public static void Main() { NamedPermissionSet ps = new NamedPermissionSet("SamplePermissionSet", PermissionState.None); ps.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, @"C:\test\")); ps.AddPermission(new ReflectionPermission(PermissionState.Unrestricted)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); Console.WriteLine(ps.ToXml().ToString()); }
private static NamedPermissionSet BuildLocalIntranet() { NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.LocalIntranet, PermissionState.None); nps.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME;USER")); nps.AddPermission(new FileDialogPermission(PermissionState.Unrestricted)); IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission(PermissionState.None); isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser; isfp.UserQuota = Int64.MaxValue; nps.AddPermission(isfp); nps.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit)); SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion; nps.AddPermission(new SecurityPermission(spf)); nps.AddPermission(new UIPermission(PermissionState.Unrestricted)); // DnsPermission requires stuff outside corlib (System) nps.AddPermission(PermissionBuilder.Create(DnsPermissionClass, PermissionState.Unrestricted)); // PrintingPermission requires stuff outside corlib (System.Drawing) nps.AddPermission(PermissionBuilder.Create(PrintingPermission("SafePrinting"))); #if !NET_2_0 // EventLogPermission requires stuff outside corlib (System) nps.AddPermission(PermissionBuilder.Create(EventLogPermission(".", "Instrument"))); #endif return(nps); }
// Add a named permission set to the specified PolicyStatement. private static void AddPermissions(ref PolicyStatement policyStatement) { // Construct a NamedPermissionSet with basic permissions. NamedPermissionSet allPerms = new NamedPermissionSet("allPerms"); allPerms.AddPermission( new SecurityPermission(SecurityPermissionFlag.Execution)); allPerms.AddPermission( new ZoneIdentityPermission(SecurityZone.MyComputer)); allPerms.AddPermission( new SiteIdentityPermission("www.contoso.com")); policyStatement.PermissionSet = allPerms; }
private static NamedPermissionSet BuildInternet() { NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Internet", PermissionState.None); namedPermissionSet.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open)); namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.None) { UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser, UserQuota = 512000L }); namedPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); namedPermissionSet.AddPermission(new UIPermission(UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard)); namedPermissionSet.AddPermission(PermissionBuilder.Create(DefaultPolicies.PrintingPermission("SafePrinting"))); return(namedPermissionSet); }
// Create a builtin permission set by name. private static PermissionSet CreateBuiltinPermissionSet(String name) { NamedPermissionSet set = null; switch (name) { case "Execution": { set = new NamedPermissionSet ("Execution", PermissionState.None); set.Description = _("Arg_PermissionsExecution"); set.AddPermission(new SecurityPermission (SecurityPermissionFlag.Execution)); } break; case "FullTrust": { set = new NamedPermissionSet ("FullTrust", PermissionState.Unrestricted); set.Description = _("Arg_PermissionsFullTrust"); } break; case "Internet": { set = new NamedPermissionSet ("Internet", PermissionState.None); set.Description = _("Arg_PermissionsInternet"); } break; case "LocalIntranet": { set = new NamedPermissionSet ("LocalIntranet", PermissionState.None); set.Description = _("Arg_PermissionsLocalIntranet"); } break; case "Nothing": { set = new NamedPermissionSet ("Nothing", PermissionState.None); set.Description = _("Arg_PermissionsNothing"); } break; case "SkipVerification": { set = new NamedPermissionSet ("SkipVerification", PermissionState.None); set.Description = _("Arg_PermissionsSkipVerification"); set.AddPermission(new SecurityPermission (SecurityPermissionFlag.SkipVerification)); } break; } return(set); }
private static NamedPermissionSet BuildExecution() { NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.Execution, PermissionState.None); nps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); return(nps); }
private static NamedPermissionSet BuildExecution() { NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Execution", PermissionState.None); namedPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); return(namedPermissionSet); }
private static NamedPermissionSet BuildSkipVerification() { NamedPermissionSet namedPermissionSet = new NamedPermissionSet("SkipVerification", PermissionState.None); namedPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification)); return(namedPermissionSet); }
private static NamedPermissionSet BuildInternet() { NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.Internet, PermissionState.None); nps.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open)); IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission(PermissionState.None); isfp.UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser; isfp.UserQuota = 512000; nps.AddPermission(isfp); nps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); nps.AddPermission(new UIPermission(UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard)); // PrintingPermission requires stuff outside corlib (System.Drawing) nps.AddPermission(PermissionBuilder.Create(PrintingPermission("SafePrinting"))); return(nps); }
public void Copy_Name() { NamedPermissionSet nps = new NamedPermissionSet(name); nps.Description = sentinel; nps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Assertion)); NamedPermissionSet copy = (NamedPermissionSet)nps.Copy("Copy"); Assert.AreEqual("Copy", copy.Name, "Name"); Assert.AreEqual(nps.Description, copy.Description, "Description"); Assert.AreEqual(nps.Count, copy.Count, "Count"); }
// Add file permission to restrict write access to all files on the // local machine. private static void addPolicy(ref FileCodeGroup fileCodeGroup) { // Set the PolicyStatement property to a policy with read access to // the root directory of drive C. FileIOPermission rootFilePermissions = new FileIOPermission(PermissionState.None); rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read; rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\"); NamedPermissionSet namedPermissions = new NamedPermissionSet("RootPermissions"); namedPermissions.AddPermission(rootFilePermissions); fileCodeGroup.PolicyStatement = new PolicyStatement(namedPermissions); }
private static NamedPermissionSet BuildLocalIntranet() { NamedPermissionSet namedPermissionSet = new NamedPermissionSet("LocalIntranet", PermissionState.None); namedPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME;USER")); namedPermissionSet.AddPermission(new FileDialogPermission(PermissionState.Unrestricted)); namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.None) { UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser, UserQuota = long.MaxValue }); namedPermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit)); SecurityPermissionFlag flag = SecurityPermissionFlag.Assertion | SecurityPermissionFlag.Execution; namedPermissionSet.AddPermission(new SecurityPermission(flag)); namedPermissionSet.AddPermission(new UIPermission(PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create(DefaultPolicies.PrintingPermission("SafePrinting"))); return(namedPermissionSet); }
// Create a FirstMatchCodeGroup with an exclusive policy and membership // condition. private static FirstMatchCodeGroup constructDefaultGroup() { // Construct a new FirstMatchCodeGroup with Read, Write, Append // and PathDiscovery access. // Create read access permission to the root directory on drive C. //<Snippet2> FileIOPermission rootFilePermissions = new FileIOPermission(PermissionState.None); rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read; rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\"); // Add a permission to a named permission set. NamedPermissionSet namedPermissions = new NamedPermissionSet("RootPermissions"); namedPermissions.AddPermission(rootFilePermissions); // Create a PolicyStatement with exclusive rights to the policy. PolicyStatement policy = new PolicyStatement( namedPermissions, PolicyStatementAttribute.Exclusive); // Create a FirstMatchCodeGroup with a membership condition that // matches all code, and an exclusive policy. FirstMatchCodeGroup codeGroup = new FirstMatchCodeGroup( new AllMembershipCondition(), policy); //</Snippet2> // Set the name of the first match code group. //<Snippet3> codeGroup.Name = "TempCodeGroup"; //</Snippet3> // Set the description of the first match code group. //<Snippet4> codeGroup.Description = "Temp folder permissions group"; //</Snippet4> return(codeGroup); }
// Add file permission to restrict write access to all files // on the local machine. private static void addPolicy(ref FirstMatchCodeGroup codeGroup) { // Set the PolicyStatement property to a policy with read access to // the root directory on drive C. FileIOPermission rootFilePermissions = new FileIOPermission(PermissionState.None); rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read; rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\"); NamedPermissionSet namedPermissions = new NamedPermissionSet("RootPermissions"); namedPermissions.AddPermission(rootFilePermissions); // Create a PolicyStatement with exclusive rights to the policy. PolicyStatement policy = new PolicyStatement( namedPermissions, PolicyStatementAttribute.Exclusive); codeGroup.PolicyStatement = policy; }
private void CreateAppDomain() { bool lockTaken = false; RuntimeHelpers.PrepareConstrainedRegions(); try { Monitor.Enter(s_AppDomains.SyncRoot, ref lockTaken); if (s_CleanedUp) { throw new InvalidOperationException(SR.GetString("net_cant_perform_during_shutdown")); } if (s_AppDomainInfo == null) { s_AppDomainInfo = new AppDomainSetup(); s_AppDomainInfo.DisallowBindingRedirects = true; s_AppDomainInfo.DisallowCodeDownload = true; NamedPermissionSet permSet = new NamedPermissionSet("__WebProxySandbox", PermissionState.None); permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); ApplicationTrust trust = new ApplicationTrust { DefaultGrantSet = new PolicyStatement(permSet) }; s_AppDomainInfo.ApplicationTrust = trust; s_AppDomainInfo.ApplicationBase = Environment.SystemDirectory; } AppDomain context = s_ExcessAppDomain; if (context != null) { TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(AutoWebProxyScriptWrapper.CloseAppDomainCallback), context); throw new InvalidOperationException(SR.GetString("net_cant_create_environment")); } this.appDomainIndex = s_NextAppDomainIndex++; try { } finally { PermissionSet grantSet = new PermissionSet(PermissionState.None); grantSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); s_ExcessAppDomain = AppDomain.CreateDomain("WebProxyScript", null, s_AppDomainInfo, grantSet, null); try { s_AppDomains.Add(this.appDomainIndex, s_ExcessAppDomain); this.scriptDomain = s_ExcessAppDomain; } finally { if (object.ReferenceEquals(this.scriptDomain, s_ExcessAppDomain)) { s_ExcessAppDomain = null; } else { try { s_AppDomains.Remove(this.appDomainIndex); } finally { TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(AutoWebProxyScriptWrapper.CloseAppDomainCallback), s_ExcessAppDomain); } } } } } finally { if (lockTaken) { Monitor.Exit(s_AppDomains.SyncRoot); } } }
internal static NamedPermissionSet CreateSkipVerificationSet() { NamedPermissionSet permSet; permSet = new NamedPermissionSet( "SkipVerification", PermissionState.None ); permSet.Description = "Grants right to bypass the verification"; permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification)); return permSet; }
private static NamedPermissionSet BuildEverything () { NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Everything, PermissionState.None); nps.AddPermission (new EnvironmentPermission (PermissionState.Unrestricted)); nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted)); nps.AddPermission (new FileIOPermission (PermissionState.Unrestricted)); nps.AddPermission (new IsolatedStorageFilePermission (PermissionState.Unrestricted)); nps.AddPermission (new ReflectionPermission (PermissionState.Unrestricted)); nps.AddPermission (new RegistryPermission (PermissionState.Unrestricted)); nps.AddPermission (new KeyContainerPermission (PermissionState.Unrestricted)); // not quite all in this case SecurityPermissionFlag spf = SecurityPermissionFlag.AllFlags; spf &= ~SecurityPermissionFlag.SkipVerification; nps.AddPermission (new SecurityPermission (spf)); nps.AddPermission (new UIPermission (PermissionState.Unrestricted)); // others requires stuff outside corlib nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted)); nps.AddPermission (PermissionBuilder.Create (PrintingPermissionClass, PermissionState.Unrestricted)); nps.AddPermission (PermissionBuilder.Create (EventLogPermissionClass, PermissionState.Unrestricted)); nps.AddPermission (PermissionBuilder.Create (SocketPermissionClass, PermissionState.Unrestricted)); nps.AddPermission (PermissionBuilder.Create (WebPermissionClass, PermissionState.Unrestricted)); nps.AddPermission (PermissionBuilder.Create (PerformanceCounterPermissionClass, PermissionState.Unrestricted)); nps.AddPermission (PermissionBuilder.Create (DirectoryServicesPermissionClass, PermissionState.Unrestricted)); nps.AddPermission (PermissionBuilder.Create (MessageQueuePermissionClass, PermissionState.Unrestricted)); nps.AddPermission (PermissionBuilder.Create (ServiceControllerPermissionClass, PermissionState.Unrestricted)); nps.AddPermission (PermissionBuilder.Create (OleDbPermissionClass, PermissionState.Unrestricted)); nps.AddPermission (PermissionBuilder.Create (SqlClientPermissionClass, PermissionState.Unrestricted)); // nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted)); // nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted)); return nps; }
private static NamedPermissionSet BuildExecution () { NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Execution, PermissionState.None); nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution)); return nps; }
private static NamedPermissionSet BuildInternet () { NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Internet, PermissionState.None); nps.AddPermission (new FileDialogPermission (FileDialogPermissionAccess.Open)); IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None); isfp.UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser; isfp.UserQuota = 512000; nps.AddPermission (isfp); nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution)); nps.AddPermission (new UIPermission (UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard)); // PrintingPermission requires stuff outside corlib (System.Drawing) nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting"))); return nps; }
private static NamedPermissionSet BuildLocalIntranet () { NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.LocalIntranet, PermissionState.None); nps.AddPermission (new EnvironmentPermission (EnvironmentPermissionAccess.Read, "USERNAME;USER")); nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted)); IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None); isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser; isfp.UserQuota = Int64.MaxValue; nps.AddPermission (isfp); nps.AddPermission (new ReflectionPermission (ReflectionPermissionFlag.ReflectionEmit)); SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion; nps.AddPermission (new SecurityPermission (spf)); nps.AddPermission (new UIPermission (PermissionState.Unrestricted)); // DnsPermission requires stuff outside corlib (System) nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted)); // PrintingPermission requires stuff outside corlib (System.Drawing) nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting"))); return nps; }
/// <summary> /// Creates a new instance providing default "FullTrust", "Nothing", "MediumTrust" and "LowTrust" permissionsets /// </summary> /// <param name="allowUnmanagedCode">NCover requires unmangaged code permissions, set this flag <c>true</c> in this case.</param> public SecurityTemplate(bool allowUnmanagedCode) { PolicyLevel pLevel = PolicyLevel.CreateAppDomainLevel(); // NOTHING permissionset if (null == pLevel.GetNamedPermissionSet(PERMISSIONSET_NOTHING)) { NamedPermissionSet noPermissionSet = new NamedPermissionSet(PERMISSIONSET_NOTHING, PermissionState.None); noPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.NoFlags)); pLevel.AddNamedPermissionSet(noPermissionSet); } // FULLTRUST permissionset if (null == pLevel.GetNamedPermissionSet(PERMISSIONSET_FULLTRUST)) { NamedPermissionSet fulltrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_FULLTRUST, PermissionState.Unrestricted); pLevel.AddNamedPermissionSet(fulltrustPermissionSet); } // MEDIUMTRUST permissionset (corresponds to ASP.Net permission set in web_mediumtrust.config) NamedPermissionSet mediumTrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_MEDIUMTRUST, PermissionState.None); mediumTrustPermissionSet.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium)); mediumTrustPermissionSet.AddPermission(new DnsPermission(PermissionState.Unrestricted)); mediumTrustPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "TEMP;TMP;USERNAME;OS;COMPUTERNAME")); mediumTrustPermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, AppDomain.CurrentDomain.BaseDirectory)); IsolatedStorageFilePermission isolatedStorageFilePermission = new IsolatedStorageFilePermission(PermissionState.None); isolatedStorageFilePermission.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser; isolatedStorageFilePermission.UserQuota = 9223372036854775807; mediumTrustPermissionSet.AddPermission(isolatedStorageFilePermission); mediumTrustPermissionSet.AddPermission(new PrintingPermission(PrintingPermissionLevel.DefaultPrinting)); SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.Assertion | SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlThread | SecurityPermissionFlag.ControlPrincipal | SecurityPermissionFlag.RemotingConfiguration; if (allowUnmanagedCode) { securityPermissionFlag |= SecurityPermissionFlag.UnmanagedCode; } mediumTrustPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlag)); mediumTrustPermissionSet.AddPermission(new System.Net.Mail.SmtpPermission(System.Net.Mail.SmtpAccess.Connect)); mediumTrustPermissionSet.AddPermission(new SqlClientPermission(PermissionState.Unrestricted)); mediumTrustPermissionSet.AddPermission(new WebPermission()); pLevel.AddNamedPermissionSet(mediumTrustPermissionSet); // LOWTRUST permissionset (corresponds to ASP.Net permission set in web_mediumtrust.config) NamedPermissionSet lowTrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_LOWTRUST, PermissionState.None); lowTrustPermissionSet.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Low)); lowTrustPermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, AppDomain.CurrentDomain.BaseDirectory)); IsolatedStorageFilePermission isolatedStorageFilePermissionLow = new IsolatedStorageFilePermission(PermissionState.None); isolatedStorageFilePermissionLow.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser; isolatedStorageFilePermissionLow.UserQuota = 1048576; lowTrustPermissionSet.AddPermission(isolatedStorageFilePermissionLow); SecurityPermissionFlag securityPermissionFlagLow = SecurityPermissionFlag.Execution; if (allowUnmanagedCode) { securityPermissionFlagLow |= SecurityPermissionFlag.UnmanagedCode; } lowTrustPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlagLow)); pLevel.AddNamedPermissionSet(lowTrustPermissionSet); // UnionCodeGroup rootCodeGroup = new UnionCodeGroup(new AllMembershipCondition(), new PolicyStatement(noPermissionSet, PolicyStatementAttribute.Nothing)); // pLevel.RootCodeGroup = rootCodeGroup; _domainPolicy = pLevel; }
private void CreateAppDomain() { // Locking s_AppDomains must happen in a CER so we don't orphan a lock that gets taken by AppDomain.DomainUnload. bool lockHeld = false; RuntimeHelpers.PrepareConstrainedRegions(); try { Monitor.Enter(s_AppDomains.SyncRoot, ref lockHeld); if (s_CleanedUp) { throw new InvalidOperationException(SR.GetString(SR.net_cant_perform_during_shutdown)); } // Create singleton. if (s_AppDomainInfo == null) { s_AppDomainInfo = new AppDomainSetup(); s_AppDomainInfo.DisallowBindingRedirects = true; s_AppDomainInfo.DisallowCodeDownload = true; NamedPermissionSet perms = new NamedPermissionSet("__WebProxySandbox", PermissionState.None); perms.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); ApplicationTrust trust = new ApplicationTrust(); trust.DefaultGrantSet = new PolicyStatement(perms); s_AppDomainInfo.ApplicationTrust = trust; s_AppDomainInfo.ApplicationBase = Environment.SystemDirectory; } // If something's already in s_ExcessAppDomain, try to dislodge it again. AppDomain excessAppDomain = s_ExcessAppDomain; if (excessAppDomain != null) { TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(CloseAppDomainCallback), excessAppDomain); throw new InvalidOperationException(SR.GetString(SR.net_cant_create_environment)); } appDomainIndex = s_NextAppDomainIndex++; try { } finally { PermissionSet permissionSet = new PermissionSet(PermissionState.None); permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); // s_ExcessAppDomain = AppDomain.CreateDomain(c_appDomainName, null, s_AppDomainInfo, permissionSet, null); try { s_AppDomains.Add(appDomainIndex, s_ExcessAppDomain); // This indicates to the finally and the finalizer that everything succeeded. scriptDomain = s_ExcessAppDomain; } finally { // ReferenceEquals has a ReliabilityContract. if (object.ReferenceEquals(scriptDomain, s_ExcessAppDomain)) { s_ExcessAppDomain = null; } else { // Something failed. Leave the domain in s_ExcessAppDomain until we can get rid of it. No // more AppDomains can be created until we do. In the mean time, keep attempting to get the // TimerThread to remove it. Also, might as well remove it from the hash if it made it in. try { s_AppDomains.Remove(appDomainIndex); } finally { // Can't call AppDomain.Unload from a user thread (or in a lock). TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(CloseAppDomainCallback), s_ExcessAppDomain); } } } } } finally { if (lockHeld) { Monitor.Exit(s_AppDomains.SyncRoot); } } }
internal static NamedPermissionSet CreateExecutionSet() { NamedPermissionSet permSet; permSet = new NamedPermissionSet( "Execution", PermissionState.None ); permSet.Description = "Permits execution"; permSet.AddPermission( new SecurityPermission( SecurityPermissionFlag.Execution ) ); return permSet; }
private static NamedPermissionSet BuildEverything() { NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.Everything, PermissionState.None); nps.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted)); nps.AddPermission(new FileDialogPermission(PermissionState.Unrestricted)); nps.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); nps.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted)); nps.AddPermission(new ReflectionPermission(PermissionState.Unrestricted)); nps.AddPermission(new RegistryPermission(PermissionState.Unrestricted)); nps.AddPermission(new KeyContainerPermission(PermissionState.Unrestricted)); // not quite all in this case SecurityPermissionFlag spf = SecurityPermissionFlag.AllFlags; spf &= ~SecurityPermissionFlag.SkipVerification; nps.AddPermission(new SecurityPermission(spf)); nps.AddPermission(new UIPermission(PermissionState.Unrestricted)); // others requires stuff outside corlib nps.AddPermission(PermissionBuilder.Create(DnsPermissionClass, PermissionState.Unrestricted)); nps.AddPermission(PermissionBuilder.Create(PrintingPermissionClass, PermissionState.Unrestricted)); nps.AddPermission(PermissionBuilder.Create(EventLogPermissionClass, PermissionState.Unrestricted)); nps.AddPermission(PermissionBuilder.Create(SocketPermissionClass, PermissionState.Unrestricted)); nps.AddPermission(PermissionBuilder.Create(WebPermissionClass, PermissionState.Unrestricted)); nps.AddPermission(PermissionBuilder.Create(PerformanceCounterPermissionClass, PermissionState.Unrestricted)); nps.AddPermission(PermissionBuilder.Create(DirectoryServicesPermissionClass, PermissionState.Unrestricted)); nps.AddPermission(PermissionBuilder.Create(MessageQueuePermissionClass, PermissionState.Unrestricted)); nps.AddPermission(PermissionBuilder.Create(ServiceControllerPermissionClass, PermissionState.Unrestricted)); nps.AddPermission(PermissionBuilder.Create(OleDbPermissionClass, PermissionState.Unrestricted)); nps.AddPermission(PermissionBuilder.Create(SqlClientPermissionClass, PermissionState.Unrestricted)); // nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted)); // nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted)); return(nps); }
private static NamedPermissionSet BuildEverything() { NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Everything", PermissionState.None); namedPermissionSet.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted)); namedPermissionSet.AddPermission(new FileDialogPermission(PermissionState.Unrestricted)); namedPermissionSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted)); namedPermissionSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted)); namedPermissionSet.AddPermission(new RegistryPermission(PermissionState.Unrestricted)); namedPermissionSet.AddPermission(new KeyContainerPermission(PermissionState.Unrestricted)); SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.AllFlags; securityPermissionFlag &= ~SecurityPermissionFlag.SkipVerification; namedPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlag)); namedPermissionSet.AddPermission(new UIPermission(PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Diagnostics.EventLogPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Diagnostics.PerformanceCounterPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create("System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Messaging.MessageQueuePermission, System.Messaging, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create("System.ServiceProcess.ServiceControllerPermission, System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted)); namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted)); return(namedPermissionSet); }
private static NamedPermissionSet CreateSkipVerificationSet() { NamedPermissionSet permSet = new NamedPermissionSet("SkipVerification", PermissionState.None); permSet.m_descrResource = "Policy_PS_SkipVerification"; permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification)); return permSet; }