-
Notifications
You must be signed in to change notification settings - Fork 5.2k
Description
Summary
Similar to #31095, we don't currently have a way to create a synchronization object with a given ACL in .NET Core. We can modify the ACL, but it would be more secure to have the proper ACL on the object from the start.
The related ACLs are already exposed in the System.Threading.AccessControl
assembly , we should add creation extension methods to the existing ThreadingAclExtensions
.
Proposal
Add the following three creation methods to the existing ThreadingAclExtensions
class in the System.Threading.AccessControl
assembly:
namespace System.Threading
{
public static class ThreadingAclExtensions
{
// Add
public static EventWaitHandle CreateEventWaitHandle(
this EventWaitHandleSecurity eventSecurity
bool initialState,
EventResetMode mode,
string name,
out bool createdNew);
public static Mutex CreateMutex(
this MutexSecurity mutexSecurity,
bool initiallyOwned,
string name,
out bool createdNew);
public static Semaphore CreateSemaphore(
this SemaphoreSecurity semaphoreSecurity,
int initialCount,
int maximumCount,
string name,
out bool createdNew);
// Existing
public static EventWaitHandleSecurity GetAccessControl(this EventWaitHandle handle);
public static void SetAccessControl(this EventWaitHandle handle, EventWaitHandleSecurity eventSecurity);
public static MutexSecurity GetAccessControl(this Mutex mutex);
public static void SetAccessControl(this Mutex mutex, MutexSecurity mutexSecurity);
public static SemaphoreSecurity GetAccessControl(this Semaphore semaphore);
public static void SetAccessControl(this Semaphore semaphore, SemaphoreSecurity semaphoreSecurity);
}
}
Details
These primitives live in CoreLib.
We can not support creating unnamed objects without adding new constructors to the types. With names, we can create and then call the open existing methods. If we want to support unnamed I would suggest we add new OpenExisting()
overloads that take the handle that our extension methods create. It may not be critical as you need the handle to the unnamed object, so discrete ACL setting should be ok...
Related Issues
#31095 API Proposal: Add file and directory creation methods that take an ACL
CC: @danmosemsft, @ericstj, @terrajobst, @kouvel