FxCop CA1401 .NET Framework Rule PInvokesShouldNotBeVisible Rule - Why Does This Rule Exist?

Question

FxCop CA1401 .NET Framework Rule PInvokesShouldNotBeVisible Rule - Why Does This Rule Exist?

This rule indicates that P / Invokes should not be published. Why is my question? The caller can trivially create his own declaration in his own assembly to make the same call. The caller can simply write the C library to call the API. What benefits, security or otherwise can be gained by making these ads internal?

+5

fxcop

anvilis Aug 7 '10 at 0:15

source share

1 answer

Cerebrate · Accepted Answer · 2010-08-07T00:32:02+0000

Well, in the .NET security model, your assembly may have permission to run P / Invokes, but this is not true for your caller. (AllowPartiallyTrustedCallersAttribute, which allows code to be run as partially trusted to be called into an assembly that is fully trusted, exists to enable this.)

Which is essentially what you want when the library you are writing exists to provide secure access or limited access to some system tool for which you do not want to have access to isolated applications of one type or another.

, , . P/Invokes - , , .NET. , , Win32 API ( - ), .NET .. .., , IMO.

FxCop CA1401 .NET Framework Rule PInvokesShouldNotBeVisible Rule - Why Does This Rule Exist?

More articles: