[Category("NotDotNet")] // System.ExecutionEngineException on MS runtime (1.1)
#endif
public void AddNamedPermissionSet_Duplicate()
{
PolicyLevel pl = Load(minimal, PolicyLevelType.Machine);
NamedPermissionSet nps1 = new NamedPermissionSet("Mono", PermissionState.Unrestricted);
pl.AddNamedPermissionSet(nps1);
NamedPermissionSet nps2 = new NamedPermissionSet("Mono", PermissionState.None);
// ExecutionEngineException here!
pl.AddNamedPermissionSet(nps2);
}
private static void CreateDepartmentPermission()
{
IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
// Move through the policy levels to the Machine policy level.
while (policyEnumerator.MoveNext())
{
PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current;
if (currentLevel.Label == "Machine")
{
// Enumerate the permission sets in the Machine level.
IList namedPermissions = currentLevel.NamedPermissionSets;
IEnumerator namedPermission = namedPermissions.GetEnumerator();
// Locate the Everything permission set.
while (namedPermission.MoveNext())
{
if (((NamedPermissionSet)namedPermission.Current).Name == "Everything")
{
// The current permission set is a copy of the Everything permission set.
// It can be modified to provide the permissions for the new permission set.
// Rename the copy to the name chosen for the new permission set.
((NamedPermissionSet)namedPermission.Current).Name = "MyDepartment";
IEnumerator permissions = ((NamedPermissionSet)namedPermission.Current).GetEnumerator();
// Modify security permission by removing and replacing with a new permission.
while (permissions.MoveNext())
{
if (permissions.Current.GetType().ToString() == "System.Security.Permissions.SecurityPermission")
{
((NamedPermissionSet)namedPermission.Current).RemovePermission(permissions.Current.GetType());
// Add a new security permission with limited permissions.
SecurityPermission limitedPermission = new SecurityPermission(SecurityPermissionFlag.Execution |
SecurityPermissionFlag.RemotingConfiguration |
SecurityPermissionFlag.ControlThread);
((NamedPermissionSet)namedPermission.Current).AddPermission(limitedPermission);
break;
}
}
try
{
// If you run this application twice, the following instruction throws
// an exception because the named permission set is already present.
// You can remove the custom named permission set using Caspole.exe or the
// .NET Framework Configuration tool
currentLevel.AddNamedPermissionSet(((NamedPermissionSet)namedPermission.Current));
SecurityManager.SavePolicy();
}
catch (System.ArgumentException e)
{
Console.WriteLine(e.Message);
}
Console.WriteLine(((NamedPermissionSet)namedPermission.Current).ToString());
break;
}
}
}
}
}
// Create a custom named permission set based on the LocalIntranet permission set.
private static void CreateCompanyPermission()
{
IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
// Move through the policy levels to the Machine policy level.
while (policyEnumerator.MoveNext())
{
PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current;
if (currentLevel.Label == "Machine")
{
// Enumerate the permission sets in the Machine policy level.
IList namedPermissions = currentLevel.NamedPermissionSets;
IEnumerator namedPermission = namedPermissions.GetEnumerator();
// Locate the LocalIntranet permission set.
while (namedPermission.MoveNext())
{
if (((NamedPermissionSet)namedPermission.Current).Name == "LocalIntranet")
{
// The current permission set is a copy of the LocalIntranet permission set.
// It can be modified to provide the permissions for the new permission set.
// Rename the copy to the name chosen for the new permission set.
((NamedPermissionSet)namedPermission.Current).Name = "MyCompany";
IEnumerator permissions = ((NamedPermissionSet)namedPermission.Current).GetEnumerator();
// Remove the current security permission from the permission set and replace it
// with a new security permission that does not have the right to assert permissions.
while (permissions.MoveNext())
{
if (permissions.Current.GetType().ToString() == "System.Security.Permissions.SecurityPermission")
{
// Remove the current security permission.
((NamedPermissionSet)namedPermission.Current).RemovePermission(permissions.Current.GetType());
// Add a new security permission that only allows execution.
((NamedPermissionSet)namedPermission.Current).AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
break;
}
}
try
{
// If you run this application twice, the following instruction throws
// an exception because the named permission set is already present.
// You can remove the custom named permission set using Caspole.exe or the
// .NET Framework Configuration tool
currentLevel.AddNamedPermissionSet(((NamedPermissionSet)namedPermission.Current));
SecurityManager.SavePolicy();
}
// Catch the exception for a duplicate permission set.
catch (System.ArgumentException e)
{
Console.WriteLine(e.Message);
return;
}
Console.WriteLine(((NamedPermissionSet)namedPermission.Current).ToString());
break;
}
}
}
}
}
[Category("NotDotNet")] // System.ExecutionEngineException on MS runtime (1.1)
#endif
public void RemoveNamedPermissionSet_String()
{
PolicyLevel pl = Load(minimal, PolicyLevelType.Machine);
int n = pl.NamedPermissionSets.Count;
NamedPermissionSet nps = new NamedPermissionSet("Mono", PermissionState.Unrestricted);
pl.AddNamedPermissionSet(nps);
// ExecutionEngineException here!
pl.RemoveNamedPermissionSet("Mono");
Assert.AreEqual(n, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count");
}
[Category("NotDotNet")] // System.ExecutionEngineException on MS runtime (1.1)
#endif
public void GetNamedPermissionSet()
{
PolicyLevel pl = Load(minimal, PolicyLevelType.Machine);
NamedPermissionSet nps = pl.GetNamedPermissionSet("Mono");
Assert.IsNull(nps, "GetNamedPermissionSet(notfound)");
nps = new NamedPermissionSet("Mono", PermissionState.None);
pl.AddNamedPermissionSet(nps);
// ExecutionEngineException here!
nps = pl.GetNamedPermissionSet("Mono");
Assert.IsNotNull(nps, "GetNamedPermissionSet(found)");
}
public void Reset()
{
PolicyLevel pl = PolicyLevel.CreateAppDomainLevel();
int n = pl.FullTrustAssemblies.Count;
StrongName sn = new StrongName(new StrongNamePublicKeyBlob(snPublicKey), "First", new Version(1, 2, 3, 4));
pl.AddFullTrustAssembly(sn);
Assert.AreEqual(n + 1, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+1");
int m = pl.NamedPermissionSets.Count;
NamedPermissionSet nps = new NamedPermissionSet("Mono");
pl.AddNamedPermissionSet(nps);
Assert.AreEqual(m + 1, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count+1");
pl.Reset();
Assert.AreEqual(n, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count");
Assert.AreEqual(m, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count");
}
public static void PolicyLevelCallMethods()
{
PolicyLevel pl = (PolicyLevel)Activator.CreateInstance(typeof(PolicyLevel), true);
NamedPermissionSet nps = new NamedPermissionSet("test");
pl.AddNamedPermissionSet(nps);
nps = pl.ChangeNamedPermissionSet("test", new PermissionSet(new Permissions.PermissionState()));
PolicyLevel.CreateAppDomainLevel();
nps = pl.GetNamedPermissionSet("test");
pl.Recover();
NamedPermissionSet nps2 = pl.RemoveNamedPermissionSet(nps);
nps2 = pl.RemoveNamedPermissionSet("test");
pl.Reset();
Evidence evidence = new Evidence();
PolicyStatement ps = pl.Resolve(evidence);
CodeGroup cg = pl.ResolveMatchingCodeGroups(evidence);
SecurityElement se = new SecurityElement("");
pl.FromXml(se);
se = pl.ToXml();
}
public static void PolicyLevelCallMethods()
{
PolicyLevel pl = (PolicyLevel)FormatterServices.GetUninitializedObject(typeof(PolicyLevel));
NamedPermissionSet nps = new NamedPermissionSet("test");
pl.AddNamedPermissionSet(nps);
nps = pl.ChangeNamedPermissionSet("test", new PermissionSet(new Permissions.PermissionState()));
#pragma warning disable 618
PolicyLevel.CreateAppDomainLevel();
#pragma warning restore 618
nps = pl.GetNamedPermissionSet("test");
pl.Recover();
NamedPermissionSet nps2 = pl.RemoveNamedPermissionSet(nps);
nps2 = pl.RemoveNamedPermissionSet("test");
pl.Reset();
Evidence evidence = new Evidence();
PolicyStatement ps = pl.Resolve(evidence);
CodeGroup cg = pl.ResolveMatchingCodeGroups(evidence);
SecurityElement se = new SecurityElement("");
pl.FromXml(se);
se = pl.ToXml();
}
public static void CreateAPolicyLevel()
{
try
{
//<Snippet2>
// Create an AppDomain policy level.
PolicyLevel pLevel = PolicyLevel.CreateAppDomainLevel();
//</Snippet2>
// The root code group of the policy level combines all
// permissions of its children.
UnionCodeGroup rootCodeGroup;
PermissionSet ps = new PermissionSet(PermissionState.None);
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
rootCodeGroup = new UnionCodeGroup(
new AllMembershipCondition(),
new PolicyStatement(ps, PolicyStatementAttribute.Nothing));
// This code group grants FullTrust to assemblies with the strong
// name key from this assembly.
UnionCodeGroup myCodeGroup = new UnionCodeGroup(
new StrongNameMembershipCondition(
new StrongNamePublicKeyBlob(GetKey()),
null,
null),
new PolicyStatement(new PermissionSet(PermissionState.Unrestricted),
PolicyStatementAttribute.Nothing)
);
myCodeGroup.Name = "My CodeGroup";
//<Snippet4>
// Add the code groups to the policy level.
rootCodeGroup.AddChild(myCodeGroup);
pLevel.RootCodeGroup = rootCodeGroup;
Console.WriteLine("Permissions granted to all code running in this AppDomain level: ");
Console.WriteLine(rootCodeGroup.ToXml());
Console.WriteLine("Child code groups in RootCodeGroup:");
IList codeGroups = pLevel.RootCodeGroup.Children;
IEnumerator codeGroup = codeGroups.GetEnumerator();
while (codeGroup.MoveNext())
{
Console.WriteLine("\t" + ((CodeGroup)codeGroup.Current).Name);
}
//</Snippet4>
//<Snippet5>
Console.WriteLine("Demonstrate adding and removing named permission sets.");
Console.WriteLine("Original named permission sets:");
ListPermissionSets(pLevel);
NamedPermissionSet myInternet = pLevel.GetNamedPermissionSet("Internet");
//</Snippet5>
myInternet.Name = "MyInternet";
//<Snippet6>
pLevel.AddNamedPermissionSet(myInternet);
//</Snippet6>
Console.WriteLine("\nNew named permission sets:");
ListPermissionSets(pLevel);
myInternet.RemovePermission(typeof(System.Security.Permissions.FileDialogPermission));
//<Snippet7>
pLevel.ChangeNamedPermissionSet("MyInternet", myInternet);
//</Snippet7>
//<Snippet8>
pLevel.RemoveNamedPermissionSet("MyInternet");
//</Snippet8>
Console.WriteLine("\nCurrent permission sets:");
ListPermissionSets(pLevel);
pLevel.AddNamedPermissionSet(myInternet);
Console.WriteLine("\nUpdated named permission sets:");
ListPermissionSets(pLevel);
//<Snippet9>
pLevel.Reset();
//</Snippet9>
Console.WriteLine("\nReset named permission sets:");
ListPermissionSets(pLevel);
//<Snippet10>
Console.WriteLine("\nType property = " + pLevel.Type.ToString());
//</Snippet10>
//<Snippet11>
Console.WriteLine("The result of GetHashCode is " + pLevel.GetHashCode().ToString());
//</Snippet11>
Console.WriteLine("StoreLocation property for the AppDomain level is empty, since AppDomain policy " +
"cannot be saved to a file.");
Console.WriteLine("StoreLocation property = " + pLevel.StoreLocation);
//<Snippet12>
PolicyLevel pLevelCopy = PolicyLevel.CreateAppDomainLevel();
// Create a copy of the PolicyLevel using ToXml/FromXml.
pLevelCopy.FromXml(pLevel.ToXml());
if (ComparePolicyLevels(pLevel, pLevelCopy))
{
Console.WriteLine("The ToXml/FromXml roundtrip was successful.");
}
else
{
Console.WriteLine("ToXml/FromXml roundtrip failed.");
}
//</Snippet12>
Console.WriteLine("Show the result of resolving policy for evidence unique to the AppDomain policy level.");
Evidence myEvidence = new Evidence(new object[] { myCodeGroup }, null);
CheckEvidence(pLevel, myEvidence);
return;
}
catch (Exception e)
{
Console.WriteLine(e.Message);
return;
}
}
public void AddNamedPermissionSet_Null()
{
PolicyLevel pl = Load(minimal, PolicyLevelType.Machine);
pl.AddNamedPermissionSet(null);
}
/// <summary>
/// Creates a new instance providing default "FullTrust", "Nothing", "MediumTrust" and "LowTrust" permissionsets
/// </summary>
/// <param name="allowUnmanagedCode">NCover requires unmangaged code permissions, set this flag <c>true</c> in this case.</param>
public SecurityTemplate(bool allowUnmanagedCode)
{
PolicyLevel pLevel = PolicyLevel.CreateAppDomainLevel();
// NOTHING permissionset
if (null == pLevel.GetNamedPermissionSet(PERMISSIONSET_NOTHING))
{
NamedPermissionSet noPermissionSet = new NamedPermissionSet(PERMISSIONSET_NOTHING, PermissionState.None);
noPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.NoFlags));
pLevel.AddNamedPermissionSet(noPermissionSet);
}
// FULLTRUST permissionset
if (null == pLevel.GetNamedPermissionSet(PERMISSIONSET_FULLTRUST))
{
NamedPermissionSet fulltrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_FULLTRUST, PermissionState.Unrestricted);
pLevel.AddNamedPermissionSet(fulltrustPermissionSet);
}
// MEDIUMTRUST permissionset (corresponds to ASP.Net permission set in web_mediumtrust.config)
NamedPermissionSet mediumTrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_MEDIUMTRUST, PermissionState.None);
mediumTrustPermissionSet.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium));
mediumTrustPermissionSet.AddPermission(new DnsPermission(PermissionState.Unrestricted));
mediumTrustPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read,
"TEMP;TMP;USERNAME;OS;COMPUTERNAME"));
mediumTrustPermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess,
AppDomain.CurrentDomain.BaseDirectory));
IsolatedStorageFilePermission isolatedStorageFilePermission = new IsolatedStorageFilePermission(PermissionState.None);
isolatedStorageFilePermission.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isolatedStorageFilePermission.UserQuota = 9223372036854775807;
mediumTrustPermissionSet.AddPermission(isolatedStorageFilePermission);
mediumTrustPermissionSet.AddPermission(new PrintingPermission(PrintingPermissionLevel.DefaultPrinting));
SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.Assertion | SecurityPermissionFlag.Execution |
SecurityPermissionFlag.ControlThread | SecurityPermissionFlag.ControlPrincipal |
SecurityPermissionFlag.RemotingConfiguration;
if (allowUnmanagedCode)
{
securityPermissionFlag |= SecurityPermissionFlag.UnmanagedCode;
}
mediumTrustPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlag));
mediumTrustPermissionSet.AddPermission(new System.Net.Mail.SmtpPermission(System.Net.Mail.SmtpAccess.Connect));
mediumTrustPermissionSet.AddPermission(new SqlClientPermission(PermissionState.Unrestricted));
mediumTrustPermissionSet.AddPermission(new WebPermission());
pLevel.AddNamedPermissionSet(mediumTrustPermissionSet);
// LOWTRUST permissionset (corresponds to ASP.Net permission set in web_mediumtrust.config)
NamedPermissionSet lowTrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_LOWTRUST, PermissionState.None);
lowTrustPermissionSet.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Low));
lowTrustPermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery,
AppDomain.CurrentDomain.BaseDirectory));
IsolatedStorageFilePermission isolatedStorageFilePermissionLow = new IsolatedStorageFilePermission(PermissionState.None);
isolatedStorageFilePermissionLow.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isolatedStorageFilePermissionLow.UserQuota = 1048576;
lowTrustPermissionSet.AddPermission(isolatedStorageFilePermissionLow);
SecurityPermissionFlag securityPermissionFlagLow = SecurityPermissionFlag.Execution;
if (allowUnmanagedCode)
{
securityPermissionFlagLow |= SecurityPermissionFlag.UnmanagedCode;
}
lowTrustPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlagLow));
pLevel.AddNamedPermissionSet(lowTrustPermissionSet);
// UnionCodeGroup rootCodeGroup = new UnionCodeGroup(new AllMembershipCondition(), new PolicyStatement(noPermissionSet, PolicyStatementAttribute.Nothing));
// pLevel.RootCodeGroup = rootCodeGroup;
_domainPolicy = pLevel;
}
