/// <summary>
/// Generate the LocalIntranet permission set, optionally extending it with same site permissions
/// </summary>
private static PermissionSet GetLocalIntranetPermissionSet(Url sourceUrl)
{
PermissionSet localIntranet = MachinePolicyLevel.GetNamedPermissionSet("LocalIntranet");
// If we have a source URL, try to generate same-site web and file permissions to add to the
// local intranet set
if (sourceUrl != null)
{
Evidence evidence = new Evidence();
evidence.AddHostEvidence(new Zone(SecurityZone.Intranet));
evidence.AddHostEvidence(sourceUrl);
PolicyStatement webPolicy =
new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence);
if (webPolicy != null)
{
localIntranet = localIntranet.Union(webPolicy.PermissionSet);
}
PolicyStatement filePolicy =
new FileCodeGroup(new AllMembershipCondition(), FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery).Resolve(evidence);
if (filePolicy != null)
{
localIntranet = localIntranet.Union(filePolicy.PermissionSet);
}
}
// If WPF is available on the machine, then extend the permission set with some additional WPF
// permissions as well.
localIntranet = localIntranet.Union(WpfPermissionSet);
return(localIntranet);
}
/// <summary>
/// Generate the Internet permission set, optionally extending it with same site permissions
/// </summary>
private static PermissionSet GetInternetPermissionSet(Url sourceUrl)
{
PermissionSet internet = MachinePolicyLevel.GetNamedPermissionSet("Internet");
// If we have a source URL, try to generate same-site web permissions to add to the internet set
if (sourceUrl != null)
{
Evidence evidence = new Evidence();
evidence.AddHostEvidence(new Zone(SecurityZone.Internet));
evidence.AddHostEvidence(sourceUrl);
PolicyStatement webPolicy =
new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence);
if (webPolicy != null)
{
internet = internet.Union(webPolicy.PermissionSet);
}
}
// If WPF is available on the machine, then extend the permission set with some additional WPF
// permissions as well.
internet = internet.Union(WpfPermissionSet);
return(internet);
}
public void PermissionSetBad()
{
PermissionSet set = new PermissionSet(PermissionState.None);
// this is not ok
set.Union(set);
}
public override PolicyStatement Resolve(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (!MembershipCondition.Check(evidence))
{
return(null);
}
PermissionSet ps = this.PolicyStatement.PermissionSet.Copy();
if (this.Children.Count > 0)
{
foreach (CodeGroup child_cg in this.Children)
{
PolicyStatement child_pst = child_cg.Resolve(evidence);
if (child_pst != null)
{
ps = ps.Union(child_pst.PermissionSet);
}
}
}
PolicyStatement pst = this.PolicyStatement.Copy();
pst.PermissionSet = ps;
return(pst);
}
/// <summary>Resolves policy for the code group and its descendants for a set of evidence.</summary>
/// <returns>A policy statement consisting of the permissions granted by the code group with optional attributes, or null if the code group does not apply (the membership condition does not match the specified evidence).</returns>
/// <param name="evidence">The evidence for the assembly. </param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="evidence" /> parameter is null. </exception>
/// <exception cref="T:System.Security.Policy.PolicyException">More than one code group (including the parent code group and any child code groups) is marked <see cref="F:System.Security.Policy.PolicyStatementAttribute.Exclusive" />. </exception>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" />
/// </PermissionSet>
public override PolicyStatement Resolve(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (!base.MembershipCondition.Check(evidence))
{
return(null);
}
PermissionSet permissionSet = base.PolicyStatement.PermissionSet.Copy();
if (base.Children.Count > 0)
{
foreach (object obj in base.Children)
{
CodeGroup codeGroup = (CodeGroup)obj;
PolicyStatement policyStatement = codeGroup.Resolve(evidence);
if (policyStatement != null)
{
permissionSet = permissionSet.Union(policyStatement.PermissionSet);
}
}
}
PolicyStatement policyStatement2 = base.PolicyStatement.Copy();
policyStatement2.PermissionSet = permissionSet;
return(policyStatement2);
}
/// <summary>
/// IsEmpty
/// </summary>
/// <param name="p"></param>
/// <returns></returns>
internal static bool IsEmpty(CodeAccessPermission p)
{
PermissionSet empty = new PermissionSet(PermissionState.None);
PermissionSet ps = new PermissionSet(PermissionState.None);
ps.AddPermission(p);
bool isEmpty = empty.Union(ps).Equals(empty);
return(isEmpty);
}
public static IObservable <TcpClientTermination> CreateService <TSource, TResult>(
AppDomainSetup appDomainSetup,
PermissionSet permissions,
IPEndPoint endPoint,
Func <IRemotingFormatter> formatterFactory,
QbservableServiceOptions options,
Func <IObservable <TSource>, IQbservable <TResult> > service,
[CallerMemberName] string appDomainBaseName = null,
params Assembly[] fullTrustAssemblies)
{
var minimumPermissions = new PermissionSet(PermissionState.None);
minimumPermissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
minimumPermissions.AddPermission(new SocketPermission(NetworkAccess.Accept, TransportType.Tcp, endPoint.Address.ToString(), endPoint.Port));
var entryAssembly = Assembly.GetEntryAssembly();
var domain = AppDomain.CreateDomain(
Interlocked.Increment(ref appDomainNumber) + ':' + appDomainBaseName,
null,
appDomainSetup,
minimumPermissions.Union(permissions),
new[]
{
typeof(QbservableTcpServer).Assembly.Evidence.GetHostEvidence <StrongName>(),
typeof(Rxx.Parsers.Linq.Parser).Assembly.Evidence.GetHostEvidence <StrongName>(),
typeof(System.Reactive.Linq.Observable).Assembly.Evidence.GetHostEvidence <StrongName>(),
typeof(System.Reactive.Linq.Qbservable).Assembly.Evidence.GetHostEvidence <StrongName>(),
typeof(System.Reactive.Notification).Assembly.Evidence.GetHostEvidence <StrongName>(),
typeof(System.Reactive.IEventPattern <,>).Assembly.Evidence.GetHostEvidence <StrongName>(),
typeof(System.Reactive.Concurrency.TaskPoolScheduler).Assembly.Evidence.GetHostEvidence <StrongName>()
}
.Concat(entryAssembly == null ? new StrongName[0] : new[] { entryAssembly.Evidence.GetHostEvidence <StrongName>() })
.Concat(fullTrustAssemblies.Select(assembly => assembly.Evidence.GetHostEvidence <StrongName>()))
.ToArray());
try
{
var handle = Activator.CreateInstanceFrom(
domain,
typeof(CreateServiceProxy <TSource, TResult>).Assembly.ManifestModule.FullyQualifiedName,
typeof(CreateServiceProxy <TSource, TResult>).FullName);
var proxy = (CreateServiceProxy <TSource, TResult>)handle.Unwrap();
return(proxy.CreateService(endPoint, options, new CreateServiceProxyDelegates <TSource, TResult>(formatterFactory, service))
.Finally(() => AppDomain.Unload(domain)));
}
catch
{
AppDomain.Unload(domain);
throw;
}
}
private void BuildAssembly(AppDomain appDomain, string dir, string filename)
{
// Prepare the assembly-level permissions.
PermissionSet requiredPermissions = new PermissionSet(null);
PermissionSet optionalPermissions = new PermissionSet(null);
PermissionSet refusedPermissions = new PermissionSet(null);
foreach (SecurityDeclaration securityDeclaration in assemblyDefinition.SecurityDeclarations)
{
switch (securityDeclaration.Action)
{
case Mono.Cecil.SecurityAction.RequestMinimum:
requiredPermissions = requiredPermissions.Union(securityDeclaration.PermissionSet);
break;
case Mono.Cecil.SecurityAction.RequestOptional:
optionalPermissions = optionalPermissions.Union(securityDeclaration.PermissionSet);
break;
case Mono.Cecil.SecurityAction.RequestRefuse:
refusedPermissions = refusedPermissions.Union(securityDeclaration.PermissionSet);
break;
}
}
// Build the dynamic assembly.
AssemblyBuilder assemblyBuilder = appDomain.DefineDynamicAssembly(
new AssemblyName(assemblyDefinition.Name.FullName),
AssemblyBuilderAccess.RunAndSave, dir,
requiredPermissions, optionalPermissions, refusedPermissions);
dynamicAssembly = new DynamicAssembly(assemblyBuilder, filename);
// TODO: Set entry point and assembly kind.
foreach (ModuleDefinition moduleDefinition in assemblyDefinition.Modules)
{
BuildModule(moduleDefinition);
}
metadataPass.Add(delegate
{
InitializeCustomAttributes(assemblyBuilder.SetCustomAttribute, assemblyDefinition.CustomAttributes);
});
}
internal static PermissionSet AddPermissionForUri(PermissionSet originalPermSet, Uri srcUri)
{
PermissionSet result = originalPermSet;
if (srcUri != null)
{
Evidence evidence = new Evidence();
evidence.AddHost(new Url(BindUriHelper.UriToString(srcUri)));
IMembershipCondition membershipCondition = new UrlMembershipCondition(BindUriHelper.UriToString(srcUri));
CodeGroup codeGroup = srcUri.IsFile ? new FileCodeGroup(membershipCondition, FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery) : new NetCodeGroup(membershipCondition);
PolicyStatement policyStatement = codeGroup.Resolve(evidence);
if (!policyStatement.PermissionSet.IsEmpty())
{
result = originalPermSet.Union(policyStatement.PermissionSet);
}
}
return(result);
}
private PermissionSet AddPermissionsToSet(PermissionSet permissionSet, SecurityDeclarationCollection securityDeclarations)
{
foreach (SecurityDeclaration declaration in securityDeclarations)
{
if (declaration.PermissionSet != null && declaration.PermissionSet.Count > 0)
{
if (permissionSet == null)
{
permissionSet = declaration.PermissionSet;
}
else
{
permissionSet = permissionSet.Union(declaration.PermissionSet);
}
}
}
return(permissionSet);
}
internal static PermissionSet AddPermissionForUri(PermissionSet originalPermSet, Uri srcUri)
{
PermissionSet newPermSet = originalPermSet;
if (srcUri != null)
{
Evidence evidence = new Evidence();
evidence.AddHost(new Url(BindUriHelper.UriToString(srcUri))); // important: the parameter must be a UrL object not a UrI object
IMembershipCondition membership = new UrlMembershipCondition(BindUriHelper.UriToString(srcUri));
CodeGroup group = (srcUri.IsFile) ?
(CodeGroup) new FileCodeGroup(membership, FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery)
:(CodeGroup) new NetCodeGroup(membership);
PolicyStatement policy = group.Resolve(evidence);
if (!policy.PermissionSet.IsEmpty())
{
newPermSet = originalPermSet.Union(policy.PermissionSet);
}
}
return(newPermSet);
}
public static void PermissionSetCallMethods()
{
PermissionSet ps = new PermissionSet(new PermissionState());
ps.Assert();
bool containspermissions = ps.ContainsNonCodeAccessPermissions();
PermissionSet ps2 = ps.Copy();
ps.CopyTo(new int[1], 0);
ps.Demand();
ps.Equals(ps2);
System.Collections.IEnumerator ie = ps.GetEnumerator();
int hash = ps.GetHashCode();
PermissionSet ps3 = ps.Intersect(ps2);
bool isempty = ps.IsEmpty();
bool issubsetof = ps.IsSubsetOf(ps2);
bool isunrestricted = ps.IsUnrestricted();
string s = ps.ToString();
PermissionSet ps4 = ps.Union(ps2);
SecurityElement se = new SecurityElement("");
ps.FromXml(se);
se = ps.ToXml();
}
public static void PermissionSetCallMethods()
{
PermissionSet ps = new PermissionSet(new PermissionState());
ps.Assert();
bool containspermissions = ps.ContainsNonCodeAccessPermissions();
PermissionSet ps2 = ps.Copy();
ps.CopyTo(new int[1], 0);
ps.Demand();
ps.Equals(ps2);
System.Collections.IEnumerator ie = ps.GetEnumerator();
int hash = ps.GetHashCode();
PermissionSet ps3 = ps.Intersect(ps2);
bool isempty = ps.IsEmpty();
bool issubsetof = ps.IsSubsetOf(ps2);
bool isunrestricted = ps.IsUnrestricted();
string s = ps.ToString();
PermissionSet ps4 = ps.Union(ps2);
SecurityElement se = new SecurityElement("");
ps.FromXml(se);
se = ps.ToXml();
}
}// FindCurrentPermissionSet
internal static int FindCurrentPermissionSet(Evidence ev, PermissionSet pSet)
{
// Ok, now let's see if the permission set that is currently granted matches
// either Full Trust, Internet, Intranet, or none.
if (pSet.IsEmpty())
{
return(PermissionSetType.NONE);
}
if (pSet.IsUnrestricted())
{
return(PermissionSetType.FULLTRUST);
}
// Let's grab the internet and intranet permission sets....
PolicyLevel pl = GetPolicyLevelFromType(PolicyLevelType.Enterprise);
PermissionSet psInternet = pl.GetNamedPermissionSet("Internet");
PermissionSet psIntranet = pl.GetNamedPermissionSet("LocalIntranet");
// In addition, the internet and intranet permission sets get additional
// permissions that are normally provided by custom codegroups. We'll
// create those codegroups and get the permissions of of those
// Mess with the custom codegroups
FileCodeGroup fcg = new FileCodeGroup(new AllMembershipCondition(), FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery);
NetCodeGroup ncg = new NetCodeGroup(new AllMembershipCondition());
// The intranet permission set gets unioned with each of these...
PermissionSet psss = fcg.Resolve(ev).PermissionSet;
psIntranet = psIntranet.Union(psss);
psIntranet = psIntranet.Union(ncg.Resolve(ev).PermissionSet);
// The internet permission set just gets the net codegroup
psInternet = psInternet.Union(ncg.Resolve(ev).PermissionSet);
int nPermissionSet = PermissionSetType.UNKNOWN;
// These 'IsSubsetOf' will throw exceptions if there are non-identical
// regular expressions.
try
{
if (psIntranet != null && pSet.IsSubsetOf(psIntranet) && psIntranet.IsSubsetOf(pSet))
{
nPermissionSet = PermissionSetType.INTRANET;
}
}
catch (Exception)
{
}
// See if we should keep looking
if (nPermissionSet == PermissionSetType.UNKNOWN)
{
try
{
// See if this is a Internet policy level
if (psInternet != null && pSet.IsSubsetOf(psInternet) && psInternet.IsSubsetOf(pSet))
{
nPermissionSet = PermissionSetType.INTERNET;
}
}
catch (Exception)
{
}
}
return(nPermissionSet);
}// FindCurrentPermissionSet
public static void PermissionSetDemo()
{
Console.WriteLine("Executing PermissionSetDemo");
try
{
//<Snippet2>
// Open a new PermissionSet.
PermissionSet ps1 = new PermissionSet(PermissionState.None);
Console.WriteLine("Adding permission to open a file from a file dialog box.");
//<Snippet3>
// Add a permission to the permission set.
ps1.AddPermission(
new FileDialogPermission(FileDialogPermissionAccess.Open));
//</Snippet3>
Console.WriteLine("Demanding permission to open a file.");
ps1.Demand();
Console.WriteLine("Demand succeeded.");
//</Snippet2>
Console.WriteLine("Adding permission to save a file from a file dialog box.");
ps1.AddPermission(
new FileDialogPermission(FileDialogPermissionAccess.Save));
Console.WriteLine("Demanding permission to open and save a file.");
ps1.Demand();
Console.WriteLine("Demand succeeded.");
Console.WriteLine("Adding permission to read environment variable USERNAME.");
ps1.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"));
ps1.Demand();
Console.WriteLine("Demand succeeded.");
Console.WriteLine("Adding permission to read environment variable COMPUTERNAME.");
ps1.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Read, "COMPUTERNAME"));
//<Snippet4>
// Demand all the permissions in the set.
Console.WriteLine("Demand all permissions.");
ps1.Demand();
//</Snippet4>
Console.WriteLine("Demand succeeded.");
//<Snippet5>
// Display the number of permissions in the set.
Console.WriteLine("Number of permissions = " + ps1.Count);
//</Snippet5>
//<Snippet6>
// Display the value of the IsSynchronized property.
Console.WriteLine("IsSynchronized property = " + ps1.IsSynchronized);
//</Snippet6>
//<Snippet7>
// Display the value of the IsReadOnly property.
Console.WriteLine("IsReadOnly property = " + ps1.IsReadOnly);
//</Snippet7>
//<Snippet8>
// Display the value of the SyncRoot property.
Console.WriteLine("SyncRoot property = " + ps1.SyncRoot);
//</Snippet8>
//<Snippet9>
// Display the result of a call to the ContainsNonCodeAccessPermissions method.
// Gets a value indicating whether the PermissionSet contains permissions
// that are not derived from CodeAccessPermission.
// Returns true if the PermissionSet contains permissions that are not
// derived from CodeAccessPermission; otherwise, false.
Console.WriteLine("ContainsNonCodeAccessPermissions method returned " +
ps1.ContainsNonCodeAccessPermissions());
//</Snippet9>
//<Snippet10>
Console.WriteLine("Value of the permission set ToString = \n" + ps1.ToString());
//</Snippet10>
PermissionSet ps2 = new PermissionSet(PermissionState.None);
//<Snippet11>
// Create a second permission set and compare it to the first permission set.
ps2.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"));
ps2.AddPermission(
new EnvironmentPermission(EnvironmentPermissionAccess.Write, "COMPUTERNAME"));
IEnumerator list = ps1.GetEnumerator();
Console.WriteLine("Permissions in first permission set:");
while (list.MoveNext())
{
Console.WriteLine(list.Current.ToString());
}
Console.WriteLine("Second permission IsSubsetOf first permission = " + ps2.IsSubsetOf(ps1));
//</Snippet11>
//<Snippet12>
// Display the intersection of two permission sets.
PermissionSet ps3 = ps2.Intersect(ps1);
Console.WriteLine("The intersection of the first permission set and "
+ "the second permission set = " + ps3.ToString());
//</Snippet12>
// Create a new permission set.
PermissionSet ps4 = new PermissionSet(PermissionState.None);
ps4.AddPermission(
new FileIOPermission(FileIOPermissionAccess.Read,
"C:\\Temp\\Testfile.txt"));
ps4.AddPermission(
new FileIOPermission(FileIOPermissionAccess.Read |
FileIOPermissionAccess.Write | FileIOPermissionAccess.Append,
"C:\\Temp\\Testfile.txt"));
//<Snippet13>
// Display the union of two permission sets.
PermissionSet ps5 = ps3.Union(ps4);
Console.WriteLine("The union of permission set 3 and permission set 4 = "
+ ps5.ToString());
//</Snippet13>
//<Snippet15>
// Remove FileIOPermission from the permission set.
ps5.RemovePermission(typeof(FileIOPermission));
Console.WriteLine("The last permission set after removing FileIOPermission = "
+ ps5.ToString());
//</Snippet15>
//<Snippet16>
// Change the permission set using SetPermission.
ps5.SetPermission(new EnvironmentPermission(EnvironmentPermissionAccess.AllAccess, "USERNAME"));
Console.WriteLine("Permission set after SetPermission = " + ps5.ToString());
//</Snippet16>
//<Snippet17>
// Display result of ToXml and FromXml operations.
PermissionSet ps6 = new PermissionSet(PermissionState.None);
ps6.FromXml(ps5.ToXml());
Console.WriteLine("Result of ToFromXml = " + ps6.ToString() + "\n");
//</Snippet17>
//<Snippet18>
// Display results of PermissionSet.GetEnumerator.
IEnumerator psEnumerator = ps1.GetEnumerator();
while (psEnumerator.MoveNext())
{
Console.WriteLine(psEnumerator.Current);
}
//</Snippet18>
//<Snippet19>
// Check for an unrestricted permission set.
PermissionSet ps7 = new PermissionSet(PermissionState.Unrestricted);
Console.WriteLine("Permission set is unrestricted = " + ps7.IsUnrestricted());
//</Snippet19>
//<Snippet20>
// Create and display a copy of a permission set.
ps7 = ps5.Copy();
Console.WriteLine("Result of copy = " + ps7.ToString());
//</Snippet20>
}
catch (Exception e)
{
Console.WriteLine(e.Message.ToString());
}
}
