public void Copy_Name () { NamedPermissionSet nps = new NamedPermissionSet (name); nps.Description = sentinel; nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Assertion)); NamedPermissionSet copy = (NamedPermissionSet)nps.Copy ("Copy"); Assert.AreEqual ("Copy", copy.Name, "Name"); Assert.AreEqual (nps.Description, copy.Description, "Description"); Assert.AreEqual (nps.Count, copy.Count, "Count"); }
private void CreateAppDomain() { // Locking s_AppDomains must happen in a CER so we don't orphan a lock that gets taken by AppDomain.DomainUnload. bool lockHeld = false; RuntimeHelpers.PrepareConstrainedRegions(); try { try { } finally { Monitor.Enter(s_AppDomains.SyncRoot); lockHeld = true; } if (s_CleanedUp) { throw new InvalidOperationException(SR.GetString(SR.net_cant_perform_during_shutdown)); } // Create singleton. if (s_AppDomainInfo == null) { s_AppDomainInfo = new AppDomainSetup(); s_AppDomainInfo.DisallowBindingRedirects = true; s_AppDomainInfo.DisallowCodeDownload = true; NamedPermissionSet perms = new NamedPermissionSet("__WebProxySandbox", PermissionState.None); perms.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); } // If something's already in s_ExcessAppDomain, try to dislodge it again. AppDomain excessAppDomain = s_ExcessAppDomain; if (excessAppDomain != null) { TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(CloseAppDomainCallback), excessAppDomain); throw new InvalidOperationException(SR.GetString(SR.net_cant_create_environment)); } appDomainIndex = s_NextAppDomainIndex++; try { } finally { // s_ExcessAppDomain = AppDomain.CreateDomain(c_appDomainName, null, s_AppDomainInfo); try { s_AppDomains.Add(appDomainIndex, s_ExcessAppDomain); // This indicates to the finally and the finalizer that everything succeeded. scriptDomain = s_ExcessAppDomain; } finally { // ReferenceEquals has a ReliabilityContract. if (object.ReferenceEquals(scriptDomain, s_ExcessAppDomain)) { s_ExcessAppDomain = null; } else { // Something failed. Leave the domain in s_ExcessAppDomain until we can get rid of it. No // more AppDomains can be created until we do. In the mean time, keep attempting to get the // TimerThread to remove it. Also, might as well remove it from the hash if it made it in. try { s_AppDomains.Remove(appDomainIndex); } finally { // Can't call AppDomain.Unload from a user thread (or in a lock). TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(CloseAppDomainCallback), s_ExcessAppDomain); } } } } } finally { if (lockHeld) { Monitor.Exit(s_AppDomains.SyncRoot); } } }
/// <summary> /// Creates a new instance providing default "FullTrust", "Nothing", "MediumTrust" and "LowTrust" permissionsets /// </summary> /// <param name="allowUnmanagedCode">NCover requires unmangaged code permissions, set this flag <c>true</c> in this case.</param> public SecurityTemplate(bool allowUnmanagedCode) { PolicyLevel pLevel = PolicyLevel.CreateAppDomainLevel(); // NOTHING permissionset if (null == pLevel.GetNamedPermissionSet(PERMISSIONSET_NOTHING) ) { NamedPermissionSet noPermissionSet = new NamedPermissionSet(PERMISSIONSET_NOTHING, PermissionState.None); noPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.NoFlags)); pLevel.AddNamedPermissionSet(noPermissionSet); } // FULLTRUST permissionset if (null == pLevel.GetNamedPermissionSet(PERMISSIONSET_FULLTRUST)) { NamedPermissionSet fulltrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_FULLTRUST, PermissionState.Unrestricted); pLevel.AddNamedPermissionSet(fulltrustPermissionSet); } // MEDIUMTRUST permissionset (corresponds to ASP.Net permission set in web_mediumtrust.config) NamedPermissionSet mediumTrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_MEDIUMTRUST, PermissionState.None); mediumTrustPermissionSet.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium)); mediumTrustPermissionSet.AddPermission(new DnsPermission(PermissionState.Unrestricted)); mediumTrustPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "TEMP;TMP;USERNAME;OS;COMPUTERNAME")); mediumTrustPermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, AppDomain.CurrentDomain.BaseDirectory)); IsolatedStorageFilePermission isolatedStorageFilePermission = new IsolatedStorageFilePermission(PermissionState.None); isolatedStorageFilePermission.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser; isolatedStorageFilePermission.UserQuota = 9223372036854775807; mediumTrustPermissionSet.AddPermission(isolatedStorageFilePermission); mediumTrustPermissionSet.AddPermission(new PrintingPermission(PrintingPermissionLevel.DefaultPrinting)); SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.Assertion | SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlThread | SecurityPermissionFlag.ControlPrincipal | SecurityPermissionFlag.RemotingConfiguration; if (allowUnmanagedCode) { securityPermissionFlag |= SecurityPermissionFlag.UnmanagedCode; } mediumTrustPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlag)); mediumTrustPermissionSet.AddPermission(new System.Net.Mail.SmtpPermission(System.Net.Mail.SmtpAccess.Connect)); mediumTrustPermissionSet.AddPermission(new SqlClientPermission(PermissionState.Unrestricted)); mediumTrustPermissionSet.AddPermission(new WebPermission()); pLevel.AddNamedPermissionSet(mediumTrustPermissionSet); // LOWTRUST permissionset (corresponds to ASP.Net permission set in web_mediumtrust.config) NamedPermissionSet lowTrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_LOWTRUST, PermissionState.None); lowTrustPermissionSet.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Low)); lowTrustPermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read|FileIOPermissionAccess.PathDiscovery, AppDomain.CurrentDomain.BaseDirectory)); IsolatedStorageFilePermission isolatedStorageFilePermissionLow = new IsolatedStorageFilePermission(PermissionState.None); isolatedStorageFilePermissionLow.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser; isolatedStorageFilePermissionLow.UserQuota = 1048576; lowTrustPermissionSet.AddPermission(isolatedStorageFilePermissionLow); SecurityPermissionFlag securityPermissionFlagLow = SecurityPermissionFlag.Execution; if (allowUnmanagedCode) { securityPermissionFlagLow |= SecurityPermissionFlag.UnmanagedCode; } lowTrustPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlagLow)); pLevel.AddNamedPermissionSet(lowTrustPermissionSet); // UnionCodeGroup rootCodeGroup = new UnionCodeGroup(new AllMembershipCondition(), new PolicyStatement(noPermissionSet, PolicyStatementAttribute.Nothing)); // pLevel.RootCodeGroup = rootCodeGroup; _domainPolicy = pLevel; }
// Create a builtin permission set by name. private static PermissionSet CreateBuiltinPermissionSet(String name) { NamedPermissionSet set = null; switch(name) { case "Execution": { set = new NamedPermissionSet ("Execution", PermissionState.None); set.Description = _("Arg_PermissionsExecution"); set.AddPermission(new SecurityPermission (SecurityPermissionFlag.Execution)); } break; case "FullTrust": { set = new NamedPermissionSet ("FullTrust", PermissionState.Unrestricted); set.Description = _("Arg_PermissionsFullTrust"); } break; case "Internet": { set = new NamedPermissionSet ("Internet", PermissionState.None); set.Description = _("Arg_PermissionsInternet"); } break; case "LocalIntranet": { set = new NamedPermissionSet ("LocalIntranet", PermissionState.None); set.Description = _("Arg_PermissionsLocalIntranet"); } break; case "Nothing": { set = new NamedPermissionSet ("Nothing", PermissionState.None); set.Description = _("Arg_PermissionsNothing"); } break; case "SkipVerification": { set = new NamedPermissionSet ("SkipVerification", PermissionState.None); set.Description = _("Arg_PermissionsSkipVerification"); set.AddPermission(new SecurityPermission (SecurityPermissionFlag.SkipVerification)); } break; } return set; }
public void Copy () { NamedPermissionSet nps = new NamedPermissionSet (name); nps.Description = sentinel; nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Assertion)); NamedPermissionSet copy = (NamedPermissionSet)nps.Copy (); AssertEquals ("Name", nps.Name, copy.Name); AssertEquals ("Description", nps.Description, copy.Description); AssertEquals ("Count", nps.Count, copy.Count); }
private void CreateAppDomain() { bool lockTaken = false; RuntimeHelpers.PrepareConstrainedRegions(); try { Monitor.Enter(s_AppDomains.SyncRoot, ref lockTaken); if (s_CleanedUp) { throw new InvalidOperationException(SR.GetString("net_cant_perform_during_shutdown")); } if (s_AppDomainInfo == null) { s_AppDomainInfo = new AppDomainSetup(); s_AppDomainInfo.DisallowBindingRedirects = true; s_AppDomainInfo.DisallowCodeDownload = true; NamedPermissionSet permSet = new NamedPermissionSet("__WebProxySandbox", PermissionState.None); permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); ApplicationTrust trust = new ApplicationTrust { DefaultGrantSet = new PolicyStatement(permSet) }; s_AppDomainInfo.ApplicationTrust = trust; s_AppDomainInfo.ApplicationBase = Environment.SystemDirectory; } AppDomain context = s_ExcessAppDomain; if (context != null) { TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(AutoWebProxyScriptWrapper.CloseAppDomainCallback), context); throw new InvalidOperationException(SR.GetString("net_cant_create_environment")); } this.appDomainIndex = s_NextAppDomainIndex++; try { } finally { PermissionSet grantSet = new PermissionSet(PermissionState.None); grantSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); s_ExcessAppDomain = AppDomain.CreateDomain("WebProxyScript", null, s_AppDomainInfo, grantSet, null); try { s_AppDomains.Add(this.appDomainIndex, s_ExcessAppDomain); this.scriptDomain = s_ExcessAppDomain; } finally { if (object.ReferenceEquals(this.scriptDomain, s_ExcessAppDomain)) { s_ExcessAppDomain = null; } else { try { s_AppDomains.Remove(this.appDomainIndex); } finally { TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(AutoWebProxyScriptWrapper.CloseAppDomainCallback), s_ExcessAppDomain); } } } } } finally { if (lockTaken) { Monitor.Exit(s_AppDomains.SyncRoot); } } }