public static void Main() { //创建文件 IO 读取权限 FileIOPermission FileIOReadPermission = new FileIOPermission(PermissionState.None); FileIOReadPermission.AllLocalFiles = FileIOPermissionAccess.Read; //创建基本权限集 PermissionSet BasePermissionSet = new PermissionSet(PermissionState.None); // PermissionState.Unrestricted 用于完全信任 BasePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); PermissionSet grantset = BasePermissionSet.Copy(); grantset.AddPermission(FileIOReadPermission); //编写示例源文件以读取 System.IO.File.WriteAllText("TEST.TXT", "File Content"); //-------- 完全信任地调用方法 -------- try { Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName); ReadFileMethod(); } catch (Exception ex) { Console.WriteLine(ex.Message); } //-------- 创建具有文件 IO 读取权限的 AppDomain -------- AppDomain sandbox = AppDomain.CreateDomain("Sandboxed AppDomain With FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset, null); try { Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName); sandbox.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod)); } catch (Exception ex) { Console.WriteLine(ex.Message); } //-------- 创建没有文件 IO 读取权限的 AppDomain -------- //应当引发安全异常 PermissionSet grantset2 = BasePermissionSet.Copy(); AppDomain sandbox2 = AppDomain.CreateDomain("Sandboxed AppDomain Without FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset2, null); try { Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName); sandbox2.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod)); } catch (Exception ex) { Console.WriteLine(ex.Message); } Console.WriteLine(""); Console.WriteLine("Press any key to end."); Console.ReadKey(); }
#pragma warning restore 169 public PermissionRequestEvidence(PermissionSet request, PermissionSet optional, PermissionSet denied) { if (request == null) { m_request = null; } else { m_request = request.Copy(); } if (optional == null) { m_optional = null; } else { m_optional = optional.Copy(); } if (denied == null) { m_denied = null; } else { m_denied = denied.Copy(); } }
internal static PermissionSet ComputeZonePermissionSetHelper(string targetZone, PermissionSet includedPermissionSet, ITaskItem[] dependencies, string targetFrameworkMoniker) { if (!string.IsNullOrEmpty(targetZone) && !string.Equals(targetZone, "Custom", StringComparison.OrdinalIgnoreCase)) { return(GetNamedPermissionSetFromZone(targetZone, dependencies, targetFrameworkMoniker)); } return(includedPermissionSet.Copy()); }
public PolicyStatement (PermissionSet permSet, PolicyStatementAttribute attributes) { if (permSet != null) { this.perms = permSet.Copy (); this.perms.SetReadOnly (true); } this.attrs = attributes; }
public PolicyStatement(PermissionSet perms, PolicyStatementAttribute attrs) { if (perms != null) { this.perms = perms.Copy(); this.perms.SetReadOnly(true); } this.attrs = attrs; }
/// <summary>使用指定的 <see cref="T:System.Security.PermissionSet" /> 和特性初始化 <see cref="T:System.Security.Policy.PolicyStatement" /> 类的新实例。</summary> /// <param name="permSet">用于初始化新实例的 <see cref="T:System.Security.PermissionSet" />。</param> /// <param name="attributes"> /// <see cref="T:System.Security.Policy.PolicyStatementAttribute" /> 值的按位组合。</param> public PolicyStatement(PermissionSet permSet, PolicyStatementAttribute attributes) { this.m_permSet = permSet != null?permSet.Copy() : new PermissionSet(false); if (!PolicyStatement.ValidProperties(attributes)) { return; } this.m_attributes = attributes; }
private static PermissionSet GetRequestedPermissionSet(ApplicationSecurityInfo info) { PermissionSet defaultRequestSet = info.DefaultRequestSet; PermissionSet set2 = null; if (defaultRequestSet != null) { set2 = defaultRequestSet.Copy(); } return(set2); }
internal static PermissionSet ComputeZonePermissionSetHelper(string targetZone, PermissionSet includedPermissionSet, ITaskItem[] dependencies, string targetFrameworkMoniker) { // Custom Set. if (String.IsNullOrEmpty(targetZone) || String.Equals(targetZone, Custom, StringComparison.OrdinalIgnoreCase)) { // just return the included set, no magic return(includedPermissionSet.Copy()); } PermissionSet retSet = GetNamedPermissionSetFromZone(targetZone, dependencies, targetFrameworkMoniker); return(retSet); }
private static T Activate <T>(AddInToken token, PermissionSet permissionSet, String appDomainName) { // Make a copy of the permission set to prevent the permissions from being modified after we demand permissionSet = permissionSet.Copy(); // // Breaking security fix: (B#499362): Making a copy isn't sufficient protection if the // permission object comes from an untrusted source as the permission object itself // can interfere with the copy process. We simply can't safely pass an untrusted permission // down to CreateDomain(), so if there any untrusted permissions in the set, demand full trust before // allowing the operation to proceed. // if (!permissionSet.IsUnrestricted()) { foreach (Object permission in permissionSet) { Assembly a = permission.GetType().Assembly; if (!a.GlobalAssemblyCache) { new PermissionSet(PermissionState.Unrestricted).Demand(); break; } } } // Don't let them create an appdomain that elevates privileges permissionSet.Demand(); AppDomain domain = null; try { domain = CreateDomain(token, permissionSet, appDomainName); AddInEnvironment environment = new AddInEnvironment(domain, true); AddInControllerImpl controller = new AddInControllerImpl(environment, true, token); return(ActivateInAppDomain <T>(token, domain, controller, true)); } catch { // Don't leak the domain. if (domain != null) { try { Utils.UnloadAppDomain(domain); } catch (AppDomainUnloadedException) {} } throw; } }
/// <summary>用代码程序集的权限请求初始化 <see cref="T:System.Security.Policy.PermissionRequestEvidence" /> 类的新实例。</summary> /// <param name="request">代码运行所需的最小权限。</param> /// <param name="optional">(如果授予)代码可以使用的(但不是必需的)权限。</param> /// <param name="denied">代码明确请求不要授予的权限。</param> public PermissionRequestEvidence(PermissionSet request, PermissionSet optional, PermissionSet denied) { this.m_request = request != null?request.Copy() : (PermissionSet)null; this.m_optional = optional != null?optional.Copy() : (PermissionSet)null; if (denied == null) { this.m_denied = (PermissionSet)null; } else { this.m_denied = denied.Copy(); } }
/// <include file='doc\PolicyStatement.uex' path='docs/doc[@for="PolicyStatement.PolicyStatement1"]/*' /> public PolicyStatement(PermissionSet permSet, PolicyStatementAttribute attributes) { if (permSet == null) { m_permSet = new PermissionSet(false); } else { m_permSet = permSet.Copy(); } if (ValidProperties(attributes)) { m_attributes = attributes; } }
#pragma warning restore 169 public PermissionRequestEvidence(PermissionSet request, PermissionSet optional, PermissionSet denied) { if (request == null) m_request = null; else m_request = request.Copy(); if (optional == null) m_optional = null; else m_optional = optional.Copy(); if (denied == null) m_denied = null; else m_denied = denied.Copy(); }
public SandboxCasPolicySettings Copy() { SandboxCasPolicySettings sandboxCasPolicySettings = new SandboxCasPolicySettings(); if (m_basePermissions != null) { sandboxCasPolicySettings.m_basePermissions = m_basePermissions.Copy(); } if (m_fullTrustAssemblies != null) { foreach (StrongName fullTrustAssembly in m_fullTrustAssemblies) { sandboxCasPolicySettings.AddFullTrustAssembly(fullTrustAssembly); } return(sandboxCasPolicySettings); } return(sandboxCasPolicySettings); }
// Token: 0x060029F9 RID: 10745 RVA: 0x0009BFFC File Offset: 0x0009A1FC private PolicyStatement(PermissionSet permSet, PolicyStatementAttribute attributes, bool copy) { if (permSet != null) { if (copy) { this.m_permSet = permSet.Copy(); } else { this.m_permSet = permSet; } } else { this.m_permSet = new PermissionSet(false); } this.m_attributes = attributes; }
public static void PermissionSetCallMethods() { PermissionSet ps = new PermissionSet(new PermissionState()); ps.Assert(); bool containspermissions = ps.ContainsNonCodeAccessPermissions(); PermissionSet ps2 = ps.Copy(); ps.CopyTo(new int[1], 0); ps.Demand(); ps.Equals(ps2); System.Collections.IEnumerator ie = ps.GetEnumerator(); int hash = ps.GetHashCode(); PermissionSet ps3 = ps.Intersect(ps2); bool isempty = ps.IsEmpty(); bool issubsetof = ps.IsSubsetOf(ps2); bool isunrestricted = ps.IsUnrestricted(); string s = ps.ToString(); PermissionSet ps4 = ps.Union(ps2); SecurityElement se = new SecurityElement(""); ps.FromXml(se); se = ps.ToXml(); }
public static void Main() { //Create File IO Read permission FileIOPermission FileIOReadPermission = new FileIOPermission(PermissionState.None); FileIOReadPermission.AllLocalFiles = FileIOPermissionAccess.Read; //Create Base Permission Set PermissionSet BasePermissionSet = new PermissionSet(PermissionState.None); // PermissionState.Unrestricted for full trust BasePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); PermissionSet grantset = BasePermissionSet.Copy(); grantset.AddPermission(FileIOReadPermission); //Write Sample source file to read System.IO.File.WriteAllText("TEST.TXT", "File Content"); //-------- Calling Method in Full Trust -------- try { Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName); ReadFileMethod(); } catch (Exception ex) { Console.WriteLine(ex.Message); } //-------- Create the AppDomain with FileIO Read Permission -------- AppDomain sandbox = AppDomain.CreateDomain("Sandboxed AppDomain With FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset, null); try { Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName); sandbox.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod)); } catch (Exception ex) { Console.WriteLine(ex.Message); } //-------- Create the AppDomain without FileIO Read Permission -------- //Expect Security Exception to be thrown PermissionSet grantset2 = BasePermissionSet.Copy(); AppDomain sandbox2 = AppDomain.CreateDomain("Sandboxed AppDomain Without FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset2, null); try { Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName); sandbox2.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod)); } catch (Exception ex) { Console.WriteLine(ex.Message); } Console.WriteLine(""); Console.WriteLine("Press any key to end."); Console.ReadKey(); }
private PolicyStatement(PermissionSet permSet, PolicyStatementAttribute attributes, bool copy) { this.m_permSet = permSet == null ? new PermissionSet(false) : (!copy ? permSet : permSet.Copy()); this.m_attributes = attributes; }
public static void Main() { //Создать разрешение чтения FileIO. FileIOPermission FileIOReadPermission = new FileIOPermission(PermissionState.None); FileIOReadPermission.AllLocalFiles = FileIOPermissionAccess.Read; //Создать базовый набор разрешений PermissionSet BasePermissionSet = new PermissionSet(PermissionState.None); // PermissionState.Unrestricted с полным доверием. BasePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); PermissionSet grantset = BasePermissionSet.Copy(); grantset.AddPermission(FileIOReadPermission); //Написать пример исходного файла для чтения. System.IO.File.WriteAllText("TEST.TXT", "File Content"); //-------- Вызов метода с полным доверием -------- try { Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName); ReadFileMethod(); } catch (Exception ex) { Console.WriteLine(ex.Message); } //-------- Создать AppDomain с разрешением чтения FileIO. -------- AppDomain sandbox = AppDomain.CreateDomain("Sandboxed AppDomain With FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset, null); try { Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName); sandbox.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod)); } catch (Exception ex) { Console.WriteLine(ex.Message); } //-------- Создать AppDomain без разрешения чтения FileIO. -------- //Предположить, что произойдет ошибка безопасности. PermissionSet grantset2 = BasePermissionSet.Copy(); AppDomain sandbox2 = AppDomain.CreateDomain("Sandboxed AppDomain Without FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset2, null); try { Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName); sandbox2.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod)); } catch (Exception ex) { Console.WriteLine(ex.Message); } Console.WriteLine(""); Console.WriteLine("Press any key to end."); Console.ReadKey(); }
public static void PermissionSetDemo() { Console.WriteLine("Executing PermissionSetDemo"); try { //<Snippet2> // Open a new PermissionSet. PermissionSet ps1 = new PermissionSet(PermissionState.None); Console.WriteLine("Adding permission to open a file from a file dialog box."); //<Snippet3> // Add a permission to the permission set. ps1.AddPermission( new FileDialogPermission(FileDialogPermissionAccess.Open)); //</Snippet3> Console.WriteLine("Demanding permission to open a file."); ps1.Demand(); Console.WriteLine("Demand succeeded."); //</Snippet2> Console.WriteLine("Adding permission to save a file from a file dialog box."); ps1.AddPermission( new FileDialogPermission(FileDialogPermissionAccess.Save)); Console.WriteLine("Demanding permission to open and save a file."); ps1.Demand(); Console.WriteLine("Demand succeeded."); Console.WriteLine("Adding permission to read environment variable USERNAME."); ps1.AddPermission( new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME")); ps1.Demand(); Console.WriteLine("Demand succeeded."); Console.WriteLine("Adding permission to read environment variable COMPUTERNAME."); ps1.AddPermission( new EnvironmentPermission(EnvironmentPermissionAccess.Read, "COMPUTERNAME")); //<Snippet4> // Demand all the permissions in the set. Console.WriteLine("Demand all permissions."); ps1.Demand(); //</Snippet4> Console.WriteLine("Demand succeeded."); //<Snippet5> // Display the number of permissions in the set. Console.WriteLine("Number of permissions = " + ps1.Count); //</Snippet5> //<Snippet6> // Display the value of the IsSynchronized property. Console.WriteLine("IsSynchronized property = " + ps1.IsSynchronized); //</Snippet6> //<Snippet7> // Display the value of the IsReadOnly property. Console.WriteLine("IsReadOnly property = " + ps1.IsReadOnly); //</Snippet7> //<Snippet8> // Display the value of the SyncRoot property. Console.WriteLine("SyncRoot property = " + ps1.SyncRoot); //</Snippet8> //<Snippet9> // Display the result of a call to the ContainsNonCodeAccessPermissions method. // Gets a value indicating whether the PermissionSet contains permissions // that are not derived from CodeAccessPermission. // Returns true if the PermissionSet contains permissions that are not // derived from CodeAccessPermission; otherwise, false. Console.WriteLine("ContainsNonCodeAccessPermissions method returned " + ps1.ContainsNonCodeAccessPermissions()); //</Snippet9> //<Snippet10> Console.WriteLine("Value of the permission set ToString = \n" + ps1.ToString()); //</Snippet10> PermissionSet ps2 = new PermissionSet(PermissionState.None); //<Snippet11> // Create a second permission set and compare it to the first permission set. ps2.AddPermission( new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME")); ps2.AddPermission( new EnvironmentPermission(EnvironmentPermissionAccess.Write, "COMPUTERNAME")); IEnumerator list = ps1.GetEnumerator(); Console.WriteLine("Permissions in first permission set:"); while (list.MoveNext()) { Console.WriteLine(list.Current.ToString()); } Console.WriteLine("Second permission IsSubsetOf first permission = " + ps2.IsSubsetOf(ps1)); //</Snippet11> //<Snippet12> // Display the intersection of two permission sets. PermissionSet ps3 = ps2.Intersect(ps1); Console.WriteLine("The intersection of the first permission set and " + "the second permission set = " + ps3.ToString()); //</Snippet12> // Create a new permission set. PermissionSet ps4 = new PermissionSet(PermissionState.None); ps4.AddPermission( new FileIOPermission(FileIOPermissionAccess.Read, "C:\\Temp\\Testfile.txt")); ps4.AddPermission( new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.Write | FileIOPermissionAccess.Append, "C:\\Temp\\Testfile.txt")); //<Snippet13> // Display the union of two permission sets. PermissionSet ps5 = ps3.Union(ps4); Console.WriteLine("The union of permission set 3 and permission set 4 = " + ps5.ToString()); //</Snippet13> //<Snippet15> // Remove FileIOPermission from the permission set. ps5.RemovePermission(typeof(FileIOPermission)); Console.WriteLine("The last permission set after removing FileIOPermission = " + ps5.ToString()); //</Snippet15> //<Snippet16> // Change the permission set using SetPermission. ps5.SetPermission(new EnvironmentPermission(EnvironmentPermissionAccess.AllAccess, "USERNAME")); Console.WriteLine("Permission set after SetPermission = " + ps5.ToString()); //</Snippet16> //<Snippet17> // Display result of ToXml and FromXml operations. PermissionSet ps6 = new PermissionSet(PermissionState.None); ps6.FromXml(ps5.ToXml()); Console.WriteLine("Result of ToFromXml = " + ps6.ToString() + "\n"); //</Snippet17> //<Snippet18> // Display results of PermissionSet.GetEnumerator. IEnumerator psEnumerator = ps1.GetEnumerator(); while (psEnumerator.MoveNext()) { Console.WriteLine(psEnumerator.Current); } //</Snippet18> //<Snippet19> // Check for an unrestricted permission set. PermissionSet ps7 = new PermissionSet(PermissionState.Unrestricted); Console.WriteLine("Permission set is unrestricted = " + ps7.IsUnrestricted()); //</Snippet19> //<Snippet20> // Create and display a copy of a permission set. ps7 = ps5.Copy(); Console.WriteLine("Result of copy = " + ps7.ToString()); //</Snippet20> } catch (Exception e) { Console.WriteLine(e.Message.ToString()); } }
public static void SetDemo() { //创建文件 IO 读取权限 FileIOPermission FileIOReadPermission = new FileIOPermission(PermissionState.None); FileIOReadPermission.AllLocalFiles = FileIOPermissionAccess.Read; //创建基本权限集 PermissionSet BasePermissionSet = new PermissionSet(PermissionState.None); // PermissionState.Unrestricted 用于完全信任 BasePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); PermissionSet grantset = BasePermissionSet.Copy(); grantset.AddPermission(FileIOReadPermission); //编写示例源文件以读取 System.IO.File.WriteAllText("TEST.TXT", "File Content"); //-------- 完全信任地调用方法 -------- try { Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName); ReadFileMethod(); } catch (Exception ex) { Console.WriteLine(ex.Message); } //-------- 创建具有文件 IO 读取权限的 AppDomain -------- AppDomain sandbox = AppDomain.CreateDomain("Sandboxed AppDomain With FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset, null); try { Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName); sandbox.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod)); } catch (Exception ex) { Console.WriteLine(ex.Message); } //-------- 创建没有文件 IO 读取权限的 AppDomain -------- //应当引发安全异常 PermissionSet grantset2 = BasePermissionSet.Copy(); //grantset2.AddPermission(FileIOReadPermission); AppDomain sandbox2 = AppDomain.CreateDomain("Sandboxed AppDomain Without FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset2, null); try { Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName); sandbox2.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod)); } catch (Exception ex) { Console.WriteLine(ex.Message); } Console.WriteLine(""); }