Annotate System.IO.FileSystem.AccessControl for nullable

src/libraries/System.IO.FileSystem.AccessControl/ref/System.IO.FileSystem.AccessControl.csproj

@@ -3,6 +3,7 @@
     <IsPartialFacadeAssembly Condition="'$(TargetsNetFx)' == 'true'">true</IsPartialFacadeAssembly>
     <TargetFrameworks>netstandard2.0;$(NetFrameworkCurrent);net461</TargetFrameworks>
     <ExcludeCurrentFullFramework>true</ExcludeCurrentFullFramework>
+    <Nullable>enable</Nullable>
   </PropertyGroup>
   <ItemGroup>
     <Compile Include="System.IO.FileSystem.AccessControl.cs" />

src/libraries/System.IO.FileSystem.AccessControl/src/System.IO.FileSystem.AccessControl.csproj

@@ -1,12 +1,12 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <AllowUnsafeBlocks Condition="'$(TargetsWindows)' == 'true'">true</AllowUnsafeBlocks>
     <IsPartialFacadeAssembly Condition="'$(TargetsNetFx)' == 'true'">true</IsPartialFacadeAssembly>
     <GeneratePlatformNotSupportedAssemblyMessage Condition="'$(TargetsWindows)' != 'true'">SR.PlatformNotSupported_AccessControl</GeneratePlatformNotSupportedAssemblyMessage>
     <TargetFrameworks>netstandard2.0;netstandard2.0-Windows_NT;net461-Windows_NT;$(NetCoreAppCurrent)-Windows_NT;$(NetFrameworkCurrent)-Windows_NT</TargetFrameworks>
     <ExcludeCurrentNetCoreApp>true</ExcludeCurrentNetCoreApp>
     <ExcludeCurrentFullFramework>true</ExcludeCurrentFullFramework>
-    <Nullable>annotations</Nullable>
+    <Nullable>enable</Nullable>
   </PropertyGroup>
   <ItemGroup Condition="'$(TargetsNetCoreApp)' != 'true'">
     <Compile Include="$(CommonPath)System\Runtime\InteropServices\SuppressGCTransitionAttribute.internal.cs" />

src/libraries/System.IO.FileSystem.AccessControl/src/System/IO/FileSystemAclExtensions.cs

@@ -322,7 +322,7 @@ private static void ValidateFileHandle(SafeFileHandle handle, string fullPath)
                 // probably be consistent w/ every other directory.
                 int errorCode = Marshal.GetLastWin32Error();
 
-                if (errorCode == Interop.Errors.ERROR_PATH_NOT_FOUND && fullPath.Length == Path.GetPathRoot(fullPath).Length)
+                if (errorCode == Interop.Errors.ERROR_PATH_NOT_FOUND && fullPath.Length == Path.GetPathRoot(fullPath)!.Length)
                 {
                     errorCode = Interop.Errors.ERROR_ACCESS_DENIED;
                 }

src/libraries/System.IO.FileSystem.AccessControl/src/System/Security/AccessControl/DirectoryObjectSecurity.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
+using System.Diagnostics;
 using System.Security.Principal;
 
 namespace System.Security.AccessControl
@@ -58,7 +59,7 @@ private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit,
                     throw new ArgumentException(SR.Arg_MustBeIdentityReferenceType, nameof(targetType));
                 }
 
-                CommonAcl acl = null;
+                CommonAcl? acl = null;
 
                 if (access)
                 {
@@ -83,7 +84,7 @@ private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit,
                     return result;
                 }
 
-                IdentityReferenceCollection irTarget = null;
+                IdentityReferenceCollection? irTarget = null;
 
                 if (targetType != typeof(SecurityIdentifier))
                 {
@@ -100,7 +101,7 @@ private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit,
                         // A better way would be to have an internal method that would canonicalize the ACL
                         // and call it once, then use the RawAcl.
                         //
-                        QualifiedAce ace = acl[i] as QualifiedAce;
+                        QualifiedAce? ace = acl[i] as QualifiedAce;
 
                         if (ace == null)
                         {
@@ -150,7 +151,7 @@ private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit,
                     // A better way would be to have an internal method that would canonicalize the ACL
                     // and call it once, then use the RawAcl.
                     //
-                    QualifiedAce ace = acl[i] as CommonAce;
+                    QualifiedAce? ace = acl[i] as CommonAce;
 
                     if (ace == null)
                     {
@@ -189,7 +190,7 @@ private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit,
 
                     if ((includeExplicit && ((ace.AceFlags & AceFlags.Inherited) == 0)) || (includeInherited && ((ace.AceFlags & AceFlags.Inherited) != 0)))
                     {
-                        IdentityReference iref = (targetType == typeof(SecurityIdentifier)) ? ace.SecurityIdentifier : irTarget[i];
+                        IdentityReference iref = (targetType == typeof(SecurityIdentifier)) ? ace.SecurityIdentifier : irTarget![i];
 
                         if (access)
                         {
@@ -204,15 +205,13 @@ private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit,
                                 type = AccessControlType.Deny;
                             }
 
-                            if (ace is ObjectAce)
+                            if (ace is ObjectAce objectAce)
                             {
-                                ObjectAce objectAce = ace as ObjectAce;
-
                                 result.AddRule(AccessRuleFactory(iref, objectAce.AccessMask, objectAce.IsInherited, objectAce.InheritanceFlags, objectAce.PropagationFlags, type, objectAce.ObjectAceType, objectAce.InheritedObjectAceType));
                             }
                             else
                             {
-                                CommonAce commonAce = ace as CommonAce;
+                                CommonAce? commonAce = ace as CommonAce;
 
                                 if (commonAce == null)
                                 {
@@ -224,15 +223,13 @@ private AuthorizationRuleCollection GetRules(bool access, bool includeExplicit,
                         }
                         else
                         {
-                            if (ace is ObjectAce)
+                            if (ace is ObjectAce objectAce)
                             {
-                                ObjectAce objectAce = ace as ObjectAce;
-
                                 result.AddRule(AuditRuleFactory(iref, objectAce.AccessMask, objectAce.IsInherited, objectAce.InheritanceFlags, objectAce.PropagationFlags, objectAce.AuditFlags, objectAce.ObjectAceType, objectAce.InheritedObjectAceType));
                             }
                             else
                             {
-                                CommonAce commonAce = ace as CommonAce;
+                                CommonAce? commonAce = ace as CommonAce;
 
                                 if (commonAce == null)
                                 {
@@ -291,8 +288,9 @@ private bool ModifyAccess(AccessControlModification modification, ObjectAccessRu
                 }
             }
 
-            SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
+            SecurityIdentifier sid = (SecurityIdentifier)rule.IdentityReference.Translate(typeof(SecurityIdentifier));
 
+            Debug.Assert(SecurityDescriptor.DiscretionaryAcl != null);
             if (rule.AccessControlType == AccessControlType.Allow)
             {
                 switch (modification)
@@ -431,8 +429,9 @@ private bool ModifyAudit(AccessControlModification modification, ObjectAuditRule
                 }
             }
 
-            SecurityIdentifier sid = rule.IdentityReference.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
+            SecurityIdentifier sid = (SecurityIdentifier)rule.IdentityReference.Translate(typeof(SecurityIdentifier));
 
+            Debug.Assert(SecurityDescriptor.SystemAcl != null);
             switch (modification)
             {
                 case AccessControlModification.Add:
@@ -504,7 +503,7 @@ protected override bool ModifyAccess(AccessControlModification modification, Acc
             //        SR.AccessControl_InvalidAccessRuleType,
             //        "rule");
             //}
-            return ModifyAccess(modification, rule as ObjectAccessRule, out modified);
+            return ModifyAccess(modification, (ObjectAccessRule)rule, out modified);
         }
 
         protected override bool ModifyAudit(AccessControlModification modification, AuditRule rule, out bool modified)
@@ -516,7 +515,7 @@ protected override bool ModifyAudit(AccessControlModification modification, Audi
             //        SR.AccessControl_InvalidAuditRuleType,
             //        "rule");
             //}
-            return ModifyAudit(modification, rule as ObjectAuditRule, out modified);
+            return ModifyAudit(modification, (ObjectAuditRule)rule, out modified);
         }
 #endregion
 

src/libraries/System.IO.FileSystem.AccessControl/src/System/Security/AccessControl/FileSecurity.cs

@@ -19,7 +19,7 @@ public FileSecurity(string fileName, AccessControlSections includeSections)
         {
         }
 
-        internal FileSecurity(SafeFileHandle handle, AccessControlSections includeSections)
+        internal FileSecurity(SafeFileHandle? handle, AccessControlSections includeSections)
             : base(false, handle, includeSections, false)
         {
         }

src/libraries/System.IO.FileSystem.AccessControl/src/System/Security/AccessControl/FileSystemSecurity.cs

@@ -23,14 +23,14 @@ internal FileSystemSecurity(bool isContainer, string name, AccessControlSections
         {
         }
 
-        internal FileSystemSecurity(bool isContainer, SafeFileHandle handle, AccessControlSections includeSections, bool isDirectory)
+        internal FileSystemSecurity(bool isContainer, SafeFileHandle? handle, AccessControlSections includeSections, bool isDirectory)
             : base(isContainer, s_ResourceType, handle, includeSections, _HandleErrorCode, isDirectory)
         {
         }
 
-        private static Exception _HandleErrorCode(int errorCode, string name, SafeHandle handle, object context)
+        private static Exception? _HandleErrorCode(int errorCode, string? name, SafeHandle? handle, object? context)
         {
-            Exception exception = null;
+            Exception? exception = null;
 
             switch (errorCode)
             {
@@ -176,9 +176,7 @@ public bool RemoveAccessRule(FileSystemAccessRule rule)
 
             for (int i = 0; i < rules.Count; i++)
             {
-                FileSystemAccessRule fsrule = rules[i] as FileSystemAccessRule;
-
-                if ((fsrule != null) && (fsrule.FileSystemRights == rule.FileSystemRights)
+                if ((rules[i] is FileSystemAccessRule fsrule) && (fsrule.FileSystemRights == rule.FileSystemRights)
                     && (fsrule.IdentityReference == rule.IdentityReference)
                     && (fsrule.AccessControlType == rule.AccessControlType))
                 {
@@ -222,9 +220,7 @@ public void RemoveAccessRuleSpecific(FileSystemAccessRule rule)
 
             for (int i = 0; i < rules.Count; i++)
             {
-                FileSystemAccessRule fsrule = rules[i] as FileSystemAccessRule;
-
-                if ((fsrule != null) && (fsrule.FileSystemRights == rule.FileSystemRights)
+                if ((rules[i] is FileSystemAccessRule fsrule) && (fsrule.FileSystemRights == rule.FileSystemRights)
                     && (fsrule.IdentityReference == rule.IdentityReference)
                     && (fsrule.AccessControlType == rule.AccessControlType))
                 {