/// <summary>Returns an application domain that can be either a new or existing domain.</summary>
/// <returns>An <see cref="T:System.AppDomain" /> object.</returns>
/// <param name="friendlyName">The friendly name of the domain. </param>
/// <param name="securityInfo">An <see cref="T:System.Security.Policy.Evidence" /> object that contains evidence mapped through the security policy to establish a top-of-stack permission set.</param>
/// <param name="appDomainInfo">An <see cref="T:System.AppDomainSetup" /> object that contains application domain initialization information.</param>
/// <filterpriority>2</filterpriority>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="ControlEvidence, ControlAppDomain, Infrastructure" />
/// </PermissionSet>
public virtual AppDomain CreateDomain(string friendlyName, Evidence securityInfo, AppDomainSetup appDomainInfo)
{
this.InitializeNewDomain(appDomainInfo);
AppDomain appDomain = AppDomainManager.CreateDomainHelper(friendlyName, securityInfo, appDomainInfo);
if ((this.HostSecurityManager.Flags & HostSecurityManagerOptions.HostPolicyLevel) == HostSecurityManagerOptions.HostPolicyLevel)
{
PolicyLevel domainPolicy = this.HostSecurityManager.DomainPolicy;
if (domainPolicy != null)
{
appDomain.SetAppDomainPolicy(domainPolicy);
}
}
return(appDomain);
}
// methods
public virtual AppDomain CreateDomain(string friendlyName, Evidence securityInfo, AppDomainSetup appDomainInfo)
{
InitializeNewDomain(appDomainInfo);
AppDomain ad = CreateDomainHelper(friendlyName, securityInfo, appDomainInfo);
// supply app domain policy ?
if ((HostSecurityManager.Flags & HostSecurityManagerOptions.HostPolicyLevel) == HostSecurityManagerOptions.HostPolicyLevel)
{
PolicyLevel pl = HostSecurityManager.DomainPolicy;
if (pl != null)
{
ad.SetAppDomainPolicy(pl);
}
}
return(ad);
}
/// <summary>
/// Start the script up in its own application domain.
/// </summary>
/// <returns>True if the script was started successfully.</returns>
private bool StartInAppDomain()
{
m_appDomain = AppDomain.CreateDomain(Name, null, m_domainSetup);
if (m_policy != null)
m_appDomain.SetAppDomainPolicy(m_policy);
Root.Unloader unloader = new Root.Unloader(this);
unloader.UnloadRequest += (message) => new Thread(() => {
ErrorString = message;
NotifyProblem("Problem while running " + Name + ".");
Stop();
}).Start();
Type rootT = typeof(Root);
m_root = (Root)m_appDomain.CreateInstanceAndUnwrap(rootT.Assembly.FullName, rootT.FullName);
string outcome = m_root.Start(m_assembly, m_class, m_host, m_world, ID, Name, unloader, m_args);
if (outcome != null) {
KillAppDomain();
ErrorString = outcome;
Console.WriteLine("Problem. Outcome = " + outcome);
return false;
}
return true;
}
/// <summary>
/// Deliver full trust unto the Application Domain.
/// </summary>
/// <param name="ad">The application Domain to apply the security level to.</param>
public static void SetSecurityPolicy(AppDomain ad)
{
PolicyLevel pLevel = PolicyLevel.CreateAppDomainLevel();
PermissionSet ps = new PermissionSet( PermissionState.Unrestricted );
UnionCodeGroup rootCodeGroup = new UnionCodeGroup( new AllMembershipCondition(),
new PolicyStatement( ps, PolicyStatementAttribute.Nothing ) );
pLevel.RootCodeGroup = rootCodeGroup;
ad.SetAppDomainPolicy( pLevel );
}
public void SetAppDomainPolicy_Unloaded ()
{
ad = AppDomain.CreateDomain ("SetAppDomainPolicy_Unloaded");
AppDomain.Unload (ad);
ad.SetAppDomainPolicy (PolicyLevel.CreateAppDomainLevel ());
}
public void SetAppDomainPolicy_Dual ()
{
ad = AppDomain.CreateDomain ("SetAppDomainPolicy_Dual");
PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
PermissionSet ps = new PermissionSet (PermissionState.Unrestricted);
pl.RootCodeGroup.PolicyStatement = new PolicyStatement (ps);
ad.SetAppDomainPolicy (pl);
// only one time!
pl = PolicyLevel.CreateAppDomainLevel ();
ps = new PermissionSet (PermissionState.None);
pl.RootCodeGroup.PolicyStatement = new PolicyStatement (ps);
ad.SetAppDomainPolicy (pl);
}
public void SetAppDomainPolicy_Null ()
{
ad = AppDomain.CreateDomain ("SetAppDomainPolicy_Null");
ad.SetAppDomainPolicy (null);
}
public void SetAppDomainPolicy ()
{
ad = AppDomain.CreateDomain ("SetAppDomainPolicy_Null");
ad.SetAppDomainPolicy (PolicyLevel.CreateAppDomainLevel ());
// not much to see
}
//-----------------------------------------------------------------------------------------------
// private methods
//-----------------------------------------------------------------------------------------------
/// <summary>
/// Written by Abhishek Kumar on March 05, 2007
/// purpose: to initiate the central Application Domain that
/// all Grid Threads will be run on.
///
/// Police and permissions will also be set.
/// ADV: a crash in this App Domain(because of poor code in GThread)
/// does not affect eduGRID's Framework i.e. the Alchemi executor is maintained steady even in error
///
/// initially Alchemi created separate app domains for each Gthread it received.
/// now, instead, we create 1 appdomain and run all gthreads on it
/// the Bot Logic resides in this app domain.
/// (this saves the overhead of initializing bot logic for every Gthread (or every query))
/// </summary>
private void initialize_GridThreadExecutor()
{
if (GridThreadExecutor == null)
{
string appDir = GetApplicationDirectory(_CurTi.ApplicationId);
AppDomainSetup info = new AppDomainSetup();
info.PrivateBinPath = appDir;
GridThreadApplicationDomain = AppDomain.CreateDomain("Central_AppDomain", null, info);
// ***
// http://www.dotnetthis.com/Articles/DynamicSandboxing.htm
PolicyLevel domainPolicy = PolicyLevel.CreateAppDomainLevel();
AllMembershipCondition allCodeMC = new AllMembershipCondition();
// TODO: 'FullTrust' in the following line needs to be replaced with something like 'AlchemiGridThread'
// This permission set needs to be defined and set automatically as part of the installation.
PermissionSet internetPermissionSet = domainPolicy.GetNamedPermissionSet("FullTrust");
PolicyStatement internetPolicyStatement = new PolicyStatement(internetPermissionSet);
CodeGroup allCodeInternetCG = new UnionCodeGroup(allCodeMC, internetPolicyStatement);
domainPolicy.RootCodeGroup = allCodeInternetCG;
GridThreadApplicationDomain.SetAppDomainPolicy(domainPolicy);
GridThreadExecutor = (AppDomainExecutor) GridThreadApplicationDomain.CreateInstanceFromAndUnwrap(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "Alchemi.Executor.dll"), "Alchemi.Executor.AppDomainExecutor");
}
if (!GridThreadExecutor.Initialized)
{
try
{
GridThreadExecutor.initialize();
}
catch (Exception ex)
{
throw new Exception("Error during initialization of GridThreadExecutor");
}
}
}
/// <summary>
/// Start the script up in its own application domain.
/// </summary>
/// <returns>True if the script was started successfully.</returns>
private bool StartInAppDomain()
{
m_appDomain = AppDomain.CreateDomain(Name, null, m_domainSetup);
if (m_policy != null)
m_appDomain.SetAppDomainPolicy(m_policy);
Root.Unloader unloader = new Root.Unloader(this);
unloader.UnloadRequest += (message) => new Thread(() => {
ErrorString = message;
NotifyProblem("Problem while running " + Name + ".");
Stop();
}).Start();
try {
Type rootT = typeof(Root);
m_log.Debug("[" + Type + "] Creating sandboxed script.");
m_root = (Root)m_appDomain.CreateInstanceAndUnwrap(rootT.Assembly.FullName, rootT.FullName);
m_log.Debug("[" + Type + "] Starting sandboxed script.");
string outcome = m_root.Start(m_assembly, m_class, m_host, m_world, ID, Name, unloader, m_args);
if (outcome != null) {
KillAppDomain();
ErrorString = outcome;
return false;
}
return true;
} catch (Exception e) {
KillAppDomain();
ErrorString = "Unable to start MRM." + e.Message + "\n" + e.StackTrace;
while (e.InnerException != null) {
e = e.InnerException;
ErrorString += "\n\nInner Exception: " + e.Message + "\n" + e.StackTrace;
}
return false;
}
}