2004-09-04 Sebastien Pouliot <sebastien@ximian.com>

	* FileIOPermission.cs: Reworked to support partial paths, non-c14n
	paths (like ..) and PathDiscovery in XML. Now runs MSDN sample.
	* RegistryPermission.cs: Removed unrequired variable.

svn path=/trunk/mcs/; revision=33353

3 files changed, 355 insertions, 265 deletions

diff --git a/mcs/class/corlib/System.Security.Permissions/ChangeLog b/mcs/class/corlib/System.Security.Permissions/ChangeLog
index b5bfc05d43d..c1e2f721bcb 100644
--- a/mcs/class/corlib/System.Security.Permissions/ChangeLog
+++ b/mcs/class/corlib/System.Security.Permissions/ChangeLog
@@ -1,3 +1,9 @@
+2004-09-04  Sebastien Pouliot  <sebastien@ximian.com>
+
+	* FileIOPermission.cs: Reworked to support partial paths, non-c14n
+	paths (like ..) and PathDiscovery in XML. Now runs MSDN sample.
+	* RegistryPermission.cs: Removed unrequired variable.
+
 2004-09-03  Sebastien Pouliot  <sebastien@ximian.com>
 
 	* EnvironmentPermission.cs: Fixed Unrestricted in FromXml.
diff --git a/mcs/class/corlib/System.Security.Permissions/FileIOPermission.cs b/mcs/class/corlib/System.Security.Permissions/FileIOPermission.cs
index 0118b52f94c..15d09b1d3ae 100644
--- a/mcs/class/corlib/System.Security.Permissions/FileIOPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/FileIOPermission.cs
@@ -43,20 +43,24 @@ namespace System.Security.Permissions {
                 : CodeAccessPermission, IBuiltInPermission, IUnrestrictedPermission {

 
 		private const int version = 1;
-

 		private static char[] m_badCharacters = {'\"','<', '>', '|', '*', '?'};

+
 		private bool m_Unrestricted = false;

-		private Hashtable m_PathList = new Hashtable();

 		private FileIOPermissionAccess m_AllFilesAccess = FileIOPermissionAccess.NoAccess;

 		private FileIOPermissionAccess m_AllLocalFilesAccess = FileIOPermissionAccess.NoAccess;

-

+		private ArrayList readList;
+		private ArrayList writeList;
+		private ArrayList appendList;
+		private ArrayList pathList;
+
 		public FileIOPermission (PermissionState state)
 		{

 			if (CheckPermissionState (state, true) == PermissionState.Unrestricted) {
 				m_Unrestricted = true;

 				m_AllFilesAccess = FileIOPermissionAccess.AllAccess;

 				m_AllLocalFilesAccess = FileIOPermissionAccess.AllAccess;

-			}

+			}
+			CreateLists ();

 		}

 

 		public FileIOPermission (FileIOPermissionAccess access, string path)
@@ -64,15 +68,9 @@ namespace System.Security.Permissions {
 			if (path == null)
 				throw new ArgumentNullException ("path");
 

-			if ((FileIOPermissionAccess.AllAccess & access) != access){

-				throw new ArgumentException("Illegal enum value: "+access.ToString()+".");

-			}

-

-			if (path.LastIndexOfAny(m_badCharacters) >= 0){

-				throw new ArgumentException("Illegal characters found in input.  Security checks can not contain wild card characters.", "path");

-			}

-			

-			AddPathList(access, path);

+			CreateLists ();
+			// access and path will be validated in AddPathList

+			AddPathList (access, path);

 		}

 

 		public FileIOPermission (FileIOPermissionAccess access, string[] pathList)
@@ -80,11 +78,17 @@ namespace System.Security.Permissions {
 			if (pathList == null)
 				throw new ArgumentNullException ("pathList");
 
-			if ((FileIOPermissionAccess.AllAccess & access) != access){

-				throw new ArgumentException("Illegal enum value: "+access.ToString()+".");

-			}

-

-			AddPathList(access, pathList);

+			CreateLists ();

+			// access and path will be validated in AddPathList

+			AddPathList (access, pathList);

+		}
+
+		internal void CreateLists ()
+		{
+			readList = new ArrayList ();
+			writeList = new ArrayList ();
+			appendList = new ArrayList ();
+			pathList = new ArrayList ();
 		}
 
 #if NET_2_0
@@ -102,9 +106,7 @@ namespace System.Security.Permissions {
 #endif

 

 		public FileIOPermissionAccess AllFiles {

-			get {

-				return m_AllFilesAccess;

-			} 

+			get { return m_AllFilesAccess; } 

 			set {

 				// if we are already set to unrestricted, don't change this property

 				if (!m_Unrestricted){

@@ -114,9 +116,7 @@ namespace System.Security.Permissions {
 		}

 

 		public FileIOPermissionAccess AllLocalFiles {

-			get {

-				return m_AllLocalFilesAccess;

-			} 

+			get { return m_AllLocalFilesAccess; } 

 			set {

 				// if we are already set to unrestricted, don't change this property

 				if (!m_Unrestricted){

@@ -125,67 +125,80 @@ namespace System.Security.Permissions {
 			}

 		}

 

-		public void AddPathList(FileIOPermissionAccess access, string path){

-			if ((FileIOPermissionAccess.AllAccess & access) != access){

-				throw new ArgumentException("Illegal enum value: {0}.",access.ToString());

-			}

-

-			if (path.LastIndexOfAny(m_badCharacters) >= 0){

-				throw new ArgumentException("Invalid characters in path: '{0}'", path);

-			}

-

-			// LAMESPEC: docs don't say it must be a rooted path, but the MS implementation enforces it, so we will too.

-			if(!Path.IsPathRooted(path)) {

-				throw new ArgumentException("Absolute path information is required.");

-			}

-

-			// don't add the same path twice, instead overwrite access entry for that path

-			if (m_PathList.ContainsKey(path)) {

-				FileIOPermissionAccess currentPermission = (FileIOPermissionAccess)m_PathList[path];

-				currentPermission |= access;

-				m_PathList[path] = currentPermission;

-			}

-			else {

-				m_PathList.Add(path, access);

-			}

+		public void AddPathList (FileIOPermissionAccess access, string path)
+		{
+                        if ((FileIOPermissionAccess.AllAccess & access) != access)
+				ThrowInvalidFlag (access, true);
+			ThrowIfInvalidPath (path);

+			AddPathInternal (access, path);

 		}

 

 		public void AddPathList (FileIOPermissionAccess access, string[] pathList)
 		{

-			foreach (string path in pathList) {

-				AddPathList (access, path);

-			}

-		}

-

-		// private constructor used by Copy() method

-		private FileIOPermission(Hashtable pathList, FileIOPermissionAccess allFiles, 

-						FileIOPermissionAccess allLocalFiles, bool unrestricted){

-			m_PathList = pathList;

-			m_AllFilesAccess = allFiles;

-			m_AllLocalFilesAccess = allLocalFiles;

-			m_Unrestricted = unrestricted;

-		}

-

-		public override IPermission Copy(){

-			if (m_Unrestricted) {

-				return new FileIOPermission(PermissionState.Unrestricted);

-			}

-			else{

-				FileIOPermission retVal = new FileIOPermission(m_PathList, m_AllFilesAccess, m_AllLocalFilesAccess, m_Unrestricted);

-				return retVal;

+                        if ((FileIOPermissionAccess.AllAccess & access) != access)
+				ThrowInvalidFlag (access, true);
+			ThrowIfInvalidPath (pathList);

+			foreach (string path in pathList) {
+				AddPathInternal (access, path);

 			}

+		}
+
+		// internal to avoid duplicate checks
+		internal void AddPathInternal (FileIOPermissionAccess access, string path)
+		{
+			path = Path.GetFullPath (path);
+/*			switch (access) {
+				case FileIOPermissionAccess.AllAccess:
+					readList.Add (path);
+					writeList.Add (path);
+					appendList.Add (path);
+					pathList.Add (path);
+					break;
+				case FileIOPermissionAccess.NoAccess:
+					// ??? unit tests doesn't show removal using NoAccess ???
+					break;
+				case FileIOPermissionAccess.Read:
+					readList.Add (path);
+					break;
+				case FileIOPermissionAccess.Write:
+					writeList.Add (path);
+					break;
+				case FileIOPermissionAccess.Append:
+					appendList.Add (path);
+					break;
+				case FileIOPermissionAccess.PathDiscovery:
+					pathList.Add (path);
+					break;
+				default:
+					ThrowInvalidFlag (access, true);
+					break;
+			}*/
+
+			if ((access & FileIOPermissionAccess.Read) == FileIOPermissionAccess.Read)
+				readList.Add (path);
+			if ((access & FileIOPermissionAccess.Write) == FileIOPermissionAccess.Write)
+				writeList.Add (path);
+			if ((access & FileIOPermissionAccess.Append) == FileIOPermissionAccess.Append)
+				appendList.Add (path);
+			if ((access & FileIOPermissionAccess.PathDiscovery) == FileIOPermissionAccess.PathDiscovery)
+				pathList.Add (path);
+		}
+
+		public override IPermission Copy ()
+		{

+			if (m_Unrestricted)

+				return new FileIOPermission (PermissionState.Unrestricted);

+
+			FileIOPermission copy = new FileIOPermission (PermissionState.None);
+			copy.readList = (ArrayList) readList.Clone ();
+			copy.writeList = (ArrayList) writeList.Clone ();
+			copy.appendList = (ArrayList) appendList.Clone ();
+			copy.pathList = (ArrayList) pathList.Clone ();
+			copy.m_AllFilesAccess = m_AllFilesAccess;
+			copy.m_AllLocalFilesAccess = m_AllLocalFilesAccess;
+			return copy;

 		}

 

-		/*  XML Schema for FileIOPermission

-				<IPermission class=”FileIOPermission” 

-								 version=”1”

-								 (

-								 Read=”[list of files or folders]” | 

-								 Write=”[list of files or folders]” |

-								 Append=”[list of files or folders]”   

-								 ) v Unrestricted=”true” 

-								 />

-		*/

 		public override void FromXml (SecurityElement esd)
 		{

 			// General validation in CodeAccessPermission
@@ -193,7 +206,6 @@ namespace System.Security.Permissions {
 			// Note: we do not (yet) care about the return value 
 			// as we only accept version 1 (min/max values)
 
-			m_PathList.Clear ();

 			if (IsUnrestricted (esd)) {

 				m_Unrestricted = true;

 			}

@@ -202,203 +214,159 @@ namespace System.Security.Permissions {
 				string fileList = esd.Attribute ("Read");

 				string[] files;

 				if (fileList != null){

-					files = fileList.Split(';');

-					AddPathList(FileIOPermissionAccess.Read, files);

+					files = fileList.Split (';');

+					AddPathList (FileIOPermissionAccess.Read, files);

 				}

 				fileList = esd.Attribute ("Write");

 				if (fileList != null){

-					files = fileList.Split(';');

-					AddPathList(FileIOPermissionAccess.Write, files);

+					files = fileList.Split (';');

+					AddPathList (FileIOPermissionAccess.Write, files);

 				}

 				fileList = esd.Attribute ("Append");

 				if (fileList != null){

-					files = fileList.Split(';');

-					AddPathList(FileIOPermissionAccess.Append, files);

+					files = fileList.Split (';');

+					AddPathList (FileIOPermissionAccess.Append, files);

+				}

+				fileList = esd.Attribute ("PathDiscovery");

+				if (fileList != null){

+					files = fileList.Split (';');

+					AddPathList (FileIOPermissionAccess.PathDiscovery, files);

 				}

 			}

 		}

 

-		public string[] GetPathList(FileIOPermissionAccess access){

+		public string[] GetPathList (FileIOPermissionAccess access)
+		{

+                        if ((FileIOPermissionAccess.AllAccess & access) != access)
+				ThrowInvalidFlag (access, true);
+
 			//LAMESPEC: docs says it returns (semicolon separated) list, but return

-			//type is array.  I think docs are wrong and it just returns an array

-			if ((FileIOPermissionAccess.AllAccess & access) != access){

-				throw new ArgumentException("Illegal enum value: "+access.ToString()+".");

-			}

-

-			ArrayList matchingPaths = new ArrayList();

-			System.Collections.IDictionaryEnumerator pathListIterator = m_PathList.GetEnumerator();

-			while (pathListIterator.MoveNext()) {

-				if (((FileIOPermissionAccess)pathListIterator.Value & access) != 0) {

-					matchingPaths.Add((string)pathListIterator.Key);

-				}

-			}

-			if (matchingPaths.Count == 0) {

-				return null;

-			}

-			else {

-				return (string[])matchingPaths.ToArray(typeof(string));

-			}

+			//type is array.  I think docs are wrong and it just returns an array
+			ArrayList result = new ArrayList ();
+			switch (access) {
+				case FileIOPermissionAccess.NoAccess:
+					break;
+				case FileIOPermissionAccess.Read:
+					result.AddRange (readList);
+					break;
+				case FileIOPermissionAccess.Write:
+					result.AddRange (writeList);
+					break;
+				case FileIOPermissionAccess.Append:
+					result.AddRange (appendList);
+					break;
+				case FileIOPermissionAccess.PathDiscovery:
+					result.AddRange (pathList);
+					break;
+				default:
+					ThrowInvalidFlag (access, false);
+					break;
+			}
+			return (result.Count > 0) ? (string[]) result.ToArray (typeof (string)) : null;

 		}

 

 		public override IPermission Intersect (IPermission target)
-		{ 

-			FileIOPermission FIOPTarget = Cast (target);

-			if (FIOPTarget == null)

-				return null;

+		{
+			FileIOPermission fiop = Cast (target);
+			if (fiop == null)
+				return null;
 
-			if (FIOPTarget.IsUnrestricted() && m_Unrestricted){

-				return new FileIOPermission(PermissionState.Unrestricted);

-			}

-			else if (FIOPTarget.IsUnrestricted()){

-				return Copy();

-			}

-			else if (m_Unrestricted){

-				return FIOPTarget.Copy();

-			}

-			else{

-				FileIOPermission retVal = new FileIOPermission(PermissionState.None);

-				retVal.AllFiles = m_AllFilesAccess & FIOPTarget.AllFiles;

-				retVal.AllLocalFiles = m_AllLocalFilesAccess & FIOPTarget.AllLocalFiles;

-

-				string[] paths;

-				paths = FIOPTarget.GetPathList(FileIOPermissionAccess.Append);

-				if (null != paths) {

-					foreach (string path in paths){

-						if (m_PathList.ContainsKey(path) 

-							&& ((FileIOPermissionAccess)m_PathList[path] & FileIOPermissionAccess.Append) != 0){

-							retVal.AddPathList(FileIOPermissionAccess.Append, path);

-						}

-					}

-				}

-

-				paths = FIOPTarget.GetPathList(FileIOPermissionAccess.Read);

-				if (null != paths) {

-					foreach (string path in paths){

-						if (m_PathList.ContainsKey(path) 

-							&& ((FileIOPermissionAccess)m_PathList[path] & FileIOPermissionAccess.Read) != 0){

-							retVal.AddPathList(FileIOPermissionAccess.Read, path);

-						}

-					}

-				}

-

-				paths = FIOPTarget.GetPathList(FileIOPermissionAccess.Write);

-				if (null != paths) {

-					foreach (string path in paths){

-						if (m_PathList.ContainsKey(path) 

-							&& ((FileIOPermissionAccess)m_PathList[path] & FileIOPermissionAccess.Write) != 0){

-							retVal.AddPathList(FileIOPermissionAccess.Write, path);

-						}

-					}

-				}

-

-				return retVal;

-			}

+			if (IsUnrestricted ())
+				return fiop.Copy ();
+			if (fiop.IsUnrestricted ())
+				return Copy ();
+
+			FileIOPermission result = new FileIOPermission (PermissionState.None);
+			result.AllFiles = m_AllFilesAccess & fiop.AllFiles;
+			result.AllLocalFiles = m_AllLocalFilesAccess & fiop.AllLocalFiles;
+
+			IntersectKeys (readList, fiop.readList, result.readList);
+			IntersectKeys (writeList, fiop.writeList, result.writeList);
+			IntersectKeys (appendList, fiop.appendList, result.appendList);
+			IntersectKeys (pathList, fiop.pathList, result.pathList);
+
+			return (result.IsEmpty () ? null : result);
 		}

 

 

 		public override bool IsSubsetOf (IPermission target)
 		{
-			FileIOPermission FIOPTarget = Cast (target);

+			FileIOPermission fiop = Cast (target);
+			if (fiop == null) 
+				return false;
+			if (fiop.IsEmpty ())
+				return IsEmpty ();
 
-			if (FIOPTarget.IsUnrestricted()){

-				return true;

-			}

-			else if (m_Unrestricted){

-				return false;

-			}

-			else if ((m_AllFilesAccess & FIOPTarget.AllFiles) != m_AllFilesAccess) {

-				return false;

-			}

-			else if ((m_AllLocalFilesAccess & FIOPTarget.AllLocalFiles) != m_AllLocalFilesAccess) {

-				return false;

-			}

-			else{

-				string[] pathsNeeded;

-				string[] pathsInTarget;

-

-				pathsNeeded = GetPathList(FileIOPermissionAccess.Append);

-				if (null != pathsNeeded) {

-					pathsInTarget = FIOPTarget.GetPathList(FileIOPermissionAccess.Append);

-					foreach (string path in pathsNeeded){

-						if (Array.IndexOf(pathsInTarget, path) <0) {

-							return false;

-						}

-					}

-				}

-

-				pathsNeeded = GetPathList(FileIOPermissionAccess.Read);

-				if (null != pathsNeeded) {

-					pathsInTarget = FIOPTarget.GetPathList(FileIOPermissionAccess.Read);

-					foreach (string path in pathsNeeded){

-						if (Array.IndexOf(pathsInTarget, path) <0) {

-							return false;

-						}

-					}

-				}

-

-				pathsNeeded = GetPathList(FileIOPermissionAccess.Write);

-				if (null != pathsNeeded) {

-					pathsInTarget = FIOPTarget.GetPathList(FileIOPermissionAccess.Write);

-					foreach (string path in pathsNeeded){

-						if (Array.IndexOf(pathsInTarget, path) <0) {

-							return false;

-						}

-					}

-				}

-

-				return true;

-			}

+			if (IsUnrestricted ())
+				return fiop.IsUnrestricted ();
+			else if (fiop.IsUnrestricted ())
+				return true;
+
+			if ((m_AllFilesAccess & fiop.AllFiles) != m_AllFilesAccess)
+				return false;
+			if ((m_AllLocalFilesAccess & fiop.AllLocalFiles) != m_AllLocalFilesAccess)
+				return false;
+
+			if (!KeyIsSubsetOf (appendList, fiop.appendList))
+				return false;
+			if (!KeyIsSubsetOf (readList, fiop.readList))
+				return false;
+			if (!KeyIsSubsetOf (writeList, fiop.writeList))
+				return false;
+			if (!KeyIsSubsetOf (pathList, fiop.pathList))
+				return false;
+
+			return true;
 		}

-

+
 		public bool IsUnrestricted ()
 		{

 			return m_Unrestricted;

 		}

 

-		public void SetPathList(FileIOPermissionAccess access, string path){

-			if ((FileIOPermissionAccess.AllAccess & access) != access){

-				throw new ArgumentException("Illegal enum value: "+access.ToString()+".");

-			}

-			if (path.LastIndexOfAny(m_badCharacters) >= 0){

-				throw new ArgumentException("Invalid characters in path: '{0}'", path);

-			}

-

-			m_PathList.Clear();

-			AddPathList(access, path);

+		public void SetPathList (FileIOPermissionAccess access, string path)
+		{
+                        if ((FileIOPermissionAccess.AllAccess & access) != access)
+				ThrowInvalidFlag (access, true);
+			ThrowIfInvalidPath (path);

+			// note: throw before clearing the actual list
+			Clear (access);

+			AddPathInternal (access, path);

 		}

 		

-		public void SetPathList(FileIOPermissionAccess access, string[] pathList){

-			if ((FileIOPermissionAccess.AllAccess & access) != access){

-				throw new ArgumentException("Illegal enum value: "+access.ToString()+".");

-			}

-			foreach(string path in pathList){

-				if (path.LastIndexOfAny(m_badCharacters) >= 0){

-					throw new ArgumentException("Invalid characters in path entry: '{0}'", path);

-				}

-			}

-

-			m_PathList.Clear();

-			AddPathList(access, pathList);

-		}

-

+		public void SetPathList (FileIOPermissionAccess access, string[] pathList)
+		{

+                        if ((FileIOPermissionAccess.AllAccess & access) != access)
+				ThrowInvalidFlag (access, true);
+			ThrowIfInvalidPath (pathList);

+			// note: throw before clearing the actual list
+			Clear (access);
+			foreach (string path in pathList)

+				AddPathInternal (access, path);

+		}
+
 		public override SecurityElement ToXml ()
 		{

 			SecurityElement se = Element (1);
 			if (m_Unrestricted) {

-				se.AddAttribute("Unrestricted", "true");

+				se.AddAttribute ("Unrestricted", "true");

 			}

 			else {

-				string[] paths = GetPathList(FileIOPermissionAccess.Append);

-				if (null != paths && paths.Length >0){

-					se.AddAttribute("Append", String.Join(";",paths));

+				string[] paths = GetPathList (FileIOPermissionAccess.Append);

+				if (null != paths && paths.Length > 0) {

+					se.AddAttribute ("Append", String.Join (";", paths));

 				}

-				paths = GetPathList(FileIOPermissionAccess.Read);

-				if (null != paths && paths.Length >0){

-					se.AddAttribute("Read", String.Join(";",paths));

+				paths = GetPathList (FileIOPermissionAccess.Read);

+				if (null != paths && paths.Length > 0) {

+					se.AddAttribute ("Read", String.Join (";", paths));

 				}

-				paths = GetPathList(FileIOPermissionAccess.Write);

-				if (null != paths && paths.Length >0){

-					se.AddAttribute("Write", String.Join(";",paths));

+				paths = GetPathList (FileIOPermissionAccess.Write);

+				if (null != paths && paths.Length > 0) {

+					se.AddAttribute ("Write", String.Join  (";", paths));

+				}

+				paths = GetPathList (FileIOPermissionAccess.PathDiscovery);

+				if (null != paths && paths.Length > 0) {

+					se.AddAttribute ("PathDiscovery", String.Join  (";", paths));

 				}

 			}

 			return se;

@@ -406,32 +374,37 @@ namespace System.Security.Permissions {
 

 		public override IPermission Union (IPermission other)
 		{

-			FileIOPermission FIOPTarget = Cast (other);

-			if (FIOPTarget == null)

-				return null;

+			FileIOPermission fiop = Cast (other);
+			if (fiop == null)
+				return Copy ();
 
-			if (FIOPTarget.IsUnrestricted() || m_Unrestricted){

-				return new FileIOPermission(PermissionState.Unrestricted);

-			}

-			else{

-				FileIOPermission retVal = (FileIOPermission)Copy();

-				retVal.AllFiles |= FIOPTarget.AllFiles;

-				retVal.AllLocalFiles |= FIOPTarget.AllLocalFiles;
-

-				string[] paths = FIOPTarget.GetPathList(FileIOPermissionAccess.Append);

-				if (null != paths){

-					retVal.AddPathList(FileIOPermissionAccess.Append, paths);

-				}

-				paths = FIOPTarget.GetPathList(FileIOPermissionAccess.Read);

-				if (null != paths){

-					retVal.AddPathList(FileIOPermissionAccess.Read, paths);

-				}

-				paths = FIOPTarget.GetPathList(FileIOPermissionAccess.Write);

-				if (null != paths){

-					retVal.AddPathList(FileIOPermissionAccess.Write, paths);

-				}

-				return retVal;

-			}

+			if (IsUnrestricted () || fiop.IsUnrestricted ())
+				return new FileIOPermission (PermissionState.Unrestricted);
+
+			if (IsEmpty () && fiop.IsEmpty ())
+				return null;
+
+			FileIOPermission result = (FileIOPermission) Copy ();
+			result.AllFiles |= fiop.AllFiles;
+			result.AllLocalFiles |= fiop.AllLocalFiles;
+
+			string[] paths = fiop.GetPathList (FileIOPermissionAccess.Read);
+			if (paths != null) 
+				UnionKeys (result.readList, paths);
+
+			paths = fiop.GetPathList (FileIOPermissionAccess.Write);
+			if (paths != null)
+				UnionKeys (result.writeList, paths);
+
+			paths = fiop.GetPathList (FileIOPermissionAccess.Append);
+			if (paths != null) 
+				UnionKeys (result.appendList, paths);
+
+			paths = fiop.GetPathList (FileIOPermissionAccess.PathDiscovery);
+			if (paths != null) 
+				UnionKeys (result.pathList, paths);
+			
+			return result;
 		}

 

 #if NET_2_0
@@ -456,6 +429,12 @@ namespace System.Security.Permissions {
 
 		// helpers
 
+		private bool IsEmpty ()
+		{
+			return ((!m_Unrestricted) && (appendList.Count == 0) && (readList.Count == 0)
+				&& (writeList.Count == 0) && (pathList.Count == 0));
+		}
+
 		private FileIOPermission Cast (IPermission target)
 		{
 			if (target == null)
@@ -468,5 +447,111 @@ namespace System.Security.Permissions {
 
 			return fiop;
 		}
+
+		internal void ThrowInvalidFlag (FileIOPermissionAccess access, bool context) 
+		{
+			string msg = null;
+			if (context)
+				msg = Locale.GetText ("Unknown flag '{0}'.");
+			else
+				msg = Locale.GetText ("Invalid flag '{0}' in this context.");
+			throw new ArgumentException (String.Format (msg, access), "access");
+		}
+
+		internal void ThrowIfInvalidPath (string path)
+		{
+			if (path.LastIndexOfAny (m_badCharacters) >= 0) {

+				string msg = String.Format (Locale.GetText ("Invalid characters in path: '{0}'"), path);

+				throw new ArgumentException (msg, "path");

+			}

+			// LAMESPEC: docs don't say it must be a rooted path, but the MS implementation enforces it, so we will too.

+			if (!Path.IsPathRooted (path)) {
+				string msg = Locale.GetText ("Absolute path information is required.");

+				throw new ArgumentException (msg, "path");

+			}
+		}
+

+		internal void ThrowIfInvalidPath (string[] paths)
+		{
+			foreach (string path in paths)
+				ThrowIfInvalidPath (path);
+		}
+
+		// we known that access is valid at this point
+		internal void Clear (FileIOPermissionAccess access)
+		{
+			if ((access & FileIOPermissionAccess.Read) == FileIOPermissionAccess.Read)
+				readList.Clear ();
+			if ((access & FileIOPermissionAccess.Write) == FileIOPermissionAccess.Write)
+				writeList.Clear ();
+			if ((access & FileIOPermissionAccess.Append) == FileIOPermissionAccess.Append)
+				appendList.Clear ();
+			if ((access & FileIOPermissionAccess.PathDiscovery) == FileIOPermissionAccess.PathDiscovery)
+				pathList.Clear ();
+		}

+
+		internal bool KeyIsSubsetOf (IList local, IList target)
+		{
+			bool result = false;
+			foreach (string l in local) {
+				string c14nl = Path.GetFullPath (l);
+				foreach (string t in target) {
+					if (c14nl.StartsWith (Path.GetFullPath (t))) {
+						result = true;
+						break;
+					}
+				}
+				if (!result)
+					return false;
+			}
+			return true;
+		}
+
+		internal void UnionKeys (IList list, string[] paths)
+		{
+			foreach (string p in paths) {
+				// c14n
+				string path = Path.GetFullPath (p);
+				int len = list.Count;
+				if (len == 0) {
+					list.Add (path);
+				}
+				else {
+					for (int i=0; i < len; i++) {
+						// c14n
+						string s = Path.GetFullPath ((string) list [i]);
+						if (s.StartsWith (path)) {
+							// replace (with reduced version)
+							list [i] = path;
+							break;
+						}
+						else if (path.StartsWith (s)) {
+							// no need to add
+							break;
+						}
+						else {
+							list.Add (path);
+							break;
+						}
+					}
+				}
+			}
+		}
+
+		internal void IntersectKeys (IList local, IList target, IList result)
+		{
+			foreach (string l in local) {
+				foreach (string t in target) {
+					if (t.Length > l.Length) {
+						if (t.StartsWith (l))
+							result.Add (t);
+					}
+					else {
+						if (l.StartsWith (t))
+							result.Add (l);
+					}
+				}
+			}
+		}
 	}

 }

diff --git a/mcs/class/corlib/System.Security.Permissions/RegistryPermission.cs b/mcs/class/corlib/System.Security.Permissions/RegistryPermission.cs
index 61b0178062f..c7bd60b4e1e 100644
--- a/mcs/class/corlib/System.Security.Permissions/RegistryPermission.cs
+++ b/mcs/class/corlib/System.Security.Permissions/RegistryPermission.cs
@@ -89,7 +89,6 @@ namespace System.Security.Permissions {
 			if (pathList == null)
 				throw new ArgumentNullException ("pathList");
 
-			string[] paths;
 			switch (access) {
 				case RegistryPermissionAccess.AllAccess:
 					AddWithUnionKey (createList, pathList);