コード例 #1
0
		public void CopyWithChildren () 
		{
			FirstMatchCodeGroup cgChild = new FirstMatchCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.Unrestricted)));
			FirstMatchCodeGroup cg = new FirstMatchCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.None)));
			cg.AddChild (cgChild);
			FirstMatchCodeGroup cg2 = (FirstMatchCodeGroup) cg.Copy ();
			AssertEquals ("Children", cg.Children.Count, cg2.Children.Count);
			AssertEquals ("ToXml", cg.ToXml ().ToString (), cg2.ToXml ().ToString ());
		}
コード例 #2
0
        //
        // Public Methods
        //

        public override CodeGroup Copy()
        {
            FirstMatchCodeGroup copy = CopyNoChildren();

            foreach (CodeGroup child in Children)
            {
                copy.AddChild(child.Copy());                    // deep copy
            }
            return(copy);
        }
コード例 #3
0
        /// <summary>Makes a deep copy of the code group.</summary>
        /// <returns>An equivalent copy of the code group, including its membership conditions and child code groups.</returns>
        /// <PermissionSet>
        ///   <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" />
        /// </PermissionSet>
        public override CodeGroup Copy()
        {
            FirstMatchCodeGroup firstMatchCodeGroup = this.CopyNoChildren();

            foreach (object obj in base.Children)
            {
                CodeGroup codeGroup = (CodeGroup)obj;
                firstMatchCodeGroup.AddChild(codeGroup.Copy());
            }
            return(firstMatchCodeGroup);
        }
コード例 #4
0
        /// <summary>生成代码组的深层副本。</summary>
        /// <returns>代码组(包括其成员条件和子代码组)的等效副本。</returns>
        /// <PermissionSet>
        ///   <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" />
        /// </PermissionSet>
        public override CodeGroup Copy()
        {
            FirstMatchCodeGroup firstMatchCodeGroup = new FirstMatchCodeGroup();

            firstMatchCodeGroup.MembershipCondition = this.MembershipCondition;
            firstMatchCodeGroup.PolicyStatement     = this.PolicyStatement;
            firstMatchCodeGroup.Name        = this.Name;
            firstMatchCodeGroup.Description = this.Description;
            foreach (CodeGroup child in (IEnumerable)this.Children)
            {
                firstMatchCodeGroup.AddChild(child);
            }
            return((CodeGroup)firstMatchCodeGroup);
        }
コード例 #5
0
        /// <summary>Makes a deep copy of the code group.</summary>
        /// <returns>An equivalent copy of the code group, including its membership conditions and child code groups.</returns>
        // Token: 0x0600294A RID: 10570 RVA: 0x000986A4 File Offset: 0x000968A4
        public override CodeGroup Copy()
        {
            FirstMatchCodeGroup firstMatchCodeGroup = new FirstMatchCodeGroup();

            firstMatchCodeGroup.MembershipCondition = base.MembershipCondition;
            firstMatchCodeGroup.PolicyStatement     = base.PolicyStatement;
            firstMatchCodeGroup.Name        = base.Name;
            firstMatchCodeGroup.Description = base.Description;
            foreach (object obj in base.Children)
            {
                firstMatchCodeGroup.AddChild((CodeGroup)obj);
            }
            return(firstMatchCodeGroup);
        }
 public override CodeGroup Copy()
 {
     FirstMatchCodeGroup group = new FirstMatchCodeGroup {
         MembershipCondition = base.MembershipCondition,
         PolicyStatement = base.PolicyStatement,
         Name = base.Name,
         Description = base.Description
     };
     IEnumerator enumerator = base.Children.GetEnumerator();
     while (enumerator.MoveNext())
     {
         group.AddChild((CodeGroup) enumerator.Current);
     }
     return group;
 }
コード例 #7
0
        public override CodeGroup Copy()
        {
            FirstMatchCodeGroup group = new FirstMatchCodeGroup {
                MembershipCondition = base.MembershipCondition,
                PolicyStatement     = base.PolicyStatement,
                Name        = base.Name,
                Description = base.Description
            };
            IEnumerator enumerator = base.Children.GetEnumerator();

            while (enumerator.MoveNext())
            {
                group.AddChild((CodeGroup)enumerator.Current);
            }
            return(group);
        }
コード例 #8
0
	// Make a copy of this code group.
	public override CodeGroup Copy()
			{
				FirstMatchCodeGroup group;
				group = new FirstMatchCodeGroup
					(MembershipCondition, PolicyStatement);
				group.Name = Name;
				group.Description = Description;
				IList children = Children;
				if(children != null)
				{
					foreach(CodeGroup child in children)
					{
						group.AddChild(child);
					}
				}
				return group;
			}
コード例 #9
0
        /// <include file='doc\FirstMatchCodeGroup.uex' path='docs/doc[@for="FirstMatchCodeGroup.Copy"]/*' />
        public override CodeGroup Copy()
        {
            FirstMatchCodeGroup group = new FirstMatchCodeGroup();

            group.MembershipCondition = this.MembershipCondition;
            group.PolicyStatement     = this.PolicyStatement;
            group.Name        = this.Name;
            group.Description = this.Description;

            IEnumerator enumerator = this.Children.GetEnumerator();

            while (enumerator.MoveNext())
            {
                group.AddChild((CodeGroup)enumerator.Current);
            }

            return(group);
        }
コード例 #10
0
        // Make a copy of this code group.
        public override CodeGroup Copy()
        {
            FirstMatchCodeGroup group;

            group = new FirstMatchCodeGroup
                        (MembershipCondition, PolicyStatement);
            group.Name        = Name;
            group.Description = Description;
            IList children = Children;

            if (children != null)
            {
                foreach (CodeGroup child in children)
                {
                    group.AddChild(child);
                }
            }
            return(group);
        }
コード例 #11
0
ファイル: firstmatchcodegroup.cs プロジェクト: ArildF/masters
        /// <include file='doc\FirstMatchCodeGroup.uex' path='docs/doc[@for="FirstMatchCodeGroup.Copy"]/*' />
        public override CodeGroup Copy()
        {
            FirstMatchCodeGroup group = new FirstMatchCodeGroup();
            
            group.MembershipCondition = this.MembershipCondition;
            group.PolicyStatement = this.PolicyStatement;
            group.Name = this.Name;
            group.Description = this.Description;

            IEnumerator enumerator = this.Children.GetEnumerator();

            while (enumerator.MoveNext())
            {
                group.AddChild( (CodeGroup)enumerator.Current );
            }
           
            return group;
        }
コード例 #12
0
 /// <summary>
 /// Loads a policy from a file (<see cref="SecurityManager.LoadPolicyLevelFromFile"/>), 
 /// replacing placeholders  
 /// <list>
 ///   <item>$AppDir$, $AppDirUrl$ => <paramref name="appDirectory"/></item>
 ///   <item>$CodeGen$ => (TODO)</item>
 ///   <item>$OriginHost$ => <paramref name="originUrl"/></item>
 ///   <item>$Gac$ => the current machine's GAC path</item>
 /// </list>
 /// </summary>
 /// <param name="policyFileLocation"></param>
 /// <param name="originUrl"></param>
 /// <param name="appDirectory"></param>
 /// <returns></returns>
 public static PolicyLevel LoadDomainPolicyFromUri(Uri policyFileLocation, string appDirectory, string originUrl)
 {
     bool foundGacToken = false;
     PolicyLevel domainPolicy = CreatePolicyLevel(policyFileLocation, appDirectory, appDirectory, originUrl, out foundGacToken);
     if (foundGacToken)
     {
         CodeGroup rootCodeGroup = domainPolicy.RootCodeGroup;
         bool hasGacMembershipCondition = false;
         foreach (CodeGroup childCodeGroup in rootCodeGroup.Children)
         {
             if (childCodeGroup.MembershipCondition is GacMembershipCondition)
             {
                 hasGacMembershipCondition = true;
                 break;
             }
         }
         if (!hasGacMembershipCondition && (rootCodeGroup is FirstMatchCodeGroup))
         {
             FirstMatchCodeGroup firstMatchCodeGroup = (FirstMatchCodeGroup)rootCodeGroup;
             if ((firstMatchCodeGroup.MembershipCondition is AllMembershipCondition) && (firstMatchCodeGroup.PermissionSetName == PERMISSIONSET_NOTHING))
             {
                 PermissionSet unrestrictedPermissionSet = new PermissionSet(PermissionState.Unrestricted);
                 CodeGroup gacGroup = new UnionCodeGroup(new GacMembershipCondition(), new PolicyStatement(unrestrictedPermissionSet));
                 CodeGroup rootGroup = new FirstMatchCodeGroup(rootCodeGroup.MembershipCondition, rootCodeGroup.PolicyStatement);
                 foreach (CodeGroup childGroup in rootCodeGroup.Children)
                 {
                     if (((childGroup is UnionCodeGroup) && (childGroup.MembershipCondition is UrlMembershipCondition)) && (childGroup.PolicyStatement.PermissionSet.IsUnrestricted() && (gacGroup != null)))
                     {
                         rootGroup.AddChild(gacGroup);
                         gacGroup = null;
                     }
                     rootGroup.AddChild(childGroup);
                 }
                 domainPolicy.RootCodeGroup = rootGroup;
             }
         }
     }
     return domainPolicy;
 }
 private static PolicyLevel GetPartialTrustPolicyLevel(TrustSection trustSection, SecurityPolicySection securityPolicySection, CompilationSection compilationSection, string physicalPath, VirtualPath virtualPath)
 {
     if ((securityPolicySection == null) || (securityPolicySection.TrustLevels[trustSection.Level] == null))
     {
         throw new ConfigurationErrorsException(System.Web.SR.GetString("Unable_to_get_policy_file", new object[] { trustSection.Level }), string.Empty, 0);
     }
     string policyFileExpanded = securityPolicySection.TrustLevels[trustSection.Level].PolicyFileExpanded;
     if ((policyFileExpanded == null) || !System.Web.Util.FileUtil.FileExists(policyFileExpanded))
     {
         throw new HttpException(System.Web.SR.GetString("Unable_to_get_policy_file", new object[] { trustSection.Level }));
     }
     PolicyLevel level = null;
     string path = System.Web.Util.FileUtil.RemoveTrailingDirectoryBackSlash(physicalPath);
     string newValue = HttpRuntime.MakeFileUrl(path);
     string tempDirectory = null;
     string tempDirAttribName = null;
     string configFileName = null;
     int configLineNumber = 0;
     if ((compilationSection != null) && !string.IsNullOrEmpty(compilationSection.TempDirectory))
     {
         tempDirectory = compilationSection.TempDirectory;
         compilationSection.GetTempDirectoryErrorInfo(out tempDirAttribName, out configFileName, out configLineNumber);
     }
     if (tempDirectory != null)
     {
         tempDirectory = tempDirectory.Trim();
         if (!Path.IsPathRooted(tempDirectory))
         {
             tempDirectory = null;
         }
         else
         {
             try
             {
                 tempDirectory = new DirectoryInfo(tempDirectory).FullName;
             }
             catch
             {
                 tempDirectory = null;
             }
         }
         if (tempDirectory == null)
         {
             throw new ConfigurationErrorsException(System.Web.SR.GetString("Invalid_temp_directory", new object[] { tempDirAttribName }), configFileName, configLineNumber);
         }
         try
         {
             Directory.CreateDirectory(tempDirectory);
             goto Label_0165;
         }
         catch (Exception exception)
         {
             throw new ConfigurationErrorsException(System.Web.SR.GetString("Invalid_temp_directory", new object[] { tempDirAttribName }), exception, configFileName, configLineNumber);
         }
     }
     tempDirectory = Path.Combine(RuntimeEnvironment.GetRuntimeDirectory(), "Temporary ASP.NET Files");
 Label_0165:
     if (!Util.HasWriteAccessToDirectory(tempDirectory))
     {
         if (!Environment.UserInteractive)
         {
             throw new HttpException(System.Web.SR.GetString("No_codegen_access", new object[] { Util.GetCurrentAccountName(), tempDirectory }));
         }
         tempDirectory = Path.Combine(Path.GetTempPath(), "Temporary ASP.NET Files");
     }
     string str7 = AppManagerAppDomainFactory.ConstructSimpleAppName(VirtualPath.GetVirtualPathStringNoTrailingSlash(virtualPath));
     string str9 = HttpRuntime.MakeFileUrl(System.Web.Util.FileUtil.RemoveTrailingDirectoryBackSlash(Path.Combine(tempDirectory, str7)));
     string originUrl = trustSection.OriginUrl;
     FileStream stream = new FileStream(policyFileExpanded, FileMode.Open, FileAccess.Read);
     StreamReader reader = new StreamReader(stream, Encoding.UTF8);
     string str = reader.ReadToEnd();
     reader.Close();
     str = str.Replace("$AppDir$", path).Replace("$AppDirUrl$", newValue).Replace("$CodeGen$", str9);
     if (originUrl == null)
     {
         originUrl = string.Empty;
     }
     str = str.Replace("$OriginHost$", originUrl);
     string gacLocation = null;
     if (str.IndexOf("$Gac$", StringComparison.Ordinal) != -1)
     {
         gacLocation = HttpRuntime.GetGacLocation();
         if (gacLocation != null)
         {
             gacLocation = HttpRuntime.MakeFileUrl(gacLocation);
         }
         if (gacLocation == null)
         {
             gacLocation = string.Empty;
         }
         str = str.Replace("$Gac$", gacLocation);
     }
     level = SecurityManager.LoadPolicyLevelFromString(str, PolicyLevelType.AppDomain);
     if (level == null)
     {
         throw new ConfigurationErrorsException(System.Web.SR.GetString("Unable_to_get_policy_file", new object[] { trustSection.Level }));
     }
     if (gacLocation != null)
     {
         CodeGroup rootCodeGroup = level.RootCodeGroup;
         bool flag = false;
         foreach (CodeGroup group2 in rootCodeGroup.Children)
         {
             if (group2.MembershipCondition is GacMembershipCondition)
             {
                 flag = true;
                 break;
             }
         }
         if (!flag && (rootCodeGroup is FirstMatchCodeGroup))
         {
             FirstMatchCodeGroup group3 = (FirstMatchCodeGroup) rootCodeGroup;
             if (!(group3.MembershipCondition is AllMembershipCondition) || !(group3.PermissionSetName == "Nothing"))
             {
                 return level;
             }
             PermissionSet permSet = new PermissionSet(PermissionState.Unrestricted);
             CodeGroup group = new UnionCodeGroup(new GacMembershipCondition(), new PolicyStatement(permSet));
             CodeGroup group5 = new FirstMatchCodeGroup(rootCodeGroup.MembershipCondition, rootCodeGroup.PolicyStatement);
             foreach (CodeGroup group6 in rootCodeGroup.Children)
             {
                 if (((group6 is UnionCodeGroup) && (group6.MembershipCondition is UrlMembershipCondition)) && (group6.PolicyStatement.PermissionSet.IsUnrestricted() && (group != null)))
                 {
                     group5.AddChild(group);
                     group = null;
                 }
                 group5.AddChild(group6);
             }
             level.RootCodeGroup = group5;
         }
     }
     return level;
 }
コード例 #14
0
        // This routine sets up the Code Access Security policy that Terrarium runs under.  It is key
        // to ensuring that organisms can never do anything dangerous.
        // 
        // The policy tree looks like this:
        // All Code - Nothing
        //   My Computer - Nothing
        //      Terrarium Code Directory - Execute permission only
        //      Terrarium Key - Full Trust
        //      System.dll Code base - Full Trust (for XML serialization emitted assemblies)
        //      MS Name - Full Trust
        //      ECMA Name - Full Trust
        //      Terrarium.Exe Code Dir - Execute Only
        // 
        // Order is important since we're using a first match code group.  If an assembly lives in the cache directory,
        // it gets nothing.
        internal static PolicyLevel MakePolicyLevel(string cacheDir)
        {
            var noPerms = new PermissionSet(PermissionState.None);

            // All Code, Nothing
            var allCode = new FirstMatchCodeGroup(new AllMembershipCondition(),
                                                  new PolicyStatement(noPerms));

            // My Computer, Nothing
            var myComputer =
                new FirstMatchCodeGroup(new ZoneMembershipCondition(SecurityZone.MyComputer),
                                        new PolicyStatement(noPerms));

            // Terrarium code dir: if name is blank, skip it
            UnionCodeGroup cacheDirGroup = null;
            if (cacheDir != null)
            {
                var cacheDirFull = Path.GetFullPath(cacheDir);
                if (Directory.Exists(cacheDirFull))
                {
                    var fileCanon = cacheDirFull.Replace("\\", "/");
                    var fileUrl = String.Format("file://{0}/*", fileCanon);

                    cacheDirGroup = new UnionCodeGroup(new UrlMembershipCondition(fileUrl),
                                                       new PolicyStatement(MakeExecutionOnlyPermSet()));
                }
            }

            // When webservices creates a serialization dll dynamically, it loads it into memory
            // and it gets the evidence from System.Dll.  Thus, to make sure these assemblies get
            // full trust, we need to make sure that anything that has this same evidence is
            // added to policy
            var codeBase = typeof (Process).Assembly.CodeBase;
            var systemDll =
                new UnionCodeGroup(new UrlMembershipCondition(codeBase),
                                   new PolicyStatement(MakeTrustedPermSet()));

            var myCodeTrust =
                new UnionCodeGroup(new StrongNameMembershipCondition(
                                       MakeSelfRelativeBlob(), null, null),
                                   new PolicyStatement(MakeTrustedPermSet()));

            var myMSTrust = MakeMSCodeGroup();
            var ecmaTrust = MakeEcmaCodeGroup();

            // Terrarium does a Load(byte []) on assemblies to check them before it copies them to the PAC to 
            // truly load them.  However, since unsigned (by MS or Terrarium) assemblies outside of the PAC
            // don't get execute permissions, this load fails.  Since we are doing a Load(byte []), the evidence
            // will say that the assembly is coming from the same location as Terrarium.Exe, therefore
            // we need to add policy that gives unsigned assemblies in the same location as terrarium.exe
            // Execute permissions.  This is the exact code (and logic) we use for the systemDll code group above.
            var terrariumCodeBase = typeof (GameEngine).Assembly.CodeBase;
            var checkAssemblyTrust = new UnionCodeGroup(new UrlMembershipCondition(terrariumCodeBase),
                                                        new PolicyStatement(MakeExecutionOnlyPermSet()));

            // add children of MyComputer CG
            if (cacheDirGroup != null)
            {
                myComputer.AddChild(cacheDirGroup);
            }

            myComputer.AddChild(myCodeTrust);
            myComputer.AddChild(systemDll);
            myComputer.AddChild(myMSTrust);
            myComputer.AddChild(ecmaTrust);
            myComputer.AddChild(checkAssemblyTrust);

            // add MyComputer under All Code
            allCode.AddChild(myComputer);
            var level = PolicyLevel.CreateAppDomainLevel();
            level.RootCodeGroup = allCode;
            return level;
        }