public void SetAppDomainPolicy (PolicyLevel domainPolicy) { if (domainPolicy == null) throw new ArgumentNullException ("domainPolicy"); if (_granted != null) { throw new PolicyException (Locale.GetText ( "An AppDomain policy is already specified.")); } if (IsFinalizingForUnload ()) throw new AppDomainUnloadedException (); PolicyStatement ps = domainPolicy.Resolve (_evidence); _granted = ps.PermissionSet; }
internal static bool ResolvePolicyLevel (ref PermissionSet ps, PolicyLevel pl, Evidence evidence) { PolicyStatement pst = pl.Resolve (evidence); if (pst != null) { if (ps == null) { // only for initial (first) policy level processed ps = pst.PermissionSet; } else { ps = ps.Intersect (pst.PermissionSet); if (ps == null) { // null is equals to None - exist that null can throw NullReferenceException ;-) ps = new PermissionSet (PermissionState.None); } } if ((pst.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal) return true; } return false; }
private void Resolve_Zone (PolicyLevel level, SecurityZone z, PolicyStatementAttribute attr, bool unrestricted, int count) { string prefix = z.ToString () + "-" + attr.ToString () + "-"; Evidence e = new Evidence (); e.AddHost (new Zone (z)); PolicyStatement result = level.Resolve (e); if (unrestricted) { Assert.AreEqual (attr, result.Attributes, prefix + "Attributes"); switch (attr) { case PolicyStatementAttribute.Nothing: Assert.AreEqual (String.Empty, result.AttributeString, prefix + "AttributeString"); break; case PolicyStatementAttribute.Exclusive: Assert.AreEqual ("Exclusive", result.AttributeString, prefix + "AttributeString"); break; case PolicyStatementAttribute.LevelFinal: Assert.AreEqual ("LevelFinal", result.AttributeString, prefix + "AttributeString"); break; case PolicyStatementAttribute.All: Assert.AreEqual ("Exclusive LevelFinal", result.AttributeString, prefix + "AttributeString"); break; } } else { Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, prefix + "Attributes"); Assert.AreEqual (String.Empty, result.AttributeString, prefix + "AttributeString"); } Assert.AreEqual (unrestricted, result.PermissionSet.IsUnrestricted (), prefix + "IsUnrestricted"); Assert.AreEqual (count, result.PermissionSet.Count, prefix + "Count"); }
internal static QuickCacheEntryType GenerateQuickCache( PolicyLevel level ) { QuickCacheEntryType[] ExecutionMap = new QuickCacheEntryType[] { QuickCacheEntryType.ExecutionZoneMyComputer, QuickCacheEntryType.ExecutionZoneIntranet, QuickCacheEntryType.ExecutionZoneInternet, QuickCacheEntryType.ExecutionZoneTrusted, QuickCacheEntryType.ExecutionZoneUntrusted }; QuickCacheEntryType[] UnmanagedMap = new QuickCacheEntryType[] { QuickCacheEntryType.UnmanagedZoneMyComputer, QuickCacheEntryType.UnmanagedZoneIntranet, QuickCacheEntryType.UnmanagedZoneInternet, QuickCacheEntryType.UnmanagedZoneTrusted, QuickCacheEntryType.UnmanagedZoneUntrusted }; QuickCacheEntryType[] RequestSkipVerificationMap = new QuickCacheEntryType[] { QuickCacheEntryType.RequestSkipVerificationZoneMyComputer, QuickCacheEntryType.RequestSkipVerificationZoneIntranet, QuickCacheEntryType.RequestSkipVerificationZoneInternet, QuickCacheEntryType.RequestSkipVerificationZoneTrusted, QuickCacheEntryType.RequestSkipVerificationZoneUntrusted }; QuickCacheEntryType[] SkipVerificationMap = new QuickCacheEntryType[] { QuickCacheEntryType.SkipVerificationZoneMyComputer, QuickCacheEntryType.SkipVerificationZoneIntranet, QuickCacheEntryType.SkipVerificationZoneInternet, QuickCacheEntryType.SkipVerificationZoneTrusted, QuickCacheEntryType.SkipVerificationZoneUntrusted }; QuickCacheEntryType[] FullTrustMap = new QuickCacheEntryType[] { QuickCacheEntryType.FullTrustZoneMyComputer, QuickCacheEntryType.FullTrustZoneIntranet, QuickCacheEntryType.FullTrustZoneInternet, QuickCacheEntryType.FullTrustZoneTrusted, QuickCacheEntryType.FullTrustZoneUntrusted }; QuickCacheEntryType accumulator = (QuickCacheEntryType)0; SecurityPermission execPerm = new SecurityPermission( SecurityPermissionFlag.Execution ); SecurityPermission unmanagedPerm = new SecurityPermission( SecurityPermissionFlag.UnmanagedCode ); SecurityPermission skipVerifPerm = new SecurityPermission( SecurityPermissionFlag.SkipVerification ); Evidence noEvidence = new Evidence(); PermissionSet policy = null; try { policy = level.Resolve( noEvidence ).PermissionSet; if (policy.Contains( execPerm )) accumulator |= QuickCacheEntryType.ExecutionAll; if (policy.Contains( unmanagedPerm )) accumulator |= QuickCacheEntryType.UnmanagedAll; if (policy.Contains( skipVerifPerm )) accumulator |= QuickCacheEntryType.SkipVerificationAll; if (policy.IsUnrestricted()) accumulator |= QuickCacheEntryType.FullTrustAll; } catch (PolicyException) { } PermissionSet permSet = new PermissionSet( PermissionState.None ); permSet.AddPermission( skipVerifPerm ); PermissionRequestEvidence permRequest = new PermissionRequestEvidence( permSet, null, null ); try { noEvidence.AddHost( permRequest ); policy = level.Resolve( noEvidence ).PermissionSet; if (policy.Contains( skipVerifPerm )) accumulator |= QuickCacheEntryType.RequestSkipVerificationAll; } catch (PolicyException) { } Array zones = Enum.GetValues( typeof( SecurityZone ) ); for (int i = 0; i < zones.Length; ++i) { if (((SecurityZone)zones.GetValue( i )) == SecurityZone.NoZone) continue; Evidence zoneEvidence = new Evidence(); zoneEvidence.AddHost( new Zone( (SecurityZone)zones.GetValue( i ) ) ); PermissionSet zonePolicy = null; try { zonePolicy = level.Resolve( zoneEvidence ).PermissionSet; if (zonePolicy.Contains( execPerm )) accumulator |= ExecutionMap[i]; if (zonePolicy.Contains( unmanagedPerm )) accumulator |= UnmanagedMap[i]; if (zonePolicy.Contains( skipVerifPerm )) accumulator |= SkipVerificationMap[i]; if (zonePolicy.IsUnrestricted()) accumulator |= FullTrustMap[i]; } catch (PolicyException) { } zoneEvidence.AddHost( permRequest ); try { zonePolicy = level.Resolve( zoneEvidence ).PermissionSet; if (zonePolicy.Contains( skipVerifPerm )) accumulator |= RequestSkipVerificationMap[i]; } catch (PolicyException) { } } return accumulator; }
private static QuickCacheEntryType GenerateQuickCache(PolicyLevel level) { if (FullTrustMap == null) { // This mapping must stay in [....] with the SecurityZone enumeration in SecurityZone.cs FullTrustMap = new QuickCacheEntryType[] { QuickCacheEntryType.FullTrustZoneMyComputer, QuickCacheEntryType.FullTrustZoneIntranet, QuickCacheEntryType.FullTrustZoneTrusted, QuickCacheEntryType.FullTrustZoneInternet, QuickCacheEntryType.FullTrustZoneUntrusted }; } QuickCacheEntryType accumulator = (QuickCacheEntryType)0; Evidence noEvidence = new Evidence(); PermissionSet policy = null; try { policy = level.Resolve( noEvidence ).PermissionSet; if (policy.IsUnrestricted()) accumulator |= QuickCacheEntryType.FullTrustAll; } catch (PolicyException) { } foreach (SecurityZone zone in Enum.GetValues(typeof(SecurityZone))) { if (zone == SecurityZone.NoZone) continue; Evidence zoneEvidence = new Evidence(); zoneEvidence.AddHostEvidence(new Zone(zone)); PermissionSet zonePolicy = null; try { zonePolicy = level.Resolve( zoneEvidence ).PermissionSet; if (zonePolicy.IsUnrestricted()) { Contract.Assert(0 <= (int)zone && (int)zone < FullTrustMap.Length, "FullTrustMap does not contain a mapping for this zone."); accumulator |= FullTrustMap[(int)zone]; } } catch (PolicyException) { } } return accumulator; }
private static QuickCacheEntryType GenerateQuickCache (PolicyLevel level) { QuickCacheEntryType[] FullTrustMap = new QuickCacheEntryType[] { QuickCacheEntryType.FullTrustZoneMyComputer, QuickCacheEntryType.FullTrustZoneIntranet, QuickCacheEntryType.FullTrustZoneInternet, QuickCacheEntryType.FullTrustZoneTrusted, QuickCacheEntryType.FullTrustZoneUntrusted }; QuickCacheEntryType accumulator = (QuickCacheEntryType)0; Evidence noEvidence = new Evidence(); PermissionSet policy = null; try { policy = level.Resolve( noEvidence ).PermissionSet; if (policy.IsUnrestricted()) accumulator |= QuickCacheEntryType.FullTrustAll; } catch (PolicyException) { } Array zones = Enum.GetValues( typeof( SecurityZone ) ); for (int i = 0; i < zones.Length; ++i) { if (((SecurityZone)zones.GetValue( i )) == SecurityZone.NoZone) continue; Evidence zoneEvidence = new Evidence(); zoneEvidence.AddHost( new Zone( (SecurityZone)zones.GetValue( i ) ) ); PermissionSet zonePolicy = null; try { zonePolicy = level.Resolve( zoneEvidence ).PermissionSet; if (zonePolicy.IsUnrestricted()) accumulator |= FullTrustMap[i]; } catch (PolicyException) { } } return accumulator; }
private static QuickCacheEntryType GenerateQuickCache(PolicyLevel level) { if (FullTrustMap == null) { FullTrustMap = new QuickCacheEntryType[] { QuickCacheEntryType.FullTrustZoneMyComputer, QuickCacheEntryType.FullTrustZoneIntranet, QuickCacheEntryType.FullTrustZoneTrusted, QuickCacheEntryType.FullTrustZoneInternet, QuickCacheEntryType.FullTrustZoneUntrusted }; } QuickCacheEntryType type = 0; Evidence evidence = new Evidence(); try { if (level.Resolve(evidence).PermissionSet.IsUnrestricted()) { type |= QuickCacheEntryType.FullTrustAll; } } catch (PolicyException) { } foreach (SecurityZone zone in Enum.GetValues(typeof(SecurityZone))) { if (zone != SecurityZone.NoZone) { Evidence evidence2 = new Evidence(); evidence2.AddHostEvidence<Zone>(new Zone(zone)); try { if (level.Resolve(evidence2).PermissionSet.IsUnrestricted()) { type |= FullTrustMap[(int) zone]; } } catch (PolicyException) { } } } return type; }