public override bool Execute()
 {
     TrustInfo info = new TrustInfo {
         IsFullTrust = false
     };
     FrameworkName name = null;
     string str = string.Empty;
     if (!string.IsNullOrEmpty(this.TargetFrameworkMoniker))
     {
         name = new FrameworkName(this.TargetFrameworkMoniker);
         str = name.Version.ToString();
     }
     if ((this.BaseManifest != null) && File.Exists(this.BaseManifest.ItemSpec))
     {
         try
         {
             info.ReadManifest(this.BaseManifest.ItemSpec);
         }
         catch (Exception exception)
         {
             base.Log.LogErrorWithCodeFromResources("GenerateManifest.ReadInputManifestFailed", new object[] { this.BaseManifest.ItemSpec, exception.Message });
             return false;
         }
     }
     if (!string.IsNullOrEmpty(this.ExcludedPermissions))
     {
         base.Log.LogWarningFromResources("GenerateManifest.ExcludedPermissionsNotSupported", new object[0]);
     }
     try
     {
         if ((!string.IsNullOrEmpty(this.targetZone) && (info.PermissionSet != null)) && ((info.PermissionSet.Count > 0) && !string.Equals(this.targetZone, "Custom", StringComparison.OrdinalIgnoreCase)))
         {
             base.Log.LogErrorFromResources("GenerateManifest.KnownTargetZoneCannotHaveAdditionalPermissionType", new object[0]);
             return false;
         }
         info.PermissionSet = SecurityUtilities.ComputeZonePermissionSetHelper(this.TargetZone, info.PermissionSet, this.applicationDependencies, this.TargetFrameworkMoniker);
         if (info.PermissionSet == null)
         {
             base.Log.LogErrorWithCodeFromResources("GenerateManifest.NoPermissionSetForTargetZone", new object[] { str });
             return false;
         }
     }
     catch (ArgumentNullException)
     {
         base.Log.LogErrorWithCodeFromResources("GenerateManifest.NoPermissionSetForTargetZone", new object[] { str });
         return false;
     }
     catch (ArgumentException exception2)
     {
         if (!string.Equals(exception2.ParamName, "TargetZone", StringComparison.OrdinalIgnoreCase))
         {
             throw;
         }
         base.Log.LogWarningWithCodeFromResources("GenerateManifest.InvalidItemValue", new object[] { "TargetZone", this.TargetZone });
     }
     info.Write(this.TrustInfoFile.ItemSpec);
     return true;
 }
Example #2
0
 public void Basic()
 {
     TrustInfo t = new TrustInfo();
     string file = FileUtilities.GetTemporaryFile();
     File.Delete(file);
     t.WriteManifest(file);
     Assert.IsTrue(File.Exists(file));
     // Writing a second time is an in-place modification.
     t.WriteManifest(file);
     Assert.IsTrue(File.Exists(file));
     File.Delete(file);
 }
Example #3
0
        private void ValidateReferenceForPartialTrust(AssemblyReference assembly, TrustInfo trustInfo)
        {
            if (trustInfo.IsFullTrust)
            {
                return;
            }
            string path = assembly.ResolvedPath;
            AssemblyAttributeFlags flags = new AssemblyAttributeFlags(path);

            // if it's targeting v2.0 CLR then use the old logic to check for partial trust callers.
            if (Util.CompareFrameworkVersions(this.TargetFrameworkVersion, Constants.TargetFrameworkVersion35) <= 0)
            {
                if (assembly.IsPrimary && flags.IsSigned &&
                    !flags.HasAllowPartiallyTrustedCallersAttribute)
                {
                    OutputMessages.AddWarningMessage("GenerateManifest.AllowPartiallyTrustedCallers", Path.GetFileNameWithoutExtension(path));
                }
            }
            else
            {
                if (assembly.AssemblyIdentity != null && assembly.AssemblyIdentity.IsInFramework(Constants.DotNetFrameworkIdentifier, TargetFrameworkVersion))
                {
                    // if the binary is targeting v4.0 and it has the transparent attribute then we may allow partially trusted callers.
                    if (assembly.IsPrimary &&
                        !(flags.HasAllowPartiallyTrustedCallersAttribute || flags.HasSecurityTransparentAttribute))
                    {
                        OutputMessages.AddWarningMessage("GenerateManifest.AllowPartiallyTrustedCallers", Path.GetFileNameWithoutExtension(path));
                    }
                }
                else
                {
                    // if the binary is targeting v4.0 and it has the transparent attribute then we may allow partially trusted callers.
                    if (assembly.IsPrimary && flags.IsSigned &&
                        !(flags.HasAllowPartiallyTrustedCallersAttribute || flags.HasSecurityTransparentAttribute))
                    {
                        OutputMessages.AddWarningMessage("GenerateManifest.AllowPartiallyTrustedCallers", Path.GetFileNameWithoutExtension(path));
                    }
                }
            }

            if (flags.HasPrimaryInteropAssemblyAttribute || flags.HasImportedFromTypeLibAttribute)
            {
                OutputMessages.AddWarningMessage("GenerateManifest.UnmanagedCodePermission", Path.GetFileNameWithoutExtension(path));
            }
        }
Example #4
0
        /// <summary>
        /// Set the application's trust information
        /// </summary>
        /// <param name="manifest">ApplicationManifest object</param>
        /// <param name="trustLevel">Trust level</param>
        private static void SetTrustLevel(ApplicationManifest manifest, Command.TrustLevels trustLevel)
        {
            if (trustLevel != Command.TrustLevels.None)
            {
                TrustInfo ti = new Microsoft.Build.Tasks.Deployment.ManifestUtilities.TrustInfo();
                manifest.TrustInfo = ti;

                if (trustLevel == Command.TrustLevels.FullTrust)
                {
                    ti.IsFullTrust = true;
                }
                else
                {
                    ti.PermissionSet = SecurityUtilities.ComputeZonePermissionSet(trustLevel.ToString(), null, null);
                    ti.IsFullTrust   = false;
                }
            }
        }
Example #5
0
        public override bool Execute()
        {
            TrustInfo trustInfo = new TrustInfo();
            trustInfo.IsFullTrust = false;
            FrameworkNameVersioning fn = null;
            string dotNetVersion = string.Empty;
            if (!string.IsNullOrEmpty(TargetFrameworkMoniker))
            {
                fn = new FrameworkNameVersioning(TargetFrameworkMoniker);
                dotNetVersion = fn.Version.ToString();
            }

            // Read trust-info from app.manifest
            if (BaseManifest != null && File.Exists(BaseManifest.ItemSpec))
            {
                try
                {
                    trustInfo.ReadManifest(BaseManifest.ItemSpec);
                }
                catch (Exception ex)
                {
                    Log.LogErrorWithCodeFromResources("GenerateManifest.ReadInputManifestFailed", BaseManifest.ItemSpec, ex.Message);
                    return false;
                }
            }

            if (!String.IsNullOrEmpty(ExcludedPermissions))
                Log.LogWarningFromResources("GenerateManifest.ExcludedPermissionsNotSupported");

            try
            {
                // If it's a known zone and the user add additional permission to it.
                if (!String.IsNullOrEmpty(_targetZone)
                    && trustInfo.PermissionSet != null && trustInfo.PermissionSet.Count > 0
                    && !String.Equals(_targetZone, Custom, StringComparison.OrdinalIgnoreCase))
                {
                    Log.LogErrorFromResources("GenerateManifest.KnownTargetZoneCannotHaveAdditionalPermissionType");
                    return false;
                }
                else
                {
                    trustInfo.PermissionSet = SecurityUtilities.ComputeZonePermissionSetHelper(TargetZone, trustInfo.PermissionSet, _applicationDependencies, TargetFrameworkMoniker);
                    if (trustInfo.PermissionSet == null)
                    {
                        Log.LogErrorWithCodeFromResources("GenerateManifest.NoPermissionSetForTargetZone", dotNetVersion);
                        return false;
                    }
                }
            }
            catch (ArgumentNullException)
            {
                Log.LogErrorWithCodeFromResources("GenerateManifest.NoPermissionSetForTargetZone", dotNetVersion);
                return false;
            }
            catch (ArgumentException ex)
            {
                if (String.Equals(ex.ParamName, "TargetZone", StringComparison.OrdinalIgnoreCase))
                    Log.LogWarningWithCodeFromResources("GenerateManifest.InvalidItemValue", "TargetZone", TargetZone);
                else
                    throw;
            }

            // Write trust-info back to a stand-alone trust file
            trustInfo.Write(TrustInfoFile.ItemSpec);

            return true;
        }
        private void ValidateReferenceForPartialTrust(AssemblyReference assembly, TrustInfo trustInfo)
        {
            if (trustInfo.IsFullTrust)
                return;
            string path = assembly.ResolvedPath;
            AssemblyAttributeFlags flags = new AssemblyAttributeFlags(path);

            // if it's targeting v2.0 CLR then use the old logic to check for partial trust callers.
            if (Util.CompareFrameworkVersions(this.TargetFrameworkVersion, Constants.TargetFrameworkVersion35) <= 0)
            {
                if (assembly.IsPrimary && flags.IsSigned
                    && !flags.HasAllowPartiallyTrustedCallersAttribute)
                    OutputMessages.AddWarningMessage("GenerateManifest.AllowPartiallyTrustedCallers", Path.GetFileNameWithoutExtension(path));
            }
            else
            {
                if (assembly.AssemblyIdentity != null && assembly.AssemblyIdentity.IsInFramework(Constants.DotNetFrameworkIdentifier, TargetFrameworkVersion))
                {
                    // if the binary is targeting v4.0 and it has the transparent attribute then we may allow partially trusted callers.
                    if (assembly.IsPrimary
                        && !(flags.HasAllowPartiallyTrustedCallersAttribute || flags.HasSecurityTransparentAttribute))
                        OutputMessages.AddWarningMessage("GenerateManifest.AllowPartiallyTrustedCallers", Path.GetFileNameWithoutExtension(path));
                }
                else
                {
                    // if the binary is targeting v4.0 and it has the transparent attribute then we may allow partially trusted callers.
                    if (assembly.IsPrimary && flags.IsSigned
                        && !(flags.HasAllowPartiallyTrustedCallersAttribute || flags.HasSecurityTransparentAttribute))
                        OutputMessages.AddWarningMessage("GenerateManifest.AllowPartiallyTrustedCallers", Path.GetFileNameWithoutExtension(path));
                }
            }

            if (flags.HasPrimaryInteropAssemblyAttribute || flags.HasImportedFromTypeLibAttribute)
                OutputMessages.AddWarningMessage("GenerateManifest.UnmanagedCodePermission", Path.GetFileNameWithoutExtension(path));
        }