public static void Main()
{
//创建文件 IO 读取权限
FileIOPermission FileIOReadPermission = new FileIOPermission(PermissionState.None);
FileIOReadPermission.AllLocalFiles = FileIOPermissionAccess.Read;
//创建基本权限集
PermissionSet BasePermissionSet = new PermissionSet(PermissionState.None); // PermissionState.Unrestricted 用于完全信任
BasePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
PermissionSet grantset = BasePermissionSet.Copy();
grantset.AddPermission(FileIOReadPermission);
//编写示例源文件以读取
System.IO.File.WriteAllText("TEST.TXT", "File Content");
//-------- 完全信任地调用方法 --------
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
ReadFileMethod();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
//-------- 创建具有文件 IO 读取权限的 AppDomain --------
AppDomain sandbox = AppDomain.CreateDomain("Sandboxed AppDomain With FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset, null);
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
sandbox.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
//-------- 创建没有文件 IO 读取权限的 AppDomain --------
//应当引发安全异常
PermissionSet grantset2 = BasePermissionSet.Copy();
AppDomain sandbox2 = AppDomain.CreateDomain("Sandboxed AppDomain Without FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset2, null);
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
sandbox2.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.WriteLine("");
Console.WriteLine("Press any key to end.");
Console.ReadKey();
}
#pragma warning restore 169
public PermissionRequestEvidence(PermissionSet request, PermissionSet optional, PermissionSet denied)
{
if (request == null)
{
m_request = null;
}
else
{
m_request = request.Copy();
}
if (optional == null)
{
m_optional = null;
}
else
{
m_optional = optional.Copy();
}
if (denied == null)
{
m_denied = null;
}
else
{
m_denied = denied.Copy();
}
}
internal static PermissionSet ComputeZonePermissionSetHelper(string targetZone, PermissionSet includedPermissionSet, ITaskItem[] dependencies, string targetFrameworkMoniker)
{
if (!string.IsNullOrEmpty(targetZone) && !string.Equals(targetZone, "Custom", StringComparison.OrdinalIgnoreCase))
{
return(GetNamedPermissionSetFromZone(targetZone, dependencies, targetFrameworkMoniker));
}
return(includedPermissionSet.Copy());
}
public PolicyStatement (PermissionSet permSet, PolicyStatementAttribute attributes)
{
if (permSet != null) {
this.perms = permSet.Copy ();
this.perms.SetReadOnly (true);
}
this.attrs = attributes;
}
public PolicyStatement(PermissionSet perms, PolicyStatementAttribute attrs)
{
if (perms != null)
{
this.perms = perms.Copy();
this.perms.SetReadOnly(true);
}
this.attrs = attrs;
}
/// <summary>使用指定的 <see cref="T:System.Security.PermissionSet" /> 和特性初始化 <see cref="T:System.Security.Policy.PolicyStatement" /> 类的新实例。</summary>
/// <param name="permSet">用于初始化新实例的 <see cref="T:System.Security.PermissionSet" />。</param>
/// <param name="attributes">
/// <see cref="T:System.Security.Policy.PolicyStatementAttribute" /> 值的按位组合。</param>
public PolicyStatement(PermissionSet permSet, PolicyStatementAttribute attributes)
{
this.m_permSet = permSet != null?permSet.Copy() : new PermissionSet(false);
if (!PolicyStatement.ValidProperties(attributes))
{
return;
}
this.m_attributes = attributes;
}
private static PermissionSet GetRequestedPermissionSet(ApplicationSecurityInfo info)
{
PermissionSet defaultRequestSet = info.DefaultRequestSet;
PermissionSet set2 = null;
if (defaultRequestSet != null)
{
set2 = defaultRequestSet.Copy();
}
return(set2);
}
internal static PermissionSet ComputeZonePermissionSetHelper(string targetZone, PermissionSet includedPermissionSet, ITaskItem[] dependencies, string targetFrameworkMoniker)
{
// Custom Set.
if (String.IsNullOrEmpty(targetZone) || String.Equals(targetZone, Custom, StringComparison.OrdinalIgnoreCase))
{
// just return the included set, no magic
return(includedPermissionSet.Copy());
}
PermissionSet retSet = GetNamedPermissionSetFromZone(targetZone, dependencies, targetFrameworkMoniker);
return(retSet);
}
private static T Activate <T>(AddInToken token, PermissionSet permissionSet, String appDomainName)
{
// Make a copy of the permission set to prevent the permissions from being modified after we demand
permissionSet = permissionSet.Copy();
//
// Breaking security fix: (B#499362): Making a copy isn't sufficient protection if the
// permission object comes from an untrusted source as the permission object itself
// can interfere with the copy process. We simply can't safely pass an untrusted permission
// down to CreateDomain(), so if there any untrusted permissions in the set, demand full trust before
// allowing the operation to proceed.
//
if (!permissionSet.IsUnrestricted())
{
foreach (Object permission in permissionSet)
{
Assembly a = permission.GetType().Assembly;
if (!a.GlobalAssemblyCache)
{
new PermissionSet(PermissionState.Unrestricted).Demand();
break;
}
}
}
// Don't let them create an appdomain that elevates privileges
permissionSet.Demand();
AppDomain domain = null;
try
{
domain = CreateDomain(token, permissionSet, appDomainName);
AddInEnvironment environment = new AddInEnvironment(domain, true);
AddInControllerImpl controller = new AddInControllerImpl(environment, true, token);
return(ActivateInAppDomain <T>(token, domain, controller, true));
}
catch
{
// Don't leak the domain.
if (domain != null)
{
try {
Utils.UnloadAppDomain(domain);
}
catch (AppDomainUnloadedException) {}
}
throw;
}
}
/// <summary>用代码程序集的权限请求初始化 <see cref="T:System.Security.Policy.PermissionRequestEvidence" /> 类的新实例。</summary>
/// <param name="request">代码运行所需的最小权限。</param>
/// <param name="optional">(如果授予)代码可以使用的(但不是必需的)权限。</param>
/// <param name="denied">代码明确请求不要授予的权限。</param>
public PermissionRequestEvidence(PermissionSet request, PermissionSet optional, PermissionSet denied)
{
this.m_request = request != null?request.Copy() : (PermissionSet)null;
this.m_optional = optional != null?optional.Copy() : (PermissionSet)null;
if (denied == null)
{
this.m_denied = (PermissionSet)null;
}
else
{
this.m_denied = denied.Copy();
}
}
/// <include file='doc\PolicyStatement.uex' path='docs/doc[@for="PolicyStatement.PolicyStatement1"]/*' />
public PolicyStatement(PermissionSet permSet, PolicyStatementAttribute attributes)
{
if (permSet == null)
{
m_permSet = new PermissionSet(false);
}
else
{
m_permSet = permSet.Copy();
}
if (ValidProperties(attributes))
{
m_attributes = attributes;
}
}
#pragma warning restore 169
public PermissionRequestEvidence(PermissionSet request, PermissionSet optional, PermissionSet denied)
{
if (request == null)
m_request = null;
else
m_request = request.Copy();
if (optional == null)
m_optional = null;
else
m_optional = optional.Copy();
if (denied == null)
m_denied = null;
else
m_denied = denied.Copy();
}
public SandboxCasPolicySettings Copy()
{
SandboxCasPolicySettings sandboxCasPolicySettings = new SandboxCasPolicySettings();
if (m_basePermissions != null)
{
sandboxCasPolicySettings.m_basePermissions = m_basePermissions.Copy();
}
if (m_fullTrustAssemblies != null)
{
foreach (StrongName fullTrustAssembly in m_fullTrustAssemblies)
{
sandboxCasPolicySettings.AddFullTrustAssembly(fullTrustAssembly);
}
return(sandboxCasPolicySettings);
}
return(sandboxCasPolicySettings);
}
// Token: 0x060029F9 RID: 10745 RVA: 0x0009BFFC File Offset: 0x0009A1FC
private PolicyStatement(PermissionSet permSet, PolicyStatementAttribute attributes, bool copy)
{
if (permSet != null)
{
if (copy)
{
this.m_permSet = permSet.Copy();
}
else
{
this.m_permSet = permSet;
}
}
else
{
this.m_permSet = new PermissionSet(false);
}
this.m_attributes = attributes;
}
public static void PermissionSetCallMethods()
{
PermissionSet ps = new PermissionSet(new PermissionState());
ps.Assert();
bool containspermissions = ps.ContainsNonCodeAccessPermissions();
PermissionSet ps2 = ps.Copy();
ps.CopyTo(new int[1], 0);
ps.Demand();
ps.Equals(ps2);
System.Collections.IEnumerator ie = ps.GetEnumerator();
int hash = ps.GetHashCode();
PermissionSet ps3 = ps.Intersect(ps2);
bool isempty = ps.IsEmpty();
bool issubsetof = ps.IsSubsetOf(ps2);
bool isunrestricted = ps.IsUnrestricted();
string s = ps.ToString();
PermissionSet ps4 = ps.Union(ps2);
SecurityElement se = new SecurityElement("");
ps.FromXml(se);
se = ps.ToXml();
}
public static void PermissionSetCallMethods()
{
PermissionSet ps = new PermissionSet(new PermissionState());
ps.Assert();
bool containspermissions = ps.ContainsNonCodeAccessPermissions();
PermissionSet ps2 = ps.Copy();
ps.CopyTo(new int[1], 0);
ps.Demand();
ps.Equals(ps2);
System.Collections.IEnumerator ie = ps.GetEnumerator();
int hash = ps.GetHashCode();
PermissionSet ps3 = ps.Intersect(ps2);
bool isempty = ps.IsEmpty();
bool issubsetof = ps.IsSubsetOf(ps2);
bool isunrestricted = ps.IsUnrestricted();
string s = ps.ToString();
PermissionSet ps4 = ps.Union(ps2);
SecurityElement se = new SecurityElement("");
ps.FromXml(se);
se = ps.ToXml();
}
public static void Main()
{
//Create File IO Read permission
FileIOPermission FileIOReadPermission = new FileIOPermission(PermissionState.None);
FileIOReadPermission.AllLocalFiles = FileIOPermissionAccess.Read;
//Create Base Permission Set
PermissionSet BasePermissionSet = new PermissionSet(PermissionState.None); // PermissionState.Unrestricted for full trust
BasePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
PermissionSet grantset = BasePermissionSet.Copy();
grantset.AddPermission(FileIOReadPermission);
//Write Sample source file to read
System.IO.File.WriteAllText("TEST.TXT", "File Content");
//-------- Calling Method in Full Trust --------
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
ReadFileMethod();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
//-------- Create the AppDomain with FileIO Read Permission --------
AppDomain sandbox = AppDomain.CreateDomain("Sandboxed AppDomain With FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset, null);
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
sandbox.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
//-------- Create the AppDomain without FileIO Read Permission --------
//Expect Security Exception to be thrown
PermissionSet grantset2 = BasePermissionSet.Copy();
AppDomain sandbox2 = AppDomain.CreateDomain("Sandboxed AppDomain Without FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset2, null);
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
sandbox2.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.WriteLine("");
Console.WriteLine("Press any key to end.");
Console.ReadKey();
}
private PolicyStatement(PermissionSet permSet, PolicyStatementAttribute attributes, bool copy)
{
this.m_permSet = permSet == null ? new PermissionSet(false) : (!copy ? permSet : permSet.Copy());
this.m_attributes = attributes;
}
public static void Main()
{
//Создать разрешение чтения FileIO.
FileIOPermission FileIOReadPermission = new FileIOPermission(PermissionState.None);
FileIOReadPermission.AllLocalFiles = FileIOPermissionAccess.Read;
//Создать базовый набор разрешений
PermissionSet BasePermissionSet = new PermissionSet(PermissionState.None); // PermissionState.Unrestricted с полным доверием.
BasePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
PermissionSet grantset = BasePermissionSet.Copy();
grantset.AddPermission(FileIOReadPermission);
//Написать пример исходного файла для чтения.
System.IO.File.WriteAllText("TEST.TXT", "File Content");
//-------- Вызов метода с полным доверием --------
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
ReadFileMethod();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
//-------- Создать AppDomain с разрешением чтения FileIO. --------
AppDomain sandbox = AppDomain.CreateDomain("Sandboxed AppDomain With FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset, null);
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
sandbox.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
//-------- Создать AppDomain без разрешения чтения FileIO. --------
//Предположить, что произойдет ошибка безопасности.
PermissionSet grantset2 = BasePermissionSet.Copy();
AppDomain sandbox2 = AppDomain.CreateDomain("Sandboxed AppDomain Without FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset2, null);
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
sandbox2.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.WriteLine("");
Console.WriteLine("Press any key to end.");
Console.ReadKey();
}
public static void PermissionSetDemo()
{
Console.WriteLine("Executing PermissionSetDemo");
try
{
//<Snippet2>
// Open a new PermissionSet.
PermissionSet ps1 = new PermissionSet(PermissionState.None);
Console.WriteLine("Adding permission to open a file from a file dialog box.");
//<Snippet3>
// Add a permission to the permission set.
ps1.AddPermission(
new FileDialogPermission(FileDialogPermissionAccess.Open));
//</Snippet3>
Console.WriteLine("Demanding permission to open a file.");
ps1.Demand();
Console.WriteLine("Demand succeeded.");
//</Snippet2>
Console.WriteLine("Adding permission to save a file from a file dialog box.");
ps1.AddPermission(
new FileDialogPermission(FileDialogPermissionAccess.Save));
Console.WriteLine("Demanding permission to open and save a file.");
ps1.Demand();
Console.WriteLine("Demand succeeded.");
Console.WriteLine("Adding permission to read environment variable USERNAME.");
ps1.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"));
ps1.Demand();
Console.WriteLine("Demand succeeded.");
Console.WriteLine("Adding permission to read environment variable COMPUTERNAME.");
ps1.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Read, "COMPUTERNAME"));
//<Snippet4>
// Demand all the permissions in the set.
Console.WriteLine("Demand all permissions.");
ps1.Demand();
//</Snippet4>
Console.WriteLine("Demand succeeded.");
//<Snippet5>
// Display the number of permissions in the set.
Console.WriteLine("Number of permissions = " + ps1.Count);
//</Snippet5>
//<Snippet6>
// Display the value of the IsSynchronized property.
Console.WriteLine("IsSynchronized property = " + ps1.IsSynchronized);
//</Snippet6>
//<Snippet7>
// Display the value of the IsReadOnly property.
Console.WriteLine("IsReadOnly property = " + ps1.IsReadOnly);
//</Snippet7>
//<Snippet8>
// Display the value of the SyncRoot property.
Console.WriteLine("SyncRoot property = " + ps1.SyncRoot);
//</Snippet8>
//<Snippet9>
// Display the result of a call to the ContainsNonCodeAccessPermissions method.
// Gets a value indicating whether the PermissionSet contains permissions
// that are not derived from CodeAccessPermission.
// Returns true if the PermissionSet contains permissions that are not
// derived from CodeAccessPermission; otherwise, false.
Console.WriteLine("ContainsNonCodeAccessPermissions method returned " +
ps1.ContainsNonCodeAccessPermissions());
//</Snippet9>
//<Snippet10>
Console.WriteLine("Value of the permission set ToString = \n" + ps1.ToString());
//</Snippet10>
PermissionSet ps2 = new PermissionSet(PermissionState.None);
//<Snippet11>
// Create a second permission set and compare it to the first permission set.
ps2.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"));
ps2.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Write, "COMPUTERNAME"));
IEnumerator list = ps1.GetEnumerator();
Console.WriteLine("Permissions in first permission set:");
while (list.MoveNext())
{
Console.WriteLine(list.Current.ToString());
}
Console.WriteLine("Second permission IsSubsetOf first permission = " + ps2.IsSubsetOf(ps1));
//</Snippet11>
//<Snippet12>
// Display the intersection of two permission sets.
PermissionSet ps3 = ps2.Intersect(ps1);
Console.WriteLine("The intersection of the first permission set and "
+ "the second permission set = " + ps3.ToString());
//</Snippet12>
// Create a new permission set.
PermissionSet ps4 = new PermissionSet(PermissionState.None);
ps4.AddPermission(
new FileIOPermission(FileIOPermissionAccess.Read,
"C:\\Temp\\Testfile.txt"));
ps4.AddPermission(
new FileIOPermission(FileIOPermissionAccess.Read |
FileIOPermissionAccess.Write | FileIOPermissionAccess.Append,
"C:\\Temp\\Testfile.txt"));
//<Snippet13>
// Display the union of two permission sets.
PermissionSet ps5 = ps3.Union(ps4);
Console.WriteLine("The union of permission set 3 and permission set 4 = "
+ ps5.ToString());
//</Snippet13>
//<Snippet15>
// Remove FileIOPermission from the permission set.
ps5.RemovePermission(typeof(FileIOPermission));
Console.WriteLine("The last permission set after removing FileIOPermission = "
+ ps5.ToString());
//</Snippet15>
//<Snippet16>
// Change the permission set using SetPermission.
ps5.SetPermission(new EnvironmentPermission(EnvironmentPermissionAccess.AllAccess, "USERNAME"));
Console.WriteLine("Permission set after SetPermission = " + ps5.ToString());
//</Snippet16>
//<Snippet17>
// Display result of ToXml and FromXml operations.
PermissionSet ps6 = new PermissionSet(PermissionState.None);
ps6.FromXml(ps5.ToXml());
Console.WriteLine("Result of ToFromXml = " + ps6.ToString() + "\n");
//</Snippet17>
//<Snippet18>
// Display results of PermissionSet.GetEnumerator.
IEnumerator psEnumerator = ps1.GetEnumerator();
while (psEnumerator.MoveNext())
{
Console.WriteLine(psEnumerator.Current);
}
//</Snippet18>
//<Snippet19>
// Check for an unrestricted permission set.
PermissionSet ps7 = new PermissionSet(PermissionState.Unrestricted);
Console.WriteLine("Permission set is unrestricted = " + ps7.IsUnrestricted());
//</Snippet19>
//<Snippet20>
// Create and display a copy of a permission set.
ps7 = ps5.Copy();
Console.WriteLine("Result of copy = " + ps7.ToString());
//</Snippet20>
}
catch (Exception e)
{
Console.WriteLine(e.Message.ToString());
}
}
public static void SetDemo()
{
//创建文件 IO 读取权限
FileIOPermission FileIOReadPermission = new FileIOPermission(PermissionState.None);
FileIOReadPermission.AllLocalFiles = FileIOPermissionAccess.Read;
//创建基本权限集
PermissionSet BasePermissionSet = new PermissionSet(PermissionState.None); // PermissionState.Unrestricted 用于完全信任
BasePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
PermissionSet grantset = BasePermissionSet.Copy();
grantset.AddPermission(FileIOReadPermission);
//编写示例源文件以读取
System.IO.File.WriteAllText("TEST.TXT", "File Content");
//-------- 完全信任地调用方法 --------
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
ReadFileMethod();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
//-------- 创建具有文件 IO 读取权限的 AppDomain --------
AppDomain sandbox = AppDomain.CreateDomain("Sandboxed AppDomain With FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset, null);
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
sandbox.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
//-------- 创建没有文件 IO 读取权限的 AppDomain --------
//应当引发安全异常
PermissionSet grantset2 = BasePermissionSet.Copy();
//grantset2.AddPermission(FileIOReadPermission);
AppDomain sandbox2 = AppDomain.CreateDomain("Sandboxed AppDomain Without FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset2, null);
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
sandbox2.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.WriteLine("");
}
