public void DetermineApplicationTrust_DenyUnrestricted()
{
// documented as requiring ControlPolicy and ControlEvidence
// possibly a linkdemand as only ControlPolicy seems check by the default
// IApplicationTrustManager
ApplicationSecurityManager.DetermineApplicationTrust(null, null);
}
public static System.Security.Policy.ApplicationTrust RequestTrust(SubscriptionState subState, bool isShellVisible, bool isUpdate, ActivationContext actCtx, TrustManagerContext tmc)
{
Logger.AddMethodCall("ApplicationTrust.RequestTrust(isShellVisible=" + isShellVisible.ToString() + ", isUpdate=" + isUpdate.ToString() + ", subState.IsInstalled=" + subState.IsInstalled.ToString() + ") called.");
if (!subState.IsInstalled || subState.IsShellVisible != isShellVisible)
{
tmc.IgnorePersistedDecision = true;
}
if (isUpdate)
{
tmc.PreviousApplicationIdentity = subState.CurrentBind.ToApplicationIdentity();
}
bool applicationTrust1;
try
{
Logger.AddInternalState("Calling ApplicationSecurityManager.DetermineApplicationTrust().");
Logger.AddInternalState("Trust Manager Context=" + Logger.Serialize(tmc));
applicationTrust1 = ApplicationSecurityManager.DetermineApplicationTrust(actCtx, tmc);
}
catch (TypeLoadException ex)
{
throw new InvalidDeploymentException(Resources.GetString("Ex_InvalidTrustInfo"), (Exception)ex);
}
if (!applicationTrust1)
{
throw new TrustNotGrantedException(Resources.GetString("Ex_NoTrust"));
}
Logger.AddInternalState("Trust granted.");
System.Security.Policy.ApplicationTrust applicationTrust2 = (System.Security.Policy.ApplicationTrust)null;
for (int index = 0; index < 5; ++index)
{
applicationTrust2 = ApplicationSecurityManager.UserApplicationTrusts[actCtx.Identity.FullName];
if (applicationTrust2 == null)
{
Thread.Sleep(10);
}
else
{
break;
}
}
if (applicationTrust2 == null)
{
throw new InvalidDeploymentException(Resources.GetString("Ex_InvalidMatchTrust"));
}
return(applicationTrust2);
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
ActivationArguments aa = null;
foreach (object o in applicationEvidence)
{
aa = (o as ActivationArguments);
if (aa != null)
{
break;
}
}
if (aa == null)
{
string msg = Locale.GetText("No {0} found in {1}.");
throw new ArgumentException(string.Format(msg, "ActivationArguments", "Evidence"), "applicationEvidence");
}
if (aa.ActivationContext == null)
{
string msg = Locale.GetText("No {0} found in {1}.");
throw new ArgumentException(string.Format(msg, "ActivationContext", "ActivationArguments"), "applicationEvidence");
}
// FIXME: this part is still untested (requires manifest support)
if (ApplicationSecurityManager.DetermineApplicationTrust(aa.ActivationContext, context))
{
if (aa.ApplicationIdentity == null)
{
return(new ApplicationTrust());
}
else
{
return(new ApplicationTrust(aa.ApplicationIdentity));
}
}
return(null);
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
ActivationArguments hostEvidence = applicationEvidence.GetHostEvidence <ActivationArguments>();
if (hostEvidence == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ActivationContext activationContext = hostEvidence.ActivationContext;
if (activationContext == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ApplicationTrust applicationTrust = applicationEvidence.GetHostEvidence <ApplicationTrust>();
if ((applicationTrust != null) && !CmsUtils.CompareIdentities(applicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = null;
}
if (applicationTrust == null)
{
if ((AppDomain.CurrentDomain.ApplicationTrust != null) && CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
applicationTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(activationContext, context);
}
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
if (((applicationTrust != null) && applicationTrust.IsApplicationTrustedToRun) && !info.DefaultRequestSet.IsSubsetOf(applicationTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return(applicationTrust);
}
/// <summary>Determines whether an application should be executed.</summary>
/// <returns>An <see cref="T:System.Security.Policy.ApplicationTrust" /> object that contains trust information about the application.</returns>
/// <param name="applicationEvidence">The <see cref="T:System.Security.Policy.Evidence" /> for the application to be activated.</param>
/// <param name="activatorEvidence">Optionally, the <see cref="T:System.Security.Policy.Evidence" /> for the activating application domain. </param>
/// <param name="context">A <see cref="T:System.Security.Policy.TrustManagerContext" /> that specifies the trust context. </param>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="applicationEvidence" /> is null.</exception>
/// <exception cref="T:System.ArgumentException">An <see cref="T:System.Runtime.Hosting.ActivationArguments" /> object could not be found in the application evidence.-or-The <see cref="P:System.Runtime.Hosting.ActivationArguments.ActivationContext" /> property in the activation arguments is null.</exception>
/// <exception cref="T:System.InvalidOperationException">The <see cref="T:System.Security.Policy.ApplicationTrust" /> grant set does not contain the minimum request set specified by the <see cref="T:System.ActivationContext" />.</exception>
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
ActivationArguments activationArguments = null;
foreach (object obj in applicationEvidence)
{
activationArguments = (obj as ActivationArguments);
if (activationArguments != null)
{
break;
}
}
if (activationArguments == null)
{
string text = Locale.GetText("No {0} found in {1}.");
throw new ArgumentException(string.Format(text, "ActivationArguments", "Evidence"), "applicationEvidence");
}
if (activationArguments.ActivationContext == null)
{
string text2 = Locale.GetText("No {0} found in {1}.");
throw new ArgumentException(string.Format(text2, "ActivationContext", "ActivationArguments"), "applicationEvidence");
}
if (!ApplicationSecurityManager.DetermineApplicationTrust(activationArguments.ActivationContext, context))
{
return(null);
}
if (activationArguments.ApplicationIdentity == null)
{
return(new ApplicationTrust());
}
return(new ApplicationTrust(activationArguments.ApplicationIdentity));
}
public void DetermineApplicationTrust_Null_TrustManagerContext()
{
ApplicationSecurityManager.DetermineApplicationTrust(null, new TrustManagerContext());
}
public void DetermineApplicationTrust_Null_Null()
{
ApplicationSecurityManager.DetermineApplicationTrust(null, null);
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
Contract.EndContractBlock();
// This method looks for a trust decision for the ActivationContext in three locations, in order
// of preference:
//
// 1. Supplied by the host in the AppDomainSetup. If the host supplied a decision this way, it
// will be in the applicationEvidence.
// 2. Reuse the ApplicationTrust from the current AppDomain
// 3. Ask the TrustManager for a trust decision
// get the activation context from the application evidence.
// The default HostSecurityManager does not examine the activatorEvidence
// but other security managers could use it to figure out the
// evidence of the domain attempting to activate the application.
ActivationArguments activationArgs = applicationEvidence.GetHostEvidence <ActivationArguments>();
if (activationArgs == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ActivationContext actCtx = activationArgs.ActivationContext;
if (actCtx == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
// Make sure that any ApplicationTrust we find applies to the ActivationContext we're
// creating the new AppDomain for.
ApplicationTrust appTrust = applicationEvidence.GetHostEvidence <ApplicationTrust>();
if (appTrust != null &&
!CmsUtils.CompareIdentities(appTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
appTrust = null;
}
// If there was not a trust decision supplied in the Evidence, we can reuse the existing trust
// decision from this domain if its identity matches the ActivationContext of the new domain.
// Otherwise consult the TrustManager for a trust decision
if (appTrust == null)
{
if (AppDomain.CurrentDomain.ApplicationTrust != null &&
CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
appTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
appTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(actCtx, context);
}
}
// If the trust decision allows the application to run, then it should also have a permission set
// which is at least the permission set the application requested.
ApplicationSecurityInfo appRequest = new ApplicationSecurityInfo(actCtx);
if (appTrust != null &&
appTrust.IsApplicationTrustedToRun &&
!appRequest.DefaultRequestSet.IsSubsetOf(appTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return(appTrust);
}
