Exemple #1
0
        internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet)
        {
            HostSecurityManager hostSecurityManager = AppDomain.CurrentDomain.HostSecurityManager;

            if (evidence.GetHostEvidence <GacInstalled>() != null)
            {
                grantSet = new PermissionSet(PermissionState.Unrestricted);
                return(true);
            }
            if ((hostSecurityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
            {
                PermissionSet permissionSet = hostSecurityManager.ResolvePolicy(evidence);
                if (permissionSet == null)
                {
                    throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", new object[]
                    {
                        hostSecurityManager.GetType().FullName
                    }));
                }
                if (AppDomain.CurrentDomain.IsHomogenous)
                {
                    if (permissionSet.IsEmpty())
                    {
                        throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"));
                    }
                    PermissionSet permissionSet2 = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet;
                    if (!permissionSet.IsUnrestricted() && (!permissionSet.IsSubsetOf(permissionSet2) || !permissionSet2.IsSubsetOf(permissionSet)))
                    {
                        throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", new object[]
                        {
                            hostSecurityManager.GetType().FullName
                        }));
                    }
                }
                grantSet = permissionSet;
                return(true);
            }
            else
            {
                if (AppDomain.CurrentDomain.IsHomogenous)
                {
                    grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
                    return(true);
                }
                grantSet = null;
                return(false);
            }
        }
        internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet)
        {
            Contract.Assert(evidence != null);

            HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager;

            // GAC assemblies always are fully trusted
            if (evidence.GetHostEvidence <GacInstalled>() != null)
            {
                grantSet = new PermissionSet(PermissionState.Unrestricted);
                return(true);
            }
            // If the host wants to participate in policy resolution, then our next option is to ask it for
            // a grant set
            else if ((securityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
            {
                PermissionSet hostGrantSet = securityManager.ResolvePolicy(evidence);

                if (hostGrantSet == null)
                {
                    throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", securityManager.GetType().FullName));
                }

                // If we're in a homogenous domain, we don't want to allow the host to create multiple
                // levels of permissions within the domain.  So, if we see the host return something other
                // than full trust or the homogenous grant set, we reject the grant set.
                if (AppDomain.CurrentDomain.IsHomogenous)
                {
                    // Some hosts, such as ASP.NET, return Nothing as a way of saying that the assembly should
                    // not be allowed to run in the AppDomain.  Reject that with a specific
                    // no-execution-allowed-here exception message, rather than the return value validation
                    // exception message we'd hit below.
                    if (hostGrantSet.IsEmpty())
                    {
                        throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"));
                    }

                    PermissionSet homogenousGrantSet = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet;
                    bool          isValidGrantSet    = hostGrantSet.IsUnrestricted() ||
                                                       (hostGrantSet.IsSubsetOf(homogenousGrantSet) && homogenousGrantSet.IsSubsetOf(hostGrantSet));

                    if (!isValidGrantSet)
                    {
                        throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", securityManager.GetType().FullName));
                    }
                }

                grantSet = hostGrantSet;
                return(true);
            }
            // If we're in a homogenous domain, we can get the grant set directly from the application trust
            else if (AppDomain.CurrentDomain.IsHomogenous)
            {
                grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
                return(true);
            }
            // Otherwise we have no way to figure out what the grant set is
            else
            {
                grantSet = null;
                return(false);
            }
        }