bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence != null)
{
ApplicationDirectory hostEvidence = evidence.GetHostEvidence<ApplicationDirectory>();
Url url = evidence.GetHostEvidence<Url>();
if ((hostEvidence != null) && (url != null))
{
string directory = hostEvidence.Directory;
if ((directory != null) && (directory.Length > 1))
{
if (directory[directory.Length - 1] == '/')
{
directory = directory + "*";
}
else
{
directory = directory + "/*";
}
URLString operand = new URLString(directory);
if (url.GetURLString().IsSubsetOf(operand))
{
usedEvidence = hostEvidence;
return true;
}
}
}
}
return false;
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence != null)
{
ApplicationDirectory hostEvidence = evidence.GetHostEvidence <ApplicationDirectory>();
Url url = evidence.GetHostEvidence <Url>();
if ((hostEvidence != null) && (url != null))
{
string directory = hostEvidence.Directory;
if ((directory != null) && (directory.Length > 1))
{
if (directory[directory.Length - 1] == '/')
{
directory = directory + "*";
}
else
{
directory = directory + "/*";
}
URLString operand = new URLString(directory);
if (url.GetURLString().IsSubsetOf(operand))
{
usedEvidence = hostEvidence;
return(true);
}
}
}
}
return(false);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = (object)null;
if (evidence == null)
{
return(false);
}
ApplicationDirectory hostEvidence1 = evidence.GetHostEvidence <ApplicationDirectory>();
Url hostEvidence2 = evidence.GetHostEvidence <Url>();
if (hostEvidence1 != null && hostEvidence2 != null)
{
string directory = hostEvidence1.Directory;
if (directory != null && directory.Length > 1)
{
string str = directory;
int index = str.Length - 1;
URLString urlString = new URLString((int)str[index] != 47 ? directory + "/*" : directory + "*");
if (hostEvidence2.GetURLString().IsSubsetOf((SiteString)urlString))
{
usedEvidence = (object)hostEvidence1;
return(true);
}
}
}
return(false);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
return false;
ApplicationDirectory dir = evidence.GetHostEvidence<ApplicationDirectory>();
Url url = evidence.GetHostEvidence<Url>();
if (dir != null && url != null)
{
// We need to add a wildcard at the end because IsSubsetOf keys off of it.
String appDir = dir.Directory;
if (appDir != null && appDir.Length > 1)
{
if (appDir[appDir.Length-1] == '/')
appDir += "*";
else
appDir += "/*";
URLString appDirString = new URLString(appDir);
if (url.GetURLString().IsSubsetOf(appDirString))
{
usedEvidence = dir;
return true;
}
}
}
return false;
}
private PolicyStatement CalculateAssemblyPolicy(Evidence evidence)
{
PolicyStatement thisPolicy = null;
Url url = evidence.GetHostEvidence <Url>();
if (url != null)
{
thisPolicy = CalculatePolicy(url.GetURLString().Host, url.GetURLString().Scheme, url.GetURLString().Port);
}
if (thisPolicy == null)
{
Site site = evidence.GetHostEvidence <Site>();
if (site != null)
{
thisPolicy = CalculatePolicy(site.Name, null, null);
}
}
if (thisPolicy == null)
{
thisPolicy = new PolicyStatement(new PermissionSet(false), PolicyStatementAttribute.Nothing);
}
return(thisPolicy);
}
// Token: 0x06002855 RID: 10325 RVA: 0x0009465C File Offset: 0x0009285C
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
{
return(false);
}
ApplicationDirectory hostEvidence = evidence.GetHostEvidence <ApplicationDirectory>();
Url hostEvidence2 = evidence.GetHostEvidence <Url>();
if (hostEvidence != null && hostEvidence2 != null)
{
string text = hostEvidence.Directory;
if (text != null && text.Length > 1)
{
if (text[text.Length - 1] == '/')
{
text += "*";
}
else
{
text += "/*";
}
URLString operand = new URLString(text);
if (hostEvidence2.GetURLString().IsSubsetOf(operand))
{
usedEvidence = hostEvidence;
return(true);
}
}
}
return(false);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
{
return(false);
}
Site site = evidence.GetHostEvidence <Site>();
if (site != null)
{
if (m_site == null && m_element != null)
{
ParseSite();
}
if (site.GetSiteString().IsSubsetOf(this.m_site))
{
usedEvidence = site;
return(true);
}
}
return(false);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
{
return(false);
}
Zone zone = evidence.GetHostEvidence <Zone>();
if (zone != null)
{
if (m_zone == SecurityZone.NoZone && m_element != null)
{
ParseZone();
}
if (zone.SecurityZone == m_zone)
{
usedEvidence = zone;
return(true);
}
}
return(false);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence != null)
{
Hash hostEvidence = evidence.GetHostEvidence <Hash>();
if (hostEvidence != null)
{
if ((this.m_value == null) && (this.m_element != null))
{
this.ParseHashValue();
}
if ((this.m_hashAlg == null) && (this.m_element != null))
{
this.ParseHashAlgorithm();
}
byte[] first = null;
lock (this.InternalSyncObject)
{
first = hostEvidence.GenerateHash(this.m_hashAlg);
}
if ((first != null) && CompareArrays(first, this.m_value))
{
usedEvidence = hostEvidence;
return(true);
}
}
}
return(false);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
{
return(false);
}
Url url = evidence.GetHostEvidence <Url>();
if (url != null)
{
if (m_url == null && m_element != null)
{
ParseURL();
}
if (url.GetURLString().IsSubsetOf(m_url))
{
usedEvidence = url;
return(true);
}
}
return(false);
}
// Token: 0x06002AD1 RID: 10961 RVA: 0x0009EEE4 File Offset: 0x0009D0E4
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
{
return(false);
}
Hash hostEvidence = evidence.GetHostEvidence <Hash>();
if (hostEvidence != null)
{
if (this.m_value == null && this.m_element != null)
{
this.ParseHashValue();
}
if (this.m_hashAlg == null && this.m_element != null)
{
this.ParseHashAlgorithm();
}
byte[] array = null;
object internalSyncObject = this.InternalSyncObject;
lock (internalSyncObject)
{
array = hostEvidence.GenerateHash(this.m_hashAlg);
}
if (array != null && HashMembershipCondition.CompareArrays(array, this.m_value))
{
usedEvidence = hostEvidence;
return(true);
}
}
return(false);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
{
return(false);
}
Publisher publisher = evidence.GetHostEvidence <Publisher>();
if (publisher != null)
{
if (m_certificate == null && m_element != null)
{
ParseCertificate();
}
// We can't just compare certs directly here because Publisher equality
// depends only on the keys inside the certs.
if (publisher.Equals(new Publisher(m_certificate)))
{
usedEvidence = publisher;
return(true);
}
}
return(false);
}
private PolicyStatement CalculateAssemblyPolicy(Evidence evidence)
{
Url hostEvidence = evidence.GetHostEvidence<Url>();
if (hostEvidence != null)
{
return this.CalculatePolicy(hostEvidence);
}
return new PolicyStatement(new PermissionSet(false), PolicyStatementAttribute.Nothing);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
{
return(false);
}
return(evidence.GetHostEvidence <GacInstalled>() != null);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
return false;
return evidence.GetHostEvidence<GacInstalled>() != null;
}
private PolicyStatement CalculateAssemblyPolicy(Evidence evidence)
{
Url hostEvidence = evidence.GetHostEvidence <Url>();
if (hostEvidence != null)
{
return(this.CalculatePolicy(hostEvidence));
}
return(new PolicyStatement(new PermissionSet(false), PolicyStatementAttribute.Nothing));
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
ActivationArguments hostEvidence = applicationEvidence.GetHostEvidence<ActivationArguments>();
if (hostEvidence == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ActivationContext activationContext = hostEvidence.ActivationContext;
if (activationContext == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ApplicationTrust applicationTrust = applicationEvidence.GetHostEvidence<ApplicationTrust>();
if ((applicationTrust != null) && !CmsUtils.CompareIdentities(applicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = null;
}
if (applicationTrust == null)
{
if ((AppDomain.CurrentDomain.ApplicationTrust != null) && CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
applicationTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(activationContext, context);
}
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
if (((applicationTrust != null) && applicationTrust.IsApplicationTrustedToRun) && !info.DefaultRequestSet.IsSubsetOf(applicationTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return applicationTrust;
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
{
return(false);
}
ApplicationDirectory dir = evidence.GetHostEvidence <ApplicationDirectory>();
Url url = evidence.GetHostEvidence <Url>();
if (dir != null && url != null)
{
// We need to add a wildcard at the end because IsSubsetOf keys off of it.
String appDir = dir.Directory;
if (appDir != null && appDir.Length > 1)
{
if (appDir[appDir.Length - 1] == '/')
{
appDir += "*";
}
else
{
appDir += "/*";
}
URLString appDirString = new URLString(appDir);
if (url.GetURLString().IsSubsetOf(appDirString))
{
usedEvidence = dir;
return(true);
}
}
}
return(false);
}
public static Assembly Load(byte[] rawAssembly, byte[] rawSymbolStore, System.Security.Policy.Evidence securityEvidence)
{
if ((securityEvidence != null) && !AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
{
Zone hostEvidence = securityEvidence.GetHostEvidence <Zone>();
if ((hostEvidence == null) || (hostEvidence.SecurityZone != SecurityZone.MyComputer))
{
throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
}
}
StackCrawlMark lookForMyCaller = StackCrawlMark.LookForMyCaller;
return(RuntimeAssembly.nLoadImage(rawAssembly, rawSymbolStore, securityEvidence, ref lookForMyCaller, false, SecurityContextSource.CurrentAssembly));
}
// Token: 0x0600298B RID: 10635 RVA: 0x00099410 File Offset: 0x00097610
private PolicyStatement CalculateAssemblyPolicy(Evidence evidence)
{
PolicyStatement policyStatement = null;
Url hostEvidence = evidence.GetHostEvidence <Url>();
if (hostEvidence != null)
{
policyStatement = this.CalculatePolicy(hostEvidence.GetURLString().Host, hostEvidence.GetURLString().Scheme, hostEvidence.GetURLString().Port);
}
if (policyStatement == null)
{
Site hostEvidence2 = evidence.GetHostEvidence <Site>();
if (hostEvidence2 != null)
{
policyStatement = this.CalculatePolicy(hostEvidence2.Name, null, null);
}
}
if (policyStatement == null)
{
policyStatement = new PolicyStatement(new PermissionSet(false), PolicyStatementAttribute.Nothing);
}
return(policyStatement);
}
private PolicyStatement CalculateAssemblyPolicy(Evidence evidence)
{
PolicyStatement policyStatement = (PolicyStatement)null;
Url hostEvidence = evidence.GetHostEvidence <Url>();
if (hostEvidence != null)
{
policyStatement = this.CalculatePolicy(hostEvidence);
}
if (policyStatement == null)
{
policyStatement = new PolicyStatement(new PermissionSet(false), PolicyStatementAttribute.Nothing);
}
return(policyStatement);
}
private PolicyStatement CalculateAssemblyPolicy(Evidence evidence)
{
PolicyStatement thisPolicy = null;
Url url = evidence.GetHostEvidence <Url>();
if (url != null)
{
thisPolicy = CalculatePolicy(url);
}
if (thisPolicy == null)
{
thisPolicy = new PolicyStatement(new PermissionSet(false), PolicyStatementAttribute.Nothing);
}
return(thisPolicy);
}
public EvidenceBase GenerateEvidence(Type evidenceType)
{
// For v1.x compatibility, the default AppDomain has the same evidence as the entry point
// assembly. Since other AppDomains inherit their evidence from the default AppDomain by
// default, they also use the entry point assembly.
BCLDebug.Assert(m_targetDomain == AppDomain.CurrentDomain, "AppDomainEvidenceFactory should not be used across domains.");
if (m_targetDomain.IsDefaultAppDomain())
{
// If we don't already know the evidence for the entry point assembly, get that now. If we
// have a RuntimeAssembly go directly to its EvidenceNoDemand property to avoid the full
// demand that it will do on access to its Evidence property.
if (m_entryPointEvidence == null)
{
Assembly entryAssembly = Assembly.GetEntryAssembly();
RuntimeAssembly entryRuntimeAssembly = entryAssembly as RuntimeAssembly;
if (entryRuntimeAssembly != null)
{
m_entryPointEvidence = entryRuntimeAssembly.EvidenceNoDemand.Clone();
}
else if (entryAssembly != null)
{
m_entryPointEvidence = entryAssembly.Evidence;
}
}
// If the entry point assembly provided evidence, then we use that for the AppDomain
if (m_entryPointEvidence != null)
{
return(m_entryPointEvidence.GetHostEvidence(evidenceType));
}
}
else
{
// If we're not the default domain, then we should inherit our evidence from the default
// domain -- so ask it what evidence it has of this type.
AppDomain defaultDomain = AppDomain.GetDefaultDomain();
return(defaultDomain.GetHostEvidence(evidenceType));
}
// AppDomains do not generate any evidence on demand
return(null);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence != null)
{
System.Security.Policy.Site hostEvidence = evidence.GetHostEvidence <System.Security.Policy.Site>();
if (hostEvidence != null)
{
if ((this.m_site == null) && (this.m_element != null))
{
this.ParseSite();
}
if (hostEvidence.GetSiteString().IsSubsetOf(this.m_site))
{
usedEvidence = hostEvidence;
return(true);
}
}
}
return(false);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence != null)
{
Publisher hostEvidence = evidence.GetHostEvidence <Publisher>();
if (hostEvidence != null)
{
if ((this.m_certificate == null) && (this.m_element != null))
{
this.ParseCertificate();
}
if (hostEvidence.Equals(new Publisher(this.m_certificate)))
{
usedEvidence = hostEvidence;
return(true);
}
}
}
return(false);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence != null)
{
Zone hostEvidence = evidence.GetHostEvidence <Zone>();
if (hostEvidence != null)
{
if ((this.m_zone == System.Security.SecurityZone.NoZone) && (this.m_element != null))
{
this.ParseZone();
}
if (hostEvidence.SecurityZone == this.m_zone)
{
usedEvidence = hostEvidence;
return(true);
}
}
}
return(false);
}
private PolicyStatement CalculateAssemblyPolicy(Evidence evidence)
{
PolicyStatement statement = null;
Url hostEvidence = evidence.GetHostEvidence<Url>();
if (hostEvidence != null)
{
statement = this.CalculatePolicy(hostEvidence.GetURLString().Host, hostEvidence.GetURLString().Scheme, hostEvidence.GetURLString().Port);
}
else
{
Site site = evidence.GetHostEvidence<Site>();
if (site != null)
{
statement = this.CalculatePolicy(site.Name, null, null);
}
}
if (statement == null)
{
statement = new PolicyStatement(new PermissionSet(false), PolicyStatementAttribute.Nothing);
}
return statement;
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = (object)null;
if (evidence == null)
{
return(false);
}
System.Security.Policy.Url hostEvidence = evidence.GetHostEvidence <System.Security.Policy.Url>();
if (hostEvidence != null)
{
if (this.m_url == null && this.m_element != null)
{
this.ParseURL();
}
if (hostEvidence.GetURLString().IsSubsetOf((SiteString)this.m_url))
{
usedEvidence = (object)hostEvidence;
return(true);
}
}
return(false);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
{
return(false);
}
Hash hash = evidence.GetHostEvidence <Hash>();
if (hash != null)
{
if (m_value == null && m_element != null)
{
ParseHashValue();
}
if (m_hashAlg == null && m_element != null)
{
ParseHashAlgorithm();
}
byte[] asmHash = null;
lock (InternalSyncObject) {
asmHash = hash.GenerateHash(m_hashAlg);
}
if (asmHash != null && CompareArrays(asmHash, m_value))
{
usedEvidence = hash;
return(true);
}
}
return(false);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence != null)
{
Zone hostEvidence = evidence.GetHostEvidence<Zone>();
if (hostEvidence != null)
{
if ((this.m_zone == System.Security.SecurityZone.NoZone) && (this.m_element != null))
{
this.ParseZone();
}
if (hostEvidence.SecurityZone == this.m_zone)
{
usedEvidence = hostEvidence;
return true;
}
}
}
return false;
}
/// <summary>
/// Determines an alternate application settings folder for the provided details. (This overload really only exists for unit test purposes)
/// </summary>
internal static string GetAlternateAppSettingsFolder(string previousInstallDir, Evidence appDomainEvidence, string configurationFilePath)
{
try
{
//NOTE: the GetHostEvidence<T> method is not implemented on Mono, and this will throw an exception.
// if the strong name evidence is available for the appdomain, it would've been used and there wouldn't be an 'alternate'
if (appDomainEvidence.GetHostEvidence<StrongName>() != null) return null;
// get the current app settings folder name
var currentAppConfigFolder = Path.GetFileName(Path.GetDirectoryName(Path.GetDirectoryName(configurationFilePath)));
if (string.IsNullOrWhiteSpace(currentAppConfigFolder) || currentAppConfigFolder.Length <= 32) return null;
// check that it uses the 'Url' type and strip off the hash
var baseAppConfigFolder = currentAppConfigFolder.Substring(0, currentAppConfigFolder.Length - 32);
if (!baseAppConfigFolder.EndsWith("_Url_", StringComparison.InvariantCultureIgnoreCase)) return null;
// get the url evidence for the appdomain
var urlEvidence = appDomainEvidence.GetHostEvidence<Url>();
if (urlEvidence == null) return null;
// if a previous install directory is known, figure out what the url evidence would have looked like for the same executable in that directory
// otherwise, just assume it would be same as the current url evidence
var evidenceInfo = string.IsNullOrWhiteSpace(previousInstallDir) ? urlEvidence.Value : "file:///" + previousInstallDir.TrimEnd('/', '\\') + '/' + Path.GetFileName(new Uri(urlEvidence.Value).LocalPath);
// normalize the evidence info: this is what changed between CLR 2.0 and 4.0 - the choice of slash type!
// if the slash behavior changes again in a future CLR, this code may need to be modified to compute and try multiple possibilities
evidenceInfo = evidenceInfo.Replace('\\', '/').ToUpperInvariant();
// now concatenate the base folder name with the evidence hash to get the 'alternate' folder name, and return it if it's actually different
var formerAppConfigFolder = baseAppConfigFolder + ComputeEvidenceHash(evidenceInfo);
return formerAppConfigFolder != currentAppConfigFolder ? formerAppConfigFolder : null;
}
catch (Exception ex)
{
// if any exception is thrown, just log and continue
Platform.Log(LogLevel.Debug, ex, "Failure while attempting to determine an alternate application settings directory");
return null;
}
}
// Query the CLR to see what it would have granted a specific set of evidence
public virtual PermissionSet ResolvePolicy(Evidence evidence)
{
if (evidence == null)
throw new ArgumentNullException("evidence");
Contract.EndContractBlock();
//
// If the evidence is from the GAC then the result is full trust.
// In a homogenous domain, then the application trust object provides the grant set.
// When CAS policy is disabled, the result is full trust.
// Otherwise, the result comes from evaluating CAS policy.
//
if (evidence.GetHostEvidence<GacInstalled>() != null)
{
return new PermissionSet(PermissionState.Unrestricted);
}
else if (AppDomain.CurrentDomain.IsHomogenous)
{
return AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
}
else if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
{
return new PermissionSet(PermissionState.Unrestricted);
}
else
{
return SecurityManager.PolicyManager.CodeGroupResolve(evidence, false);
}
}
internal static void CheckDomainCreationEvidence(AppDomainSetup creationDomainSetup,
Evidence creationEvidence)
{
if (creationEvidence != null && !CurrentDomain.IsLegacyCasPolicyEnabled)
{
if (creationDomainSetup == null || creationDomainSetup.ApplicationTrust == null)
{
// We allow non-null evidence in CAS mode to support the common pattern of passing in
// AppDomain.CurrentDomain.Evidence. Since the zone evidence must have been changed
// if the user has any expectation of sandboxing the domain under legacy CAS policy,
// we use a zone comparison to check for this pattern. A strict comparison will not
// work, since MSDN samples for creating a domain show using a modified version of the
// current domain's evidence and we would capturce people who copied and pasted these
// samples without intending to sandbox.
Zone creatorsZone = CurrentDomain.EvidenceNoDemand.GetHostEvidence<Zone>();
SecurityZone creatorsSecurityZone = creatorsZone != null ?
creatorsZone.SecurityZone :
SecurityZone.MyComputer;
Zone suppliedZone = creationEvidence.GetHostEvidence<Zone>();
if (suppliedZone != null)
{
if (suppliedZone.SecurityZone != creatorsSecurityZone &&
suppliedZone.SecurityZone != SecurityZone.MyComputer)
{
throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
}
}
}
}
}
public static PermissionSet GetStandardSandbox(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
Zone hostEvidence = evidence.GetHostEvidence<Zone>();
if (hostEvidence == null)
{
return new PermissionSet(PermissionState.None);
}
if (hostEvidence.SecurityZone == SecurityZone.MyComputer)
{
return new PermissionSet(PermissionState.Unrestricted);
}
if (hostEvidence.SecurityZone == SecurityZone.Intranet)
{
PermissionSet localIntranet = BuiltInPermissionSets.LocalIntranet;
PolicyStatement statement = new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence);
PolicyStatement statement2 = new FileCodeGroup(new AllMembershipCondition(), FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.Read).Resolve(evidence);
if (statement != null)
{
localIntranet.InplaceUnion(statement.PermissionSet);
}
if (statement2 != null)
{
localIntranet.InplaceUnion(statement2.PermissionSet);
}
return localIntranet;
}
if ((hostEvidence.SecurityZone != SecurityZone.Internet) && (hostEvidence.SecurityZone != SecurityZone.Trusted))
{
return new PermissionSet(PermissionState.None);
}
PermissionSet internet = BuiltInPermissionSets.Internet;
PolicyStatement statement3 = new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence);
if (statement3 != null)
{
internet.InplaceUnion(statement3.PermissionSet);
}
return internet;
}
public override ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
EventTrace.EasyTraceEvent(EventTrace.Keyword.KeywordHosting | EventTrace.Keyword.KeywordPerf, EventTrace.Level.Verbose, EventTrace.Event.WpfHost_DetermineApplicationTrustStart);
ApplicationTrust trust;
Uri activationUri = GetUriFromActivationData(0);
bool isDebug = PresentationAppDomainManager.IsDebug ? true : GetBoolFromActivationData(1);
BrowserInteropHelper.SetBrowserHosted(true);
if (isDebug)
{
context.IgnorePersistedDecision = true;
context.Persist = false;
context.KeepAlive = false;
context.NoPrompt = true;
trust = base.DetermineApplicationTrust(applicationEvidence, activatorEvidence, context);
}
else
{
// Elevation prompt for permissions beyond the default for the security zone is allowed only
// in the Intranet and Trusted Sites zones (v4).
Zone hostEvidence = applicationEvidence.GetHostEvidence<Zone>();
context.NoPrompt = !(hostEvidence.SecurityZone == SecurityZone.Intranet || hostEvidence.SecurityZone == SecurityZone.Trusted);
/*
Now we need to convince the ClickOnce elevation prompt to use the browser's top-level window as
the owner in order to block the browser's UI (and our Cancel button) and ensure the prompt
stays on top. This is not easy.
* The prompt dialog is created without an explicit owner, on its own thread.
* There are layers of ClickOnce and pure security code before the UI is invoked (that's
TrustManagerPromptUIThread in System.Windows.Forms.dll). So, passing the owner window handle
would require some awkward plumbing.
Since the dialog is shown on a separate thread, intercepting its creation or display is
complicated. An EVENT_OBJECT_CREATE hook can do it. But there is a cascade of thread
synchonization/access and window state issues if trying to set the owner on the fly.
The cleanest solution ended up resorting to Detours. When not given an owner window,
SWF.Form.ShowDialog() uses the active window as owner. Since the call to GetActiveWindow()
occurs on a new thread, where there are no other windows, we couldn't just pre-set the owner
as the active window. So, we intercept the GetActiveWindow() call and return the browser's
top-level window. From that point on, everything in the [....] dialog works as if the owner
was explicitly given. (And owner from a different thread or process is fully supported.)
This condition is an optimization.
DetermineApplicationTrust() is called up to 3 times: twice in the default AppDomain and once
in the new one. Empirically, the elevation prompt is shown during the first call.
*/
bool forceOwner = !context.NoPrompt && ElevationPromptOwnerWindow != IntPtr.Zero;
if(forceOwner)
{
// The native code passes the DocObject top window, not the browser's top-level window,
// but we need exactly the top-level one.
IntPtr ownerWindow = UnsafeNativeMethods.GetAncestor(
new HandleRef(null, ElevationPromptOwnerWindow), NativeMethods.GA_ROOT);
SetFakeActiveWindow(ownerWindow);
ElevationPromptOwnerWindow = IntPtr.Zero; // to prevent further prompting
}
try
{
trust = base.DetermineApplicationTrust(applicationEvidence, activatorEvidence, context);
}
finally
{
if (forceOwner)
{
SetFakeActiveWindow(new IntPtr());
}
}
}
// Modify the permission grant set if necessary.
if (trust != null)
{
PermissionSet permissions = trust.DefaultGrantSet.PermissionSet;
if (isDebug)
{
Uri debugSecurityZoneURL = GetUriFromActivationData(2);
if (debugSecurityZoneURL != null)
{
permissions = AddPermissionForUri(permissions, debugSecurityZoneURL);
}
}
// CLR v4 breaking change: In some activation scenarios we get a ReadOnlyPermissionSet.
// This is a problem because:
// - Code may expect AppDomain.PermissionSet (or the old AppDomain.ApplicationTrust.
// DefaultGrantSet.PermissionSet) to return a mutable PermissionSet.
// - The ReadOnlyPermissionSet may have v2 and v3 assembly references--they are not 'unified'
// to the current framework version. This might confuse code doing more involved permission
// set comparisons or calculations.
// See bug Dev10.697110 for the longer story. Workaround is to copy the ROPS to a regular one.
if (permissions is ReadOnlyPermissionSet)
{
permissions = new PermissionSet(permissions);
}
trust.DefaultGrantSet.PermissionSet = permissions;
}
EventTrace.EasyTraceEvent(EventTrace.Keyword.KeywordHosting | EventTrace.Keyword.KeywordPerf, EventTrace.Level.Verbose, EventTrace.Event.WpfHost_DetermineApplicationTrustEnd);
return trust;
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence != null)
{
Hash hostEvidence = evidence.GetHostEvidence<Hash>();
if (hostEvidence != null)
{
if ((this.m_value == null) && (this.m_element != null))
{
this.ParseHashValue();
}
if ((this.m_hashAlg == null) && (this.m_element != null))
{
this.ParseHashAlgorithm();
}
byte[] first = null;
lock (this.InternalSyncObject)
{
first = hostEvidence.GenerateHash(this.m_hashAlg);
}
if ((first != null) && CompareArrays(first, this.m_value))
{
usedEvidence = hostEvidence;
return true;
}
}
}
return false;
}
private PolicyStatement CalculateAssemblyPolicy( Evidence evidence )
{
PolicyStatement thisPolicy = null;
Url url = evidence.GetHostEvidence<Url>();
if (url != null)
{
thisPolicy = CalculatePolicy( url.GetURLString().Host, url.GetURLString().Scheme, url.GetURLString().Port );
}
if (thisPolicy == null)
{
Site site = evidence.GetHostEvidence<Site>();
if (site != null)
{
thisPolicy = CalculatePolicy(site.Name, null, null);
}
}
if (thisPolicy == null)
thisPolicy = new PolicyStatement( new PermissionSet( false ), PolicyStatementAttribute.Nothing );
return thisPolicy;
}
private static object _GetAccountingInfo(Evidence evidence, Type evidenceType, IsolatedStorageScope fAssmDomApp, out object oNormalized)
{
object hostEvidence = null;
if (evidenceType == null)
{
hostEvidence = evidence.GetHostEvidence<Publisher>();
if (hostEvidence == null)
{
hostEvidence = evidence.GetHostEvidence<StrongName>();
}
if (hostEvidence == null)
{
hostEvidence = evidence.GetHostEvidence<Url>();
}
if (hostEvidence == null)
{
hostEvidence = evidence.GetHostEvidence<Site>();
}
if (hostEvidence == null)
{
hostEvidence = evidence.GetHostEvidence<Zone>();
}
if (hostEvidence == null)
{
if (fAssmDomApp == IsolatedStorageScope.Domain)
{
throw new IsolatedStorageException(Environment.GetResourceString("IsolatedStorage_DomainNoEvidence"));
}
if (fAssmDomApp == IsolatedStorageScope.Application)
{
throw new IsolatedStorageException(Environment.GetResourceString("IsolatedStorage_ApplicationNoEvidence"));
}
throw new IsolatedStorageException(Environment.GetResourceString("IsolatedStorage_AssemblyNoEvidence"));
}
}
else
{
hostEvidence = evidence.GetHostEvidence(evidenceType);
if (hostEvidence == null)
{
if (fAssmDomApp == IsolatedStorageScope.Domain)
{
throw new IsolatedStorageException(Environment.GetResourceString("IsolatedStorage_DomainNoEvidence"));
}
if (fAssmDomApp == IsolatedStorageScope.Application)
{
throw new IsolatedStorageException(Environment.GetResourceString("IsolatedStorage_ApplicationNoEvidence"));
}
throw new IsolatedStorageException(Environment.GetResourceString("IsolatedStorage_AssemblyNoEvidence"));
}
}
if (hostEvidence is INormalizeForIsolatedStorage)
{
oNormalized = ((INormalizeForIsolatedStorage) hostEvidence).Normalize();
return hostEvidence;
}
if (hostEvidence is Publisher)
{
oNormalized = ((Publisher) hostEvidence).Normalize();
return hostEvidence;
}
if (hostEvidence is StrongName)
{
oNormalized = ((StrongName) hostEvidence).Normalize();
return hostEvidence;
}
if (hostEvidence is Url)
{
oNormalized = ((Url) hostEvidence).Normalize();
return hostEvidence;
}
if (hostEvidence is Site)
{
oNormalized = ((Site) hostEvidence).Normalize();
return hostEvidence;
}
if (hostEvidence is Zone)
{
oNormalized = ((Zone) hostEvidence).Normalize();
return hostEvidence;
}
oNormalized = null;
return hostEvidence;
}
internal static void CheckDomainCreationEvidence(AppDomainSetup creationDomainSetup, Evidence creationEvidence)
{
if (creationEvidence != null && !AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled && (creationDomainSetup == null || creationDomainSetup.ApplicationTrust == null))
{
Zone hostEvidence = AppDomain.CurrentDomain.EvidenceNoDemand.GetHostEvidence<Zone>();
SecurityZone securityZone = (hostEvidence != null) ? hostEvidence.SecurityZone : SecurityZone.MyComputer;
Zone hostEvidence2 = creationEvidence.GetHostEvidence<Zone>();
if (hostEvidence2 != null && hostEvidence2.SecurityZone != securityZone && hostEvidence2.SecurityZone != SecurityZone.MyComputer)
{
throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
}
}
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
return false;
Site site = evidence.GetHostEvidence<Site>();
if (site != null)
{
if (m_site == null && m_element != null)
{
ParseSite();
}
if (site.GetSiteString().IsSubsetOf(this.m_site))
{
usedEvidence = site;
return true;
}
}
return false;
}
internal PermissionSet CodeGroupResolve (Evidence evidence, bool systemPolicy) {
Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled);
PermissionSet grant = null;
PolicyStatement policy;
PolicyLevel currentLevel = null;
IEnumerator levelEnumerator = PolicyLevels.GetEnumerator();
// We're optimized for standard policy, where the only evidence that is generally evaluated are
// Zone, StrongName and Url. Since all of these are relatively inexpensive, we'll force them to
// generate, then use that as a key into the cache.
evidence.GetHostEvidence<Zone>();
evidence.GetHostEvidence<StrongName>();
evidence.GetHostEvidence<Url>();
byte[] serializedEvidence = evidence.RawSerialize();
int count = evidence.RawCount;
bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null);
bool testApplicationLevels = false;
while (levelEnumerator.MoveNext())
{
currentLevel = (PolicyLevel)levelEnumerator.Current;
if (systemPolicy) {
if (currentLevel.Type == PolicyLevelType.AppDomain)
continue;
} else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain)
continue;
policy = currentLevel.Resolve(evidence, count, serializedEvidence);
// If the grant is "AllPossible", the intersection is just the other permission set.
// Otherwise, do an inplace intersection (since we know we can alter the grant set since
// it is a copy of the first policy statement's permission set).
if (grant == null)
grant = policy.PermissionSet;
else
grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
if (grant == null || grant.FastIsEmpty())
{
break;
}
else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
{
if (currentLevel.Type != PolicyLevelType.AppDomain)
{
testApplicationLevels = true;
}
break;
}
}
if (grant != null && testApplicationLevels)
{
PolicyLevel appDomainLevel = null;
for (int i = PolicyLevels.Count - 1; i >= 0; --i)
{
currentLevel = (PolicyLevel) PolicyLevels[i];
if (currentLevel.Type == PolicyLevelType.AppDomain)
{
appDomainLevel = currentLevel;
break;
}
}
if (appDomainLevel != null)
{
policy = appDomainLevel.Resolve(evidence, count, serializedEvidence);
grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
}
}
if (grant == null)
grant = new PermissionSet(PermissionState.None);
// Each piece of evidence can possibly create an identity permission that we
// need to add to our grant set. Therefore, for all pieces of evidence that
// implement the IIdentityPermissionFactory interface, ask it for its
// adjoining identity permission and add it to the grant.
if (!grant.IsUnrestricted())
{
IEnumerator enumerator = evidence.GetHostEnumerator();
while (enumerator.MoveNext())
{
Object obj = enumerator.Current;
IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
if (factory != null)
{
IPermission perm = factory.CreateIdentityPermission( evidence );
if (perm != null)
grant.AddPermission( perm );
}
}
}
grant.IgnoreTypeLoadFailures = true;
return grant;
}
internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet)
{
Contract.Assert(evidence != null);
HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager;
// GAC assemblies always are fully trusted
if (evidence.GetHostEvidence<GacInstalled>() != null)
{
grantSet = new PermissionSet(PermissionState.Unrestricted);
return true;
}
// If the host wants to participate in policy resolution, then our next option is to ask it for
// a grant set
else if ((securityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
{
PermissionSet hostGrantSet = securityManager.ResolvePolicy(evidence);
if (hostGrantSet == null)
{
throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", securityManager.GetType().FullName));
}
// If we're in a homogenous domain, we don't want to allow the host to create multiple
// levels of permissions within the domain. So, if we see the host return something other
// than full trust or the homogenous grant set, we reject the grant set.
if (AppDomain.CurrentDomain.IsHomogenous)
{
// Some hosts, such as ASP.NET, return Nothing as a way of saying that the assembly should
// not be allowed to run in the AppDomain. Reject that with a specific
// no-execution-allowed-here exception message, rather than the return value validation
// exception message we'd hit below.
if (hostGrantSet.IsEmpty())
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"));
}
PermissionSet homogenousGrantSet = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet;
bool isValidGrantSet = hostGrantSet.IsUnrestricted() ||
(hostGrantSet.IsSubsetOf(homogenousGrantSet) && homogenousGrantSet.IsSubsetOf(hostGrantSet));
if (!isValidGrantSet)
{
throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", securityManager.GetType().FullName));
}
}
grantSet = hostGrantSet;
return true;
}
// If we're in a homogenous domain, we can get the grant set directly from the application trust
else if (AppDomain.CurrentDomain.IsHomogenous)
{
grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
return true;
}
// Otherwise we have no way to figure out what the grant set is
else
{
grantSet = null;
return false;
}
}
public SecurityException(string message, AssemblyName assemblyName, PermissionSet grant, PermissionSet refused, MethodInfo method, SecurityAction action, object demanded, IPermission permThatFailed, Evidence evidence) : base(message)
{
PermissionSet.s_fullTrust.Assert();
base.SetErrorCode(-2146233078);
this.Action = action;
if (permThatFailed != null)
{
this.m_typeOfPermissionThatFailed = permThatFailed.GetType();
}
this.FirstPermissionThatFailed = permThatFailed;
this.Demanded = demanded;
this.m_granted = (grant == null) ? "" : grant.ToXml().ToString();
this.m_refused = (refused == null) ? "" : refused.ToXml().ToString();
this.m_denied = "";
this.m_permitOnly = "";
this.m_assemblyName = assemblyName;
this.Method = method;
this.m_url = "";
this.m_zone = SecurityZone.NoZone;
if (evidence != null)
{
System.Security.Policy.Url hostEvidence = evidence.GetHostEvidence<System.Security.Policy.Url>();
if (hostEvidence != null)
{
this.m_url = hostEvidence.GetURLString().ToString();
}
System.Security.Policy.Zone zone = evidence.GetHostEvidence<System.Security.Policy.Zone>();
if (zone != null)
{
this.m_zone = zone.SecurityZone;
}
}
this.m_debugString = this.ToString(true, false);
}
[System.Security.SecuritySafeCritical] // auto-generated
public SecurityException(string message, AssemblyName assemblyName, PermissionSet grant, PermissionSet refused, MethodInfo method, SecurityAction action, Object demanded, IPermission permThatFailed, Evidence evidence)
: base(message)
{
PermissionSet.s_fullTrust.Assert();
SetErrorCode(System.__HResults.COR_E_SECURITY);
Action = action;
if(permThatFailed != null)
m_typeOfPermissionThatFailed = permThatFailed.GetType();
FirstPermissionThatFailed = permThatFailed;
Demanded = demanded;
m_granted = (grant == null ? "" : grant.ToXml().ToString());
m_refused = (refused == null ? "" : refused.ToXml().ToString());
m_denied = "";
m_permitOnly = "";
m_assemblyName = assemblyName;
Method = method;
m_url = "";
m_zone = SecurityZone.NoZone;
if(evidence != null)
{
Url url = evidence.GetHostEvidence<Url>();
if(url != null)
m_url = url.GetURLString().ToString();
Zone zone = evidence.GetHostEvidence<Zone>();
if(zone != null)
m_zone = zone.SecurityZone;
}
m_debugString = this.ToString(true, false);
}
// Get a sandbox permission set that the CLR considers safe to grant an application with the given
// evidence. Note that this API is not a policy API, but rather a host helper API so that a host can
// determine if an application's requested permission set is reasonable. This is esentially just a
// hard coded mapping of Zone -> Sandbox and is not configurable in any way.
public static PermissionSet GetStandardSandbox(Evidence evidence)
{
if (evidence == null)
throw new ArgumentNullException("evidence");
Contract.EndContractBlock();
//
// The top-level switch for grant set is based upon Zone
// MyComputer -> FullTrust
// Intranet -> LocalIntranet
// Trusted -> Internet
// Internet -> Internet
// All else -> Nothing
//
// Both the Internet and LocalIntranet zones can have permission set extensions applied to them
// if there is Activation.
//
Zone zone = evidence.GetHostEvidence<Zone>();
if (zone == null)
{
return new PermissionSet(PermissionState.None);
}
#if FEATURE_CAS_POLICY
else if (zone.SecurityZone == SecurityZone.MyComputer)
{
return new PermissionSet(PermissionState.Unrestricted);
}
else if (zone.SecurityZone == SecurityZone.Intranet)
{
PermissionSet intranetGrantSet = BuiltInPermissionSets.LocalIntranet;
// We also need to add in same site web and file IO permission
PolicyStatement webPolicy =
new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence);
PolicyStatement filePolicy =
new FileCodeGroup(new AllMembershipCondition(), FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery).Resolve(evidence);
if (webPolicy != null)
{
intranetGrantSet.InplaceUnion(webPolicy.PermissionSet);
}
if (filePolicy != null)
{
intranetGrantSet.InplaceUnion(filePolicy.PermissionSet);
}
return intranetGrantSet;
}
else if (zone.SecurityZone == SecurityZone.Internet ||
zone.SecurityZone == SecurityZone.Trusted)
{
PermissionSet internetGrantSet = BuiltInPermissionSets.Internet;
// We also need to add in same site web permission
PolicyStatement webPolicy =
new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence);
if (webPolicy != null)
{
internetGrantSet.InplaceUnion(webPolicy.PermissionSet);
}
return internetGrantSet;
}
#endif // FEATURE_CAS_POLICY
else
{
return new PermissionSet(PermissionState.None);
}
}
public static Assembly Load(byte[] rawAssembly,
byte[] rawSymbolStore,
Evidence securityEvidence)
{
Contract.Ensures(Contract.Result<Assembly>() != null);
Contract.Ensures(!Contract.Result<Assembly>().ReflectionOnly);
AppDomain.CheckLoadByteArraySupported();
if (securityEvidence != null && !AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
{
// A zone of MyComputer could not have been used to sandbox, so for compatibility we do not
// throw an exception when we see it.
Zone zone = securityEvidence.GetHostEvidence<Zone>();
if (zone == null || zone.SecurityZone != SecurityZone.MyComputer)
{
throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
}
}
StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
return RuntimeAssembly.nLoadImage(
rawAssembly,
rawSymbolStore,
securityEvidence,
ref stackMark,
false, // fIntrospection
SecurityContextSource.CurrentAssembly);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence) {
usedEvidence = null;
if (evidence == null)
return false;
Hash hash = evidence.GetHostEvidence<Hash>();
if (hash != null) {
if (m_value == null && m_element != null)
ParseHashValue();
if (m_hashAlg == null && m_element != null)
ParseHashAlgorithm();
byte[] asmHash = null;
lock (InternalSyncObject) {
asmHash = hash.GenerateHash(m_hashAlg);
}
if (asmHash != null && CompareArrays(asmHash, m_value)) {
usedEvidence = hash;
return true;
}
}
return false;
}
internal PermissionSet GetHomogenousGrantSet(Evidence evidence)
{
Contract.Assert(evidence != null);
Contract.Assert(IsHomogenous);
Contract.Assert(evidence.GetHostEvidence<GacInstalled>() == null);
if (_IsFastFullTrustDomain)
{
return new PermissionSet(PermissionState.Unrestricted);
}
// If the ApplicationTrust's full trust list calls out the assembly, then it is fully trusted
if (evidence.GetDelayEvaluatedHostEvidence<StrongName>() != null)
{
foreach (StrongName fullTrustAssembly in ApplicationTrust.FullTrustAssemblies)
{
StrongNameMembershipCondition sn = new StrongNameMembershipCondition(fullTrustAssembly.PublicKey,
fullTrustAssembly.Name,
fullTrustAssembly.Version);
object usedEvidence = null;
if ((sn as IReportMatchMembershipCondition).Check(evidence, out usedEvidence))
{
IDelayEvaluatedEvidence delayEvidence = usedEvidence as IDelayEvaluatedEvidence;
if (usedEvidence != null)
{
delayEvidence.MarkUsed();
}
return new PermissionSet(PermissionState.Unrestricted);
}
}
}
// Otherwise, the grant set is just the default grant set
return ApplicationTrust.DefaultGrantSet.PermissionSet.Copy();
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
return false;
Url url = evidence.GetHostEvidence<Url>();
if (url != null)
{
if (m_url == null && m_element != null)
{
ParseURL();
}
if (url.GetURLString().IsSubsetOf(m_url))
{
usedEvidence = url;
return true;
}
}
return false;
}
public virtual PermissionSet ResolvePolicy(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (evidence.GetHostEvidence<GacInstalled>() != null)
{
return new PermissionSet(PermissionState.Unrestricted);
}
if (AppDomain.CurrentDomain.IsHomogenous)
{
return AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
}
if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
{
return new PermissionSet(PermissionState.Unrestricted);
}
return SecurityManager.PolicyManager.CodeGroupResolve(evidence, false);
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
return false;
Publisher publisher = evidence.GetHostEvidence<Publisher>();
if (publisher != null)
{
if (m_certificate == null && m_element != null)
ParseCertificate();
// We can't just compare certs directly here because Publisher equality
// depends only on the keys inside the certs.
if (publisher.Equals(new Publisher(m_certificate)))
{
usedEvidence = publisher;
return true;
}
}
return false;
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
throw new ArgumentNullException("applicationEvidence");
Contract.EndContractBlock();
// This method looks for a trust decision for the ActivationContext in three locations, in order
// of preference:
//
// 1. Supplied by the host in the AppDomainSetup. If the host supplied a decision this way, it
// will be in the applicationEvidence.
// 2. Reuse the ApplicationTrust from the current AppDomain
// 3. Ask the TrustManager for a trust decision
// get the activation context from the application evidence.
// The default HostSecurityManager does not examine the activatorEvidence
// but other security managers could use it to figure out the
// evidence of the domain attempting to activate the application.
ActivationArguments activationArgs = applicationEvidence.GetHostEvidence<ActivationArguments>();
if (activationArgs == null)
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
ActivationContext actCtx = activationArgs.ActivationContext;
if (actCtx == null)
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
// Make sure that any ApplicationTrust we find applies to the ActivationContext we're
// creating the new AppDomain for.
ApplicationTrust appTrust = applicationEvidence.GetHostEvidence<ApplicationTrust>();
if (appTrust != null &&
!CmsUtils.CompareIdentities(appTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
appTrust = null;
}
// If there was not a trust decision supplied in the Evidence, we can reuse the existing trust
// decision from this domain if its identity matches the ActivationContext of the new domain.
// Otherwise consult the TrustManager for a trust decision
if (appTrust == null)
{
if (AppDomain.CurrentDomain.ApplicationTrust != null &&
CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
appTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
appTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(actCtx, context);
}
}
// If the trust decision allows the application to run, then it should also have a permission set
// which is at least the permission set the application requested.
ApplicationSecurityInfo appRequest = new ApplicationSecurityInfo(actCtx);
if (appTrust != null &&
appTrust.IsApplicationTrustedToRun &&
!appRequest.DefaultRequestSet.IsSubsetOf(appTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return appTrust;
}
bool IReportMatchMembershipCondition.Check(Evidence evidence, out object usedEvidence)
{
usedEvidence = null;
if (evidence == null)
return false;
Zone zone = evidence.GetHostEvidence<Zone>();
if (zone != null)
{
if (m_zone == SecurityZone.NoZone && m_element != null)
{
ParseZone();
}
if (zone.SecurityZone == m_zone)
{
usedEvidence = zone;
return true;
}
}
return false;
}
