAssemblies = new List<StrongName> (0);
+		}
+
+		public ApplicationTrust (ApplicationIdentity applicationIdentity)
+			: this ()
+		{
+			if (applicationIdentity == null)
+				throw new ArgumentNullException ("applicationIdentity");
+			_appid = applicationIdentity;
+		}
+		
+#if NET_4_0
+		public
+#else
+		internal
+#endif
+		ApplicationTrust (PermissionSet defaultGrantSet, IEnumerable<StrongName> fullTrustAssemblies)
+		{
+			if (defaultGrantSet == null)
+				throw new ArgumentNullException ("defaultGrantSet");
+
+			_defaultPolicy = new PolicyStatement (defaultGrantSet);
+
+			if (fullTrustAssemblies == null)
+				throw new ArgumentNullException ("fullTrustAssemblies");
+
+			this.fullTrustAssemblies = new List<StrongName> ();
+			foreach (var a in fullTrustAssemblies) {
+				if (a == null)
+					throw new ArgumentException ("fullTrustAssemblies contains an assembly that does not have a StrongName");
+
+				this.fullTrustAssemblies.Add ((StrongName) a.Copy ());
+			}
+		}
+
+		public ApplicationIdentity ApplicationIdentity {
+			get { return _appid; }
+			set {
+				if (value == null)
+					throw new ArgumentNullException ("ApplicationIdentity");
+				_appid = value;
+			}
+		}
+
+		public PolicyStatement DefaultGrantSet {
+			get {
+				if (_defaultPolicy == null)
+					_defaultPolicy = GetDefaultGrantSet ();
+
+				return _defaultPolicy;
+			}
+			set { _defaultPolicy = value; }
+		}
+
+		public object ExtraInfo {
+			get { return _xtranfo; }
+			set { _xtranfo = value; }
+		}
+
+		public bool IsApplicationTrustedToRun {
+			get { return _trustrun; }
+			set { _trustrun = value; }
+		}
+
+		public bool Persist {
+			get { return _persist; }
+			set { _persist = value; }
+		}
+
+		public void FromXml (SecurityElement element) 
+		{
+			if (element == null)
+				throw new ArgumentNullException ("element");
+
+			if (element.Tag != "ApplicationTrust")
+				throw new ArgumentException ("element");
+
+			string s = element.Attribute ("FullName");
+			if (s != null)
+				_appid = new ApplicationIdentity (s);
+			else
+				_appid = null;
+
+			_defaultPolicy = null;
+			SecurityElement defaultGrant = element.SearchForChildByTag ("DefaultGrant");
+			if (defaultGrant != null) {
+				for (int i=0; i < defaultGrant.Children.Count; i++) {
+					SecurityElement se = (defaultGrant.Children [i] as SecurityElement);
+					if (se.Tag == "PolicyStatement") {
+						DefaultGrantSet.FromXml (se, null);
+						break;
+					}
+				}
+			}
+
+			if (!Boolean.TryParse (element.Attribute ("TrustedToRun"), out _trustrun))
+				_trustrun = false;
+
+			if (!Boolean.TryParse (element.Attribute ("Persist"), out _persist))
+				_persist = false;
+
+			_xtranfo = null;
+			SecurityElement xtra = element.SearchForChildByTag ("ExtraInfo");
+			if (xtra != null) {
+				s = xtra.Attribute ("Data");
+				if (s != null) {
+					byte[] data = CryptoConvert.FromHex (s);
+					using (MemoryStream ms = new MemoryStream (data)) {
+						BinaryFormatter bf = new BinaryFormatter ();
+						_xtranfo = bf.Deserialize (ms);
+					}
+				}
+			}
+		}
+
+		public SecurityElement ToXml () 
+		{
+			SecurityElement se = new SecurityElement ("ApplicationTrust");
+			se.AddAttribute ("version", "1");
+
+			if (_appid != null) {
+				se.AddAttribute ("FullName", _appid.FullName);
+			}
+
+			if (_trustrun) {
+				se.AddAttribute ("TrustedToRun", "true");
+			}
+
+			if (_persist) {
+				se.AddAttribute ("Persist", "true");
+			}
+
+			SecurityElement defaultGrant = new SecurityElement ("DefaultGrant");
+			defaultGrant.AddChild (DefaultGrantSet.ToXml ());
+			se.AddChild (defaultGrant);
+
+			if (_xtranfo != null) {
+				byte[] data = null;
+				using (MemoryStream ms = new MemoryStream ()) {
+					BinaryFormatter bf = new BinaryFormatter ();
+					bf.Serialize (ms, _xtranfo);
+					data = ms.ToArray ();
+				}
+				SecurityElement xtra = new SecurityElement ("ExtraInfo");
+				xtra.AddAttribute ("Data", CryptoConvert.ToHex (data));
+				se.AddChild (xtra);
+			}
+
+			return se;
+		}
+		
+#if NET_4_0		
+		public IList<StrongName> FullTrustAssemblies {
+			get {
+				return fullTrustAssemblies;
+			}
+		}
+#endif		
+
+		// internal stuff
+
+		private PolicyStatement GetDefaultGrantSet ()
+		{
+			PermissionSet ps = new PermissionSet (PermissionState.None);
+			return new PolicyStatement (ps);
+		}
+	}
+}
+

mcs/class/corlib/System.Security.Policy/ApplicationTrustCollection.cs

@@ -0,0 +1,227 @@
+//
+// System.Security.Policy.ApplicationTrustCollection class
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+
+using System.Collections;
+using System.Globalization;
+using System.Runtime.InteropServices;
+
+namespace System.Security.Policy {
+
+	[ComVisible (true)]
+	public sealed class ApplicationTrustCollection : ICollection, IEnumerable {
+
+		private ArrayList _list;
+
+		internal ApplicationTrustCollection ()
+		{
+			_list = new ArrayList ();
+		}
+
+		// constants (from beta1 - still useful ?)
+
+//		public const string ApplicationTrustProperty = "ApplicationTrust";
+//		public const string InstallReferenceIdentifier = "{3f471841-eef2-47d6-89c0-d028f03a4ad5}";
+
+		// properties
+
+		public int Count {
+			get { return _list.Count; }
+		}
+
+		public bool IsSynchronized {
+			get { return false; }	// always false
+		}
+
+		public object SyncRoot {
+			get { return this; }	// self
+		}
+
+		public ApplicationTrust this [int index] {
+			get { return (ApplicationTrust) _list [index]; }
+		}
+
+		public ApplicationTrust this [string appFullName] {
+			get {
+				for (int i=0; i < _list.Count; i++) {
+					ApplicationTrust at = (_list [i] as ApplicationTrust);
+					if (at.ApplicationIdentity.FullName == appFullName)
+						return at;
+				}
+				return null;
+			}
+		}
+
+		// methods
+
+		public int Add (ApplicationTrust trust)
+		{
+			if (trust == null)
+				throw new ArgumentNullException ("trust");
+			if (trust.ApplicationIdentity == null) {
+				throw new ArgumentException (Locale.GetText (
+					"ApplicationTrust.ApplicationIdentity can't be null."), "trust");
+			}
+
+			return _list.Add (trust);
+		}
+
+		public void AddRange (ApplicationTrust[] trusts)
+		{
+			if (trusts == null)
+				throw new ArgumentNullException ("trusts");
+
+			foreach (ApplicationTrust t in trusts) {
+				if (t.ApplicationIdentity == null) {
+					throw new ArgumentException (Locale.GetText (
+						"ApplicationTrust.ApplicationIdentity can't be null."), "trust");
+				}
+				_list.Add (t);
+			}
+		}
+
+		public void AddRange (ApplicationTrustCollection trusts)
+		{
+			if (trusts == null)
+				throw new ArgumentNullException ("trusts");
+
+			foreach (ApplicationTrust t in trusts) {
+				if (t.ApplicationIdentity == null) {
+					throw new ArgumentException (Locale.GetText (
+						"ApplicationTrust.ApplicationIdentity can't be null."), "trust");
+				}
+				_list.Add (t);
+			}
+		}
+
+		public void Clear ()
+		{
+			_list.Clear ();
+		}
+
+		public void CopyTo (ApplicationTrust[] array, int index)
+		{
+			_list.CopyTo (array, index);
+		}
+
+		void ICollection.CopyTo (Array array, int index)
+		{
+			_list.CopyTo (array, index);
+		}
+
+		public ApplicationTrustCollection Find (ApplicationIdentity applicationIdentity, ApplicationVersionMatch versionMatch)
+		{
+			if (applicationIdentity == null)
+				throw new ArgumentNullException ("applicationIdentity");
+
+			string fullname = applicationIdentity.FullName;
+
+			switch (versionMatch) {
+			case ApplicationVersionMatch.MatchAllVersions:
+				int pos = fullname.IndexOf (", Version=");
+				if (pos >= 0)
+					fullname = fullname.Substring (0, pos);
+				break;
+			case ApplicationVersionMatch.MatchExactVersion:
+				break;
+			default:
+				throw new ArgumentException ("versionMatch");
+			}
+
+			ApplicationTrustCollection coll = new ApplicationTrustCollection ();
+			foreach (ApplicationTrust t in _list) {
+				if (t.ApplicationIdentity.FullName.StartsWith (fullname)) {
+					coll.Add (t);
+				}
+			}
+
+			return coll;
+		}
+
+		public ApplicationTrustEnumerator GetEnumerator ()
+		{
+			return new ApplicationTrustEnumerator (this);
+		}
+
+		IEnumerator IEnumerable.GetEnumerator ()
+		{
+			return (IEnumerator) new ApplicationTrustEnumerator (this);
+		}
+
+		public void Remove (ApplicationTrust trust)
+		{
+			if (trust == null)
+				throw new ArgumentNullException ("trust");
+			if (trust.ApplicationIdentity == null) {
+				throw new ArgumentException (Locale.GetText (
+					"ApplicationTrust.ApplicationIdentity can't be null."), "trust");
+			}
+
+			RemoveAllInstances (trust);
+		}
+
+		public void Remove (ApplicationIdentity applicationIdentity, ApplicationVersionMatch versionMatch)
+		{
+			ApplicationTrustCollection coll = Find (applicationIdentity, versionMatch);
+			foreach (ApplicationTrust t in coll) {
+				RemoveAllInstances (t);
+			}
+		}
+
+		public void RemoveRange (ApplicationTrust[] trusts)
+		{
+			if (trusts == null)
+				throw new ArgumentNullException ("trusts");
+
+			foreach (ApplicationTrust t in trusts) {
+				RemoveAllInstances (t);
+			}
+		}
+
+		public void RemoveRange (ApplicationTrustCollection trusts)
+		{
+			if (trusts == null)
+				throw new ArgumentNullException ("trusts");
+
+			foreach (ApplicationTrust t in trusts) {
+				RemoveAllInstances (t);
+			}
+		}
+
+		// helpers
+
+		internal void RemoveAllInstances (ApplicationTrust trust)
+		{
+			for (int i=_list.Count - 1; i >= 0; i--) {
+				if (trust.Equals (_list [i]))
+					_list.RemoveAt (i);
+			}
+		}
+	}
+}
+

mcs/class/corlib/System.Security.Policy/ApplicationTrustEnumerator.cs

@@ -0,0 +1,68 @@
+//
+// System.Security.Policy.ApplicationTrustEnumerator class
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+
+using System.Collections;
+using System.Runtime.InteropServices;
+
+namespace System.Security.Policy {
+
+	[ComVisible (true)]
+	public sealed class ApplicationTrustEnumerator : IEnumerator {
+
+		private IEnumerator e;
+
+		internal ApplicationTrustEnumerator (ApplicationTrustCollection collection)
+		{
+			e = collection.GetEnumerator ();
+		}
+
+		// properties
+
+		public ApplicationTrust Current {
+			get { return (ApplicationTrust) e.Current; }
+		}
+
+		object IEnumerator.Current {
+			get { return e.Current; }
+		}
+
+		// methods
+
+		public bool MoveNext ()
+		{
+			return e.MoveNext ();
+		}
+
+		public void Reset ()
+		{
+			e.Reset ();
+		}
+	}
+}
+

mcs/class/corlib/System.Security.Policy/ApplicationVersionMatch.cs

@@ -0,0 +1,40 @@
+//
+// System.Security.Policy.ApplicationVersionMatch enumeration
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+
+using System.Runtime.InteropServices;
+
+namespace System.Security.Policy {
+
+	[ComVisible (true)]
+	public enum ApplicationVersionMatch {
+		MatchExactVersion,
+		MatchAllVersions
+	}
+}
+

mcs/class/corlib/System.Security.Policy/CodeConnectAccess.cs

@@ -0,0 +1,95 @@
+//
+// System.Security.Policy.CodeConnectAccess class
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+
+using System.Globalization;
+using System.Runtime.InteropServices;
+
+namespace System.Security.Policy {
+
+	[Serializable]
+	[ComVisible (true)]
+	public class CodeConnectAccess {
+
+		public static readonly string AnyScheme = "*";
+		public static readonly int DefaultPort = -3;
+		public static readonly int OriginPort = -4;
+		public static readonly string OriginScheme = "$origin";
+
+		private string _scheme;
+		private int _port;
+
+		[MonoTODO ("(2.0) validations incomplete")]
+		public CodeConnectAccess (string allowScheme, int allowPort)
+		{
+			// LAME but as documented
+			if ((allowScheme == null) || (allowScheme.Length == 0))
+				throw new ArgumentOutOfRangeException ("allowScheme");
+			// TODO : check for invalid characters in scheme
+			if ((allowPort < 0) || (allowPort > 65535)) {
+				throw new ArgumentOutOfRangeException ("allowPort");
+			}
+
+			_scheme = allowScheme;
+			_port = allowPort;
+		}
+
+		public int Port {
+			get { return _port; }
+		}
+
+		public string Scheme {
+			get { return _scheme; }
+		}
+
+		public override bool Equals (object o)
+		{
+			CodeConnectAccess cca = (o as CodeConnectAccess);
+			if (cca == null)
+				return false;
+			return ((_scheme == cca._scheme) && (_port == cca._port));
+		}
+
+		public override int GetHashCode ()
+		{
+			// return same hash code if objects are equals
+			return (_scheme.GetHashCode () ^ _port);
+		}
+
+		public static CodeConnectAccess CreateAnySchemeAccess (int allowPort)
+		{
+			return new CodeConnectAccess (AnyScheme, allowPort);
+		}
+
+		public static CodeConnectAccess CreateOriginSchemeAccess (int allowPort)
+		{
+			return new CodeConnectAccess (OriginScheme, allowPort);
+		}
+	}
+}
+

mcs/class/corlib/System.Security.Policy/CodeGroup.cs

@@ -0,0 +1,314 @@
+//
+// System.Security.Policy.CodeGroup
+//
+// Authors:
+//	Nick Drochak (ndrochak@gol.com)
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2001 Nick Drochak, All rights reserved.
+// Copyright (C) 2004-2006 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Collections;
+using System.Globalization;
+using System.Reflection;
+using System.Runtime.InteropServices;
+using System.Security.Permissions;
+
+namespace System.Security.Policy {
+
+	[Serializable]
+	[ComVisible (true)]
+	public abstract class CodeGroup {
+		PolicyStatement m_policy;
+		IMembershipCondition m_membershipCondition;
+		string m_description;
+		string m_name;
+		ArrayList m_children = new ArrayList();
+//		PolicyLevel m_level;
+
+		protected CodeGroup (IMembershipCondition membershipCondition, PolicyStatement policy)
+		{
+			if (null == membershipCondition)
+				throw new ArgumentNullException ("membershipCondition");
+
+			if (policy != null)
+				m_policy = policy.Copy ();
+			m_membershipCondition = membershipCondition.Copy ();
+		}
+
+		// for PolicyLevel (to avoid validation duplication)
+		internal CodeGroup (SecurityElement e, PolicyLevel level) 
+		{
+			FromXml (e, level);
+		}
+
+		// abstract
+
+		public abstract CodeGroup Copy ();
+
+		public abstract string MergeLogic { get; }
+
+		public abstract PolicyStatement Resolve (Evidence evidence);
+
+		public abstract CodeGroup ResolveMatchingCodeGroups (Evidence evidence);
+
+		// properties
+
+		public PolicyStatement PolicyStatement {
+			get { return m_policy; }
+			set { m_policy = value; }
+		}
+
+		public string Description {
+			get { return m_description; }
+			set { m_description = value; }
+		}
+
+		public IMembershipCondition MembershipCondition	 {
+			get { return m_membershipCondition; }
+			set {
+				if (null == value)
+					throw new ArgumentException ("value");
+				m_membershipCondition = value;
+			}
+		}
+
+		public string Name {
+			get { return m_name; }
+			set { m_name = value; }
+		}
+
+		public IList Children {
+			get { return m_children; }
+			set {
+				if (null == value)
+					throw new ArgumentNullException ("value");
+				m_children = new ArrayList (value);
+			}
+		}
+
+		public virtual string AttributeString {
+			get {
+				if (null != m_policy)
+					return m_policy.AttributeString;
+				return null;
+			}
+		}
+
+		public virtual string PermissionSetName {
+			get {
+				if (m_policy == null)
+					return null;
+				if (m_policy.PermissionSet is Security.NamedPermissionSet)
+					return ((NamedPermissionSet)(m_policy.PermissionSet)).Name;
+				return null;
+			}
+		}
+
+		public void AddChild (CodeGroup group)
+		{
+			if (null == group)
+				throw new ArgumentNullException ("group");
+
+			m_children.Add (group.Copy ());
+		}
+
+		public override bool Equals (object o)
+		{
+			CodeGroup cg = (o as CodeGroup);
+			if (cg == null)
+				return false;
+
+			return Equals (cg, false);
+		}
+
+		public bool Equals (CodeGroup cg, bool compareChildren)
+		{
+			if (cg.Name != this.Name)
+				return false;
+
+			if (cg.Description != this.Description)
+				return false;
+
+			if (!cg.MembershipCondition.Equals (m_membershipCondition))
+				return false;
+
+			if (compareChildren) {
+				int childCount = cg.Children.Count;
+				if (this.Children.Count != childCount)
+					return false;
+
+				for (int index = 0; index < childCount; index++) {
+					// not a deep compare
+					if (!((CodeGroup)(this.Children [index])).Equals ((CodeGroup)(cg.Children [index]), false))
+						return false;
+				}
+			}
+			return true;
+		}
+
+		public void RemoveChild (CodeGroup group)
+		{
+			if (group != null)
+				m_children.Remove (group);
+		}
+
+		public override int GetHashCode ()
+		{
+			int hashCode = m_membershipCondition.GetHashCode ();
+			if (m_policy != null)
+				hashCode += m_policy.GetHashCode ();
+			return hashCode;
+		}
+
+		public void FromXml (SecurityElement e)
+		{
+			FromXml (e, null);
+		}
+
+		public void FromXml (SecurityElement e, PolicyLevel level)
+		{
+			if (null == e)
+				throw new ArgumentNullException("e");
+
+			PermissionSet ps = null;
+			string psetname = e.Attribute ("PermissionSetName");
+			if ((psetname != null) && (level != null)) {
+				ps = level.GetNamedPermissionSet (psetname);
+			}
+			else {
+				SecurityElement pset = e.SearchForChildByTag ("PermissionSet");
+				if (pset != null) {
+					Type classType = Type.GetType (pset.Attribute ("class"));
+					ps = (PermissionSet) Activator.CreateInstance (classType, true);
+					ps.FromXml (pset);
+				}
+				else {
+					ps = new PermissionSet (new PermissionSet (PermissionState.None));
+				}
+			}
+			m_policy = new PolicyStatement (ps);
+
+			m_children.Clear ();
+			if ((e.Children != null) && (e.Children.Count > 0)) {
+				foreach (SecurityElement se in e.Children) {
+					if (se.Tag == "CodeGroup") {
+						this.AddChild (CodeGroup.CreateFromXml (se, level));
+					}
+				}
+			}
+			
+			m_membershipCondition = null;
+			SecurityElement mc = e.SearchForChildByTag ("IMembershipCondition");
+			if (mc != null) {
+				string className = mc.Attribute ("class");
+				Type classType = Type.GetType (className);
+				if (classType == null)
+					classType = Type.GetType ("System.Security.Policy." + className);
+				m_membershipCondition = (IMembershipCondition) Activator.CreateInstance (classType, true);
+				m_membershipCondition.FromXml (mc, level);
+			}
+
+			m_name = e.Attribute("Name");
+			m_description = e.Attribute("Description");
+
+			// seems like we might need this to Resolve() in subclasses
+			//m_level = level;
+
+			ParseXml (e, level);
+		}
+
+		protected virtual void ParseXml (SecurityElement e, PolicyLevel level)
+		{
+		}
+		
+		public SecurityElement ToXml ()
+		{
+			return ToXml (null);
+		}
+
+		public SecurityElement ToXml (PolicyLevel level)
+		{
+			SecurityElement e = new SecurityElement("CodeGroup");
+			e.AddAttribute("class", this.GetType().AssemblyQualifiedName);
+			e.AddAttribute("version", "1");
+
+			if (null != Name)
+				e.AddAttribute("Name", Name);
+
+			if (null != Description)
+				e.AddAttribute("Description", Description);
+
+			if (null != MembershipCondition)
+				e.AddChild(MembershipCondition.ToXml());
+
+			if ((PolicyStatement != null) && (PolicyStatement.PermissionSet != null))
+				e.AddChild (PolicyStatement.PermissionSet.ToXml ());
+
+			foreach (CodeGroup child in Children)
+				e.AddChild(child.ToXml());
+
+			CreateXml(e, level);
+			return e;
+		}
+		
+		protected virtual void CreateXml (SecurityElement element, PolicyLevel level)
+		{
+		}
+
+		// internal stuff
+
+		internal static CodeGroup CreateFromXml (SecurityElement se, PolicyLevel level) 
+		{
+			string fullClassName = se.Attribute ("class");
+			string className = fullClassName;
+			// many possible formats
+			// a. "FirstMatchCodeGroup"
+			// b. "System.Security.Policy.FirstMatchCodeGroup"
+			// c. "System.Security.Policy.FirstMatchCodeGroup, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"\r\n           version=\"1\">\r\n   <IMembershipCondition class=\"System.Security.Policy.AllMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
+			int n = className.IndexOf (",");
+			if (n > 0) {
+				className = className.Substring (0, n);
+			}
+			n = className.LastIndexOf (".");
+			if (n > 0)
+				className = className.Substring (n + 1);
+			// much faster than calling Activator.CreateInstance
+			switch (className) {
+				case "FileCodeGroup":
+					return new FileCodeGroup (se, level);
+				case "FirstMatchCodeGroup":
+					return new FirstMatchCodeGroup (se, level);
+				case "NetCodeGroup":
+					return new NetCodeGroup (se, level);
+				case "UnionCodeGroup":
+					return new UnionCodeGroup (se, level);
+				default: // unknown
+					Type classType = Type.GetType (fullClassName);
+					CodeGroup cg = (CodeGroup) Activator.CreateInstance (classType, true);
+					cg.FromXml (se, level);
+					return cg;
+			}
+		}
+	}
+}

mcs/class/corlib/System.Security.Policy/DefaultPolicies.cs

@@ -0,0 +1,341 @@
+//
+// System.Security.Policy.DefaultPolicies.cs
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Security.Permissions;
+
+namespace System.Security.Policy {
+
+	/* NOTES
+	 *
+	 * [1]	Some permissions classes are defined _outside_ mscorlib.dll.
+	 * 	In this case we're using SecurityElement to construct the 
+	 * 	permissions manually.
+	 *
+	 */
+
+	internal static class DefaultPolicies {
+
+		public static class ReservedNames {
+			public const string FullTrust = "FullTrust";
+			public const string LocalIntranet = "LocalIntranet";
+			public const string Internet = "Internet";
+			public const string SkipVerification = "SkipVerification";
+			public const string Execution = "Execution";
+			public const string Nothing = "Nothing";
+			public const string Everything = "Everything";
+
+			static public bool IsReserved (string name) 
+			{
+				switch (name) {
+				case FullTrust:
+				case LocalIntranet:
+				case Internet:
+				case SkipVerification:
+				case Execution:
+				case Nothing:
+				case Everything:
+					return true;
+				default:
+					return false;
+				}
+			}
+		}
+
+		public enum Key {
+			Ecma,
+			MsFinal,
+		}
+
+		private const string DnsPermissionClass = "System.Net.DnsPermission, " + Consts.AssemblySystem;
+		private const string EventLogPermissionClass = "System.Diagnostics.EventLogPermission, " + Consts.AssemblySystem;
+		private const string PrintingPermissionClass = "System.Drawing.Printing.PrintingPermission, " + Consts.AssemblySystem_Drawing;
+		private const string SocketPermissionClass = "System.Net.SocketPermission, " + Consts.AssemblySystem;
+		private const string WebPermissionClass = "System.Net.WebPermission, " + Consts.AssemblySystem;
+		private const string PerformanceCounterPermissionClass = "System.Diagnostics.PerformanceCounterPermission, " + Consts.AssemblySystem;
+		private const string DirectoryServicesPermissionClass = "System.DirectoryServices.DirectoryServicesPermission, " + Consts.AssemblySystem_DirectoryServices;
+		private const string MessageQueuePermissionClass = "System.Messaging.MessageQueuePermission, " + Consts.AssemblySystem_Messaging;
+		private const string ServiceControllerPermissionClass = "System.ServiceProcess.ServiceControllerPermission, " + Consts.AssemblySystem_ServiceProcess;
+		private const string OleDbPermissionClass = "System.Data.OleDb.OleDbPermission, " + Consts.AssemblySystem_Data;
+		private const string SqlClientPermissionClass = "System.Data.SqlClient.SqlClientPermission, " + Consts.AssemblySystem_Data;
+//		private const string DataProtectionPermissionClass = "System.Security.Permissions.DataProtectionPermission, " + Consts.AssemblySystem_Security;
+//		private const string StorePermissionClass = "System.Security.Permissions.StorePermission, " + Consts.AssemblySystem_Security;
+
+		private static Version _fxVersion;
+		private static byte[] _ecmaKey = new byte [16] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+		private static StrongNamePublicKeyBlob _ecma;
+		private static byte[] _msFinalKey = new byte [160] { 
+			0x00, 0x24, 0x00, 0x00, 0x04, 0x80, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x06, 0x02, 0x00, 0x00,
+			0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x31, 0x00, 0x04, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
+			0x07, 0xD1, 0xFA, 0x57, 0xC4, 0xAE, 0xD9, 0xF0, 0xA3, 0x2E, 0x84, 0xAA, 0x0F, 0xAE, 0xFD, 0x0D, 
+			0xE9, 0xE8, 0xFD, 0x6A, 0xEC, 0x8F, 0x87, 0xFB, 0x03, 0x76, 0x6C, 0x83, 0x4C, 0x99, 0x92, 0x1E, 
+			0xB2, 0x3B, 0xE7, 0x9A, 0xD9, 0xD5, 0xDC, 0xC1, 0xDD, 0x9A, 0xD2, 0x36, 0x13, 0x21, 0x02, 0x90, 
+			0x0B, 0x72, 0x3C, 0xF9, 0x80, 0x95, 0x7F, 0xC4, 0xE1, 0x77, 0x10, 0x8F, 0xC6, 0x07, 0x77, 0x4F, 
+			0x29, 0xE8, 0x32, 0x0E, 0x92, 0xEA, 0x05, 0xEC, 0xE4, 0xE8, 0x21, 0xC0, 0xA5, 0xEF, 0xE8, 0xF1, 
+			0x64, 0x5C, 0x4C, 0x0C, 0x93, 0xC1, 0xAB, 0x99, 0x28, 0x5D, 0x62, 0x2C, 0xAA, 0x65, 0x2C, 0x1D, 
+			0xFA, 0xD6, 0x3D, 0x74, 0x5D, 0x6F, 0x2D, 0xE5, 0xF1, 0x7E, 0x5E, 0xAF, 0x0F, 0xC4, 0x96, 0x3D, 
+			0x26, 0x1C, 0x8A, 0x12, 0x43, 0x65, 0x18, 0x20, 0x6D, 0xC0, 0x93, 0x34, 0x4D, 0x5A, 0xD2, 0x93 };
+		private static StrongNamePublicKeyBlob _msFinal;
+
+		private static NamedPermissionSet _fullTrust;
+		private static NamedPermissionSet _localIntranet;
+		private static NamedPermissionSet _internet;
+		private static NamedPermissionSet _skipVerification;
+		private static NamedPermissionSet _execution;
+		private static NamedPermissionSet _nothing;
+		private static NamedPermissionSet _everything;
+
+		public static PermissionSet GetSpecialPermissionSet (string name)
+		{
+			if (name == null)
+				throw new ArgumentNullException ("name");
+
+			switch (name) {
+			case ReservedNames.FullTrust:
+				return FullTrust;
+			case ReservedNames.LocalIntranet:
+				return LocalIntranet;
+			case ReservedNames.Internet:
+				return Internet;
+			case ReservedNames.SkipVerification:
+				return SkipVerification;
+			case ReservedNames.Execution:
+				return Execution;
+			case ReservedNames.Nothing:
+				return Nothing;
+			case ReservedNames.Everything:
+				return Everything;
+			default:
+				return null;
+			}
+		}
+
+		public static PermissionSet FullTrust {
+			get {
+				if (_fullTrust == null)
+					_fullTrust = BuildFullTrust ();
+				return _fullTrust;
+			}
+		}
+
+		public static PermissionSet LocalIntranet {
+			get {
+				if (_localIntranet == null)
+					_localIntranet = BuildLocalIntranet ();
+				return _localIntranet;
+			}
+		}
+
+		public static PermissionSet Internet {
+			get {
+				if (_internet == null)
+					_internet = BuildInternet ();
+				return _internet;
+			}
+		}
+
+		public static PermissionSet SkipVerification {
+			get {
+				if (_skipVerification == null)
+					_skipVerification = BuildSkipVerification ();
+				return _skipVerification;
+			}
+		}
+
+		public static PermissionSet Execution {
+			get {
+				if (_execution == null)
+					_execution = BuildExecution ();
+				return _execution;
+			}
+		}
+
+
+		public static PermissionSet Nothing {
+			get {
+				if (_nothing == null)
+					_nothing = BuildNothing ();
+				return _nothing;
+			}
+		}
+
+		public static PermissionSet Everything {
+			get {
+				if (_everything == null)
+					_everything = BuildEverything ();
+				return _everything;
+			}
+		}
+
+		public static StrongNameMembershipCondition FullTrustMembership (string name, Key key)
+		{
+			StrongNamePublicKeyBlob snkb = null;
+
+			switch (key) {
+			case Key.Ecma:
+				if (_ecma == null) {
+					_ecma = new StrongNamePublicKeyBlob (_ecmaKey);
+				}
+				snkb = _ecma;
+				break;
+			case Key.MsFinal:
+				if (_msFinal == null) {
+					_msFinal = new StrongNamePublicKeyBlob (_msFinalKey);
+				}
+				snkb = _msFinal;
+				break;
+			}
+
+			if (_fxVersion == null)
+			{
+				_fxVersion = new Version (Consts.FxVersion);
+			}
+
+			return new StrongNameMembershipCondition (snkb, name, _fxVersion);
+		}
+
+		// internal stuff
+
+		private static NamedPermissionSet BuildFullTrust ()
+		{
+			return new NamedPermissionSet (ReservedNames.FullTrust, PermissionState.Unrestricted);
+		}
+
+		private static NamedPermissionSet BuildLocalIntranet ()
+		{
+			NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.LocalIntranet, PermissionState.None);
+
+			nps.AddPermission (new EnvironmentPermission (EnvironmentPermissionAccess.Read, "USERNAME;USER"));
+
+			nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
+
+			IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
+			isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
+			isfp.UserQuota = Int64.MaxValue;
+			nps.AddPermission (isfp);
+
+			nps.AddPermission (new ReflectionPermission (ReflectionPermissionFlag.ReflectionEmit));
+
+			SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
+			nps.AddPermission (new SecurityPermission (spf));
+
+			nps.AddPermission (new UIPermission (PermissionState.Unrestricted));
+
+			// DnsPermission requires stuff outside corlib (System)
+			nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
+
+			// PrintingPermission requires stuff outside corlib (System.Drawing)
+			nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
+			return nps;
+		}
+
+		private static NamedPermissionSet BuildInternet ()
+		{
+			NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Internet, PermissionState.None);
+			nps.AddPermission (new FileDialogPermission (FileDialogPermissionAccess.Open));
+
+			IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
+			isfp.UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser;
+			isfp.UserQuota = 512000;
+			nps.AddPermission (isfp);
+
+			nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
+
+			nps.AddPermission (new UIPermission (UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));
+
+			// PrintingPermission requires stuff outside corlib (System.Drawing)
+			nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
+			return nps;
+		}
+
+		private static NamedPermissionSet BuildSkipVerification ()
+		{
+			NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.SkipVerification, PermissionState.None);
+			nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.SkipVerification));
+			return nps;
+		}
+
+		private static NamedPermissionSet BuildExecution ()
+		{
+			NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Execution, PermissionState.None);
+			nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
+			return nps;
+		}
+
+		private static NamedPermissionSet BuildNothing ()
+		{
+			return new NamedPermissionSet (ReservedNames.Nothing, PermissionState.None);
+		}
+
+		private static NamedPermissionSet BuildEverything ()
+		{
+			NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Everything, PermissionState.None);
+
+			nps.AddPermission (new EnvironmentPermission (PermissionState.Unrestricted));
+			nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
+			nps.AddPermission (new FileIOPermission (PermissionState.Unrestricted));
+			nps.AddPermission (new IsolatedStorageFilePermission (PermissionState.Unrestricted));
+			nps.AddPermission (new ReflectionPermission (PermissionState.Unrestricted));
+			nps.AddPermission (new RegistryPermission (PermissionState.Unrestricted));
+			nps.AddPermission (new KeyContainerPermission (PermissionState.Unrestricted));
+
+			// not quite all in this case
+			SecurityPermissionFlag spf = SecurityPermissionFlag.AllFlags;
+			spf &= ~SecurityPermissionFlag.SkipVerification;
+			nps.AddPermission (new SecurityPermission (spf));
+
+			nps.AddPermission (new UIPermission (PermissionState.Unrestricted));
+
+			// others requires stuff outside corlib
+			nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
+			nps.AddPermission (PermissionBuilder.Create (PrintingPermissionClass, PermissionState.Unrestricted));
+			nps.AddPermission (PermissionBuilder.Create (EventLogPermissionClass, PermissionState.Unrestricted));
+
+			nps.AddPermission (PermissionBuilder.Create (SocketPermissionClass, PermissionState.Unrestricted));
+			nps.AddPermission (PermissionBuilder.Create (WebPermissionClass, PermissionState.Unrestricted));
+			nps.AddPermission (PermissionBuilder.Create (PerformanceCounterPermissionClass, PermissionState.Unrestricted));
+			nps.AddPermission (PermissionBuilder.Create (DirectoryServicesPermissionClass, PermissionState.Unrestricted));
+			nps.AddPermission (PermissionBuilder.Create (MessageQueuePermissionClass, PermissionState.Unrestricted));
+			nps.AddPermission (PermissionBuilder.Create (ServiceControllerPermissionClass, PermissionState.Unrestricted));
+			nps.AddPermission (PermissionBuilder.Create (OleDbPermissionClass, PermissionState.Unrestricted));
+			nps.AddPermission (PermissionBuilder.Create (SqlClientPermissionClass, PermissionState.Unrestricted));
+//			nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted));
+//			nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted));
+			return nps;
+		}
+
+		private static SecurityElement PrintingPermission (string level)
+		{
+			SecurityElement se = new SecurityElement ("IPermission");
+			se.AddAttribute ("class", PrintingPermissionClass);
+			se.AddAttribute ("version", "1");
+			se.AddAttribute ("Level", level);
+			return se;
+		}
+
+	}
+}

mcs/class/corlib/System.Security.Policy/Evidence.cs

@@ -0,0 +1,402 @@
+//
+// System.Security.Policy.Evidence
+//
+// Authors:
+//	Sean MacIsaac (macisaac@ximian.com)
+//	Nick Drochak (ndrochak@gol.com)
+//	Jackson Harper (Jackson@LatitudeGeo.com)
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2001 Ximian, Inc.
+// Portions (C) 2003, 2004 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Collections;
+using System.Globalization;
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+using System.Security.Permissions;
+using System.Security.Cryptography.X509Certificates;
+using Mono.Security.Authenticode;
+
+namespace System.Security.Policy {
+
+	[Serializable]
+	[MonoTODO ("Serialization format not compatible with .NET")]
+	[ComVisible (true)]
+	public sealed class Evidence : ICollection, IEnumerable {
+	
+		private bool _locked;
+		private ArrayList hostEvidenceList;	
+		private ArrayList assemblyEvidenceList;
+
+		public Evidence () 
+		{
+		}
+
+		public Evidence (Evidence evidence)
+		{
+			if (evidence != null)
+				Merge (evidence);	
+		}
+
+#if NET_4_0
+		[Obsolete]
+#endif
+		public Evidence (object[] hostEvidence, object[] assemblyEvidence)
+		{
+			if (null != hostEvidence)
+				HostEvidenceList.AddRange (hostEvidence);
+			if (null != assemblyEvidence)
+				AssemblyEvidenceList.AddRange (assemblyEvidence);
+		}
+		
+		//
+		// Public Properties
+		//
+	
+#if NET_4_0
+		[Obsolete]
+#endif
+		public int Count {
+			get {
+				int count = 0;
+				if (hostEvidenceList != null)
+					count += hostEvidenceList.Count;
+				if (assemblyEvidenceList!= null)
+					count += assemblyEvidenceList.Count;
+				return count;
+			}
+		}
+
+		public bool IsReadOnly {
+			get{ return false; }
+		}
+		
+		public bool IsSynchronized {
+			get { return false; }
+		}
+
+		public bool Locked {
+			get { return _locked; }
+			[SecurityPermission (SecurityAction.Demand, ControlEvidence = true)]
+			set { 
+				_locked = value; 
+			}
+		}	
+
+		public object SyncRoot {
+			get { return this; }
+		}
+
+		internal ArrayList HostEvidenceList {
+			get {
+				if (hostEvidenceList == null)
+					hostEvidenceList = ArrayList.Synchronized (new ArrayList ());
+				return hostEvidenceList;
+			}
+		}
+
+		internal ArrayList AssemblyEvidenceList {
+			get {
+				if (assemblyEvidenceList == null)
+					assemblyEvidenceList = ArrayList.Synchronized (new ArrayList ());
+				return assemblyEvidenceList;
+			}
+		}
+
+		//
+		// Public Methods
+		//
+
+#if NET_4_0
+		[Obsolete]
+#endif
+		public void AddAssembly (object id) 
+		{
+			AssemblyEvidenceList.Add (id);
+		}
+
+#if NET_4_0
+		[Obsolete]
+#endif
+		public void AddHost (object id) 
+		{
+			if (_locked && SecurityManager.SecurityEnabled) {
+				new SecurityPermission (SecurityPermissionFlag.ControlEvidence).Demand ();
+			}
+			HostEvidenceList.Add (id);
+		}
+
+		[ComVisible (false)]
+		public void Clear ()
+		{
+			if (hostEvidenceList != null)
+				hostEvidenceList.Clear ();
+			if (assemblyEvidenceList != null)
+				assemblyEvidenceList.Clear ();
+		}
+
+#if NET_4_0
+		[Obsolete]
+#endif
+		public void CopyTo (Array array, int index) 
+		{
+			int hc = 0;
+			if (hostEvidenceList != null) {
+				hc = hostEvidenceList.Count;
+				if (hc > 0)
+					hostEvidenceList.CopyTo (array, index);
+			}
+			if ((assemblyEvidenceList != null) && (assemblyEvidenceList.Count > 0))
+				assemblyEvidenceList.CopyTo (array, index + hc);
+		}
+
+#if !NET_4_0
+		[ComVisible (false)]
+		public override bool Equals (object obj)
+		{
+			if (obj == null)
+				return false;
+			Evidence e = (obj as Evidence);
+			if (e == null)
+				return false;
+
+			if (HostEvidenceList.Count != e.HostEvidenceList.Count)
+				return false;
+			if (AssemblyEvidenceList.Count != e.AssemblyEvidenceList.Count)
+				return false;
+
+			for (int i = 0; i < hostEvidenceList.Count; i++) {
+				bool found = false;
+				for (int j = 0; j < e.hostEvidenceList.Count; i++) {
+					if (hostEvidenceList [i].Equals (e.hostEvidenceList [j])) {
+						found = true;
+						break;
+					}
+				}
+				if (!found)
+					return false;
+			}
+			for (int i = 0; i < assemblyEvidenceList.Count; i++) {
+				bool found = false;
+				for (int j = 0; j < e.assemblyEvidenceList.Count; i++) {
+					if (assemblyEvidenceList [i].Equals (e.assemblyEvidenceList [j])) {
+						found = true;
+						break;
+					}
+				}
+				if (!found)
+					return false;
+			}
+			
+			return true;
+		}
+#endif
+
+#if NET_4_0
+		[Obsolete]
+#endif
+		public IEnumerator GetEnumerator () 
+		{
+			IEnumerator he = null;
+			if (hostEvidenceList != null)
+				he = hostEvidenceList.GetEnumerator ();
+			IEnumerator ae = null;
+			if (assemblyEvidenceList != null)
+				ae = assemblyEvidenceList.GetEnumerator ();
+			return new EvidenceEnumerator (he, ae);
+		}
+
+		public IEnumerator GetAssemblyEnumerator () 
+		{
+			return AssemblyEvidenceList.GetEnumerator ();
+		}
+
+#if !NET_4_0
+		[ComVisible (false)]
+		public override int GetHashCode ()
+		{
+			int _hashCode = 0;
+			if (hostEvidenceList != null) {
+				for (int i = 0; i < hostEvidenceList.Count; i++)
+					_hashCode ^= hostEvidenceList [i].GetHashCode ();
+			}
+			if (assemblyEvidenceList != null) {
+				for (int i = 0; i < assemblyEvidenceList.Count; i++)
+					_hashCode ^= assemblyEvidenceList [i].GetHashCode ();
+			}
+			
+			return _hashCode;
+		}
+#endif
+		public IEnumerator GetHostEnumerator () 
+		{
+			return HostEvidenceList.GetEnumerator ();
+		}
+
+		public void Merge (Evidence evidence) 
+		{
+			if ((evidence != null) && (evidence.Count > 0)) {
+				if (evidence.hostEvidenceList != null) {
+					foreach (object o in evidence.hostEvidenceList)
+						AddHost (o);
+				}
+				if (evidence.assemblyEvidenceList != null) {
+					foreach (object o in evidence.assemblyEvidenceList)
+						AddAssembly (o);
+				}
+			}
+		}
+
+		[ComVisible (false)]
+		public void RemoveType (Type t)
+		{
+			for (int i = hostEvidenceList.Count; i >= 0; i--) {
+				if (hostEvidenceList.GetType () == t) {
+					hostEvidenceList.RemoveAt (i);
+				}
+			}
+			for (int i = assemblyEvidenceList.Count; i >= 0; i--) {
+				if (assemblyEvidenceList.GetType () == t) {
+					assemblyEvidenceList.RemoveAt (i);
+				}
+			}
+		}
+
+		// Use an icall to avoid multiple file i/o to detect the 
+		// "possible" presence of an Authenticode signature
+		[MethodImplAttribute (MethodImplOptions.InternalCall)]
+		static extern bool IsAuthenticodePresent (Assembly a);
+#if NET_2_1
+		static internal Evidence GetDefaultHostEvidence (Assembly a)
+		{
+			return new Evidence ();
+		}
+#else
+		// this avoid us to build all evidences from the runtime
+		// (i.e. multiple unmanaged->managed calls) and also allows
+		// to delay their creation until (if) needed
+		[FileIOPermission (SecurityAction.Assert, Unrestricted = true)]
+		static internal Evidence GetDefaultHostEvidence (Assembly a) 
+		{
+			Evidence e = new Evidence ();
+			string aname = a.EscapedCodeBase;
+
+			// by default all assembly have the Zone, Url and Hash evidences
+			e.AddHost (Zone.CreateFromUrl (aname));
+			e.AddHost (new Url (aname));
+			e.AddHost (new Hash (a));
+
+			// non local files (e.g. http://) also get a Site evidence
+			if (String.Compare ("FILE://", 0, aname, 0, 7, true, CultureInfo.InvariantCulture) != 0) {
+				e.AddHost (Site.CreateFromUrl (aname));
+			}
+
+			// strongnamed assemblies gets a StrongName evidence
+			AssemblyName an = a.UnprotectedGetName ();
+			byte[] pk = an.GetPublicKey ();
+			if ((pk != null) && (pk.Length > 0)) {
+				StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob (pk);
+				e.AddHost (new StrongName (blob, an.Name, an.Version));
+			}
+
+			// Authenticode(r) signed assemblies get a Publisher evidence
+			if (IsAuthenticodePresent (a)) {
+				// Note: The certificate is part of the evidences even if it is not trusted!
+				// so we can't call X509Certificate.CreateFromSignedFile
+				AuthenticodeDeformatter ad = new AuthenticodeDeformatter (a.Location);
+				if (ad.SigningCertificate != null) {
+					X509Certificate x509 = new X509Certificate (ad.SigningCertificate.RawData);
+					if (x509.GetHashCode () != 0) {
+						e.AddHost (new Publisher (x509));
+					}
+				}
+			}
+			// assemblies loaded from the GAC also get a Gac evidence (new in Fx 2.0)
+			if (a.GlobalAssemblyCache) {
+				e.AddHost (new GacInstalled ());
+			}
+
+			// the current HostSecurityManager may add/remove some evidence
+			AppDomainManager dommgr = AppDomain.CurrentDomain.DomainManager;
+			if (dommgr != null) {
+				if ((dommgr.HostSecurityManager.Flags & HostSecurityManagerOptions.HostAssemblyEvidence) ==
+					HostSecurityManagerOptions.HostAssemblyEvidence) {
+					e = dommgr.HostSecurityManager.ProvideAssemblyEvidence (a, e);
+				}
+			}
+
+			return e;
+		}
+
+#endif // NET_2_1
+
+		private class EvidenceEnumerator : IEnumerator {
+			
+			private IEnumerator currentEnum, hostEnum, assemblyEnum;		
+	
+			public EvidenceEnumerator (IEnumerator hostenum, IEnumerator assemblyenum) 
+			{
+				this.hostEnum = hostenum;
+				this.assemblyEnum = assemblyenum;
+				currentEnum = hostEnum;		
+			}
+
+			public bool MoveNext () 
+			{
+				if (currentEnum == null)
+					return false;
+
+				bool ret = currentEnum.MoveNext ();
+				
+				if (!ret && (hostEnum == currentEnum) && (assemblyEnum != null)) {
+					currentEnum = assemblyEnum;
+					ret = assemblyEnum.MoveNext ();
+				}
+
+				return ret;
+			}
+
+			public void Reset () 
+			{
+				if (hostEnum != null) {
+					hostEnum.Reset ();
+					currentEnum = hostEnum;
+				} else {
+					currentEnum = assemblyEnum;
+				}
+				if (assemblyEnum != null)
+					assemblyEnum.Reset ();
+			}
+
+			public object Current {
+				get {
+					return currentEnum.Current;
+				}
+			}
+		}
+	}
+}
+

mcs/class/corlib/System.Security.Policy/EvidenceBase.cs

@@ -0,0 +1,47 @@
+//
+// EvidenceBase.cs
+//
+// Authors:
+//	Marek Safar  <marek.safar@gmail.com>
+//
+// Copyright (C) 2012 Xamarin Inc (http://www.xamarin.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#if NET_4_0
+
+using System.Security.Permissions;
+
+namespace System.Security.Policy
+{
+	[Serializable]
+	[PermissionSetAttribute (SecurityAction.InheritanceDemand, Unrestricted = true)]
+	public abstract class EvidenceBase
+	{
+		[SecurityPermissionAttribute (SecurityAction.Assert, SerializationFormatter = true)]
+		public virtual EvidenceBase Clone ()
+		{
+			throw new NotImplementedException ();
+		}
+	}
+}
+
+#endif

mcs/class/corlib/System.Security.Policy/FileCodeGroup.cs

@@ -0,0 +1,159 @@
+//
+// System.Security.Policy.FileCodeGroup
+//
+// Author(s):
+//   Nick Drochak (ndrochak@gol.com)
+//
+// (C) 2001 Nick Drochak, All rights reserved.
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Collections;
+using System.Runtime.InteropServices;
+using System.Security.Permissions;
+
+namespace System.Security.Policy {
+
+	[Serializable]
+	[ComVisible (true)]
+	public sealed class FileCodeGroup : CodeGroup {
+
+		private FileIOPermissionAccess m_access;
+
+		public FileCodeGroup (IMembershipCondition membershipCondition, FileIOPermissionAccess access) 
+			: base (membershipCondition, null)
+		{
+			// note: FileIOPermissionAccess is a [Flag]
+			m_access = access;
+		}
+
+		// for PolicyLevel (to avoid validation duplication)
+		internal FileCodeGroup (SecurityElement e, PolicyLevel level)
+			: base (e, level)
+		{
+		}
+
+		public override CodeGroup Copy ()
+		{
+			FileCodeGroup copy = new FileCodeGroup (MembershipCondition, m_access);
+			copy.Name = this.Name;
+			copy.Description = this.Description;
+			foreach (CodeGroup child in Children) {
+				copy.AddChild (child.Copy ());	// deep copy
+			}
+			return copy;
+		}
+		
+		public override string MergeLogic {
+			get { return "Union";}
+		}
+
+		public override PolicyStatement Resolve (Evidence evidence)
+		{
+			if (null == evidence)
+				throw new ArgumentNullException("evidence");
+
+			if (!MembershipCondition.Check (evidence))
+				return null;
+
+			PermissionSet ps = null;
+			if (this.PolicyStatement == null)
+				ps = new PermissionSet (PermissionState.None);
+			else
+				ps = this.PolicyStatement.PermissionSet.Copy ();
+
+			if (this.Children.Count > 0) {
+				foreach (CodeGroup child_cg in this.Children) {
+					PolicyStatement child_pst = child_cg.Resolve (evidence);
+					if (child_pst != null) {
+						ps = ps.Union (child_pst.PermissionSet);
+					}
+				}
+			}
+
+			PolicyStatement pst = null;
+			if (this.PolicyStatement != null)
+				pst = this.PolicyStatement.Copy ();
+			else
+				pst = PolicyStatement.Empty ();
+			pst.PermissionSet = ps;
+			return pst;
+		}
+
+		public override CodeGroup ResolveMatchingCodeGroups(Evidence evidence)
+		{
+			if (null == evidence)
+				throw new ArgumentNullException("evidence");
+
+			if (!MembershipCondition.Check (evidence))
+				return null;
+
+			FileCodeGroup matchRoot = new FileCodeGroup (MembershipCondition, m_access);
+
+			foreach (CodeGroup child in Children) {
+				CodeGroup childMatchingCodeGroup = child.ResolveMatchingCodeGroups (evidence);
+				if (childMatchingCodeGroup != null)
+					matchRoot.AddChild (childMatchingCodeGroup);
+			}
+
+			return matchRoot;
+		}
+
+		public override string AttributeString {
+			get { return null; }
+		}
+
+		public override string PermissionSetName {
+			get { return "Same directory FileIO - " + m_access.ToString (); }
+		}
+
+		public override bool Equals (object o)
+		{
+			if (!(o is FileCodeGroup))
+				return false;
+
+			if (this.m_access != ((FileCodeGroup)o).m_access)
+				return false;
+
+			return Equals((CodeGroup)o, false);
+		}
+
+		public override int GetHashCode ()
+		{
+			return m_access.GetHashCode ();
+		}
+
+		protected override void ParseXml (SecurityElement e, PolicyLevel level)
+		{
+			string a = e.Attribute ("Access");
+			if (a != null)
+				m_access = (FileIOPermissionAccess) Enum.Parse (typeof (FileIOPermissionAccess), a, true);
+			else
+				m_access = FileIOPermissionAccess.NoAccess;
+		}
+		
+		protected override void CreateXml (SecurityElement element, PolicyLevel level)
+		{
+			element.AddAttribute ("Access", m_access.ToString ());
+		}
+	}
+}

mcs/class/corlib/System.Security.Policy/FirstMatchCodeGroup.cs

@@ -0,0 +1,118 @@
+//
+// System.Security.Policy.FirstMatchCodeGroup
+//
+// Author(s):
+//  Jackson Harper (Jackson@LatitudeGeo.com)
+//
+// (C) 2002 Jackson Harper, All rights reserved.
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Runtime.InteropServices;
+
+namespace System.Security.Policy {
+
+	[Serializable]
+	[ComVisible (true)]
+	public sealed class FirstMatchCodeGroup : CodeGroup {
+		
+		public FirstMatchCodeGroup (IMembershipCondition membershipCondition, PolicyStatement policy)
+			: base (membershipCondition, policy)
+		{
+		}
+
+		// for PolicyLevel (to avoid validation duplication)
+		internal FirstMatchCodeGroup (SecurityElement e, PolicyLevel level)
+			: base (e, level)
+		{
+		}
+
+		//
+		// Public Properties
+		//
+
+		public override string MergeLogic {
+			get { return "First Match"; }
+		}
+
+		//
+		// Public Methods
+		//
+		
+		public override CodeGroup Copy ()
+		{
+			FirstMatchCodeGroup copy = CopyNoChildren ();
+			foreach (CodeGroup child in Children) {
+				copy.AddChild (child.Copy ());	// deep copy
+			}
+			return copy;
+		}
+
+		public override PolicyStatement Resolve (Evidence evidence)
+		{
+			if (evidence == null)
+				throw new ArgumentNullException ("evidence");
+
+			if (!MembershipCondition.Check (evidence))
+				return null;
+
+			foreach (CodeGroup child in Children) {
+				PolicyStatement policy = child.Resolve (evidence);
+				if (policy != null) {
+					return policy;	// first match
+				}
+			}
+			return this.PolicyStatement;	// default
+		}
+		
+		public override CodeGroup ResolveMatchingCodeGroups (Evidence evidence)
+		{
+			if (evidence == null)
+				throw new ArgumentNullException ("evidence");
+
+			if (!MembershipCondition.Check (evidence))
+				return null;
+
+			foreach (CodeGroup child in Children) {
+				if (child.Resolve (evidence) != null) {
+					return child.Copy ();	// first match
+					// FIXME copy childrens ?
+				}
+			}
+			return this.CopyNoChildren ();	// default
+		}
+	
+		//
+		// Private Methods
+		//
+	
+		private FirstMatchCodeGroup CopyNoChildren ()
+		{
+			FirstMatchCodeGroup copy = new FirstMatchCodeGroup (MembershipCondition, PolicyStatement);
+
+			copy.Name = Name;
+			copy.Description = Description;
+
+			return copy;
+		}
+	}
+}

mcs/class/corlib/System.Security.Policy/Gac.cs

@@ -0,0 +1,94 @@
+//
+// System.Security.Policy.Gac
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+
+using System.Security.Permissions;
+using System.Runtime.InteropServices;
+
+namespace System.Security.Policy {
+
+	[Serializable]
+	[ComVisible (true)]
+	public sealed class GacInstalled :
+#if NET_4_0
+		EvidenceBase,
+#endif
+		IIdentityPermissionFactory, IBuiltInEvidence {
+
+		public GacInstalled ()
+		{
+		}
+
+		public object Copy ()
+		{
+			return (object) new GacInstalled ();
+		}
+
+		public IPermission CreateIdentityPermission (Evidence evidence)
+		{
+			return new GacIdentityPermission ();
+		}
+
+		public override bool Equals (object o)
+		{
+			if (o == null)
+				return false;
+			return (o is GacInstalled);
+		}
+
+		public override int GetHashCode ()
+		{
+			return 0; // as documented
+		}
+
+		public override string ToString ()
+		{
+			SecurityElement se = new SecurityElement (GetType ().FullName);
+			se.AddAttribute ("version", "1");
+			return se.ToString ();
+		}
+
+		// IBuiltInEvidence
+
+		int IBuiltInEvidence.GetRequiredSize (bool verbose)
+		{
+			return 1;	// LAMESPEC
+		}
+
+		int IBuiltInEvidence.InitFromBuffer (char[] buffer, int position)
+		{
+			return position;
+		}
+
+		int IBuiltInEvidence.OutputToBuffer (char[] buffer, int position, bool verbose)
+		{
+			buffer [position] = '\t';
+			return position + 1;
+		}
+	}
+}

mcs/class/corlib/System.Security.Policy/GacMembershipCondition.cs

@@ -0,0 +1,106 @@
+//
+// System.Security.Policy.GacMembershipCondition.cs
+//
+// Author:
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.Collections;
+using System.Security.Permissions;
+using System.Runtime.InteropServices;
+
+namespace System.Security.Policy {
+
+	[Serializable]
+	[ComVisible (true)]
+	public sealed class GacMembershipCondition : IMembershipCondition, IConstantMembershipCondition {
+
+		private readonly int version = 1;
+
+		public GacMembershipCondition ()
+		{
+		}
+
+		public bool Check (Evidence evidence)
+		{
+			if (evidence == null)
+				return false;
+
+			// true only if Gac is in host-supplied evidences
+			IEnumerator e = evidence.GetHostEnumerator ();
+			while (e.MoveNext ()) {
+				if (e.Current is GacInstalled)
+					return true;
+			}
+			return false;
+		}
+
+		public IMembershipCondition Copy ()
+		{
+			return new GacMembershipCondition ();
+		}
+
+		public override bool Equals (object o)
+		{
+			if (o == null)
+				return false;
+			return (o is GacMembershipCondition);
+		}
+
+		public void FromXml (SecurityElement e)
+		{
+			FromXml (e, null);
+		}
+
+                public void FromXml (SecurityElement e, PolicyLevel level)
+                {
+			MembershipConditionHelper.CheckSecurityElement (e, "e", version, version);
+			// PolicyLevel isn't used as there's no need to resolve NamedPermissionSet references
+		}
+
+		public override int GetHashCode ()
+		{
+			return 0; // always the same
+		}
+
+		// LAMESPEC: "Gac" is documented - but Fx 2.0 beta 1 returns "GAC"
+		public override string ToString ()
+		{
+			return "GAC";
+		}
+
+		public SecurityElement ToXml ()
+		{
+			return ToXml (null);
+		}
+
+		public SecurityElement ToXml (PolicyLevel level)
+		{
+			// PolicyLevel isn't used as there's no need to resolve NamedPermissionSet references
+			SecurityElement se = MembershipConditionHelper.Element (typeof (GacMembershipCondition), version);
+			// nothing to add
+			return se;
+		}
+	}
+}

mcs/class/corlib/System.Security.Policy/Hash.cs

@@ -0,0 +1,211 @@
+//
+// System.Security.Policy.Hash
+//
+// Authors:
+//	Jackson Harper (Jackson@LatitudeGeo.com)
+//	Sebastien Pouliot  <sebastien@ximian.com>
+//
+// (C) 2002 Jackson Harper, All rights reserved.
+// Portions (C) 2002 Motus Technologies Inc. (http://www.motus.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System.IO;
+using System.Reflection;
+using System.Runtime.InteropServices;
+using System.Runtime.Serialization;
+using System.Security.Cryptography;
+using System.Security.Permissions;
+using System.Text;
+
+namespace System.Security.Policy {
+
+[Serializable]
+[ComVisible (true)]
+public sealed class Hash :
+#if NET_4_0
+		EvidenceBase,
+#endif
+		ISerializable, IBuiltInEvidence {
+
+	private Assembly assembly;
+	private byte[] data;
+
+	internal byte[] _md5;
+	internal byte[] _sha1;
+
+	public Hash (Assembly assembly) 
+	{
+		if (assembly == null)
+			throw new ArgumentNullException ("assembly");
+		this.assembly = assembly;
+	}
+
+	internal Hash () 
+	{
+	}
+
+	internal Hash (SerializationInfo info, StreamingContext context)
+	{
+		data = (byte[]) info.GetValue ("RawData", typeof (byte[]));
+	}
+
+	//
+	// Public Properties
+	//
+
+	public byte[] MD5 {
+		get {
+			// Case 1: we have a MD5 value - either precalculated or static (FX 2.0)
+			if (_md5 != null)
+				return _md5;
+
+			// Case 2: we don't have a MD5 value precalculated so we either
+			// (a): have an assembly reference - and can calculate the hash; or
+			// (b): have been initialized with a static MD5 value (FX 2.0)
+			if ((assembly == null) && (_sha1 != null)) {
+				string msg = Locale.GetText ("No assembly data. This instance was initialized with an MSHA1 digest value.");
+				throw new SecurityException (msg);
+			}
+			// fully named to avoid conflit between MD5 property and class name
+			HashAlgorithm hash = System.Security.Cryptography.MD5.Create ();
+			_md5 = GenerateHash (hash);
+			return _md5;
+		}
+	}
+
+	public byte[] SHA1 {
+		get {
+			// Case 1: we have a SHA1 value - either precalculated or static (FX 2.0)
+			if (_sha1 != null)
+				return _sha1;
+			
+			// Case 2: we don't have a SHA1 value precalculated so we either
+			// (a): have an assembly reference - and can calculate the hash; or
+			// (b): have been initialized with a static MD5 value (FX 2.0)
+			if ((assembly == null) && (_md5 != null)) {
+				string msg = Locale.GetText ("No assembly data. This instance was initialized with an MD5 digest value.");
+				throw new SecurityException (msg);
+			}
+			// fully named to avoid conflit between SHA1 property and class name
+			HashAlgorithm hash = System.Security.Cryptography.SHA1.Create ();
+			_sha1 = GenerateHash (hash);
+			return _sha1;
+		}
+	}
+
+	//
+	// Public Methods
+	//
+
+	public byte[] GenerateHash (HashAlgorithm hashAlg) 
+	{
+		if (hashAlg == null)
+			throw new ArgumentNullException ("hashAlg");
+		return hashAlg.ComputeHash (GetData ());
+	}
+
+	public void GetObjectData (SerializationInfo info, StreamingContext context) 
+	{
+		if (info == null)
+			throw new ArgumentNullException ("info");
+		info.AddValue ("RawData", GetData ());
+	}
+
+	public override string ToString () 
+	{
+		SecurityElement se = new SecurityElement (GetType ().FullName);
+		se.AddAttribute ("version", "1");
+		
+		StringBuilder sb = new StringBuilder ();
+		byte[] raw = GetData ();
+		for (int i=0; i < raw.Length; i++)
+			sb.Append (raw [i].ToString ("X2"));
+
+		se.AddChild (new SecurityElement ("RawData", sb.ToString ()));
+		return se.ToString ();
+	}
+
+	//
+	// Private Methods
+	//
+
+	// FIXME: be more restrictive when imperative security is implemented
+	[FileIOPermission (SecurityAction.Assert, Unrestricted = true)]
+	private byte[] GetData () 
+	{
+		if ((assembly == null) && (data == null)) {
+			string msg = Locale.GetText ("No assembly data.");
+			throw new SecurityException (msg);
+		}
+		if (null == data) {
+			// TODO (Pre-Fx-2.0) we mustn't hash the complete assembly!
+			// ---- Look at ToString (MS version) for what to hash (and what not to)
+			// TODO we must drop the authenticode signature (if present)
+			FileStream stream = new 
+				FileStream (assembly.Location, FileMode.Open, FileAccess.Read);
+			data = new byte [stream.Length];
+			stream.Read (data, 0, (int)stream.Length);
+		}
+
+		return data;
+	}
+
+	// interface IBuiltInEvidence
+
+	int IBuiltInEvidence.GetRequiredSize (bool verbose) 
+	{
+		return (verbose ? 5 : 0);	// as documented
+	}
+
+	[MonoTODO ("IBuiltInEvidence")]
+	int IBuiltInEvidence.InitFromBuffer (char [] buffer, int position) 
+	{
+		return 0;
+	}
+
+	[MonoTODO ("IBuiltInEvidence")]
+	int IBuiltInEvidence.OutputToBuffer (char [] buffer, int position, bool verbose) 
+	{
+		return 0;
+	}
+
+	static public Hash CreateMD5 (byte[] md5)
+	{
+		if (md5 == null)
+			throw new ArgumentNullException ("md5");
+		Hash h = new Hash ();
+		h._md5 = md5;
+		return h;
+	}
+
+	static public Hash CreateSHA1 (byte[] sha1)
+	{
+		if (sha1 == null)
+			throw new ArgumentNullException ("sha1");
+		Hash h = new Hash ();
+		h._sha1 = sha1;
+		return h;
+	}
+}
+
+}