static void Main(String[] args) {
if (args.Length < 2) {
Console.WriteLine("Usage: sandbox <directory> <assembly> [allowed_files ...]");
return;
}
AppDomainSetup adSetup = new AppDomainSetup();
adSetup.ApplicationBase = Path.GetFullPath(args[0]);
PermissionSet permSet = new PermissionSet(PermissionState.None);
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
permSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess));
permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, Path.GetFullPath(args[1])));
for (int i = 2; i < args.Length; ++i)
permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, args[i]));
StrongName fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();
AppDomain newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, fullTrustAssembly);
ObjectHandle handle = Activator.CreateInstanceFrom(
newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName,
typeof(Sandboxer).FullName
);
Sandboxer newDomainInstance = (Sandboxer) handle.Unwrap();
Environment.Exit(newDomainInstance.ExecuteUntrustedCode(Path.GetFullPath(args[1])));
}
public static void Main()
{
var CreateSomeFile = CSScript.LoadMethod(
@"using System.IO;
public static void Test()
{
try
{
using (var f = File.Open(""somefile.txt"", FileMode.OpenOrCreate))
Console.WriteLine(""File.Open: success"");
}
catch (Exception e)
{
Console.WriteLine(e.GetType().ToString() + "": "" + e.Message);
}
}")
.GetStaticMethod();
var permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
CreateSomeFile(); //call will secceed as as the set of permisions is a default permissions set for this assembly
Sandbox.With(SecurityPermissionFlag.Execution) //call will fail as the set of permissions is insufficient
.Execute(()=>CreateSomeFile());
CreateSomeFile(); //call will secceed as as the set of permisions set back to default
//this is a logical equivalent of Sandbox.With.Execute syntactic sugar
ExecuteInSandbox(permissionSet, //call will fail as the set of permissions is insufficient
()=>CreateSomeFile());
CreateSomeFile(); //call will secceed as as the set of permisions set back to default
}
public static void Main()
{
//创建文件 IO 读取权限
FileIOPermission FileIOReadPermission = new FileIOPermission(PermissionState.None);
FileIOReadPermission.AllLocalFiles = FileIOPermissionAccess.Read;
//创建基本权限集
PermissionSet BasePermissionSet = new PermissionSet(PermissionState.None); // PermissionState.Unrestricted 用于完全信任
BasePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
PermissionSet grantset = BasePermissionSet.Copy();
grantset.AddPermission(FileIOReadPermission);
//编写示例源文件以读取
System.IO.File.WriteAllText("TEST.TXT", "File Content");
//-------- 完全信任地调用方法 --------
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
ReadFileMethod();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
//-------- 创建具有文件 IO 读取权限的 AppDomain --------
AppDomain sandbox = AppDomain.CreateDomain("Sandboxed AppDomain With FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset, null);
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
sandbox.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
//-------- 创建没有文件 IO 读取权限的 AppDomain --------
//应当引发安全异常
PermissionSet grantset2 = BasePermissionSet.Copy();
AppDomain sandbox2 = AppDomain.CreateDomain("Sandboxed AppDomain Without FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset2, null);
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
sandbox2.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.WriteLine("");
Console.WriteLine("Press any key to end.");
Console.ReadKey();
}
private static void SecurityExample() {
ProxyType highSecurityObject = new ProxyType();
highSecurityObject.AttemptAccess("High"); // Works OK
PermissionSet grantSet = new PermissionSet(PermissionState.None);
grantSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
AppDomain lowSecurityAppDomain = AppDomain.CreateDomain("LowSecurity", null, new AppDomainSetup() { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory }, grantSet, null);
ProxyType lowSecurityObject = (ProxyType)lowSecurityAppDomain.CreateInstanceAndUnwrap(typeof(ProxyType).Assembly.ToString(), typeof(ProxyType).FullName);
lowSecurityObject.DoSomething(highSecurityObject);
Console.ReadLine();
}
public static void Main(string[] args)
{
try
{
// Create a new, empty permission set so we don't mistakenly grant some permission we don't want
PermissionSet permissionSet = new PermissionSet(PermissionState.None);
// Set the permissions that you will allow, in this case we only want to allow execution of code
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
// Make sure we have the permissions currently
permissionSet.Demand();
// Create the security policy level for this application domain
PolicyLevel policyLevel = PolicyLevel.CreateAppDomainLevel();
// Give the policy level's root code group a new policy statement based on the new permission set.
policyLevel.RootCodeGroup.PolicyStatement = new PolicyStatement(permissionSet);
CSScript.GlobalSettings.AddSearchDir(Environment.CurrentDirectory);
File.Copy("Danger.cs", "Danger1.cs", true);
var script = new AsmHelper(CSScript.Load("Danger.cs"));
// Update the application domain's policy now
AppDomain.CurrentDomain.SetAppDomainPolicy(policyLevel);
var script1 = new AsmHelper(CSScript.Load("Danger1.cs"));
Console.WriteLine();
Console.WriteLine("Access local file from host application assembly...");
using (FileStream f = File.Open("somefile.txt", FileMode.OpenOrCreate)) //OK because executing assembly was loaded before the new policy set
Console.WriteLine(" Ok");
Console.WriteLine();
Console.WriteLine("Access local file from Script assembly (before security policy set)...");
script.Invoke("*.SayHello"); //OK because executing assembly was loaded before the new policy set
Console.WriteLine();
Console.WriteLine("Access local file from Script assembly (after security policy set)...\n");
script1.Invoke("*.SayHello"); //ERROR because executing assembly was loaded after the new policy set
Console.WriteLine("The end...");
}
catch (Exception e)
{
Console.WriteLine();
Console.WriteLine(e.Message);
Console.WriteLine();
}
}
public void NoPermissionToReadFileWhenCreated()
{
FileIOPermission denyPermission =
new FileIOPermission(FileIOPermissionAccess.Read, Path.GetFullPath("TestFile"));
PermissionSet permissions = new PermissionSet(PermissionState.None);
permissions.AddPermission(denyPermission);
permissions.Deny();
try
{
new FileDependency("TestFile");
}
finally
{
CodeAccessPermission.RevertDeny();
}
}
static public int Main (string[] args)
{
object[] attrs = Assembly.GetExecutingAssembly ().GetCustomAttributes (false);
for (int i = 0; i < attrs.Length; i++) {
if (attrs [i] is PermissionSetAttribute) {
PermissionSetAttribute psa = (attrs [i] as PermissionSetAttribute);
Console.WriteLine ("{0} - {1}", psa.Action, psa.CreatePermissionSet ());
} else if (attrs [i] is SecurityAttribute) {
SecurityAttribute sa = (attrs [i] as SecurityAttribute);
IPermission p = sa.CreatePermission ();
PermissionSet ps = new PermissionSet (PermissionState.None);
ps.AddPermission (p);
Console.WriteLine ("{0} - {1}", sa.Action, ps);
} else {
Console.WriteLine (attrs [i]);
}
}
return 0;
}
public void DisconnectRemoteObjectsAfterCrossDomainCallsOnDispose()
{
// Arrange
var prefix = Guid.NewGuid().ToString();
var cde = new CountdownEvent(2);
var tracker = new InMemoryRemoteObjectTracker(cde, prefix);
TrackingServices.RegisterTrackingHandler(tracker);
// Set the minimum permissions needed to run code in the new AppDomain
PermissionSet permSet = new PermissionSet(PermissionState.None);
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
var remote = AppDomain.CreateDomain("Remote", null, AppDomain.CurrentDomain.SetupInformation, permSet);
// Act
try
{
using (_tracer.StartActive($"{prefix}test-span"))
{
remote.DoCallBack(AppDomainHelpers.EmptyCallback);
using (_tracer.StartActive($"{prefix}test-span-inner"))
{
remote.DoCallBack(AppDomainHelpers.EmptyCallback);
}
}
}
finally
{
AppDomain.Unload(remote);
}
// Ensure that we wait long enough for the lease manager poll to occur.
// Even though we reset LifetimeServices.LeaseManagerPollTime to a shorter duration,
// the default value is 10 seconds so the first poll may not be affected by our modification
bool eventSet = cde.Wait(TimeSpan.FromSeconds(30));
// Assert
Assert.True(eventSet);
Assert.Equal(2, tracker.DisconnectCount);
}
private ApplicationProxyInternal CreateAppDomainForLooseXaml(Uri uri)
{
PermissionSet permissionSet = new PermissionSet(null);
permissionSet.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open));
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
permissionSet.AddPermission(new UIPermission(UIPermissionWindow.SafeTopLevelWindows));
permissionSet.AddPermission(new UIPermission(UIPermissionClipboard.OwnClipboard));
permissionSet.AddPermission(SystemDrawingHelper.NewSafePrintingPermission());
permissionSet.AddPermission(new MediaPermission(MediaPermissionAudio.SafeAudio, MediaPermissionVideo.SafeVideo, MediaPermissionImage.SafeImage));
permissionSet.AddPermission(new WebBrowserPermission(WebBrowserPermissionLevel.Safe));
permissionSet = PresentationHostSecurityManager.AddPermissionForUri(permissionSet, uri);
string text = "XamlViewer";
string moduleFileName = UnsafeNativeMethods.GetModuleFileName(new HandleRef(null, UnsafeNativeMethods.GetModuleHandle("PresentationHost_v0400.dll")));
string appBasePath = Path.GetDirectoryName(moduleFileName) + "\\" + text;
return(this.CreateAppDomainAndAppProxy(text, appBasePath, permissionSet));
}
static void Main(string[] args)
{
// Non-sandboxed use of Utility
Utility utility = new Utility();
utility.PrintDomain();
utility.Foo();
//Setting the AppDomainSetup. It is very important to set the ApplicationBase to a folder
//other than the one in which the sandboxer resides.
AppDomainSetup adSetup = new AppDomainSetup();
adSetup.ApplicationBase = Path.GetFullPath(pathToUntrusted);
//Setting the permissions for the AppDomain. We give the permission to execute and to
//read/discover the location where the untrusted code is loaded.
PermissionSet permSet = new PermissionSet(PermissionState.None);
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
//Now we have everything we need to create the sandbox AppDomain, so let's create it.
AppDomain sandbox = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet);
// Load the suspect assembly into the sandbox (the new application domain)
var suspectAsm = sandbox.Load(suspectAssembly);
// Uses CreateInstanceAndUnwrap to create an instance of the Utility class in the Sandbox
Utility sandboxedUtility = (Utility)sandbox.CreateInstanceAndUnwrap(suspectAsm.FullName, "SuspectAssembly.Utility");
try
{
sandboxedUtility.PrintDomain();
sandboxedUtility.Foo();
}
catch (SecurityException ex)
{
Console.WriteLine("The Utility class did something it was not allowed to,\n which caused a SecurityException to be thrown!");
Console.WriteLine(ex.Message);
}
Console.ReadLine();
}
public static PermissionSet CreatePermissionSet(bool includeReflectionPermission)
{
PermissionSet permissionsSet = new PermissionSet(null);
permissionsSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
permissionsSet.AddPermission(new SocketPermission(PermissionState.Unrestricted));
permissionsSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));
permissionsSet.AddPermission(new DnsPermission(PermissionState.Unrestricted));
permissionsSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
permissionsSet.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted));
if (includeReflectionPermission)
{
permissionsSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
}
return(permissionsSet);
}
/// <summary>
/// Creates a sandbox for testing.
/// </summary>
/// <param name="permissions">Additional permissions</param>
/// <returns></returns>
public static AppDomain SandboxCreator(IEnumerable <IPermission> permissions)
{
CheckMono();
#if RAZOR4
Assert.Ignore("IsolatedRazorEngineServiceTestFixture is not tested with razor 4 as it is not signed!");
#endif
#if MONO
// Mono has no AddHostEvidence or GetHostEvidence.
// We do not run the tests anyway.
return(null);
#else
Evidence ev = new Evidence();
ev.AddHostEvidence(new Zone(SecurityZone.Internet));
PermissionSet permSet = SecurityManager.GetStandardSandbox(ev);
if (permissions != null)
{
foreach (IPermission permission in permissions)
{
permSet.AddPermission(permission);
}
}
// We have to load ourself with full trust
StrongName razorEngineAssembly = typeof(RazorEngineService).Assembly.Evidence.GetHostEvidence <StrongName>();
// We have to load Razor with full trust (so all methods are SecurityCritical)
// This is because we apply AllowPartiallyTrustedCallers to RazorEngine, because
// We need the untrusted (transparent) code to be able to inherit TemplateBase.
// Because in the normal environment/appdomain we run as full trust and the Razor assembly has no security attributes
// it will be completely SecurityCritical.
// This means we have to mark a lot of our members SecurityCritical (which is fine).
// However in the sandbox domain we have partial trust and because razor has no Security attributes that means the
// code will be transparent (this is where we get a lot of exceptions, because we now have different security attributes)
// To work around this we give Razor full trust in the sandbox as well.
StrongName razorAssembly = typeof(RazorTemplateEngine).Assembly.Evidence.GetHostEvidence <StrongName>();
// We trust ourself as well
StrongName testAssembly = typeof(IsolatedRazorEngineServiceTestFixture).Assembly.Evidence.GetHostEvidence <StrongName>();
AppDomainSetup adSetup = new AppDomainSetup();
adSetup.ApplicationBase = AppDomain.CurrentDomain.SetupInformation.ApplicationBase;
AppDomain newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, razorEngineAssembly, razorAssembly, testAssembly);
return(newDomain);
#endif
}
public void ExportToFile(string filename)
{
var permissionSet = new PermissionSet(PermissionState.None);
var writePermission = new FileIOPermission(FileIOPermissionAccess.Write, filename);
permissionSet.AddPermission(writePermission);
if (permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet))
{
//using (FileStream fstream = new FileStream(filename, FileMode.Create))
//using (TextWriter writer = new StreamWriter(fstream))
//{
// // try catch block for write permissions
// writer.WriteLine("sometext");
//}
}
else
{
//perform some recovery action here
}
}
internal void Init(string rule, byte[] il, byte[] pdb)
{
_assembly = Assembly.Load(il, pdb);
_grammarType = GetTypeForRule(_assembly, rule);
if (_grammarType == null)
{
throw new FormatException(SR.Get(SRID.RecognizerRuleNotFoundStream, rule));
}
_rule = rule;
try
{
_grammar = (Grammar)_assembly.CreateInstance(_grammarType.FullName);
}
catch (MissingMemberException)
{
throw new ArgumentException(SR.Get(SRID.RuleScriptInvalidParameters, _grammarType.FullName, rule), "rule");
}
_internetPermissionSet = PolicyLevel.CreateAppDomainLevel().GetNamedPermissionSet("Internet");
_internetPermissionSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
}
public static bool IsTracingAvailable()
{
bool tracingAvailable = false;
try
{
var permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));
#if NETSTANDARD2_0
tracingAvailable = false;
#else
tracingAvailable = permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet);
#endif
}
catch (SecurityException)
{ }
return(tracingAvailable);
}
public static T ReadXml <T>(string path)
{
using (FileStream fileStream = new FileStream(path, FileMode.Open))
{
XmlUrlResolver resolver = new XmlUrlResolver();
resolver.Credentials = CredentialCache.DefaultCredentials;
PermissionSet ps = new PermissionSet(PermissionState.None);
ps.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, path));
XmlReaderSettings readerSettings = new XmlReaderSettings();
readerSettings.XmlResolver = new XmlSecureResolver(resolver, ps);
readerSettings.ValidationType = ValidationType.Schema;
readerSettings.Schemas.Add(FabricNamespace, Path.Combine(TestUtility.TestDirectory, "ServiceFabricServiceModel.xsd"));
XmlSerializer xmlSerializer = new XmlSerializer(typeof(T));
XmlReader reader = XmlReader.Create(fileStream, readerSettings);
return((T)xmlSerializer.Deserialize(reader));
}
}
internal static bool CallerHasPermissionWithAppDomainOptimization(params IPermission[] permissionsToCheck)
{
if (permissionsToCheck == null)
{
return(true);
}
PermissionSet permissionSet = new PermissionSet(PermissionState.None);
for (int i = 0; i < permissionsToCheck.Length; i++)
{
permissionSet.AddPermission(permissionsToCheck[i]);
}
PermissionSet permissionSet2 = AppDomain.CurrentDomain.PermissionSet;
if (permissionSet.IsSubsetOf(permissionSet2))
{
return(true);
}
return(false);
}
/// <summary>
/// Return null if fail to load dll
/// </summary>
/// <param name="pluginFileName">for individual namespaces</param>
/// <returns></returns>
public static IPlugin LoadPartiallyTrustedPlugin(
string pluginFileName)
{
// https://docs.microsoft.com/en-us/dotnet/framework/misc/how-to-run-partially-trusted-code-in-a-sandbox
//Setting the AppDomainSetup. It is very important to set the ApplicationBase to a folder
//other than the one in which the sandboxer resides.
AppDomainSetup adSetup = new AppDomainSetup();
adSetup.ApplicationBase = Path.GetFullPath(Properties.Resources.PluginsFolderName);
//Setting the permissions for the AppDomain. We give the permission to execute and to
//read/discover the location where the untrusted code is loaded.
PermissionSet permSet = new PermissionSet(PermissionState.None);
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
//We want the sandboxer assembly's strong name, so that we can add it to the full trust list.
StrongName fullTrustAssembly = typeof(Plugin.Sandboxer).Assembly.Evidence.GetHostEvidence <StrongName>();
//Now we have everything we need to create the AppDomain, so let's create it.
AppDomain newDomain = AppDomain.CreateDomain("Sandbox" + pluginFileName, null, adSetup, permSet, fullTrustAssembly);
//Use CreateInstanceFrom to load an instance of the Sandboxer class into the
//new AppDomain.
ObjectHandle handle = Activator.CreateInstanceFrom(
newDomain,
typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName,
typeof(Sandboxer).FullName);
//Unwrap the new domain instance into a reference in this domain and use it to execute the
//untrusted code.
var box = handle.Unwrap() as Sandboxer;
// only host can read file
var pluginType = LoadPluginTypeFromAssembly(
LoadAssemblyFromFile(pluginFileName));
box.auxPlugin = box.CreatePartiallyTrustedPluginInstance(pluginType);
return(box.auxPlugin == null ? null : box);
}
/// <summary>
/// 写入配置文件
/// </summary>
/// <param name="configPath">配置文件相对路径</param>
/// <param name="obj">新的内容实体</param>
/// <returns></returns>
public static bool SaveConfig(ConfigFileEnum config, object obj)
{
string configPath = IOHelper.GetMapPath(EnumHelper.GetEnumShowName(typeof(ConfigFileEnum), (int)config));
var permissionSet = new PermissionSet(PermissionState.None);
var writePermission = new FileIOPermission(FileIOPermissionAccess.Write, configPath);
permissionSet.AddPermission(writePermission);
if (permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet))
{
lock (lockHelper)
{
IOHelper.SerializeToXml(obj, configPath);
}
return(true);
}
else
{
return(false);//没有写入权限
}
}
public void NoPermissionToReadWhenCheckingExpiration()
{
FileDependency dependency = new FileDependency("TestFile");
FileIOPermission denyPermission =
new FileIOPermission(FileIOPermissionAccess.Read, Path.GetFullPath("TestFile"));
PermissionSet permissions = new PermissionSet(PermissionState.None);
permissions.AddPermission(denyPermission);
permissions.Deny();
try
{
dependency.HasExpired();
}
finally
{
CodeAccessPermission.RevertDeny();
}
}
static void Main()
{
var permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
// NOTE: если выдать разрешение permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, "c:/temp"));
// будет работать
AppDomainSetup setup = AppDomain.CurrentDomain.SetupInformation;
AppDomain newDomain = AppDomain.CreateDomain(
"Sandboxed domain", AppDomain.CurrentDomain.Evidence, setup, permissionSet);
ObjectHandle oh = newDomain.CreateInstance("RequireFileIOPermissionsDemo",
"RequireFileIOPermissionsDemo.RequirePermissionsDemo");
object unwrapObject = oh.Unwrap();
var io = unwrapObject as RequirePermissionsDemo;
const string path = @"c:\temp\file.txt";
Console.WriteLine("has {0}permissions to write to {1}",
io != null && io.RequireFilePermissions(path) ? null : "no ", path);
}
public Sandbox(string assemblyPath, string method)
{
// Gives the loaded assembly the ability to be executed
PermissionSet permSet = new PermissionSet(PermissionState.None);
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
AppDomainSetup adSetup = new AppDomainSetup();
adSetup.ApplicationName = "AppDomainSetup";
AppDomain domain = AppDomain.CreateDomain("SandboxDomain");
ObjectHandle handle = Activator.CreateInstanceFrom(domain,
typeof(Sandbox).Assembly.ManifestModule.FullyQualifiedName,
typeof(Sandbox).FullName);
Sandbox sandboxInstance = (Sandbox)handle.Unwrap();
SimulationMethodOutput = sandboxInstance.ExecuteAssembly(assemblyPath, "Simulation.MainClass",
method);
AppDomain.Unload(domain);
}
private bool hasWriteAccessToFolder(string folderPath)
{
try
{
var permission = new FileIOPermission(FileIOPermissionAccess.Write, folderPath);
var permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(permission);
if (permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet))
{
return(true);
}
else
{
return(false);
}
}
catch (UnauthorizedAccessException)
{
return(false);
}
}
private ApplicationProxyInternal CreateAppDomainForXpsDocument()
{
PermissionSet permissionSet = new PermissionSet(null);
permissionSet.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open));
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
permissionSet.AddPermission(new UIPermission(UIPermissionWindow.SafeTopLevelWindows));
permissionSet.AddPermission(new UIPermission(UIPermissionClipboard.OwnClipboard));
permissionSet.AddPermission(new MediaPermission(MediaPermissionImage.SafeImage));
permissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted)
{
UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser,
UserQuota = (long)this.GetXpsViewerIsolatedStorageUserQuota()
});
return(this.CreateAppDomainAndAppProxy("WCP_Hosted_Application", this.GetXPSViewerPath(), permissionSet));
}
/// <summary>
/// 设置程序域的权限
/// </summary>
/// <param name="pAppDomain">指定的程序域</param>
private void SetAppDomainPolicy(AppDomain pAppDomain)
{
PolicyLevel pLevel = PolicyLevel.CreateAppDomainLevel();
PermissionSet pPermission = new PermissionSet(PermissionState.None);
pPermission.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
UnionCodeGroup pRootGroup = new UnionCodeGroup(new AllMembershipCondition(),
new PolicyStatement(pPermission, PolicyStatementAttribute.Nothing));
NamedPermissionSet pPermissionSet = FindNamedPermissionSet("Machine", "Everything");
UnionCodeGroup pChileGroup = new UnionCodeGroup(
new ZoneMembershipCondition(SecurityZone.MyComputer),
new PolicyStatement(pPermissionSet, PolicyStatementAttribute.Nothing));
pChileGroup.Name = "Virtual Intranet";
pRootGroup.AddChild(pChileGroup);
pLevel.RootCodeGroup = pRootGroup;
pAppDomain.SetAppDomainPolicy(pLevel);
}
public void InitializeSandbox(string TempPath, string AssemblyPath)
{
lock (this)
{
//deinit if not null
if (newDomain != null)
{
DeInitializeSandbox();
}
//Setting the AppDomainSetup.
//It is very important to set the ApplicationBase to a folder other than the one in which the sandboxer resides.
var adSetup = new AppDomainSetup();
adSetup.ApplicationBase = Path.GetFullPath(TempPath);
//Setting the permissions for the AppDomain.
//We give the permission to execute and to read/discover the location where the untrusted code is loaded.
var permSet = new PermissionSet(PermissionState.None);
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
//We want the sandboxer assembly's strong name, so that we can add it to the full trust list.
//var fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();
//Now we have everything we need to create the AppDomain, so let's create it.
//var newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, fullTrustAssembly);
newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet);
//Use CreateInstanceFrom to load an instance of the Sandboxer class into the new AppDomain.
var handle = Activator.CreateInstanceFrom
(
newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName,
typeof(Sandboxer).FullName
);
//Unwrap the new domain instance into a reference in this domain and use it to execute the untrusted code.
newDomainInstance = (Sandboxer)handle.Unwrap();
newDomainInstance.InitSandboxedInstance(File.ReadAllBytes(AssemblyPath));
}
}
static XmlILModule()
{
AssemblyName asmName;
AssemblyBuilder asmBldr;
CreateDelegatePermissionSet = new PermissionSet(PermissionState.None);
CreateDelegatePermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.MemberAccess));
CreateModulePermissionSet = new PermissionSet(PermissionState.None);
CreateModulePermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit));
CreateMethodPermissionSet = new PermissionSet(PermissionState.None);
CreateMethodPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence));
CreateMethodPermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit));
AssemblyId = 0;
// 1. LRE assembly only needs to execute
// 2. No temp files need be created
// 3. Never allow assembly to Assert permissions
asmName = CreateAssemblyName();
asmBldr = AppDomain.CurrentDomain.DefineDynamicAssembly(asmName, AssemblyBuilderAccess.Run);
// Add custom attribute to assembly marking it as security transparent so that Assert will not be allowed
// and link demands will be converted to full demands.
asmBldr.SetCustomAttribute(new CustomAttributeBuilder(XmlILConstructors.Transparent, new object[] {}));
try {
// DefineDynamicModule demands ReflectionEmit permission
CreateModulePermissionSet.Assert();
// Store LREModule once. If multiple threads are doing this, then some threads might get different
// modules. This is OK, since it's not mandatory to share, just preferable.
LREModule = asmBldr.DefineDynamicModule("System.Xml.Xsl.CompiledQuery", false);
}
finally {
CodeAccessPermission.RevertAssert();
}
}
private void createDomain(out AppDomain newDomain, out ObjectHandle handle)
{
PermissionSet permSet = new PermissionSet(PermissionState.None);
foreach (var permission in this.permissions)
{
permSet.AddPermission(permission);
}
StrongName[] fullTrustAssemblies = this.trustedAssemblies
.Select(a => a.Evidence.GetHostEvidence <StrongName>())
.Where(sn => sn != null)
.ToArray();
AppDomainSetup adSetup = new AppDomainSetup()
{
ApplicationBase = Path.GetFullPath(this.PathToUntrusted)
};
newDomain = AppDomain.CreateDomain(this.DomainName, null, adSetup, permSet, fullTrustAssemblies);
handle = Activator.CreateInstanceFrom(newDomain, typeof(T).Assembly.ManifestModule.FullyQualifiedName, typeof(T).FullName);
}
static internal PermissionSet CreatePermission(OracleConnectionString constr) {
OraclePermission p = new OraclePermission(constr);
if (null == constr) {
p.Add(ADP.StrEmpty, ADP.StrEmpty, KeyRestrictionBehavior.AllowOnly); // ExecuteOnly permission
}
PermissionSet permission;
NamedPermissionSet fulltrust = new NamedPermissionSet("FullTrust"); // MDAC 83159
fulltrust.Assert();
try {
try {
permission = new PermissionSet(fulltrust);
permission.AddPermission(p);
}
finally {
CodeAccessPermission.RevertAssert();
}
}
catch {
throw;
}
return permission;
}
//creo el folder
public void createFolder()
{
try
{
//consulto que exista el folder raiz
if (!Directory.Exists(pathlogs))
{
Directory.CreateDirectory(pathlogs);
var permisos = new FileIOPermission(FileIOPermissionAccess.AllAccess, pathlogs);
var permisosSET = new PermissionSet(PermissionState.None);
permisosSET.AddPermission(permisos);
if (permisosSET.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet))
{
}
}
createFile(Texto);
}
catch (Exception e)
{
Console.Write(e);
}
}
public static bool isDirWritable(String name, bool isDir = true)
{
try
{
string directoryName = null;
if (isDir)
{
directoryName = name;
}
else
{
directoryName = Path.GetDirectoryName(name);
}
if (!String.IsNullOrEmpty(directoryName))
{
PermissionSet permissionSet = new PermissionSet(PermissionState.None);
FileIOPermission writePermission = new FileIOPermission(FileIOPermissionAccess.Write, directoryName);
permissionSet.AddPermission(writePermission);
if (permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet))
{
return(true);
}
else
{
return(false);
}
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
return(false);
}
public void FromXml_Roundtrip()
{
PermissionSetCollection psc = new PermissionSetCollection();
string expected = psc.ToString();
SecurityElement se = psc.ToXml();
psc.FromXml(se);
string actual = psc.ToString();
Assert.AreEqual(expected, actual, "Empty");
PermissionSet none = new PermissionSet(PermissionState.None);
psc.Add(none);
expected = psc.ToString();
se = psc.ToXml();
psc.FromXml(se);
actual = psc.ToString();
Assert.AreEqual(expected, actual, "1-None");
none.AddPermission(new SecurityPermission(SecurityPermissionFlag.Assertion));
expected = psc.ToString();
se = psc.ToXml();
psc.FromXml(se);
actual = psc.ToString();
Assert.AreEqual(expected, actual, "1-Assertion");
Assert.AreEqual(1, psc.Count, "1");
PermissionSet unr = new PermissionSet(PermissionState.Unrestricted);
psc.Add(unr);
expected = psc.ToString();
se = psc.ToXml();
psc.FromXml(se);
actual = psc.ToString();
Assert.AreEqual(expected, actual, "2-Assertion+Unrestricted");
Assert.AreEqual(2, psc.Count, "2");
}
/// <summary>
/// Creates a new AppDomain instance that is sandboxed with full trust permissions
/// See: http://blogs.msdn.com/b/shawnfa/archive/2006/05/01/587654.aspx
/// </summary>
public AppDomainInstance()
{
// Create a new Sandboxed App Domain
var pset = new PermissionSet(PermissionState.Unrestricted);
// Full trust execution
pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
// Set base to current directory
var setup = new AppDomainSetup
{
ApplicationBase = Path.GetDirectoryName(typeof(T).Assembly.Location)
};
// Sandbox app domain constructor
domain = AppDomain.CreateDomain("temp", AppDomain.CurrentDomain.Evidence, setup, pset);
// This will not demand a FileIOPermission and is a safe way to load an assembly
// from an app domain
value =
(T)Activator.CreateInstanceFrom(domain, Path.GetFileName(typeof(T).Assembly.Location),
typeof(T).FullName).Unwrap();
}
private static AppDomain CreateDomain(string id, string assemblyPath)
{
var permSet = new PermissionSet(PermissionState.None);
permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, assemblyPath));
permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, assemblyPath));
permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, Environment.CurrentDirectory));
permSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "InsideSandbox"));
/*
* Permissions for NUnit: see https://github.com/nunit/nunit/blob/master/src/NUnitFramework/tests/Assertions/LowTrustFixture.cs#L166
* and https://github.com/nunit/nunit/issues/2792 for details
*/
permSet.AddPermission(new ReflectionPermission(
ReflectionPermissionFlag.MemberAccess)); // Required to instantiate classes that contain test code and to get cross-appdomain communication to work.
permSet.AddPermission(new SecurityPermission(
SecurityPermissionFlag.Execution | // Required to execute test code
SecurityPermissionFlag.SerializationFormatter // Required to support cross-appdomain test result formatting by NUnit TestContext
));
/* In .NET <= 3.5 add following EnvironmentPermission:
* permSet.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted)); // Required for NUnit.Framework.Assert.GetStackTrace()
*/
var evidence = new Evidence();
evidence.AddHostEvidence(new Zone(SecurityZone.Untrusted));
var fullyTrustAssemblies = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence <StrongName>();
var applicationBase = Path.GetDirectoryName(assemblyPath);
var adSetup = new AppDomainSetup
{
ApplicationBase = applicationBase,
};
/* Copy CsSandboxer.exe to destination folder, because it's needed them to set domain.UnhandledException handler below. */
var sandboxAssembly = typeof(Sandboxer).Assembly.Location;
File.Copy(sandboxAssembly, Path.Combine(applicationBase, Path.GetFileName(sandboxAssembly)), overwrite: true);
var domain = AppDomain.CreateDomain(id, evidence, adSetup, permSet, fullyTrustAssemblies);
domain.UnhandledException += HandleException;
return(domain);
}
// Create a child code group with read-access file permissions and add it
// to the specified code group.
private static void addChildCodeGroup(ref FirstMatchCodeGroup codeGroup)
{
// Create a first match code group with read access.
FileIOPermission rootFilePermissions =
new FileIOPermission(PermissionState.None);
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read;
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\");
PermissionSet permissions =
new PermissionSet(PermissionState.Unrestricted);
permissions.AddPermission(rootFilePermissions);
FirstMatchCodeGroup tempFolderCodeGroup = new FirstMatchCodeGroup(
new AllMembershipCondition(),
new PolicyStatement(permissions));
// Set the name of the child code group and add it to
// the specified code group.
tempFolderCodeGroup.Name = "Read-only code group";
codeGroup.AddChild(tempFolderCodeGroup);
}
private void BtRun_Click(object sender, EventArgs e)
{
//SafeExecuter.AddPermission(_filePerm);
//SafeExecuter.AddPermission(_reflPerm);
//SafeExecuter.AddPermission(_secPerm);
PermissionSet set = new PermissionSet(PermissionState.None);
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
//set.AddPermission(_reflPerm);
//set.AddPermission(_secPerm);
try
{
domain = SafeExecuter.SafeRunExe(_filepath, Path.GetFileName(_filepath));
}
catch (Exception exception)
{
MessageBox.Show(exception.Message);
}
}
private bool hasWriteAccessToFolder(string folderPath)
{
try
{
var permission = new FileIOPermission(FileIOPermissionAccess.Write, folderPath);
var permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(permission);
if (permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet))
{
return true;
}
else
{
return false;
}
}
catch (UnauthorizedAccessException)
{
return false;
}
}
// Demonstrate the use of ResolvePolicy.
private static void CheckEvidence(Evidence evidence)
{
// Display the code groups to which the evidence belongs.
Console.WriteLine("ResolvePolicy for the given evidence.");
Console.WriteLine("Current evidence belongs to the following code groups:");
IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
while(policyEnumerator.MoveNext())
{
PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current;
CodeGroup cg1 = currentLevel.ResolveMatchingCodeGroups(evidence);
Console.WriteLine(currentLevel.Label + " Level" );
Console.WriteLine("\tCodeGroup = " + cg1.Name);
Console.WriteLine("StoreLocation = " + currentLevel.StoreLocation);
IEnumerator cgE1 = cg1.Children.GetEnumerator();
while(cgE1.MoveNext())
{
Console.WriteLine("\t\tGroup = " + ((CodeGroup)cgE1.Current).Name);
}
}
// Show how ResolvePolicy is used to determine the set of permissions that would be granted
// by the security system to code, based on the evidence and the permission sets requested.
// The permission sets require Execute permission; allow optional Read access permission
// to C:\temp; and deny the code permission to control security policy.
Console.WriteLine("\nCreate permission sets requiring Execute permission, requesting optional " +
"\nRead permission for 'C:\\temp', and dening permission to control policy.");
PermissionSet requiredSet = new PermissionSet(PermissionState.None);
requiredSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
PermissionSet optionalSet = new PermissionSet(PermissionState.None);
optionalSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, new string[] { @"c:\temp" }));
PermissionSet deniedSet = new PermissionSet(PermissionState.None);
deniedSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlPolicy));
// Show the granted permissions.
Console.WriteLine("\nCurrent permissions granted:");
PermissionSet permsDenied = null;
foreach(IPermission perm in SecurityManager.ResolvePolicy(evidence, requiredSet, optionalSet, deniedSet, out permsDenied))
Console.WriteLine(perm.ToXml().ToString());
// Show the denied permissions.
Console.WriteLine("Current permissions denied:");
foreach(IPermission perm in permsDenied)
Console.WriteLine(perm.ToXml().ToString());
return;
}
public bool Build (X509Certificate2 certificate) {
lock (m_syncRoot) {
if (certificate == null || certificate.CertContext.IsInvalid)
throw new ArgumentException(SR.GetString(SR.Cryptography_InvalidContextHandle), "certificate");
// Chain building opens and enumerates the root store to see if the root of the chain is trusted.
StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore | StorePermissionFlags.EnumerateCertificates);
sp.Demand();
X509ChainPolicy chainPolicy = this.ChainPolicy;
if (chainPolicy.RevocationMode == X509RevocationMode.Online) {
if (certificate.Extensions[CAPI.szOID_CRL_DIST_POINTS] != null ||
certificate.Extensions[CAPI.szOID_AUTHORITY_INFO_ACCESS] != null) {
// If there is a CDP or AIA extension, we demand unrestricted network access and store add permission
// since CAPI can download certificates into the CA store from the network.
PermissionSet ps = new PermissionSet(PermissionState.None);
ps.AddPermission(new WebPermission(PermissionState.Unrestricted));
ps.AddPermission(new StorePermission(StorePermissionFlags.AddToStore));
ps.Demand();
}
}
Reset();
int hr = BuildChain(m_useMachineContext ? new IntPtr(CAPI.HCCE_LOCAL_MACHINE) : new IntPtr(CAPI.HCCE_CURRENT_USER),
certificate.CertContext,
chainPolicy.ExtraStore,
chainPolicy.ApplicationPolicy,
chainPolicy.CertificatePolicy,
chainPolicy.RevocationMode,
chainPolicy.RevocationFlag,
chainPolicy.VerificationTime,
chainPolicy.UrlRetrievalTimeout,
ref m_safeCertChainHandle);
if (hr != CAPI.S_OK)
return false;
// Init.
Init();
// Verify the chain using the specified policy.
CAPI.CERT_CHAIN_POLICY_PARA PolicyPara = new CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_PARA)));
CAPI.CERT_CHAIN_POLICY_STATUS PolicyStatus = new CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_STATUS)));
PolicyPara.dwFlags = (uint) chainPolicy.VerificationFlags;
if (!CAPI.CertVerifyCertificateChainPolicy(new IntPtr(CAPI.CERT_CHAIN_POLICY_BASE),
m_safeCertChainHandle,
ref PolicyPara,
ref PolicyStatus))
// The API failed.
throw new CryptographicException(Marshal.GetLastWin32Error());
CAPI.SetLastError(PolicyStatus.dwError);
return (PolicyStatus.dwError == 0);
}
}
// Make a policy from host and scheme information.
private static PolicyStatement MakePolicy(String scheme, String host)
{
#if CONFIG_REFLECTION
// Create the uri corresponding to the parameters.
if(host != null)
{
host = host.Replace(".", "\\.");
}
else
{
host = ".*";
}
String uri;
if(scheme != null && String.Compare(scheme, "http", true) == 0)
{
uri = "(http|https)://" + host + "/.*";
}
else if(scheme != null)
{
uri = scheme + "://" + host + "/.*";
}
else
{
uri = ".*://" + host + "/.*";
}
// We need to create an instance of "System.Net.WebPermission",
// but that class does not exist in this assembly. So, we
// have to create it in a somewhat round-about fashion.
Assembly system = Assembly.Load("System");
Type webPermType = system.GetType
("System.Net.WebPermission", true, false);
Object webPerm = Activator.CreateInstance(webPermType);
Type networkAccessType = system.GetType
("System.Net.NetworkAccess", true, false);
Object networkAccess = Enum.ToObject
(networkAccessType, 0x0040 /* Connect */);
Type regexType = system.GetType
("System.Text.RegularExpressions.Regex", true, false);
Object regex = Activator.CreateInstance
(regexType, new Object[] {uri});
webPermType.InvokeMember("AddPermission",
BindingFlags.InvokeMethod |
BindingFlags.Public |
BindingFlags.Instance, null,
webPerm,
new Object[] {networkAccess, regex});
// Create a permission set holding the web permission.
PermissionSet permSet = new PermissionSet
(PermissionState.None);
permSet.AddPermission(webPerm as IPermission);
// Return the final policy statement, from the permission set.
return new PolicyStatement(permSet);
#else
return null;
#endif
}
// Make a policy from url information.
private PolicyStatement MakePolicy(UrlParser url)
{
if(String.Compare(url.Scheme, "file", true) != 0)
{
return null;
}
PermissionSet permSet = new PermissionSet
(PermissionState.None);
permSet.AddPermission(new FileIOPermission(access, url.Rest));
return new PolicyStatement
(permSet, PolicyStatementAttribute.Nothing);
}
