public void Defaults()
{
HostSecurityManager hsm = new HostSecurityManager();
Assert.IsNull(hsm.DomainPolicy, "DomainPolicy");
Assert.AreEqual(HostSecurityManagerOptions.AllFlags, hsm.Flags, "Flags");
}
public static bool DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext context)
{
if (activationContext == null)
{
throw new ArgumentNullException("activationContext");
}
ApplicationTrust appTrust = null;
AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager;
if (domainManager != null)
{
HostSecurityManager securityManager = domainManager.HostSecurityManager;
if ((securityManager != null) && ((securityManager.Flags & HostSecurityManagerOptions.HostDetermineApplicationTrust) == HostSecurityManagerOptions.HostDetermineApplicationTrust))
{
appTrust = securityManager.DetermineApplicationTrust(CmsUtils.MergeApplicationEvidence(null, activationContext.Identity, activationContext, null), null, context);
if (appTrust == null)
{
return(false);
}
return(appTrust.IsApplicationTrustedToRun);
}
}
appTrust = DetermineApplicationTrustInternal(activationContext, context);
if (appTrust == null)
{
return(false);
}
return(appTrust.IsApplicationTrustedToRun);
}
public static void CallMethods()
{
HostSecurityManager hsm = new HostSecurityManager();
Policy.ApplicationTrust at = hsm.DetermineApplicationTrust(new Policy.Evidence(), new Policy.Evidence(), new Policy.TrustManagerContext());
Policy.Evidence e = hsm.ProvideAppDomainEvidence(new Policy.Evidence());
}
private static Evidence UpgradeSecurityIdentity(Evidence peFileEvidence, RuntimeAssembly targetAssembly)
{
Contract.Assert(peFileEvidence != null);
Contract.Assert(targetAssembly != null);
Contract.Assert(peFileEvidence.Target is PEFileEvidenceFactory, "Expected upgrade path is from PEFile to Assembly");
peFileEvidence.Target = new AssemblyEvidenceFactory(targetAssembly,
peFileEvidence.Target as PEFileEvidenceFactory);
// Whidbey hosts would provide evidence for assemblies up front rather than on demand. If there
// is a HostSecurityManager which does want to provide evidence, then we should provide it the
// opprotunity to do the same for compatibility.
HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager;
if ((securityManager.Flags & HostSecurityManagerOptions.HostAssemblyEvidence) == HostSecurityManagerOptions.HostAssemblyEvidence)
{
peFileEvidence = securityManager.ProvideAssemblyEvidence(targetAssembly, peFileEvidence);
if (peFileEvidence == null)
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_NullHostEvidence", securityManager.GetType().FullName, targetAssembly.FullName));
}
}
return(peFileEvidence);
}
private void QueryHostForPossibleEvidenceTypes()
{
if (AppDomain.CurrentDomain.DomainManager != null)
{
HostSecurityManager hostSecurityManager = AppDomain.CurrentDomain.DomainManager.HostSecurityManager;
if (hostSecurityManager != null)
{
Type[] hostSuppliedAssemblyEvidenceTypes = null;
AppDomain target = this.m_target.Target as AppDomain;
Assembly assembly = this.m_target.Target as Assembly;
if ((assembly != null) && ((hostSecurityManager.Flags & HostSecurityManagerOptions.HostAssemblyEvidence) == HostSecurityManagerOptions.HostAssemblyEvidence))
{
hostSuppliedAssemblyEvidenceTypes = hostSecurityManager.GetHostSuppliedAssemblyEvidenceTypes(assembly);
}
else if ((target != null) && ((hostSecurityManager.Flags & HostSecurityManagerOptions.HostAppDomainEvidence) == HostSecurityManagerOptions.HostAppDomainEvidence))
{
hostSuppliedAssemblyEvidenceTypes = hostSecurityManager.GetHostSuppliedAppDomainEvidenceTypes();
}
if (hostSuppliedAssemblyEvidenceTypes != null)
{
foreach (Type type in hostSuppliedAssemblyEvidenceTypes)
{
this.GetEvidenceTypeDescriptor(type, true).HostCanGenerate = true;
}
}
}
}
}
public void ResolvePolicy_Empty()
{
HostSecurityManager hsm = new HostSecurityManager();
PermissionSet ps = hsm.ResolvePolicy(new Evidence());
Assert.AreEqual(0, ps.Count, "Count");
Assert.IsFalse(ps.IsUnrestricted(), "IsUnrestricted");
}
public MyAppDomainManager()
{
Console.WriteLine(" My AppDomain Manager ");
mySecurityManager = AppDomain.CurrentDomain.CreateInstanceAndUnwrap(
"CustomSecurityManager, Version=1.0.0.3, Culture=neutral, " +
"PublicKeyToken=5659fc598c2a503e",
"MyNamespace.MySecurityManager") as HostSecurityManager;
Console.WriteLine(" Custom Security Manager Created.");
}
public void ResolvePolicy_CurrentAssemblyEvidence()
{
HostSecurityManager hsm = new HostSecurityManager();
Assembly a = Assembly.GetExecutingAssembly();
PermissionSet ps = hsm.ResolvePolicy(a.Evidence);
PermissionSet expected = SecurityManager.ResolvePolicy(a.Evidence);
Assert.AreEqual(expected.ToString(), ps.ToString(), "PermissionSet");
}
private static Evidence UpgradeSecurityIdentity(Evidence peFileEvidence, RuntimeAssembly targetAssembly)
{
peFileEvidence.Target = new AssemblyEvidenceFactory(targetAssembly, peFileEvidence.Target as PEFileEvidenceFactory);
HostSecurityManager hostSecurityManager = AppDomain.CurrentDomain.HostSecurityManager;
if ((hostSecurityManager.Flags & HostSecurityManagerOptions.HostAssemblyEvidence) == HostSecurityManagerOptions.HostAssemblyEvidence)
{
peFileEvidence = hostSecurityManager.ProvideAssemblyEvidence(targetAssembly, peFileEvidence);
if (peFileEvidence == null)
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_NullHostEvidence", new object[] { hostSecurityManager.GetType().FullName, targetAssembly.FullName }));
}
}
return(peFileEvidence);
}
public void ProvideAppDomainEvidence()
{
HostSecurityManager hsm = new HostSecurityManager();
Assert.IsNull(hsm.ProvideAppDomainEvidence(null), "null");
Evidence e = new Evidence();
Evidence result = hsm.ProvideAppDomainEvidence(e);
Assert.IsNotNull(result, "empty");
Assert.AreEqual(0, result.Count, "Count-0");
e.AddHost(new Zone(SecurityZone.Untrusted));
result = hsm.ProvideAppDomainEvidence(e);
Assert.AreEqual(1, result.Count, "Count-1");
}
public void ProvideAssemblyEvidence_NullAssembly()
{
HostSecurityManager hsm = new HostSecurityManager();
Evidence result = hsm.ProvideAssemblyEvidence(null, null);
Assert.IsNull(result, "null");
Evidence e = new Evidence();
result = hsm.ProvideAssemblyEvidence(null, e);
Assert.AreEqual(0, result.Count, "Count-empty");
e.AddHost(new Zone(SecurityZone.Untrusted));
result = hsm.ProvideAssemblyEvidence(null, e);
Assert.AreEqual(1, result.Count, "Count-1");
}
protected static ObjectHandle CreateInstanceHelper(AppDomainSetup adSetup)
{
if (adSetup == null)
{
throw new ArgumentNullException("adSetup");
}
if (adSetup.ActivationArguments == null)
{
string msg = Locale.GetText("{0} is missing it's {1} property");
throw new ArgumentException(String.Format(msg, "AppDomainSetup", "ActivationArguments"), "adSetup");
}
HostSecurityManager hsm = null;
if (AppDomain.CurrentDomain.DomainManager != null)
{
hsm = AppDomain.CurrentDomain.DomainManager.HostSecurityManager;
}
else
{
hsm = new HostSecurityManager(); // default
}
Evidence applicationEvidence = new Evidence();
applicationEvidence.AddHost(adSetup.ActivationArguments);
TrustManagerContext context = new TrustManagerContext();
ApplicationTrust trust = hsm.DetermineApplicationTrust(applicationEvidence, null, context);
if (!trust.IsApplicationTrustedToRun)
{
string msg = Locale.GetText("Current policy doesn't allow execution of addin.");
throw new PolicyException(msg);
}
// FIXME: we're missing the information from the manifest
AppDomain ad = AppDomain.CreateDomain("friendlyName", null, adSetup);
return(ad.CreateInstance("assemblyName", "typeName", null));
}
[System.Security.SecuritySafeCritical] // auto-generated
protected static ObjectHandle CreateInstanceHelper(AppDomainSetup adSetup)
{
if (adSetup.ActivationArguments == null)
{
throw new ArgumentException(Environment.GetResourceString("Arg_MissingActivationArguments"));
}
Contract.EndContractBlock();
adSetup.ActivationArguments.ActivateInstance = true;
// inherit the caller's domain evidence for the activation.
Evidence activatorEvidence = AppDomain.CurrentDomain.Evidence;
// add the application identity as an evidence.
Evidence appEvidence = CmsUtils.MergeApplicationEvidence(null,
adSetup.ActivationArguments.ApplicationIdentity,
adSetup.ActivationArguments.ActivationContext,
adSetup.ActivationArguments.ActivationData);
HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager;
ApplicationTrust appTrust = securityManager.DetermineApplicationTrust(appEvidence, activatorEvidence, new TrustManagerContext());
if (appTrust == null || !appTrust.IsApplicationTrustedToRun)
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"),
System.__HResults.CORSEC_E_NO_EXEC_PERM,
null);
}
ObjRef or = AppDomain.nCreateInstance(adSetup.ActivationArguments.ApplicationIdentity.FullName,
adSetup,
appEvidence,
appEvidence == null ? AppDomain.CurrentDomain.InternalEvidence : null,
AppDomain.CurrentDomain.GetSecurityDescriptor());
if (or == null)
{
return(null);
}
return(RemotingServices.Unmarshal(or) as ObjectHandle);
}
protected static ObjectHandle CreateInstanceHelper(AppDomainSetup adSetup)
{
if (adSetup.ActivationArguments == null)
{
throw new ArgumentException(Environment.GetResourceString("Arg_MissingActivationArguments"));
}
adSetup.ActivationArguments.ActivateInstance = true;
Evidence evidence = AppDomain.CurrentDomain.Evidence;
Evidence evidence2 = CmsUtils.MergeApplicationEvidence(null, adSetup.ActivationArguments.ApplicationIdentity, adSetup.ActivationArguments.ActivationContext, adSetup.ActivationArguments.ActivationData);
HostSecurityManager hostSecurityManager = AppDomain.CurrentDomain.HostSecurityManager;
ApplicationTrust applicationTrust = hostSecurityManager.DetermineApplicationTrust(evidence2, evidence, new TrustManagerContext());
if (applicationTrust == null || !applicationTrust.IsApplicationTrustedToRun)
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"), -2146233320, null);
}
ObjRef objRef = AppDomain.nCreateInstance(adSetup.ActivationArguments.ApplicationIdentity.FullName, adSetup, evidence2, (evidence2 == null) ? AppDomain.CurrentDomain.InternalEvidence : null, AppDomain.CurrentDomain.GetSecurityDescriptor());
if (objRef == null)
{
return(null);
}
return(RemotingServices.Unmarshal(objRef) as ObjectHandle);
}
/// <summary>Creates an instance of an application using the specified <see cref="T:System.AppDomainSetup" /> object.</summary>
/// <returns>An <see cref="T:System.Runtime.Remoting.ObjectHandle" /> that is a wrapper for the return value of the application execution. The return value must be unwrapped to access the real object. </returns>
/// <param name="adSetup">An <see cref="T:System.AppDomainSetup" /> object whose <see cref="P:System.AppDomainSetup.ActivationArguments" /> property identifies the application to activate.</param>
/// <exception cref="T:System.ArgumentException">The <see cref="P:System.AppDomainSetup.ActivationArguments" /> property of <paramref name="adSetup " />is null. </exception>
/// <exception cref="T:System.Security.Policy.PolicyException">The application instance failed to execute because the policy settings on the current application domain do not provide permission for this application to run.</exception>
protected static ObjectHandle CreateInstanceHelper(AppDomainSetup adSetup)
{
if (adSetup == null)
{
throw new ArgumentNullException("adSetup");
}
if (adSetup.ActivationArguments == null)
{
string text = Locale.GetText("{0} is missing it's {1} property");
throw new ArgumentException(string.Format(text, "AppDomainSetup", "ActivationArguments"), "adSetup");
}
HostSecurityManager hostSecurityManager;
if (AppDomain.CurrentDomain.DomainManager != null)
{
hostSecurityManager = AppDomain.CurrentDomain.DomainManager.HostSecurityManager;
}
else
{
hostSecurityManager = new HostSecurityManager();
}
Evidence evidence = new Evidence();
evidence.AddHost(adSetup.ActivationArguments);
TrustManagerContext context = new TrustManagerContext();
ApplicationTrust applicationTrust = hostSecurityManager.DetermineApplicationTrust(evidence, null, context);
if (!applicationTrust.IsApplicationTrustedToRun)
{
string text2 = Locale.GetText("Current policy doesn't allow execution of addin.");
throw new PolicyException(text2);
}
AppDomain appDomain = AppDomain.CreateDomain("friendlyName", null, adSetup);
return(appDomain.CreateInstance("assemblyName", "typeName", null));
}
public static void CallMethods()
{
HostSecurityManager hsm = new HostSecurityManager();
ApplicationTrust at = hsm.DetermineApplicationTrust(new Evidence(), new Evidence(), new TrustManagerContext());
Evidence e = hsm.ProvideAppDomainEvidence(new Evidence());
}
public void DetermineApplicationTrust_Evidence_Evidence_Null()
{
HostSecurityManager hsm = new HostSecurityManager();
hsm.DetermineApplicationTrust(new Evidence(), new Evidence(), null);
}
public void DetermineApplicationTrust_Evidence_Null_TrustManagerContext()
{
HostSecurityManager hsm = new HostSecurityManager();
hsm.DetermineApplicationTrust(new Evidence(), null, new TrustManagerContext());
}
public void ResolvePolicy_Null()
{
HostSecurityManager hsm = new HostSecurityManager();
PermissionSet ps = hsm.ResolvePolicy(null);
}