| public AddPathList ( FileIOPermissionAccess access, string path ) : void | ||
| access | FileIOPermissionAccess | |
| path | string | |
| return | void | |
private AppDomain CreateAnalyzerDomain()
{
AppDomainSetup ads = new AppDomainSetup();
AppDomain result;
PermissionSet perms;
ads.ApplicationBase = Environment.CurrentDirectory;
ads.ShadowCopyDirectories = "shadow";
ads.ShadowCopyFiles = "shadow";
ads.DisallowCodeDownload = true;
perms = new PermissionSet(PermissionState.None);
FileIOPermission fiop = new FileIOPermission(PermissionState.Unrestricted);
perms.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
perms.AddPermission(new SecurityPermission(SecurityPermissionFlag.AllFlags));
fiop.AddPathList(FileIOPermissionAccess.PathDiscovery, Environment.CurrentDirectory);
fiop.AddPathList(FileIOPermissionAccess.Read, Environment.CurrentDirectory);
fiop.AddPathList(FileIOPermissionAccess.PathDiscovery, Environment.CurrentDirectory + "Extensions\\");
fiop.AddPathList(FileIOPermissionAccess.Read, Environment.CurrentDirectory + "Extensions\\");
//fiop.AllLocalFiles = FileIOPermissionAccess.AllAccess
//fiop.AllFiles = FileIOPermissionAccess.AllAccess
perms.AddPermission(fiop);
perms.AddPermission(new UIPermission(UIPermissionWindow.AllWindows, UIPermissionClipboard.OwnClipboard));
perms.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
PolicyLevel policy = PolicyLevel.CreateAppDomainLevel();
policy.RootCodeGroup.PolicyStatement = new PolicyStatement(perms);
// create the Domain
result = AppDomain.CreateDomain("analyzer", null, ads);
result.SetAppDomainPolicy(policy);
return result;
}
/// <summary>
/// Initializes the permissions manager with the permissions required by an install script.
/// </summary>
internal static void Init()
{
permissions = new PermissionSet(PermissionState.None);
//do the following paths need to add to this?
// savesPath - fallout 3
var fipFilePermission = new FileIOPermission(FileIOPermissionAccess.AllAccess, new[]
{
Program.tmpPath,
Path.GetTempPath(),
Program.GameMode.InstallInfoDirectory,
Program.GameMode.PluginsPath
});
var lstPaths = new List<string>(Program.GameMode.SettingsFiles.Values);
lstPaths.AddRange(Program.GameMode.AdditionalPaths.Values);
fipFilePermission.AddPathList(FileIOPermissionAccess.AllAccess, lstPaths.ToArray());
fipFilePermission.AddPathList(FileIOPermissionAccess.Read, Environment.CurrentDirectory);
permissions.AddPermission(fipFilePermission);
permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));
permissions.AddPermission(new UIPermission(UIPermissionWindow.AllWindows));
// Not sure what permissions are needed for GetTempFileName() to work, so we add them all.
permissions.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted));
}
// Methods
public override IPermission CreatePermission()
{
#if NET_2_1
return(null);
#else
FileIOPermission perm = null;
if (this.Unrestricted)
{
perm = new FileIOPermission(PermissionState.Unrestricted);
}
else
{
perm = new FileIOPermission(PermissionState.None);
if (append != null)
{
perm.AddPathList(FileIOPermissionAccess.Append, append);
}
if (path != null)
{
perm.AddPathList(FileIOPermissionAccess.PathDiscovery, path);
}
if (read != null)
{
perm.AddPathList(FileIOPermissionAccess.Read, read);
}
if (write != null)
{
perm.AddPathList(FileIOPermissionAccess.Write, write);
}
}
return(perm);
#endif
}
private static FileIOPermission CreateRWAPFileIOPermission (params string[] paths)
{
var permission = new FileIOPermission (PermissionState.None);
permission.AddPathList (FileIOPermissionAccess.Read, paths);
permission.AddPathList (FileIOPermissionAccess.Write, paths);
permission.AddPathList (FileIOPermissionAccess.Append, paths);
permission.AddPathList (FileIOPermissionAccess.PathDiscovery, paths);
return permission;
}
public IPermission Parse(JToken token)
{
var accessList = token as JArray;
if (accessList == null)
{
return null;
}
var result = new FileIOPermission(PermissionState.None);
foreach (var item in accessList)
{
var obj = item as JObject;
if (obj == null)
{
continue;
}
var access = obj["access"].ToObject<string[]>();
var paths = obj["paths"].ToObject<string[]>();
var fileAccess = FileIOPermissionAccess.NoAccess;
if (access.Contains("read")) fileAccess |= FileIOPermissionAccess.Read;
if (access.Contains("write")) fileAccess |= FileIOPermissionAccess.Write;
if (access.Contains("discover")) fileAccess |= FileIOPermissionAccess.PathDiscovery;
if (access.Contains("append")) fileAccess |= FileIOPermissionAccess.Append;
result.AddPathList(fileAccess, paths);
}
return result;
}
public static bool CopyFile(string newFile, string oldFile)
{
var newfile = new FileInfo(newFile);
var oldfile = new FileInfo(oldFile);
string errorMsg = "";
var f2 = new FileIOPermission(FileIOPermissionAccess.AllAccess, oldFile);
f2.AddPathList(FileIOPermissionAccess.Write | FileIOPermissionAccess.Read, newFile);
try
{
f2.Demand();
}
catch (SecurityException s)
{
Console.WriteLine(s.Message);
}
for (int x = 0; x < 100; x++)
{
try
{
File.Delete(oldfile.FullName);
newfile.CopyTo(oldfile.FullName, true);
return true;
}
catch(Exception e)
{
errorMsg = e.Message + " : " + e.InnerException;
Thread.Sleep(200);
}
}
Data.Logger(errorMsg);
return false;
}
static public PolicyLevel LoadPolicyLevelFromFile(String path, PolicyLevelType type)
{
if (path == null)
{
throw new ArgumentNullException("path");
}
ConfigId id = SharedStatics.GetNextConfigId();
ConfigRetval retval = Config.InitData(id, path);
if ((retval & ConfigRetval.ConfigFile) == 0)
{
throw new ArgumentException(Environment.GetResourceString("Argument_PolicyFileDoesNotExist"));
}
String name = Enum.GetName(typeof(PolicyLevelType), type);
if (name == null)
{
return(null);
}
String fullPath = Path.GetFullPath(path);
FileIOPermission perm = new FileIOPermission(PermissionState.None);
perm.AddPathList(FileIOPermissionAccess.Read, fullPath);
perm.AddPathList(FileIOPermissionAccess.Write, fullPath);
perm.Demand();
PolicyLevel level = new PolicyLevel(name, id, type == PolicyLevelType.Machine);
level.ThrowOnLoadError = true;
level.CheckLoaded(false);
return(level);
}
public static bool AllowRead(params string[] files)
{
FileIOPermission f2 = new FileIOPermission(PermissionState.None);
for (int i = 0; i < files.Length; i++)
{
f2.AddPathList(FileIOPermissionAccess.Read, files[i]);
}
try
{
f2.Demand();
return true;
}
catch
{
return false;
}
}
private static Boolean canReadWrite(String path)
{
FileIOPermission f = new FileIOPermission(FileIOPermissionAccess.Read, path);
f.AddPathList(FileIOPermissionAccess.Write | FileIOPermissionAccess.Read, path);
try
{
f.Demand();
return true;
}
catch (SecurityException s)
{
//Console.WriteLine(s.Message);
return false;
}
}
private static void InternalReplace(string sourceFileName, string destinationFileName, string destinationBackupFileName, bool ignoreMetadataErrors)
{
string fullPathInternal = Path.GetFullPathInternal(sourceFileName);
string replacedFileName = Path.GetFullPathInternal(destinationFileName);
string path = null;
if (destinationBackupFileName != null)
{
path = Path.GetFullPathInternal(destinationBackupFileName);
}
FileIOPermission permission = new FileIOPermission(FileIOPermissionAccess.Write | FileIOPermissionAccess.Read, new string[] { fullPathInternal, replacedFileName });
if (destinationBackupFileName != null)
{
permission.AddPathList(FileIOPermissionAccess.Write, path);
}
permission.Demand();
int dwReplaceFlags = 1;
if (ignoreMetadataErrors)
{
dwReplaceFlags |= 2;
}
if (!Win32Native.ReplaceFile(replacedFileName, fullPathInternal, path, dwReplaceFlags, IntPtr.Zero, IntPtr.Zero))
{
__Error.WinIOError();
}
}
public static void Replace(String sourceFileName, String destinationFileName, String destinationBackupFileName, bool ignoreMetadataErrors)
{
if (sourceFileName == null)
throw new ArgumentNullException("sourceFileName");
if (destinationFileName == null)
throw new ArgumentNullException("destinationFileName");
// Write permission to all three files, read permission to source
// and dest.
String fullSrcPath = Path.GetFullPathInternal(sourceFileName);
String fullDestPath = Path.GetFullPathInternal(destinationFileName);
String fullBackupPath = null;
if (destinationBackupFileName != null)
fullBackupPath = Path.GetFullPathInternal(destinationBackupFileName);
FileIOPermission perm = new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.Write, new String[] { fullSrcPath, fullDestPath});
if (destinationBackupFileName != null)
perm.AddPathList(FileIOPermissionAccess.Write, fullBackupPath);
perm.Demand();
int flags = Win32Native.REPLACEFILE_WRITE_THROUGH;
if (ignoreMetadataErrors)
flags |= Win32Native.REPLACEFILE_IGNORE_MERGE_ERRORS;
bool r = Win32Native.ReplaceFile(fullDestPath, fullSrcPath, fullBackupPath, flags, IntPtr.Zero, IntPtr.Zero);
if (!r)
__Error.WinIOError();
}
static public PolicyLevel LoadPolicyLevelFromFile(string path, PolicyLevelType type)
{
if (path == null)
throw new ArgumentNullException( "path" );
Contract.EndContractBlock();
if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
{
throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
}
// We need to retain V1.x compatibility by throwing the same exception type.
if (!File.InternalExists(path))
throw new ArgumentException( Environment.GetResourceString("Argument_PolicyFileDoesNotExist"));
String fullPath = Path.GetFullPath( path );
FileIOPermission perm = new FileIOPermission( PermissionState.None );
perm.AddPathList( FileIOPermissionAccess.Read, fullPath );
perm.AddPathList( FileIOPermissionAccess.Write, fullPath );
perm.Demand();
using (FileStream stream = new FileStream(path, FileMode.Open, FileAccess.Read)) {
using (StreamReader reader = new StreamReader(stream)) {
return LoadPolicyLevelFromStringHelper(reader.ReadToEnd(), path, type);
}
}
}
static public PolicyLevel LoadPolicyLevelFromFile( String path, PolicyLevelType type )
{
if (path == null)
throw new ArgumentNullException( "path" );
ConfigId id = SharedStatics.GetNextConfigId();
ConfigRetval retval = Config.InitData( id, path );
if ((retval & ConfigRetval.ConfigFile) == 0)
throw new ArgumentException( Environment.GetResourceString( "Argument_PolicyFileDoesNotExist" ) );
String name = Enum.GetName( typeof( PolicyLevelType ), type );
if (name == null)
return null;
String fullPath = Path.GetFullPath( path );
FileIOPermission perm = new FileIOPermission( PermissionState.None );
perm.AddPathList( FileIOPermissionAccess.Read, fullPath );
perm.AddPathList( FileIOPermissionAccess.Write, fullPath );
perm.Demand();
PolicyLevel level = new PolicyLevel( name, id, type == PolicyLevelType.Machine );
level.ThrowOnLoadError = true;
level.CheckLoaded( false );
return level;
}
internal static void DemandPathDiscovery(string path)
{
FileIOPermission permobj = new FileIOPermission(PermissionState.None);
permobj.AddPathList(FileIOPermissionAccess.PathDiscovery, path);
permobj.Demand();
}
//Generate permissions for the execution in the new domain, according to the permission file givan as parameter
private static PermissionSet setPermissions(string permissionPath, string executablePath)
{
string[] permissions = File.ReadAllLines(permissionPath);
string UntrustedCodeFolderAbsolutePath = permissionPath.Substring(0, permissionPath.LastIndexOf('\\'));
PermissionSet set = new PermissionSet(PermissionState.None);
foreach (string perm in permissions)
{
switch (perm.ToUpper())
{
case "WRITE":
FileIOPermission f2 = new FileIOPermission(FileIOPermissionAccess.Read, UntrustedCodeFolderAbsolutePath);
f2.AddPathList(FileIOPermissionAccess.Write, UntrustedCodeFolderAbsolutePath);
set.AddPermission(f2);
break;
case "READ":
FileIOPermission f3 = new FileIOPermission(FileIOPermissionAccess.Read, UntrustedCodeFolderAbsolutePath);
f3.AddPathList(FileIOPermissionAccess.Write | FileIOPermissionAccess.Read, UntrustedCodeFolderAbsolutePath);
set.AddPermission(f3);
break;
case "CREATEFILE":
FileIOPermission f4 = new FileIOPermission(FileIOPermissionAccess.Read, UntrustedCodeFolderAbsolutePath);
f4.AddPathList(FileIOPermissionAccess.Write | FileIOPermissionAccess.Read, UntrustedCodeFolderAbsolutePath);
set.AddPermission(f4);
break;
}
}
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
set.AddPermission(new UIPermission(PermissionState.Unrestricted));
set.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, executablePath));
set.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, executablePath));
set.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, executablePath + ".result.txt"));
set.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, executablePath + ".result.txt"));
set.AddPermission(new FileIOPermission(FileIOPermissionAccess.Write, executablePath + ".result.txt"));
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));
return set;
}
// Methods
public override IPermission CreatePermission ()
{
#if NET_2_1
return null;
#else
FileIOPermission perm = null;
if (this.Unrestricted)
perm = new FileIOPermission (PermissionState.Unrestricted);
else {
perm = new FileIOPermission (PermissionState.None);
if (append != null)
perm.AddPathList (FileIOPermissionAccess.Append, append);
if (path != null)
perm.AddPathList (FileIOPermissionAccess.PathDiscovery, path);
if (read != null)
perm.AddPathList (FileIOPermissionAccess.Read, read);
if (write != null)
perm.AddPathList (FileIOPermissionAccess.Write, write);
}
return perm;
#endif
}
/// <summary>
/// Initializes the permissions manager with the permissions required by an install script.
/// </summary>
internal static void Init()
{
#if TRACE
Trace.WriteLine("");
Trace.WriteLine("Setting up File IO Permissions for: ");
Trace.Indent();
Trace.Write(" FOMM tmp Dir: ");
Trace.WriteLine(Program.tmpPath);
Trace.Write(" Install Info Dir: ");
Trace.WriteLine(Program.GameMode.InstallInfoDirectory);
Trace.Write(" System tmp Dir: ");
Trace.WriteLine(Path.GetTempPath());
Directory.GetAccessControl(Path.GetTempPath());
Trace.WriteLine(" Settings Files: ");
Trace.Indent();
foreach (string strValue in Program.GameMode.SettingsFiles.Values)
Trace.WriteLine(strValue);
Trace.Unindent();
Trace.WriteLine(" Other Paths: ");
Trace.Indent();
foreach (string strValue in Program.GameMode.AdditionalPaths.Values)
Trace.WriteLine(strValue);
Trace.Unindent();
Trace.Unindent();
Trace.Flush();
#endif
permissions = new PermissionSet(PermissionState.None);
//do the following paths need to add to this?
// savesPath - fallout 3
FileIOPermission fipFilePermission = new FileIOPermission(FileIOPermissionAccess.AllAccess, new string[] {
Program.tmpPath, Path.GetTempPath(),
Program.GameMode.InstallInfoDirectory,
Program.GameMode.PluginsPath
});
List<string> lstPaths = new List<string>(Program.GameMode.SettingsFiles.Values);
lstPaths.AddRange(Program.GameMode.AdditionalPaths.Values);
fipFilePermission.AddPathList(FileIOPermissionAccess.AllAccess, lstPaths.ToArray());
fipFilePermission.AddPathList(FileIOPermissionAccess.Read, Environment.CurrentDirectory);
permissions.AddPermission(fipFilePermission);
permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));
permissions.AddPermission(new UIPermission(UIPermissionWindow.AllWindows));
#if TRACE
Trace.Write("Demanding access to System tmp Dir...");
try
{
permissions.Demand();
Trace.WriteLine("Succeeded.");
}
catch (Exception e)
{
Trace.WriteLine("Failed:");
Program.TraceException(e);
}
Trace.WriteLine(" System tmp Dir Permissions:");
Trace.Indent();
DirectorySecurity drsPermissions = Directory.GetAccessControl(Path.GetTempPath());
Dictionary<string, List<FileSystemRights>> dicRights = new Dictionary<string, List<FileSystemRights>>();
foreach (FileSystemAccessRule fsrRule in drsPermissions.GetAccessRules(true, true, typeof(NTAccount)))
{
if (!dicRights.ContainsKey(fsrRule.IdentityReference.Value))
dicRights[fsrRule.IdentityReference.Value] = new List<FileSystemRights>();
dicRights[fsrRule.IdentityReference.Value].Add(fsrRule.FileSystemRights);
}
foreach (KeyValuePair<string, List<FileSystemRights>> kvpRight in dicRights)
{
Trace.WriteLine(kvpRight.Key + " =>");
Trace.Indent();
foreach (FileSystemRights fsrRight in kvpRight.Value)
Trace.WriteLine(fsrRight.ToString());
Trace.Unindent();
}
Trace.Unindent();
Trace.Write("Testing access to System tmp Dir...");
try
{
File.WriteAllText(Path.Combine(Path.GetTempPath(), "testFile.txt"), "This is fun.");
Trace.WriteLine("Passed: " + File.ReadAllText(Path.Combine(Path.GetTempPath(), "testFile.txt")));
File.Delete(Path.Combine(Path.GetTempPath(), "testFile.txt"));
}
catch (Exception e)
{
Trace.WriteLine("Failed: ");
Program.TraceException(e);
}
#endif
}
private static void InternalReplace(String sourceFileName, String destinationFileName, String destinationBackupFileName, bool ignoreMetadataErrors)
{
Contract.Requires(sourceFileName != null);
Contract.Requires(destinationFileName != null);
// Write permission to all three files, read permission to source
// and dest.
String fullSrcPath = Path.GetFullPathInternal(sourceFileName);
String fullDestPath = Path.GetFullPathInternal(destinationFileName);
String fullBackupPath = null;
if (destinationBackupFileName != null)
fullBackupPath = Path.GetFullPathInternal(destinationBackupFileName);
#if FEATURE_CORECLR
FileSecurityState sourceState = new FileSecurityState(FileSecurityStateAccess.Read | FileSecurityStateAccess.Write, sourceFileName, fullSrcPath);
FileSecurityState destState = new FileSecurityState(FileSecurityStateAccess.Read | FileSecurityStateAccess.Write, destinationFileName, fullDestPath);
FileSecurityState backupState = new FileSecurityState(FileSecurityStateAccess.Read | FileSecurityStateAccess.Write, destinationBackupFileName, fullBackupPath);
sourceState.EnsureState();
destState.EnsureState();
backupState.EnsureState();
#else
FileIOPermission perm = new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.Write, new String[] { fullSrcPath, fullDestPath});
if (destinationBackupFileName != null)
perm.AddPathList(FileIOPermissionAccess.Write, fullBackupPath);
perm.Demand();
#endif
int flags = Win32Native.REPLACEFILE_WRITE_THROUGH;
if (ignoreMetadataErrors)
flags |= Win32Native.REPLACEFILE_IGNORE_MERGE_ERRORS;
bool r = Win32Native.ReplaceFile(fullDestPath, fullSrcPath, fullBackupPath, flags, IntPtr.Zero, IntPtr.Zero);
if (!r)
__Error.WinIOError();
}
public static PolicyLevel LoadPolicyLevelFromFile(string path, PolicyLevelType type)
{
PolicyLevel level;
if (path == null)
{
throw new ArgumentNullException("path");
}
if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
{
throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
}
if (!File.InternalExists(path))
{
throw new ArgumentException(Environment.GetResourceString("Argument_PolicyFileDoesNotExist"));
}
string fullPath = Path.GetFullPath(path);
FileIOPermission permission = new FileIOPermission(PermissionState.None);
permission.AddPathList(FileIOPermissionAccess.Read, fullPath);
permission.AddPathList(FileIOPermissionAccess.Write, fullPath);
permission.Demand();
using (FileStream stream = new FileStream(path, FileMode.Open, FileAccess.Read))
{
using (StreamReader reader = new StreamReader(stream))
{
level = LoadPolicyLevelFromStringHelper(reader.ReadToEnd(), path, type);
}
}
return level;
}
public void AddPathListStringArray ()
{
p = new FileIOPermission(FileIOPermissionAccess.Read, pathArrayGood);
pathsInPermission = p.GetPathList(FileIOPermissionAccess.Read);
Assert.IsTrue (pathsInPermission.Length == 2, "Does not contain correct number of paths. Expected 2 but got: "+pathsInPermission.Length);
foreach (string s in pathsInPermission){
Assert.IsTrue (Array.IndexOf(pathsInPermission, s) >=0, "Unexpected path in the Permission: " + s);
}
p.AddPathList(FileIOPermissionAccess.Append, pathArrayGood);
pathsInPermission = p.GetPathList(FileIOPermissionAccess.Read);
Assert.IsTrue (pathsInPermission.Length == 2, "Should still contain correct number Read paths. Expected 2 but got: "+pathsInPermission.Length);
foreach (string s in pathsInPermission){
Assert.IsTrue (Array.IndexOf(pathsInPermission, s) >=0, "Unexpected path in the Permission: " + s);
}
pathsInPermission = p.GetPathList(FileIOPermissionAccess.Append);
Assert.IsTrue (pathsInPermission.Length == 2, "Should contain correct number of Append paths. Expected 2 but got: "+pathsInPermission.Length);
foreach (string s in pathsInPermission){
Assert.IsTrue (Array.IndexOf(pathsInPermission, s) >=0, "Unexpected path in the Permission: " + s);
}
}
public static Boolean ifFileWriteble( String fileName )
{
if ( File.Exists( fileName ) )
{
if ( File.GetAttributes( fileName ) == FileAttributes.ReadOnly )
return false;
try
{
FileIOPermission permission = new FileIOPermission( PermissionState.Unrestricted );
permission.AddPathList( FileIOPermissionAccess.Write , fileName );
permission.Demand( );
}
catch ( SecurityException )
{
return false; // Don't try to write settings no permission
}
return true;
}
else
return true;
}
