2004-08-19 Sebastien Pouliot <sebastien@ximian.com>

	* CodeAccessSecurityAttribute.cs: Namespace clean-up (removing System.)
	* EnvironmentPermission.cs: Common exception for flags validation.
	Fixed Fx 2.0 return values (String.Empty not null).
	* EnvironmentPermissionAttribute.cs: Namespace clean-up.
	* FileIOPermission.cs: Updated to use the common template. Added Fx
	2.0 properties.
	* FileIOPermissionAttribute.cs: Added Fx 2.0 properties.
	* HostProtectionAttribute.cs: Namespace clean-up (removing System.)
	* IsolatedStoragePermissionAttribute.cs: Namespace cleanup.
	* KeyContainerPermissionAttribute.cs: Added default values. Removed
	unrequired flags validations. Can now create unrestricted permissions.
	* PermissionSetAttribute.cs: Added new Fx 2.0 Hex property.
	* PrincipalPermission.cs: Updated to use the common template.
	* PrincipalPermissionAttribute.cs: Namespace cleanup.
	* PublisherIdentityPermissionAttribute.cs: Namespace cleanup.
	* RegistryPermission.cs: Updated to use the common template.
	* RegistryPermissionAttribute.cs: Added Fx 2.0 properties.
	* SecurityAttribute.cs: Namespace clean-up (removing System.)
	* SiteIdentityPermission.cs: Updated to use the common template.
	* SiteIdentityPermissionAttribute.cs: Move unrestricted responsability
	check to SiteIdentityPermission constructor.
	* StrongNamePermissionAttribute.cs: Move unrestricted responsability
	check to StrongNameIdentityPermission constructor.
	* UrlIdentityPermission.cs: Updated to use the common template.
	* UrlIdentityPermissionAttribute.cs: Move unrestricted responsability
	check to UrlIdentityPermission constructor.
	* ZoneIdentityPermissionAttribute.cs: Move unrestricted responsability
	check to ZoneIdentityPermission constructor.

svn path=/trunk/mcs/; revision=32537

22 files changed, 506 insertions, 395 deletions

diff --git a/mcs/class/corlib/System.Security.Permissions/ChangeLog b/mcs/class/corlib/System.Security.Permissions/ChangeLog
index 5608ec7dbe6..fe4797e6d2b 100644
--- a/mcs/class/corlib/System.Security.Permissions/ChangeLog
+++ b/mcs/class/corlib/System.Security.Permissions/ChangeLog
@@ -1,7 +1,35 @@
 2004-08-19  Sebastien Pouliot  <sebastien@ximian.com>
 
+	* CodeAccessSecurityAttribute.cs: Namespace clean-up (removing System.)
+	* EnvironmentPermission.cs: Common exception for flags validation.
+	Fixed Fx 2.0 return values (String.Empty not null).
+	* EnvironmentPermissionAttribute.cs: Namespace clean-up.
+	* FileIOPermission.cs: Updated to use the common template. Added Fx 
+	2.0 properties.
+	* FileIOPermissionAttribute.cs: Added Fx 2.0 properties.
+	* HostProtectionAttribute.cs: Namespace clean-up (removing System.)
+	* IsolatedStoragePermissionAttribute.cs: Namespace cleanup.
+	* KeyContainerPermissionAttribute.cs: Added default values. Removed
+	unrequired flags validations. Can now create unrestricted permissions.
+	* PermissionSetAttribute.cs: Added new Fx 2.0 Hex property.
+	* PrincipalPermission.cs: Updated to use the common template.
+	* PrincipalPermissionAttribute.cs: Namespace cleanup.
+	* PublisherIdentityPermissionAttribute.cs: Namespace cleanup.
+	* RegistryPermission.cs: Updated to use the common template.
+	* RegistryPermissionAttribute.cs: Added Fx 2.0 properties.
+	* SecurityAttribute.cs: Namespace clean-up (removing System.)
 	* SecurityPermission.cs: Updated to use the common template. Now 
 	pass all unit tests.
+	* SiteIdentityPermission.cs: Updated to use the common template.
+	* SiteIdentityPermissionAttribute.cs: Move unrestricted responsability
+	check to SiteIdentityPermission constructor.
+	* StrongNamePermissionAttribute.cs: Move unrestricted responsability
+	check to StrongNameIdentityPermission constructor.
+	* UrlIdentityPermission.cs: Updated to use the common template.
+	* UrlIdentityPermissionAttribute.cs: Move unrestricted responsability
+	check to UrlIdentityPermission constructor.
+	* ZoneIdentityPermissionAttribute.cs: Move unrestricted responsability
+	check to ZoneIdentityPermission constructor.
 
 2004-08-18  Sebastien Pouliot  <sebastien@ximian.com>
 
diff --git a/mcs/class/corlib/System.Security.Permissions/CodeAccessSecurityAttribute.cs b/mcs/class/corlib/System.Security.Permissions/CodeAccessSecurityAttribute.cs
index cd1ffb01f09..f7bb4c2009b 100644
--- a/mcs/class/corlib/System.Security.Permissions/CodeAccessSecurityAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/CodeAccessSecurityAttribute.cs
@@ -32,25 +32,24 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
-using System.Security.Permissions;
-
 namespace System.Security.Permissions {
 
-	[System.AttributeUsage(
-		System.AttributeTargets.Assembly 
-		| System.AttributeTargets.Class 
-		| System.AttributeTargets.Struct 
-		| System.AttributeTargets.Constructor 
-		| System.AttributeTargets.Method, 
+	[AttributeUsage(
+		AttributeTargets.Assembly 
+		| AttributeTargets.Class 
+		| AttributeTargets.Struct 
+		| AttributeTargets.Constructor 
+		| AttributeTargets.Method, 
 		AllowMultiple=true, 
 		Inherited=false)
 	]
 	[Serializable]
 	public abstract class CodeAccessSecurityAttribute : SecurityAttribute {
 
-		public CodeAccessSecurityAttribute (SecurityAction action) : base (action) {}
-
-	}  // public abstract class CodeAccessSecurityAttribute
-}  // namespace System.Security.Permissions
+		public CodeAccessSecurityAttribute (SecurityAction action) 
+			: base (action)
+		{
+		}
+	}
+}
 
diff --git a/mcs/class/corlib/System.Security.Permissions/EnvironmentPermission.cs b/mcs/class/corlib/System.Security.Permissions/EnvironmentPermission.cs
index 5b113c06f1e..9a0e8758e42 100644
--- a/mcs/class/corlib/System.Security.Permissions/EnvironmentPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/EnvironmentPermission.cs
@@ -102,7 +102,8 @@ namespace System.Security.Permissions {
 					}
 					break;
 				default:
-					throw new ArgumentException ("Invalid EnvironmentPermissionAccess", "flag");
+					ThrowInvalidFlag (flag, false);
+					break;
 			}
 		}
 
@@ -141,7 +142,8 @@ namespace System.Security.Permissions {
 			switch (flag) {
 				case EnvironmentPermissionAccess.AllAccess:
 				case EnvironmentPermissionAccess.NoAccess:
-					throw new ArgumentException ("Invalid EnvironmentPermissionAccess in context", "flag");
+					ThrowInvalidFlag (flag, true);
+					break;
 				case EnvironmentPermissionAccess.Read:
 					foreach (string path in readList) {
 						sb.Append (path);
@@ -155,14 +157,19 @@ namespace System.Security.Permissions {
 					}
 					break;
 				default:
-					throw new ArgumentException ("Unknown EnvironmentPermissionAccess", "flag");
+					ThrowInvalidFlag (flag, false);
+					break;
 			}
 			string result = sb.ToString ();
 			// remove last ';'
 			int n = result.Length;
 			if (n > 0)
 				return result.Substring (0, n - 1);
+#if NET_2_0
+			return String.Empty;
+#else
 			return ((_state == PermissionState.Unrestricted) ? String.Empty : null);
+#endif
 		}
 
 		public override IPermission Intersect (IPermission target)
@@ -208,7 +215,6 @@ namespace System.Security.Permissions {
 			if (ep == null)
 				return false;
 
-
 			if (IsUnrestricted ())
 				return ep.IsUnrestricted ();
 			else if (ep.IsUnrestricted ())
@@ -265,7 +271,8 @@ namespace System.Security.Permissions {
 					}
 					break;
 				default:
-					throw new ArgumentException ("Invalid EnvironmentPermissionAccess", "flag");
+					ThrowInvalidFlag (flag, false);
+					break;
 			}
 		}
 
@@ -327,6 +334,16 @@ namespace System.Security.Permissions {
 			return ep;
 		}
 
+		internal void ThrowInvalidFlag (EnvironmentPermissionAccess flag, bool context) 
+		{
+			string msg = null;
+			if (context)
+				msg = Locale.GetText ("Unknown flag '{0}'.");
+			else
+				msg = Locale.GetText ("Invalid flag '{0}' in this context.");
+			throw new ArgumentException (String.Format (msg, flag), "flag");
+		}
+
 		#endregion // Methods
 	}
 }
diff --git a/mcs/class/corlib/System.Security.Permissions/EnvironmentPermissionAttribute.cs b/mcs/class/corlib/System.Security.Permissions/EnvironmentPermissionAttribute.cs
index e202507c083..c544f48a701 100644
--- a/mcs/class/corlib/System.Security.Permissions/EnvironmentPermissionAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/EnvironmentPermissionAttribute.cs
@@ -3,13 +3,10 @@
 //
 // Authors
 //	Duncan Mak <duncan@ximian.com>
-//	Sebastien Pouliot <spouliot@motus.com>
+//	Sebastien Pouliot  <sebastien@ximian.com>
 //
 // (C) 2002 Ximian, Inc. http://www.ximian.com
 // Portions Copyright (C) 2003 Motus Technologies (http://www.motus.com)
-//
-
-//
 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -32,8 +29,6 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
-
 namespace System.Security.Permissions {
 
 	[AttributeUsage (AttributeTargets.Assembly | AttributeTargets.Class |
@@ -47,11 +42,13 @@ namespace System.Security.Permissions {
 		private string write;
 		
 		// Constructor
-		public EnvironmentPermissionAttribute (SecurityAction action) : base (action) {}
+		public EnvironmentPermissionAttribute (SecurityAction action) : base (action)
+		{
+		}
 		
 		// Properties
 		public string All {
-#if ! NET_1_0
+#if NET_1_1
 			get { throw new NotSupportedException ("All"); }
 #endif
 			set { 
diff --git a/mcs/class/corlib/System.Security.Permissions/FileIOPermission.cs b/mcs/class/corlib/System.Security.Permissions/FileIOPermission.cs
index 8113954f203..0118b52f94c 100644
--- a/mcs/class/corlib/System.Security.Permissions/FileIOPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/FileIOPermission.cs
@@ -1,15 +1,11 @@
-//------------------------------------------------------------------------------

 // 

 // System.Security.Permissions.FileIOPermission.cs 

 //

-// Copyright (C) 2001 Nick Drochak, All Rights Reserved

-// 

-// Author:         Nick Drochak, ndrochak@gol.com

-// Created:        2002-01-09 

-//

-//------------------------------------------------------------------------------

-
+// Authors:
+//	Nick Drochak, ndrochak@gol.com

+//	Sebastien Pouliot  <sebastien@ximian.com>
 //
+// Copyright (C) 2001 Nick Drochak, All Rights Reserved

 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -35,12 +31,18 @@
 using System.Collections;

 using System.IO;

 using System.Text;

+
+#if NET_2_0
+using System.Security.AccessControl;
+#endif
 

 namespace System.Security.Permissions {

 

 	[Serializable]

 	public sealed class FileIOPermission

                 : CodeAccessPermission, IBuiltInPermission, IUnrestrictedPermission {

+
+		private const int version = 1;
 

 		private static char[] m_badCharacters = {'\"','<', '>', '|', '*', '?'};

 		private bool m_Unrestricted = false;

@@ -48,18 +50,16 @@ namespace System.Security.Permissions {
 		private FileIOPermissionAccess m_AllFilesAccess = FileIOPermissionAccess.NoAccess;

 		private FileIOPermissionAccess m_AllLocalFilesAccess = FileIOPermissionAccess.NoAccess;

 

-		public FileIOPermission(PermissionState state) {

-			if (!Enum.IsDefined(typeof(PermissionState), state)){

-				throw new ArgumentException("Invalid permission state.", "state");

-			}

-			m_Unrestricted = (PermissionState.Unrestricted == state);

-			if (m_Unrestricted) {

+		public FileIOPermission (PermissionState state)
+		{

+			if (CheckPermissionState (state, true) == PermissionState.Unrestricted) {
+				m_Unrestricted = true;

 				m_AllFilesAccess = FileIOPermissionAccess.AllAccess;

 				m_AllLocalFilesAccess = FileIOPermissionAccess.AllAccess;

 			}

 		}

 

-		public FileIOPermission(FileIOPermissionAccess access, string path)
+		public FileIOPermission (FileIOPermissionAccess access, string path)
 		{
 			if (path == null)
 				throw new ArgumentNullException ("path");
@@ -75,7 +75,7 @@ namespace System.Security.Permissions {
 			AddPathList(access, path);

 		}

 

-		public FileIOPermission(FileIOPermissionAccess access, string[] pathList)
+		public FileIOPermission (FileIOPermissionAccess access, string[] pathList)
 		{

 			if (pathList == null)
 				throw new ArgumentNullException ("pathList");
@@ -85,8 +85,22 @@ namespace System.Security.Permissions {
 			}

 

 			AddPathList(access, pathList);

+		}
+
+#if NET_2_0
+		[MonoTODO ("Access Control isn't implemented")]
+		public FileIOPermission (FileIOPermissionAccess access, AccessControlActions control, string path)
+		{
+			throw new NotImplementedException ();
 		}

 

+		[MonoTODO ("Access Control isn't implemented")]
+		public FileIOPermission (FileIOPermissionAccess access, AccessControlActions control, string[] pathList)
+		{

+			throw new NotImplementedException ();
+		}
+#endif

+

 		public FileIOPermissionAccess AllFiles {

 			get {

 				return m_AllFilesAccess;

@@ -136,11 +150,11 @@ namespace System.Security.Permissions {
 			}

 		}

 

-		public void AddPathList(FileIOPermissionAccess access, string[] pathList	){

-			foreach(string path in pathList){

-				AddPathList(access, path);

+		public void AddPathList (FileIOPermissionAccess access, string[] pathList)
+		{

+			foreach (string path in pathList) {

+				AddPathList (access, path);

 			}

-			

 		}

 

 		// private constructor used by Copy() method

@@ -172,33 +186,31 @@ namespace System.Security.Permissions {
 								 ) v Unrestricted=”true” 

 								 />

 		*/

-		public override void FromXml(SecurityElement esd){

-			if (null == esd) {

-				throw new ArgumentNullException();

-			}

-			if (esd.Tag != "IPermission" || (string)esd.Attributes["class"] != "FileIOPermission"

-					|| (string)esd.Attributes["version"] != "1"){

-				throw new ArgumentException("Not a valid permission element");

-			}

-			m_PathList.Clear();

-			if ("true" == (string)esd.Attributes["Unrestricted"]){

+		public override void FromXml (SecurityElement esd)
+		{

+			// General validation in CodeAccessPermission
+			CheckSecurityElement (esd, "esd", version, version);
+			// Note: we do not (yet) care about the return value 
+			// as we only accept version 1 (min/max values)
+
+			m_PathList.Clear ();

+			if (IsUnrestricted (esd)) {

 				m_Unrestricted = true;

 			}

 			else{

 				m_Unrestricted = false;

-				string fileList;

-				fileList = (string)esd.Attributes["Read"];

+				string fileList = esd.Attribute ("Read");

 				string[] files;

 				if (fileList != null){

 					files = fileList.Split(';');

 					AddPathList(FileIOPermissionAccess.Read, files);

 				}

-				fileList = (string)esd.Attributes["Write"];

+				fileList = esd.Attribute ("Write");

 				if (fileList != null){

 					files = fileList.Split(';');

 					AddPathList(FileIOPermissionAccess.Write, files);

 				}

-				fileList = (string)esd.Attributes["Append"];

+				fileList = esd.Attribute ("Append");

 				if (fileList != null){

 					files = fileList.Split(';');

 					AddPathList(FileIOPermissionAccess.Append, files);

@@ -228,16 +240,12 @@ namespace System.Security.Permissions {
 			}

 		}

 

-		public override IPermission Intersect(IPermission target){ 

-			if (null == target){

+		public override IPermission Intersect (IPermission target)
+		{ 

+			FileIOPermission FIOPTarget = Cast (target);

+			if (FIOPTarget == null)

 				return null;

-			}

-			else {

-				if (target.GetType() != typeof(FileIOPermission)){

-					throw new ArgumentException();

-				}

-			}

-			FileIOPermission FIOPTarget = (FileIOPermission)target;

+
 			if (FIOPTarget.IsUnrestricted() && m_Unrestricted){

 				return new FileIOPermission(PermissionState.Unrestricted);

 			}

@@ -288,12 +296,10 @@ namespace System.Security.Permissions {
 		}

 

 

-		public override bool IsSubsetOf(IPermission target){

-			// X.IsSubsetOf(Y) is true if permission Y includes everything allowed by X.

-			if (target != null && target.GetType() != typeof(FileIOPermission)){

-				throw new ArgumentException();

-			}

-			FileIOPermission FIOPTarget = (FileIOPermission)target;

+		public override bool IsSubsetOf (IPermission target)
+		{
+			FileIOPermission FIOPTarget = Cast (target);

+
 			if (FIOPTarget.IsUnrestricted()){

 				return true;

 			}

@@ -344,7 +350,8 @@ namespace System.Security.Permissions {
 			}

 		}

 

-		public bool IsUnrestricted(){

+		public bool IsUnrestricted ()
+		{

 			return m_Unrestricted;

 		}

 

@@ -374,57 +381,46 @@ namespace System.Security.Permissions {
 			AddPathList(access, pathList);

 		}

 

-		public override SecurityElement ToXml(){

-			//Encode the the current permission to XML using the 

-			//security element class.

-			SecurityElement element = new SecurityElement("IPermission");

-			Type type = this.GetType();

-			StringBuilder AsmName = new StringBuilder(type.Assembly.ToString());

-			AsmName.Replace('\"', '\'');

-			element.AddAttribute("class", type.FullName + ", " + AsmName);

-			element.AddAttribute("version", "1");

-			if(m_Unrestricted){

-				element.AddAttribute("Unrestricted", "true");

+		public override SecurityElement ToXml ()
+		{

+			SecurityElement se = Element (1);
+			if (m_Unrestricted) {

+				se.AddAttribute("Unrestricted", "true");

 			}

 			else {

-				string[] paths;

-				paths = GetPathList(FileIOPermissionAccess.Append);

+				string[] paths = GetPathList(FileIOPermissionAccess.Append);

 				if (null != paths && paths.Length >0){

-					element.AddAttribute("Append", String.Join(";",paths));

+					se.AddAttribute("Append", String.Join(";",paths));

 				}

 				paths = GetPathList(FileIOPermissionAccess.Read);

 				if (null != paths && paths.Length >0){

-					element.AddAttribute("Read", String.Join(";",paths));

+					se.AddAttribute("Read", String.Join(";",paths));

 				}

 				paths = GetPathList(FileIOPermissionAccess.Write);

 				if (null != paths && paths.Length >0){

-					element.AddAttribute("Write", String.Join(";",paths));

+					se.AddAttribute("Write", String.Join(";",paths));

 				}

 			}

-			return element;

+			return se;

 		}

 

-		public override IPermission Union(IPermission other){

-			if (null == other){

+		public override IPermission Union (IPermission other)
+		{

+			FileIOPermission FIOPTarget = Cast (other);

+			if (FIOPTarget == null)

 				return null;

-			}

-			else {

-				if (other.GetType() != typeof(FileIOPermission)){

-					throw new ArgumentException();

-				}

-			}

-			FileIOPermission FIOPTarget = (FileIOPermission)other;

+
 			if (FIOPTarget.IsUnrestricted() || m_Unrestricted){

 				return new FileIOPermission(PermissionState.Unrestricted);

 			}

 			else{

 				FileIOPermission retVal = (FileIOPermission)Copy();

 				retVal.AllFiles |= FIOPTarget.AllFiles;

-				retVal.AllLocalFiles |= FIOPTarget.AllLocalFiles;

-				string[] paths;

-				paths = FIOPTarget.GetPathList(FileIOPermissionAccess.Append);

+				retVal.AllLocalFiles |= FIOPTarget.AllLocalFiles;
+

+				string[] paths = FIOPTarget.GetPathList(FileIOPermissionAccess.Append);

 				if (null != paths){

-						retVal.AddPathList(FileIOPermissionAccess.Append, paths);

+					retVal.AddPathList(FileIOPermissionAccess.Append, paths);

 				}

 				paths = FIOPTarget.GetPathList(FileIOPermissionAccess.Read);

 				if (null != paths){

@@ -438,10 +434,39 @@ namespace System.Security.Permissions {
 			}

 		}

 

+#if NET_2_0
+		[MonoTODO]
+		public override bool Equals (object obj)
+		{
+			return false;
+		}
+
+		[MonoTODO]
+		public override int GetHashCode ()
+		{
+			return base.GetHashCode ();
+		}
+#endif
+
 		// IBuiltInPermission

 		int IBuiltInPermission.GetTokenIndex ()

 		{

-			return 2;

-		}

+			return (int) BuiltInToken.FileIO;
+		}
+
+		// helpers
+
+		private FileIOPermission Cast (IPermission target)
+		{
+			if (target == null)
+				return null;
+
+			FileIOPermission fiop = (target as FileIOPermission);
+			if (fiop == null) {
+				ThrowInvalidPermission (target, typeof (FileIOPermission));
+			}
+
+			return fiop;
+		}
 	}

 }

diff --git a/mcs/class/corlib/System.Security.Permissions/FileIOPermissionAttribute.cs b/mcs/class/corlib/System.Security.Permissions/FileIOPermissionAttribute.cs
index aa7987a8bd2..92666454536 100644
--- a/mcs/class/corlib/System.Security.Permissions/FileIOPermissionAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/FileIOPermissionAttribute.cs
@@ -3,13 +3,10 @@
 //
 // Authors
 //	Duncan Mak <duncan@ximian.com>
-//	Sebastien Pouliot <spouliot@motus.com>
+//	Sebastien Pouliot  <sebastien@ximian.com>
 //
 // (C) 2002 Ximian, Inc. http://www.ximian.com
 // Portions Copyright (C) 2003 Motus Technologies (http://www.motus.com)
-//
-
-//
 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -32,8 +29,6 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
-
 namespace System.Security.Permissions {
 
 	[AttributeUsage (AttributeTargets.Assembly | AttributeTargets.Class |
@@ -47,14 +42,25 @@ namespace System.Security.Permissions {
 		private string path;
 		private string read;
 		private string write;
-		
+#if NET_2_0
+		private FileIOPermissionAccess allFiles;
+		private FileIOPermissionAccess allLocalFiles;
+		private string changeAccessControl;
+		private string viewAccessControl;
+		private string viewAndModify;
+#endif
+
 		// Constructor
-		public FileIOPermissionAttribute (SecurityAction action) : base (action) {}
+		public FileIOPermissionAttribute (SecurityAction action) : base (action)
+		{
+		}
 		
 		// Properties
-		public string All
-		{
-#if ! NET_1_0
+#if NET_2_0
+		[Obsolete ("use newer properties")]
+#endif
+		public string All {
+#if NET_1_1
 			get { throw new NotSupportedException ("All"); }
 #endif
 			set {
@@ -65,29 +71,57 @@ namespace System.Security.Permissions {
 			}
 		}
 
-		public string Append
-		{
+		public string Append {
 			get { return append; }
 			set { append = value; }
 		}
 
-		public string PathDiscovery
-		{
+		public string PathDiscovery {
 			get { return path; }
 			set { path = value; }
 		}
 
-		public string Read
-		{
+		public string Read {
 			get { return read; }
 			set { read = value; }
 		}				    
 		
-		public string Write
-		{
+		public string Write {
 			get { return write; }
 			set { write = value; }
 		}
+
+#if NET_2_0
+		public FileIOPermissionAccess AllFiles {
+			get { return allFiles; }
+			set { allFiles = value; }
+		}
+
+		public FileIOPermissionAccess AllLocalFiles {
+			get { return allLocalFiles; }
+			set { allLocalFiles = value; }
+		}
+
+		public string ChangeAccessControl {
+			get { return changeAccessControl; }
+			set { changeAccessControl = value; }
+		}
+
+		public string ViewAccessControl {
+			get { return viewAccessControl; }
+			set { viewAccessControl = value; }
+		}
+
+		public string ViewAndModify {
+			get { throw new NotSupportedException (); }	// as documented
+			set {
+				append = value;
+				path = value;
+				read = value;
+				write = value;
+			}
+		}
+#endif
 			 
 		// Methods
 		public override IPermission CreatePermission ()
diff --git a/mcs/class/corlib/System.Security.Permissions/HostProtectionAttribute.cs b/mcs/class/corlib/System.Security.Permissions/HostProtectionAttribute.cs
index 64a08a62e5d..1bee5588a60 100644
--- a/mcs/class/corlib/System.Security.Permissions/HostProtectionAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/HostProtectionAttribute.cs
@@ -30,8 +30,8 @@
 
 namespace System.Security.Permissions {
 
-	[System.AttributeUsage (System.AttributeTargets.Assembly | System.AttributeTargets.Class |
-		System.AttributeTargets.Struct | System.AttributeTargets.Constructor | System.AttributeTargets.Method, 
+	[AttributeUsage (AttributeTargets.Assembly | AttributeTargets.Class | AttributeTargets.Struct |
+		AttributeTargets.Constructor | AttributeTargets.Method | AttributeTargets.Delegate, 
 		AllowMultiple = true, Inherited = false)]
 	[Serializable]
 	public sealed class HostProtectionAttribute : CodeAccessSecurityAttribute {
diff --git a/mcs/class/corlib/System.Security.Permissions/IsolatedStoragePermissionAttribute.cs b/mcs/class/corlib/System.Security.Permissions/IsolatedStoragePermissionAttribute.cs
index 1e47a9377a5..70a526c2443 100644
--- a/mcs/class/corlib/System.Security.Permissions/IsolatedStoragePermissionAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/IsolatedStoragePermissionAttribute.cs
@@ -1,13 +1,10 @@
 //
-// System.Security.Permissions.IsolatedStoragePermissionAttributes.cs
+// System.Security.Permissions.IsolatedStoragePermissionAttribute.cs
 //
 // Author:
 //   Dan Lewis (dihlewis@yahoo.co.uk)
 //
 // (C) 2002
-//
-
-//
 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -30,8 +27,6 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
-
 namespace System.Security.Permissions {
 	
 	[AttributeUsage ( AttributeTargets.Assembly | AttributeTargets.Class |
@@ -40,7 +35,9 @@ namespace System.Security.Permissions {
 	[Serializable]
 	public abstract class IsolatedStoragePermissionAttribute : CodeAccessSecurityAttribute {
 		
-		public IsolatedStoragePermissionAttribute (SecurityAction action) : base (action) {
+		public IsolatedStoragePermissionAttribute (SecurityAction action) 
+			: base (action)
+		{
 		}
 
 		public IsolatedStorageContainment UsageAllowed {
diff --git a/mcs/class/corlib/System.Security.Permissions/KeyContainerPermissionAttribute.cs b/mcs/class/corlib/System.Security.Permissions/KeyContainerPermissionAttribute.cs
index ddc20ec1e1f..cd58beeb2d3 100644
--- a/mcs/class/corlib/System.Security.Permissions/KeyContainerPermissionAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/KeyContainerPermissionAttribute.cs
@@ -50,19 +50,15 @@ namespace System.Security.Permissions {
 		public KeyContainerPermissionAttribute (SecurityAction action) 
 			: base (action)
 		{
+			_spec = -1;
+			_type = -1;
 		}
 
 		// Properties
 
 		public KeyContainerPermissionFlags Flags {
 			get { return _flags; }
-			set {
-				if ((value & KeyContainerPermissionFlags.AllFlags) != 0) {
-					string msg = String.Format (Locale.GetText ("Invalid enum {0}"), value);
-					throw new ArgumentException (msg, "KeyContainerPermissionFlags");
-				}
-				_flags = value;
-			}
+			set { _flags = value; }
 		}
 
 		public string KeyContainerName {
@@ -94,9 +90,10 @@ namespace System.Security.Permissions {
 
 		public override IPermission CreatePermission ()
 		{
-			if (EmptyEntry ()) {
+			if (this.Unrestricted)
+				return new KeyContainerPermission (PermissionState.Unrestricted);
+			else if (EmptyEntry ())
 				return new KeyContainerPermission (_flags);
-			}
 			else {
 				KeyContainerPermissionAccessEntry[] list = new KeyContainerPermissionAccessEntry [1];
 				list [0] = new KeyContainerPermissionAccessEntry (_store, _providerName, _type, _containerName, _spec, _flags);
diff --git a/mcs/class/corlib/System.Security.Permissions/PermissionSetAttribute.cs b/mcs/class/corlib/System.Security.Permissions/PermissionSetAttribute.cs
index a88f924340c..c5e0139d84a 100644
--- a/mcs/class/corlib/System.Security.Permissions/PermissionSetAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/PermissionSetAttribute.cs
@@ -3,12 +3,9 @@
 //
 // Authors
 //	Duncan Mak <duncan@ximian.com>
-//	Sebastien Pouliot  <spouliot@videotron.ca>
+//	Sebastien Pouliot  <sebastien@ximian.com>
 //
 // (C) 2002 Ximian, Inc. http://www.ximian.com
-//
-
-//
 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -31,7 +28,6 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
 using System.IO;
 using System.Security.Policy;
 using System.Text;
@@ -51,6 +47,9 @@ namespace System.Security.Permissions {
 		private string name;
 		private bool isUnicodeEncoded;
 		private string xml;
+#if NET_2_0
+		private string hex;
+#endif
 		
 		// Constructor
 		public PermissionSetAttribute (SecurityAction action)
@@ -59,26 +58,28 @@ namespace System.Security.Permissions {
 		}
 		
 		// Properties
-		public string File
-		{
+		public string File {
 			get { return file; }
 			set { file = value; }
 		}
-
-		public string Name
-		{
+#if NET_2_0
+		[MonoTODO ("Undocumented")]
+		public string Hex {
+			get { return hex; }
+			set { hex = value; }
+		}
+#endif
+		public string Name {
 			get { return name; }
 			set { name = value; }
 		}
 
-		public bool UnicodeEncoded
-		{
+		public bool UnicodeEncoded {
 			get { return isUnicodeEncoded; }
 			set { isUnicodeEncoded = value; }
 		}
 
-		public string XML
-		{
+		public string XML {
 			get { return xml; }
 			set { xml = value; }
 		}
@@ -100,7 +101,7 @@ namespace System.Security.Permissions {
 				return null;
 
 			PermissionState state = PermissionState.None;
-			if (se.Attribute ("Unrestricted") == "true")
+			if (CodeAccessPermission.IsUnrestricted (se))
 				state = PermissionState.Unrestricted;
 
 			if (className.EndsWith ("NamedPermissionSet")) {
diff --git a/mcs/class/corlib/System.Security.Permissions/PrincipalPermission.cs b/mcs/class/corlib/System.Security.Permissions/PrincipalPermission.cs
index c4e27c19dd5..aa146abaa38 100644
--- a/mcs/class/corlib/System.Security.Permissions/PrincipalPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/PrincipalPermission.cs
@@ -27,10 +27,8 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
 using System.Collections;
 using System.Security.Principal;
-using System.Text;
 using System.Threading;
 
 namespace System.Security.Permissions {
@@ -38,6 +36,8 @@ namespace System.Security.Permissions {
 	[Serializable]
 	public sealed class PrincipalPermission : IPermission, IUnrestrictedPermission, IBuiltInPermission {
 
+		private const int version = 1;
+
 		internal class PrincipalInfo {
 
 			private string _name;
@@ -71,15 +71,9 @@ namespace System.Security.Permissions {
 		public PrincipalPermission (PermissionState state)
 		{
 			principals = new ArrayList ();
-			switch (state) {
-				case PermissionState.None:
-					break;
-				case PermissionState.Unrestricted:
-					PrincipalInfo pi = new PrincipalInfo (null, null, true);
-					principals.Add (pi);
-					break;
-				default:
-					throw new ArgumentException ("unknown PermissionState");
+			if (CodeAccessPermission.CheckPermissionState (state, true) == PermissionState.Unrestricted) {
+				PrincipalInfo pi = new PrincipalInfo (null, null, true);
+				principals.Add (pi);
 			}
 		}
 
@@ -136,14 +130,10 @@ namespace System.Security.Permissions {
 
 		public void FromXml (SecurityElement esd) 
 		{
-			if (esd == null)
-				throw new ArgumentNullException ("esd");
-			if (esd.Tag != "IPermission")
-				throw new ArgumentException ("not IPermission");
-			if (!(esd.Attributes ["class"] as string).StartsWith ("System.Security.Permissions.PrincipalPermission"))
-				throw new ArgumentException ("not PrincipalPermission");
-			if ((esd.Attributes ["version"] as string) != "1")
-				throw new ArgumentException ("wrong version");
+			// General validation in CodeAccessPermission
+			CodeAccessPermission.CheckSecurityElement (esd, "esd", version, version);
+			// Note: we do not (yet) care about the return value 
+			// as we only accept version 1 (min/max values)
 
 			// Children is null, not empty, when no child is present
 			if (esd.Children != null) {
@@ -161,20 +151,18 @@ namespace System.Security.Permissions {
 
 		public IPermission Intersect (IPermission target) 
 		{
-			if (target == null)
+			PrincipalPermission pp = Cast (target);
+			if (pp == null)
 				return null;
-			if (! (target is PrincipalPermission))
-				throw new ArgumentException ("wrong type");
 
-			PrincipalPermission o = (PrincipalPermission) target;
 			if (IsUnrestricted ())
-				return o.Copy ();
-			if (o.IsUnrestricted ())
+				return pp.Copy ();
+			if (pp.IsUnrestricted ())
 				return Copy ();
 
 			PrincipalPermission intersect = new PrincipalPermission (PermissionState.None);
 			foreach (PrincipalInfo pi in principals) {
-				foreach (PrincipalInfo opi in o.principals) {
+				foreach (PrincipalInfo opi in pp.principals) {
 					if (pi.IsAuthenticated == opi.IsAuthenticated) {
 						string name = null;
 						if ((pi.Name == opi.Name) || (opi.Name == null))
@@ -195,22 +183,19 @@ namespace System.Security.Permissions {
 
 		public bool IsSubsetOf (IPermission target) 
 		{
-			if (target == null)
+			PrincipalPermission pp = Cast (target);
+			if (pp == null)
 				return false;
 
-			if (! (target is PrincipalPermission))
-				throw new ArgumentException ("wrong type");
-
-			PrincipalPermission o = (PrincipalPermission) target;
 			if (IsUnrestricted ())
-				return o.IsUnrestricted ();
-			else if (o.IsUnrestricted ())
+				return pp.IsUnrestricted ();
+			else if (pp.IsUnrestricted ())
 				return true;
 
 			// each must be a subset of the target
 			foreach (PrincipalInfo pi in principals) {
 				bool thisItem = false;
-				foreach (PrincipalInfo opi in o.principals) {
+				foreach (PrincipalInfo opi in pp.principals) {
 					if (((pi.Name == opi.Name) || (opi.Name == null)) && 
 						((pi.Role == opi.Role) || (opi.Role == null)) && 
 						(pi.IsAuthenticated == opi.IsAuthenticated))
@@ -241,10 +226,9 @@ namespace System.Security.Permissions {
 		{
 			SecurityElement se = new SecurityElement ("IPermission");
 			Type type = this.GetType ();
-			StringBuilder asmName = new StringBuilder (type.Assembly.ToString ());
-			asmName.Replace ('\"', '\'');
-			se.AddAttribute ("class", type.FullName + ", " + asmName);
-			se.AddAttribute ("version", "1");
+			se.AddAttribute ("class", type.FullName + ", " + type.Assembly.ToString ().Replace ('\"', '\''));
+			se.AddAttribute ("version", version.ToString ());
+
 			foreach (PrincipalInfo pi in principals) {
 				SecurityElement sec = new SecurityElement ("Identity");
 				if (pi.Name != null)
@@ -260,17 +244,15 @@ namespace System.Security.Permissions {
 
 		public IPermission Union (IPermission target)
 		{
-			if (target == null)
+			PrincipalPermission pp = Cast (target);
+			if (pp == null)
 				return Copy ();
-			if (! (target is PrincipalPermission))
-				throw new ArgumentException ("wrong type");
 
-			PrincipalPermission o = (PrincipalPermission) target;
-			if (IsUnrestricted () || o.IsUnrestricted ())
+			if (IsUnrestricted () || pp.IsUnrestricted ())
 				return new PrincipalPermission (PermissionState.Unrestricted);
 
 			PrincipalPermission union = new PrincipalPermission (principals);
-			foreach (PrincipalInfo pi in o.principals)
+			foreach (PrincipalInfo pi in pp.principals)
 				principals.Add (pi);
 
 			return union;
@@ -281,6 +263,7 @@ namespace System.Security.Permissions {
 		{
 			if (obj == null)
 				return false;
+
 			PrincipalPermission pp = (obj as PrincipalPermission);
 			if (pp == null)
 				return false;
@@ -317,7 +300,22 @@ namespace System.Security.Permissions {
 		// IBuiltInPermission
 		int IBuiltInPermission.GetTokenIndex ()
 		{
-			return 8;
+			return (int) BuiltInToken.Principal;
+		}
+
+		// helpers
+
+		private PrincipalPermission Cast (IPermission target)
+		{
+			if (target == null)
+				return null;
+
+			PrincipalPermission pp = (target as PrincipalPermission);
+			if (pp == null) {
+				CodeAccessPermission.ThrowInvalidPermission (target, typeof (PrincipalPermission));
+			}
+
+			return pp;
 		}
 	}
 }
diff --git a/mcs/class/corlib/System.Security.Permissions/PrincipalPermissionAttribute.cs b/mcs/class/corlib/System.Security.Permissions/PrincipalPermissionAttribute.cs
index 7500ccaf48d..a41a3b7321a 100644
--- a/mcs/class/corlib/System.Security.Permissions/PrincipalPermissionAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/PrincipalPermissionAttribute.cs
@@ -1,12 +1,11 @@
 //
 // System.Security.Permissions.PrincipalPermissionAttribute.cs
 //
-// Duncan Mak <duncan@ximian.com>
+// Authors:
+//	Duncan Mak <duncan@ximian.com>
+//	Sebastien Pouliot  <sebastien@ximian.com>
 //
 // (C) 2002 Ximian, Inc. http://www.ximian.com
-//
-
-//
 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -29,8 +28,6 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
-
 namespace System.Security.Permissions {
 
 	[AttributeUsage (AttributeTargets.Class | AttributeTargets.Method, AllowMultiple=true, Inherited=false)]
@@ -50,20 +47,17 @@ namespace System.Security.Permissions {
 		}
 
 		// Properties
-		public bool Authenticated
-		{
+		public bool Authenticated {
 			get { return authenticated; }
 			set { authenticated = value; }
 		}
-			 			 
-		public string Name
-		{
+
+		public string Name {
 			get { return name; }
 			set { name = value; }
 		}
-			 
-		public string Role
-		{
+
+		public string Role {
 			get { return role; }
 			set { role = value; }
 		}
diff --git a/mcs/class/corlib/System.Security.Permissions/PublisherIdentityPermissionAttribute.cs b/mcs/class/corlib/System.Security.Permissions/PublisherIdentityPermissionAttribute.cs
index f02e2b783eb..0e7b5b0efd7 100644
--- a/mcs/class/corlib/System.Security.Permissions/PublisherIdentityPermissionAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/PublisherIdentityPermissionAttribute.cs
@@ -6,9 +6,6 @@
 //
 // (C) 2003 Motus Technologies Inc. (http://www.motus.com)
 // (C) 2004 Novell (http://www.novell.com)
-//
-
-//
 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -31,8 +28,7 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
-using System.Security.Cryptography.X509Certificates;
+using SSCX = System.Security.Cryptography.X509Certificates;
 
 using Mono.Security.Cryptography;
 
@@ -48,7 +44,10 @@ namespace System.Security.Permissions {
 		private string signedFile;
 		private string x509data;
 		
-		public PublisherIdentityPermissionAttribute (SecurityAction action) : base (action) {}
+		public PublisherIdentityPermissionAttribute (SecurityAction action)
+			: base (action)
+		{
+		}
 
 		// If X509Certificate is set, this property is ignored.
 		public string CertFile {
@@ -70,20 +69,20 @@ namespace System.Security.Permissions {
 		public override IPermission CreatePermission ()
 		{
 			if (this.Unrestricted)
-				throw new ArgumentException ("Unsupported PermissionState.Unrestricted");
+				return new PublisherIdentityPermission (PermissionState.Unrestricted);
 
-			X509Certificate x509 = null;
+			SSCX.X509Certificate x509 = null;
 			if (x509data != null) {
 				byte[] rawcert = CryptoConvert.FromHex (x509data);
-				x509 = new X509Certificate (rawcert);
+				x509 = new SSCX.X509Certificate (rawcert);
 				return new PublisherIdentityPermission (x509);
 			}
 			if (certFile != null) {
-				x509 = System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile (certFile);
+				x509 = SSCX.X509Certificate.CreateFromCertFile (certFile);
 				return new PublisherIdentityPermission (x509);
 			}
 			if (signedFile != null) {
-				x509 = System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromSignedFile (signedFile);
+				x509 = SSCX.X509Certificate.CreateFromSignedFile (signedFile);
 				return new PublisherIdentityPermission (x509);
 			}
 			return new PublisherIdentityPermission (PermissionState.None);
diff --git a/mcs/class/corlib/System.Security.Permissions/RegistryPermission.cs b/mcs/class/corlib/System.Security.Permissions/RegistryPermission.cs
index 82640bfe338..a42270c8273 100644
--- a/mcs/class/corlib/System.Security.Permissions/RegistryPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/RegistryPermission.cs
@@ -2,12 +2,9 @@
 // System.Security.Permissions.RegistryPermission.cs
 //
 // Author
-//	Sebastien Pouliot  <spouliot@motus.com>
+//	Sebastien Pouliot  <sebastien@ximian.com>
 //
 // Copyright (C) 2003 Motus Technologies. http://www.motus.com
-//
-
-//
 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -30,24 +27,31 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
 using System.Globalization;
 
+#if NET_2_0
+using System.Security.AccessControl;
+#endif
+
 namespace System.Security.Permissions {
 
 	[Serializable]
 	public sealed class RegistryPermission
 		: CodeAccessPermission, IUnrestrictedPermission, IBuiltInPermission {
 
+		private const int version = 1;
+
 		private PermissionState _state;
 		private RegistryPermissionAccess _access;
 		private string _pathList;
-
+#if NET_2_0
+		private AccessControlActions _control;
+#endif
 		// Constructors
 
 		public RegistryPermission (PermissionState state)
 		{
-			_state = state;
+			_state = CheckPermissionState (state, true);
 		}
 
 		public RegistryPermission (RegistryPermissionAccess access, string pathList)
@@ -55,7 +59,17 @@ namespace System.Security.Permissions {
 			_state = PermissionState.None;
 			AddPathList (access, pathList);
 		}
-
+#if NET_2_0
+		public RegistryPermission (RegistryPermissionAccess access, AccessControlActions control, string pathList)
+		{
+			if (!Enum.IsDefined (typeof (AccessControlActions), control)) {
+				string msg = String.Format (Locale.GetText ("Invalid enum {0}"), control);
+				throw new ArgumentException (msg, "AccessControlActions");
+			}
+			_state = PermissionState.None;
+			AddPathList (access, control, pathList);
+		}
+#endif
 		// Properties
 
 		// Methods
@@ -64,7 +78,12 @@ namespace System.Security.Permissions {
 		public void AddPathList (RegistryPermissionAccess access, string pathList) 
 		{
 		}
-
+#if NET_2_0
+		[MonoTODO]
+		public void AddPathList (RegistryPermissionAccess access, AccessControlActions control, string pathList) 
+		{
+		}
+#endif
 		[MonoTODO]
 		public string GetPathList (RegistryPermissionAccess access)
 		{
@@ -93,17 +112,10 @@ namespace System.Security.Permissions {
 
 		public override void FromXml (SecurityElement esd) 
 		{
-			if (esd == null)
-				throw new ArgumentNullException (
-					Locale.GetText ("The argument is null."));
-			
-			if (esd.Attribute ("class") != GetType ().AssemblyQualifiedName)
-				throw new ArgumentException (
-					Locale.GetText ("The argument is not valid"));
-
-			if (esd.Attribute ("version") != "1")
-				throw new ArgumentException (
-					Locale.GetText ("The argument is not valid"));
+			// General validation in CodeAccessPermission
+			CheckSecurityElement (esd, "esd", version, version);
+			// Note: we do not (yet) care about the return value 
+			// as we only accept version 1 (min/max values)
 
 			// This serialization format stinks
 			foreach (object o in esd.Attributes.Keys) {
@@ -145,11 +157,8 @@ namespace System.Security.Permissions {
 
 		public override SecurityElement ToXml () 
 		{
-			SecurityElement e = new SecurityElement ("IPermission");
-			e.AddAttribute ("class", GetType ().AssemblyQualifiedName);
-			e.AddAttribute ("version", "1");
+			SecurityElement e = Element (version);
 			e.AddAttribute (_access.ToString (), _pathList);
-
 			return e;
 		}
 
@@ -162,7 +171,22 @@ namespace System.Security.Permissions {
 		// IBuiltInPermission
 		int IBuiltInPermission.GetTokenIndex ()
 		{
-			return 5;
+			return (int) BuiltInToken.Registry;
+		}
+
+		// helpers
+
+		private RegistryPermission Cast (IPermission target)
+		{
+			if (target == null)
+				return null;
+
+			RegistryPermission rp = (target as RegistryPermission);
+			if (rp == null) {
+				ThrowInvalidPermission (target, typeof (RegistryPermission));
+			}
+
+			return rp;
 		}
 	}
 }
diff --git a/mcs/class/corlib/System.Security.Permissions/RegistryPermissionAttribute.cs b/mcs/class/corlib/System.Security.Permissions/RegistryPermissionAttribute.cs
index f7d0799791f..e2a3fff6060 100644
--- a/mcs/class/corlib/System.Security.Permissions/RegistryPermissionAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/RegistryPermissionAttribute.cs
@@ -3,13 +3,10 @@
 //
 // Authors
 //	Duncan Mak <duncan@ximian.com>
-//	Sebastien Pouliot <spouliot@motus.com>
+//	Sebastien Pouliot  <sebastien@ximian.com>
 //
 // (C) 2002 Ximian, Inc. http://www.ximian.com
 // Portions Copyright (C) 2003 Motus Technologies (http://www.motus.com)
-//
-
-//
 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -46,13 +43,22 @@ namespace System.Security.Permissions {
 		private string create;
 		private string read;
 		private string write;
-		       
+#if NET_2_0
+		private string changeAccessControl;
+		private string viewAccessControl;
+		private string viewAndModify;
+#endif
+
 		// Constructor
-		public RegistryPermissionAttribute (SecurityAction action) : base (action) {}
+		public RegistryPermissionAttribute (SecurityAction action) : base (action)
+		{
+		}
 		
 		// Properties
-		public string All
-		{
+#if NET_2_0
+		[Obsolete ("use newer properties")]
+#endif
+		public string All {
 #if ! NET_1_0
 			get { throw new NotSupportedException ("All"); }
 #endif
@@ -63,24 +69,41 @@ namespace System.Security.Permissions {
 			}
 		}
 		
-		public string Create
-		{
+		public string Create {
 			get { return create; }
 			set { create = value; }
 		}
 
-		public string Read
-		{ 
+		public string Read { 
 			get { return read; }
 			set { read = value; }
 		}
 
-		public string Write
-		{
+		public string Write {
 			get { return write; }
 			set { write = value; }
 		}
 
+#if NET_2_0
+		public string ChangeAccessControl {
+			get { return changeAccessControl; }
+			set { changeAccessControl = value; }
+		}
+
+		public string ViewAccessControl {
+			get { return viewAccessControl; }
+			set { viewAccessControl = value; }
+		}
+
+		public string ViewAndModify {
+			get { throw new NotSupportedException (); }	// as documented
+			set {
+				create = value;
+				read = value;
+				write = value;
+			}
+		}
+#endif
 		// Methods
 		public override IPermission CreatePermission ()
 		{
diff --git a/mcs/class/corlib/System.Security.Permissions/SecurityAttribute.cs b/mcs/class/corlib/System.Security.Permissions/SecurityAttribute.cs
index d8f4492cc67..da39130e4c5 100644
--- a/mcs/class/corlib/System.Security.Permissions/SecurityAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/SecurityAttribute.cs
@@ -33,16 +33,16 @@
 //
 
 namespace System.Security.Permissions {
-	[System.AttributeUsage(
-		System.AttributeTargets.Assembly 
-		| System.AttributeTargets.Class 
-		| System.AttributeTargets.Struct 
-		| System.AttributeTargets.Constructor 
-		| System.AttributeTargets.Method, 
+
+	[AttributeUsage(
+		AttributeTargets.Assembly 
+		| AttributeTargets.Class 
+		| AttributeTargets.Struct 
+		| AttributeTargets.Constructor 
+		| AttributeTargets.Method, 
 		AllowMultiple=true, 
 		Inherited=false)
 	]
-
 	[Serializable]
 	public abstract class SecurityAttribute : Attribute {
 
@@ -57,21 +57,13 @@ namespace System.Security.Permissions {
 		public abstract IPermission CreatePermission ();
 
 		public bool Unrestricted {
-			get {
-				return m_Unrestricted;
-			}
-			set {
-				m_Unrestricted = value;
-			}
+			get { return m_Unrestricted; }
+			set { m_Unrestricted = value; }
 		}
 
 		public SecurityAction Action {
-			get {
-				return m_Action;
-			}
-			set {
-				m_Action = value;
-			}
+			get { return m_Action; }
+			set { m_Action = value; }
 		}
 	}
 }
diff --git a/mcs/class/corlib/System.Security.Permissions/SiteIdentityPermission.cs b/mcs/class/corlib/System.Security.Permissions/SiteIdentityPermission.cs
index aa788316005..cfff3b57ce6 100644
--- a/mcs/class/corlib/System.Security.Permissions/SiteIdentityPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/SiteIdentityPermission.cs
@@ -2,12 +2,9 @@
 // System.Security.Permissions.SiteIdentityPermission.cs
 //
 // Author
-//	Sebastien Pouliot  <spouliot@motus.com>
+//	Sebastien Pouliot  <sebastien@ximian.com>
 //
 // Copyright (C) 2003 Motus Technologies. http://www.motus.com
-//
-
-//
 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +27,6 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
 using System.Globalization;
 
 namespace System.Security.Permissions {
@@ -38,14 +34,16 @@ namespace System.Security.Permissions {
 	[Serializable]
 	public sealed class SiteIdentityPermission : CodeAccessPermission, IBuiltInPermission {
 
+		private const int version = 1;
+
 		private string _site;
 
 		// Constructors
 
 		public SiteIdentityPermission (PermissionState state) 
 		{
-			if (state == PermissionState.Unrestricted)
-				throw new ArgumentException ("Unsupported PermissionState.Unrestricted for Identity Permission");
+			// false == do not allow Unrestricted for Identity Permissions
+			CheckPermissionState (state, false);
 		}
 
 		public SiteIdentityPermission (string site) 
@@ -73,17 +71,10 @@ namespace System.Security.Permissions {
 
 		public override void FromXml (SecurityElement esd) 
 		{
-			if (esd == null)
-				throw new ArgumentNullException (
-					Locale.GetText ("The argument is null."));
-			
-			if (esd.Attribute ("class") != GetType ().AssemblyQualifiedName)
-				throw new ArgumentException (
-					Locale.GetText ("The argument is not valid"));
-
-			if (esd.Attribute ("version") != "1")
-				throw new ArgumentException (
-					Locale.GetText ("The argument is not valid"));
+			// General validation in CodeAccessPermission
+			CheckSecurityElement (esd, "esd", version, version);
+			// Note: we do not (yet) care about the return value 
+			// as we only accept version 1 (min/max values)
 
 			this.Site = esd.Attribute ("Site");
 		}
@@ -102,12 +93,8 @@ namespace System.Security.Permissions {
 
 		public override SecurityElement ToXml ()
 		{
-			SecurityElement e = new SecurityElement ("IPermission");
-			e.AddAttribute ("class", GetType ().AssemblyQualifiedName);
-			e.AddAttribute ("version", "1");
-
+			SecurityElement e = Element (version);
 			e.AddAttribute ("Site", _site);
-
                         return e;
 		}
 
@@ -120,7 +107,22 @@ namespace System.Security.Permissions {
 		// IBuiltInPermission
 		int IBuiltInPermission.GetTokenIndex ()
 		{
-			return 10;
+			return (int) BuiltInToken.SiteIdentity;
+		}
+
+		// helpers
+
+		private SiteIdentityPermission Cast (IPermission target)
+		{
+			if (target == null)
+				return null;
+
+			SiteIdentityPermission sip = (target as SiteIdentityPermission);
+			if (sip == null) {
+				ThrowInvalidPermission (target, typeof (SiteIdentityPermission));
+			}
+
+			return sip;
 		}
 	}
 }
diff --git a/mcs/class/corlib/System.Security.Permissions/SiteIdentityPermissionAttribute.cs b/mcs/class/corlib/System.Security.Permissions/SiteIdentityPermissionAttribute.cs
index 39a6ce8cf9a..61e31e6a7cb 100644
--- a/mcs/class/corlib/System.Security.Permissions/SiteIdentityPermissionAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/SiteIdentityPermissionAttribute.cs
@@ -1,12 +1,11 @@
 //
 // System.Security.Permissions.SiteIdentityPermissionAttribute.cs
 //
-// Duncan Mak <duncan@ximian.com>
+// Authors:
+//	Duncan Mak <duncan@ximian.com>
+//	Sebastien Pouliot  <sebastien@ximian.com>
 //
 // (C) 2002 Ximian, Inc.			http://www.ximian.com
-//
-
-//
 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -29,8 +28,6 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
-
 namespace System.Security.Permissions {
 
 	[AttributeUsage (AttributeTargets.Assembly | AttributeTargets.Class |
@@ -44,11 +41,12 @@ namespace System.Security.Permissions {
 		
 		// Constructor
 		public SiteIdentityPermissionAttribute (SecurityAction action)
-			: base (action) {}
+			: base (action)
+		{
+		}
 		
 		// Properties
-		public string Site
-		{
+		public string Site {
 			get { return site; }
 			set { site = value; }
 		}
@@ -56,11 +54,10 @@ namespace System.Security.Permissions {
 		// Methods
 		public override IPermission CreatePermission ()
 		{
-			if (this.Unrestricted)
-				throw new ArgumentException ("Unsupported PermissionState.Unrestricted");
-
 			SiteIdentityPermission perm = null;
-			if (site == null)
+			if (this.Unrestricted)
+				perm = new SiteIdentityPermission (PermissionState.Unrestricted);
+			else if (site == null)
 				perm = new SiteIdentityPermission (PermissionState.None);
 			else
 				perm = new SiteIdentityPermission (site);
diff --git a/mcs/class/corlib/System.Security.Permissions/StrongNamePermissionAttribute.cs b/mcs/class/corlib/System.Security.Permissions/StrongNamePermissionAttribute.cs
index dc5383de897..a9dbd277634 100644
--- a/mcs/class/corlib/System.Security.Permissions/StrongNamePermissionAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/StrongNamePermissionAttribute.cs
@@ -68,29 +68,24 @@ namespace System.Security.Permissions {
 		// Methods
 		public override IPermission CreatePermission ()
 		{
-			if (this.Unrestricted) {
-				throw new ArgumentException (Locale.GetText (
-					"Unsupported PermissionState.Unrestricted"));
-			}
+			if (this.Unrestricted)
+				return new StrongNameIdentityPermission (PermissionState.Unrestricted);
 
 			StrongNameIdentityPermission perm = null;
 			if ((name == null) && (key == null) && (version == null))
-				perm = new StrongNameIdentityPermission (PermissionState.None);
-			else {
-				if (key == null) {
-					throw new ArgumentException (Locale.GetText (
-						"PublicKey is required"));
-				}
+				return new StrongNameIdentityPermission (PermissionState.None);
 
-				StrongNamePublicKeyBlob blob = StrongNamePublicKeyBlob.FromString (key);
+			if (key == null) {
+				throw new ArgumentException (Locale.GetText (
+					"PublicKey is required"));
+			}
+			StrongNamePublicKeyBlob blob = StrongNamePublicKeyBlob.FromString (key);
 				
-				Version v = null;
-				if (version != null)
-					v = new Version (version);
+			Version v = null;
+			if (version != null)
+				v = new Version (version);
 
-				perm = new StrongNameIdentityPermission (blob, name, v);
-			}
-			return perm;
+			return new StrongNameIdentityPermission (blob, name, v);
 		}
 	}
 }
diff --git a/mcs/class/corlib/System.Security.Permissions/UrlIdentityPermission.cs b/mcs/class/corlib/System.Security.Permissions/UrlIdentityPermission.cs
index a053324cddf..259b139d04c 100644
--- a/mcs/class/corlib/System.Security.Permissions/UrlIdentityPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/UrlIdentityPermission.cs
@@ -2,12 +2,9 @@
 // System.Security.Permissions.UrlIdentityPermission.cs
 //
 // Author
-//	Sebastien Pouliot  <spouliot@motus.com>
+//	Sebastien Pouliot  <sebastien@ximian.com>
 //
 // Copyright (C) 2003 Motus Technologies. http://www.motus.com
-//
-
-//
 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -30,7 +27,6 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
 using System.Globalization;
 
 namespace System.Security.Permissions {
@@ -38,12 +34,14 @@ namespace System.Security.Permissions {
 	[Serializable]
 	public sealed class UrlIdentityPermission : CodeAccessPermission, IBuiltInPermission {
 
+		private const int version = 1;
+
 		private string url;
 
 		public UrlIdentityPermission (PermissionState state) : base ()
 		{
-			if (state != PermissionState.None)
-				throw new ArgumentException ("only accept None");
+			// false == do not allow Unrestricted for Identity Permissions
+			CheckPermissionState (state, false);
 		}
 
 		public UrlIdentityPermission (string site) : base ()
@@ -69,17 +67,10 @@ namespace System.Security.Permissions {
 
 		public override void FromXml (SecurityElement esd)
 		{
-			if (esd == null)
-				throw new ArgumentNullException (
-					Locale.GetText ("The argument is null."));
-			
-			if (esd.Attribute ("class") != GetType ().AssemblyQualifiedName)
-				throw new ArgumentException (
-					Locale.GetText ("The argument is not valid"));
-
-			if (esd.Attribute ("version") != "1")
-				throw new ArgumentException (
-					Locale.GetText ("The argument is not valid"));
+			// General validation in CodeAccessPermission
+			CheckSecurityElement (esd, "esd", 1, 1);
+			// Note: we do not (yet) care about the return value 
+			// as we only accept version 1 (min/max values)
 
 			url = esd.Attribute ("Url");
 		}
@@ -89,15 +80,11 @@ namespace System.Security.Permissions {
 		{
 			// if one permission is null (object or url) then there's no intersection
 			// if both are null then intersection is null
-			if ((target == null) || (url == null))
+			UrlIdentityPermission uip = Cast (target);
+			if ((uip == null) || (url == null))
 				return null;
 
-			// if non null, target must be of the same type
-			if (!(target is UrlIdentityPermission))
-				throw new ArgumentNullException ("target");
-
-			UrlIdentityPermission targetUrl = (target as UrlIdentityPermission);
-			if (targetUrl.Url == null)
+			if (uip.Url == null)
 				return null;
 
 			// TODO
@@ -112,13 +99,9 @@ namespace System.Security.Permissions {
 
 		public override SecurityElement ToXml () 
 		{
-			SecurityElement e = new SecurityElement ("IPermission");
-			e.AddAttribute ("class", GetType ().AssemblyQualifiedName);
-			e.AddAttribute ("version", "1");
-
-			e.AddAttribute ("Url", url);
-
-			return e;
+			SecurityElement se = Element (version);
+			se.AddAttribute ("Url", url);
+			return se;
 		}
 
 		[MonoTODO]
@@ -130,7 +113,22 @@ namespace System.Security.Permissions {
 		// IBuiltInPermission
 		int IBuiltInPermission.GetTokenIndex ()
 		{
-			return 12;
+			return (int) BuiltInToken.UrlIdentity;
+		}
+
+		// helpers
+
+		private UrlIdentityPermission Cast (IPermission target)
+		{
+			if (target == null)
+				return null;
+
+			UrlIdentityPermission uip = (target as UrlIdentityPermission);
+			if (uip == null) {
+				ThrowInvalidPermission (target, typeof (UrlIdentityPermission));
+			}
+
+			return uip;
 		}
 	}
 }
diff --git a/mcs/class/corlib/System.Security.Permissions/UrlIdentityPermissionAttribute.cs b/mcs/class/corlib/System.Security.Permissions/UrlIdentityPermissionAttribute.cs
index cbe73577efc..16aa6358626 100644
--- a/mcs/class/corlib/System.Security.Permissions/UrlIdentityPermissionAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/UrlIdentityPermissionAttribute.cs
@@ -3,13 +3,10 @@
 //
 // Authors:
 //	Duncan Mak <duncan@ximian.com>
-//	Sebastien Pouliot (spouliot@motus.com)
+//	Sebastien Pouliot  <sebastien@ximian.com>
 //
 // (C) 2002 Ximian, Inc. http://www.ximian.com
 // Portions (C) 2003 Motus Technologies Inc. (http://www.motus.com)
-//
-
-//
 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
@@ -32,8 +29,6 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
-
 namespace System.Security.Permissions {
 
 	[AttributeUsage (AttributeTargets.Assembly | AttributeTargets.Class |
@@ -46,11 +41,13 @@ namespace System.Security.Permissions {
 		private string url;
 		
 		// Constructor
-		public UrlIdentityPermissionAttribute (SecurityAction action) : base (action) {}
+		public UrlIdentityPermissionAttribute (SecurityAction action)
+			: base (action)
+		{
+		}
 		
 		// Properties
-		public string Url
-		{
+		public string Url {
 			get { return url; }
 			set { url = value; }
 		}
@@ -59,11 +56,10 @@ namespace System.Security.Permissions {
 		public override IPermission CreatePermission ()
 		{
 			if (this.Unrestricted)
-				throw new ArgumentException ("Unsupported PermissionState.Unrestricted for Identity Permissions");
-
+				return new UrlIdentityPermission (PermissionState.Unrestricted);
 			// Note: It is possible to create a permission with a 
 			// null URL but not to create a UrlIdentityPermission (null)
-			if (url == null)
+			else if (url == null)
 				return new UrlIdentityPermission (PermissionState.None);
 			else
 				return new UrlIdentityPermission (url);
diff --git a/mcs/class/corlib/System.Security.Permissions/ZoneIdentityPermissionAttribute.cs b/mcs/class/corlib/System.Security.Permissions/ZoneIdentityPermissionAttribute.cs
index 00a7f8efac2..c11a6424851 100644
--- a/mcs/class/corlib/System.Security.Permissions/ZoneIdentityPermissionAttribute.cs
+++ b/mcs/class/corlib/System.Security.Permissions/ZoneIdentityPermissionAttribute.cs
@@ -32,8 +32,6 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System;
-
 namespace System.Security.Permissions {
 
 	[AttributeUsage (AttributeTargets.Assembly | AttributeTargets.Class |
@@ -46,14 +44,14 @@ namespace System.Security.Permissions {
 		private SecurityZone zone;
 		
 		// Constructor
-		public ZoneIdentityPermissionAttribute (SecurityAction action) : base (action) 
+		public ZoneIdentityPermissionAttribute (SecurityAction action)
+			: base (action) 
 		{
 			zone = SecurityZone.NoZone;
 		}
 		
 		// Properties
-		public SecurityZone Zone
-		{
+		public SecurityZone Zone {
 			get { return zone; }
 			set { zone = value; }
 		}
@@ -62,9 +60,9 @@ namespace System.Security.Permissions {
 		public override IPermission CreatePermission ()
 		{
 			if (this.Unrestricted)
-				throw new ArgumentException ("Unsupported PermissionState.Unrestricted");
-
-			return new ZoneIdentityPermission (zone);
+				return new ZoneIdentityPermission (PermissionState.Unrestricted);
+			else
+				return new ZoneIdentityPermission (zone);
 		}
 	}
 }