|
public Resolve ( |
||
| evidence | ||
| return | ||
public void SetAppDomainPolicy (PolicyLevel domainPolicy)
{
if (domainPolicy == null)
throw new ArgumentNullException ("domainPolicy");
if (_granted != null) {
throw new PolicyException (Locale.GetText (
"An AppDomain policy is already specified."));
}
if (IsFinalizingForUnload ())
throw new AppDomainUnloadedException ();
PolicyStatement ps = domainPolicy.Resolve (_evidence);
_granted = ps.PermissionSet;
}
internal static bool ResolvePolicyLevel (ref PermissionSet ps, PolicyLevel pl, Evidence evidence)
{
PolicyStatement pst = pl.Resolve (evidence);
if (pst != null) {
if (ps == null) {
// only for initial (first) policy level processed
ps = pst.PermissionSet;
} else {
ps = ps.Intersect (pst.PermissionSet);
if (ps == null) {
// null is equals to None - exist that null can throw NullReferenceException ;-)
ps = new PermissionSet (PermissionState.None);
}
}
if ((pst.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
return true;
}
return false;
}
private void Resolve_Zone (PolicyLevel level, SecurityZone z, PolicyStatementAttribute attr, bool unrestricted, int count)
{
string prefix = z.ToString () + "-" + attr.ToString () + "-";
Evidence e = new Evidence ();
e.AddHost (new Zone (z));
PolicyStatement result = level.Resolve (e);
if (unrestricted) {
Assert.AreEqual (attr, result.Attributes, prefix + "Attributes");
switch (attr) {
case PolicyStatementAttribute.Nothing:
Assert.AreEqual (String.Empty, result.AttributeString, prefix + "AttributeString");
break;
case PolicyStatementAttribute.Exclusive:
Assert.AreEqual ("Exclusive", result.AttributeString, prefix + "AttributeString");
break;
case PolicyStatementAttribute.LevelFinal:
Assert.AreEqual ("LevelFinal", result.AttributeString, prefix + "AttributeString");
break;
case PolicyStatementAttribute.All:
Assert.AreEqual ("Exclusive LevelFinal", result.AttributeString, prefix + "AttributeString");
break;
}
}
else {
Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, prefix + "Attributes");
Assert.AreEqual (String.Empty, result.AttributeString, prefix + "AttributeString");
}
Assert.AreEqual (unrestricted, result.PermissionSet.IsUnrestricted (), prefix + "IsUnrestricted");
Assert.AreEqual (count, result.PermissionSet.Count, prefix + "Count");
}
internal static QuickCacheEntryType GenerateQuickCache( PolicyLevel level )
{
QuickCacheEntryType[] ExecutionMap = new QuickCacheEntryType[]
{ QuickCacheEntryType.ExecutionZoneMyComputer,
QuickCacheEntryType.ExecutionZoneIntranet,
QuickCacheEntryType.ExecutionZoneInternet,
QuickCacheEntryType.ExecutionZoneTrusted,
QuickCacheEntryType.ExecutionZoneUntrusted };
QuickCacheEntryType[] UnmanagedMap = new QuickCacheEntryType[]
{ QuickCacheEntryType.UnmanagedZoneMyComputer,
QuickCacheEntryType.UnmanagedZoneIntranet,
QuickCacheEntryType.UnmanagedZoneInternet,
QuickCacheEntryType.UnmanagedZoneTrusted,
QuickCacheEntryType.UnmanagedZoneUntrusted };
QuickCacheEntryType[] RequestSkipVerificationMap = new QuickCacheEntryType[]
{ QuickCacheEntryType.RequestSkipVerificationZoneMyComputer,
QuickCacheEntryType.RequestSkipVerificationZoneIntranet,
QuickCacheEntryType.RequestSkipVerificationZoneInternet,
QuickCacheEntryType.RequestSkipVerificationZoneTrusted,
QuickCacheEntryType.RequestSkipVerificationZoneUntrusted };
QuickCacheEntryType[] SkipVerificationMap = new QuickCacheEntryType[]
{ QuickCacheEntryType.SkipVerificationZoneMyComputer,
QuickCacheEntryType.SkipVerificationZoneIntranet,
QuickCacheEntryType.SkipVerificationZoneInternet,
QuickCacheEntryType.SkipVerificationZoneTrusted,
QuickCacheEntryType.SkipVerificationZoneUntrusted };
QuickCacheEntryType[] FullTrustMap = new QuickCacheEntryType[]
{ QuickCacheEntryType.FullTrustZoneMyComputer,
QuickCacheEntryType.FullTrustZoneIntranet,
QuickCacheEntryType.FullTrustZoneInternet,
QuickCacheEntryType.FullTrustZoneTrusted,
QuickCacheEntryType.FullTrustZoneUntrusted };
QuickCacheEntryType accumulator = (QuickCacheEntryType)0;
SecurityPermission execPerm = new SecurityPermission( SecurityPermissionFlag.Execution );
SecurityPermission unmanagedPerm = new SecurityPermission( SecurityPermissionFlag.UnmanagedCode );
SecurityPermission skipVerifPerm = new SecurityPermission( SecurityPermissionFlag.SkipVerification );
Evidence noEvidence = new Evidence();
PermissionSet policy = null;
try
{
policy = level.Resolve( noEvidence ).PermissionSet;
if (policy.Contains( execPerm ))
accumulator |= QuickCacheEntryType.ExecutionAll;
if (policy.Contains( unmanagedPerm ))
accumulator |= QuickCacheEntryType.UnmanagedAll;
if (policy.Contains( skipVerifPerm ))
accumulator |= QuickCacheEntryType.SkipVerificationAll;
if (policy.IsUnrestricted())
accumulator |= QuickCacheEntryType.FullTrustAll;
}
catch (PolicyException)
{
}
PermissionSet permSet = new PermissionSet( PermissionState.None );
permSet.AddPermission( skipVerifPerm );
PermissionRequestEvidence permRequest = new PermissionRequestEvidence( permSet, null, null );
try
{
noEvidence.AddHost( permRequest );
policy = level.Resolve( noEvidence ).PermissionSet;
if (policy.Contains( skipVerifPerm ))
accumulator |= QuickCacheEntryType.RequestSkipVerificationAll;
}
catch (PolicyException)
{
}
Array zones = Enum.GetValues( typeof( SecurityZone ) );
for (int i = 0; i < zones.Length; ++i)
{
if (((SecurityZone)zones.GetValue( i )) == SecurityZone.NoZone)
continue;
Evidence zoneEvidence = new Evidence();
zoneEvidence.AddHost( new Zone( (SecurityZone)zones.GetValue( i ) ) );
PermissionSet zonePolicy = null;
try
{
zonePolicy = level.Resolve( zoneEvidence ).PermissionSet;
if (zonePolicy.Contains( execPerm ))
accumulator |= ExecutionMap[i];
if (zonePolicy.Contains( unmanagedPerm ))
accumulator |= UnmanagedMap[i];
if (zonePolicy.Contains( skipVerifPerm ))
accumulator |= SkipVerificationMap[i];
if (zonePolicy.IsUnrestricted())
accumulator |= FullTrustMap[i];
}
catch (PolicyException)
{
}
zoneEvidence.AddHost( permRequest );
try
{
zonePolicy = level.Resolve( zoneEvidence ).PermissionSet;
if (zonePolicy.Contains( skipVerifPerm ))
accumulator |= RequestSkipVerificationMap[i];
}
catch (PolicyException)
{
}
}
return accumulator;
}
private static QuickCacheEntryType GenerateQuickCache(PolicyLevel level)
{
if (FullTrustMap == null)
{
// This mapping must stay in [....] with the SecurityZone enumeration in SecurityZone.cs
FullTrustMap = new QuickCacheEntryType[]
{
QuickCacheEntryType.FullTrustZoneMyComputer,
QuickCacheEntryType.FullTrustZoneIntranet,
QuickCacheEntryType.FullTrustZoneTrusted,
QuickCacheEntryType.FullTrustZoneInternet,
QuickCacheEntryType.FullTrustZoneUntrusted
};
}
QuickCacheEntryType accumulator = (QuickCacheEntryType)0;
Evidence noEvidence = new Evidence();
PermissionSet policy = null;
try
{
policy = level.Resolve( noEvidence ).PermissionSet;
if (policy.IsUnrestricted())
accumulator |= QuickCacheEntryType.FullTrustAll;
}
catch (PolicyException)
{
}
foreach (SecurityZone zone in Enum.GetValues(typeof(SecurityZone)))
{
if (zone == SecurityZone.NoZone)
continue;
Evidence zoneEvidence = new Evidence();
zoneEvidence.AddHostEvidence(new Zone(zone));
PermissionSet zonePolicy = null;
try
{
zonePolicy = level.Resolve( zoneEvidence ).PermissionSet;
if (zonePolicy.IsUnrestricted())
{
Contract.Assert(0 <= (int)zone && (int)zone < FullTrustMap.Length, "FullTrustMap does not contain a mapping for this zone.");
accumulator |= FullTrustMap[(int)zone];
}
}
catch (PolicyException)
{
}
}
return accumulator;
}
private static QuickCacheEntryType GenerateQuickCache (PolicyLevel level) {
QuickCacheEntryType[] FullTrustMap = new QuickCacheEntryType[]
{ QuickCacheEntryType.FullTrustZoneMyComputer,
QuickCacheEntryType.FullTrustZoneIntranet,
QuickCacheEntryType.FullTrustZoneInternet,
QuickCacheEntryType.FullTrustZoneTrusted,
QuickCacheEntryType.FullTrustZoneUntrusted };
QuickCacheEntryType accumulator = (QuickCacheEntryType)0;
Evidence noEvidence = new Evidence();
PermissionSet policy = null;
try
{
policy = level.Resolve( noEvidence ).PermissionSet;
if (policy.IsUnrestricted())
accumulator |= QuickCacheEntryType.FullTrustAll;
}
catch (PolicyException)
{
}
Array zones = Enum.GetValues( typeof( SecurityZone ) );
for (int i = 0; i < zones.Length; ++i)
{
if (((SecurityZone)zones.GetValue( i )) == SecurityZone.NoZone)
continue;
Evidence zoneEvidence = new Evidence();
zoneEvidence.AddHost( new Zone( (SecurityZone)zones.GetValue( i ) ) );
PermissionSet zonePolicy = null;
try
{
zonePolicy = level.Resolve( zoneEvidence ).PermissionSet;
if (zonePolicy.IsUnrestricted())
accumulator |= FullTrustMap[i];
}
catch (PolicyException)
{
}
}
return accumulator;
}
private static QuickCacheEntryType GenerateQuickCache(PolicyLevel level)
{
if (FullTrustMap == null)
{
FullTrustMap = new QuickCacheEntryType[] { QuickCacheEntryType.FullTrustZoneMyComputer, QuickCacheEntryType.FullTrustZoneIntranet, QuickCacheEntryType.FullTrustZoneTrusted, QuickCacheEntryType.FullTrustZoneInternet, QuickCacheEntryType.FullTrustZoneUntrusted };
}
QuickCacheEntryType type = 0;
Evidence evidence = new Evidence();
try
{
if (level.Resolve(evidence).PermissionSet.IsUnrestricted())
{
type |= QuickCacheEntryType.FullTrustAll;
}
}
catch (PolicyException)
{
}
foreach (SecurityZone zone in Enum.GetValues(typeof(SecurityZone)))
{
if (zone != SecurityZone.NoZone)
{
Evidence evidence2 = new Evidence();
evidence2.AddHostEvidence<Zone>(new Zone(zone));
try
{
if (level.Resolve(evidence2).PermissionSet.IsUnrestricted())
{
type |= FullTrustMap[(int) zone];
}
}
catch (PolicyException)
{
}
}
}
return type;
}