public override void Install(System.Collections.IDictionary stateSaver) { PolicyLevel ent; PolicyLevel mach; PolicyLevel user; string sAssemblyPath = this.Context.Parameters["custassembly"]; //string sAssemblyPath = this.Context.Parameters["XWord.dll"]; System.Collections.IEnumerator policies = SecurityManager.PolicyHierarchy(); policies.MoveNext(); ent = (PolicyLevel)policies.Current; policies.MoveNext(); mach = (PolicyLevel)policies.Current; policies.MoveNext(); user = (PolicyLevel)policies.Current; PermissionSet fullTrust = user.GetNamedPermissionSet("FullTrust"); PolicyStatement statement = new PolicyStatement(fullTrust, PolicyStatementAttribute.Nothing); UrlMembershipCondition condition = new UrlMembershipCondition(sAssemblyPath); CodeGroup group = new UnionCodeGroup(condition, statement); group.Name = "TestWordAddInCS"; user.RootCodeGroup.AddChild(group); SecurityManager.SavePolicy(); base.Install(stateSaver); }
public static Task<GetManifestCompletedEventArgs> DownloadManifestAsync(this InPlaceHostingManager manager) { var tcs = new TaskCompletionSource<GetManifestCompletedEventArgs>(); manager.GetManifestCompleted += (sender, e) => { if(e.Error != null) { tcs.SetException(e.Error); return; } var trust = new ApplicationTrust(); var permissions = new PermissionSet(PermissionState.Unrestricted); var statement = new PolicyStatement(permissions); trust.DefaultGrantSet = statement; trust.ApplicationIdentity = e.ApplicationIdentity; trust.IsApplicationTrustedToRun = true; ApplicationSecurityManager.UserApplicationTrusts.Add(trust); tcs.SetResult(e); }; manager.GetManifestAsync(); return tcs.Task; }
private static AppDomain CreateRestrictedDomain(string domainName) { // Default to all code getting nothing PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None)); UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy); // Grant all code the named permission set for the test PermissionSet partialTrustPermissionSet = new PermissionSet(PermissionState.None); partialTrustPermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.AllFlags)); partialTrustPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)); PolicyStatement permissions = new PolicyStatement(partialTrustPermissionSet); policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions)); // Create an AppDomain policy level for the policy tree PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel(); appDomainLevel.RootCodeGroup = policyRoot; // Set the Application Base correctly in order to find the test assembly AppDomainSetup ads = new AppDomainSetup(); ads.ApplicationBase = Environment.CurrentDirectory; AppDomain restrictedDomain = AppDomain.CreateDomain(domainName, null, ads); restrictedDomain.SetAppDomainPolicy(appDomainLevel); return restrictedDomain; }
static AppDomain NewDomain () { PolicyStatement statement = new PolicyStatement(new PermissionSet(PermissionState.None),PolicyStatementAttribute.Nothing); PermissionSet ps = new PermissionSet(PermissionState.None); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Assertion)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlAppDomain)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlDomainPolicy)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlPolicy)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlPrincipal)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlThread)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Infrastructure)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.RemotingConfiguration)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter)); ps.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); ps.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted)); ps.AddPermission(new ReflectionPermission(PermissionState.Unrestricted)); ps.AddPermission(new RegistryPermission(PermissionState.Unrestricted)); ps.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted)); ps.AddPermission(new EventLogPermission(PermissionState.Unrestricted)); ps.AddPermission(new PerformanceCounterPermission(PermissionState.Unrestricted)); ps.AddPermission(new DnsPermission(PermissionState.Unrestricted)); ps.AddPermission(new UIPermission(PermissionState.Unrestricted)); PolicyStatement statement1 = new PolicyStatement(ps,PolicyStatementAttribute.Exclusive); CodeGroup group; group = new UnionCodeGroup(new AllMembershipCondition(),statement); group.AddChild(new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.MyComputer),statement1)); PolicyLevel level = PolicyLevel.CreateAppDomainLevel(); level.RootCodeGroup = group; AppDomain domain = AppDomain.CreateDomain ("test"); domain.SetAppDomainPolicy(level); return domain; }
public void Constructor_PermissionSet_Null () { PolicyStatement ps = new PolicyStatement (null); Assert.AreEqual (PolicyStatementAttribute.Nothing, ps.Attributes, "Attributes"); Assert.AreEqual (String.Empty, ps.AttributeString, "AttributeString"); Assert.AreEqual (Empty.ToString (), ps.PermissionSet.ToString (), "PermissionSet"); Assert.AreEqual (ps.ToXml ().ToString (), ps.Copy ().ToXml ().ToString (), "Copy"); }
public void Constructor_PermissionSetPolicyStatementAttribute_Null () { PolicyStatement ps = new PolicyStatement (null, PolicyStatementAttribute.All); Assert.AreEqual (PolicyStatementAttribute.All, ps.Attributes, "Attributes"); Assert.AreEqual ("Exclusive LevelFinal", ps.AttributeString, "AttributeString"); Assert.AreEqual (Empty.ToString (), ps.PermissionSet.ToString (), "PermissionSet"); Assert.AreEqual (ps.ToXml ().ToString (), ps.Copy ().ToXml ().ToString (), "Copy"); }
internal CodeGroup() { m_membershipCondition = null; m_children = null; m_policy = null; m_element = null; m_parentLevel = null; }
// PolicyLevel m_level; protected CodeGroup (IMembershipCondition membershipCondition, PolicyStatement policy) { if (null == membershipCondition) throw new ArgumentNullException ("membershipCondition"); if (policy != null) m_policy = policy.Copy (); m_membershipCondition = membershipCondition.Copy (); }
public void Constructor_PermissionSet_Unrestricted () { PermissionSet pset = new PermissionSet (PermissionState.Unrestricted); PolicyStatement ps = new PolicyStatement (pset); Assert.AreEqual (PolicyStatementAttribute.Nothing, ps.Attributes, "Attributes"); Assert.AreEqual (String.Empty, ps.AttributeString, "AttributeString"); Assert.AreEqual (Unrestricted.ToString (), ps.PermissionSet.ToString (), "PermissionSet"); Assert.AreEqual (ps.ToXml ().ToString (), ps.Copy ().ToXml ().ToString (), "Copy"); }
public PolicyStatement Copy() { PolicyStatement statement = new PolicyStatement(this.m_permSet, this.Attributes, true); if (this.HasDependentEvidence) { statement.m_dependentEvidence = new List<IDelayEvaluatedEvidence>(this.m_dependentEvidence); } return statement; }
/// <include file='doc\FirstMatchCodeGroup.uex' path='docs/doc[@for="FirstMatchCodeGroup.Resolve"]/*' /> public override PolicyStatement Resolve( Evidence evidence ) { if (evidence == null) throw new ArgumentNullException("evidence"); if (this.MembershipCondition.Check( evidence )) { PolicyStatement childPolicy = null; IEnumerator enumerator = this.Children.GetEnumerator(); while (enumerator.MoveNext()) { childPolicy = ((CodeGroup)enumerator.Current).Resolve( evidence ); // If the child has a policy, we are done. if (childPolicy != null) break; } PolicyStatement thisPolicy = this.PolicyStatement; if (thisPolicy == null) { return childPolicy; } else if (childPolicy != null) { // Combine the child and this policy and return it. PolicyStatement combined = new PolicyStatement(); combined.SetPermissionSetNoCopy( thisPolicy.GetPermissionSetNoCopy().Union( childPolicy.GetPermissionSetNoCopy() ) ); // if both this group and matching child group are exclusive we need to throw an exception if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive) throw new PolicyException( Environment.GetResourceString( "Policy_MultipleExclusive" ) ); combined.Attributes = thisPolicy.Attributes | childPolicy.Attributes; return combined; } else { // Otherwise we just copy the this policy. return this.PolicyStatement; } } else { return null; } }
// Constructors. public CodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) { if(membershipCondition == null) { throw new ArgumentNullException("membershipCondition"); } this.membershipCondition = membershipCondition; this.policy = policy; this.children = new ArrayList(); }
public override void Install(System.Collections.IDictionary stateSaver) { try { PolicyLevel enterprise; PolicyLevel machine; PolicyLevel user; string assemblyLocation = this.Context.Parameters["assemblyLocation"]; string groupName = this.Context.Parameters["groupName"]; IEnumerator enumerator = SecurityManager.PolicyHierarchy(); // 1st one is enterprise enumerator.MoveNext(); enterprise = (PolicyLevel)enumerator.Current; // 2nd one is machine enumerator.MoveNext(); machine = (PolicyLevel)enumerator.Current; // 3rd one is user enumerator.MoveNext(); user = (PolicyLevel)enumerator.Current; PermissionSet permissionSet = user.GetNamedPermissionSet("FullTrust"); PolicyStatement statement = new PolicyStatement(permissionSet, PolicyStatementAttribute.Nothing); UrlMembershipCondition condition = new UrlMembershipCondition(assemblyLocation); CodeGroup codeGroup = new UnionCodeGroup(condition, statement); codeGroup.Name = groupName; // see if the code group already exists, and if so, remove it CodeGroup existingCodeGroup = null; foreach (CodeGroup group in user.RootCodeGroup.Children) { if (group.Name == codeGroup.Name) { existingCodeGroup = group; break; } } if (existingCodeGroup != null) user.RootCodeGroup.RemoveChild(existingCodeGroup); SecurityManager.SavePolicy(); // add the code group user.RootCodeGroup.AddChild(codeGroup); SecurityManager.SavePolicy(); } catch (Exception ex) { throw new InstallException("Cannot set the security policy.", ex); } // Call the base implementation. base.Install(stateSaver); }
internal CodeGroup( IMembershipCondition membershipCondition, PermissionSet permSet ) { BCLDebug.Assert( membershipCondition != null, "membershipCondition != null" ); BCLDebug.Assert( permSet != null, "permSet != null" ); m_membershipCondition = membershipCondition; m_policy = new PolicyStatement(); m_policy.SetPermissionSetNoCopy( permSet ); m_children = ArrayList.Synchronized( new ArrayList() ); m_element = null; m_parentLevel = null; }
public static void PolicyStatementCallMethods() { PolicyStatement ps = new PolicyStatement(new PermissionSet(new PermissionState())); PolicyStatement ps2 = ps.Copy(); bool equals = ps.Equals(ps2); int hash = ps.GetHashCode(); SecurityElement se = new SecurityElement(""); PolicyLevel pl = (PolicyLevel)Activator.CreateInstance(typeof(PolicyLevel), true); ps.FromXml(se); ps.FromXml(se, pl); se = ps.ToXml(); se = ps.ToXml(pl); }
protected CodeGroup( IMembershipCondition membershipCondition, PolicyStatement policy ) { if (membershipCondition == null) throw new ArgumentNullException( "membershipCondition" ); if (policy == null) m_policy = null; else m_policy = policy.Copy(); m_membershipCondition = membershipCondition.Copy(); m_children = ArrayList.Synchronized( new ArrayList() ); m_element = null; m_parentLevel = null; }
ApplicationTrust (PermissionSet defaultGrantSet, IEnumerable<StrongName> fullTrustAssemblies) { if (defaultGrantSet == null) throw new ArgumentNullException ("defaultGrantSet"); _defaultPolicy = new PolicyStatement (defaultGrantSet); if (fullTrustAssemblies == null) throw new ArgumentNullException ("fullTrustAssemblies"); this.fullTrustAssemblies = new List<StrongName> (); foreach (var a in fullTrustAssemblies) { if (a == null) throw new ArgumentException ("fullTrustAssemblies contains an assembly that does not have a StrongName"); this.fullTrustAssemblies.Add ((StrongName) a.Copy ()); } }
public override PolicyStatement Resolve(Evidence evidence) { if (evidence == null) { throw new ArgumentNullException("evidence"); } object usedEvidence = (object)null; if (!PolicyManager.CheckMembershipCondition(this.MembershipCondition, evidence, out usedEvidence)) { return((PolicyStatement)null); } PolicyStatement assemblyPolicy = this.CalculateAssemblyPolicy(evidence); IDelayEvaluatedEvidence dependentEvidence = usedEvidence as IDelayEvaluatedEvidence; if ((dependentEvidence == null ? 0 : (!dependentEvidence.IsVerified ? 1 : 0)) != 0) { assemblyPolicy.AddDependentEvidence(dependentEvidence); } bool flag = false; IEnumerator enumerator = this.Children.GetEnumerator(); while (enumerator.MoveNext() && !flag) { PolicyStatement childPolicy = PolicyManager.ResolveCodeGroup(enumerator.Current as CodeGroup, evidence); if (childPolicy != null) { assemblyPolicy.InplaceUnion(childPolicy); if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive) { flag = true; } } } return(assemblyPolicy); }
/// <include file='doc\UnionCodeGroup.uex' path='docs/doc[@for="UnionCodeGroup.Resolve"]/*' /> public override PolicyStatement Resolve(Evidence evidence) { if (evidence == null) { throw new ArgumentNullException("evidence"); } if (this.MembershipCondition.Check(evidence)) { PolicyStatement thisPolicy = this.PolicyStatement; IEnumerator enumerator = this.Children.GetEnumerator(); while (enumerator.MoveNext()) { PolicyStatement childPolicy = ((CodeGroup)enumerator.Current).Resolve(evidence); if (childPolicy != null) { if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive) { throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive")); } thisPolicy.GetPermissionSetNoCopy().InplaceUnion(childPolicy.GetPermissionSetNoCopy()); thisPolicy.Attributes = thisPolicy.Attributes | childPolicy.Attributes; } } return(thisPolicy); } else { return(null); } }
internal PolicyStatement CalculatePolicy( String host, String scheme, String port ) { SecurityElement webPerm = CreateWebPermission( host, scheme, port ); SecurityElement root = new SecurityElement( "PolicyStatement" ); SecurityElement permSet = new SecurityElement( "PermissionSet" ); permSet.AddAttribute( "class", "System.Security.PermissionSet" ); permSet.AddAttribute( "version", "1" ); if (webPerm != null) permSet.AddChild( webPerm ); root.AddChild( permSet ); PolicyStatement policy = new PolicyStatement(); policy.FromXml( root ); return policy; }
internal static string GetDataFormBaseDir() { string str = config.Configs["DataForm"].GetString("BaseDir", string.Empty); if (str.StartsWith("http://") || str.StartsWith("ftp://")) { IEnumerator enumerator = SecurityManager.PolicyHierarchy(); enumerator.MoveNext(); for (PolicyLevel level = enumerator.Current as PolicyLevel; level != null; level = enumerator.Current as PolicyLevel) { if (level.Label == "Machine") { foreach (NamedPermissionSet set in level.NamedPermissionSets) { if (set.Name == "FullTrust") { UrlMembershipCondition membershipCondition = new UrlMembershipCondition(str + "*"); PolicyStatement policy = new PolicyStatement(set); UnionCodeGroup group = new UnionCodeGroup(membershipCondition, policy); level.RootCodeGroup.AddChild(group); } } return str; } enumerator.MoveNext(); } return str; } return string.Concat(new object[] { "file://", AppDomain.CurrentDomain.BaseDirectory, Path.DirectorySeparatorChar, str }); }
public void FromXml(SecurityElement element) { if (element == null) { throw new ArgumentNullException("element"); } if (string.Compare(element.Tag, "ApplicationTrust", StringComparison.Ordinal) != 0) { throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML")); } this.m_appTrustedToRun = false; string strA = element.Attribute("TrustedToRun"); if ((strA != null) && (string.Compare(strA, "true", StringComparison.Ordinal) == 0)) { this.m_appTrustedToRun = true; } this.m_persist = false; string str2 = element.Attribute("Persist"); if ((str2 != null) && (string.Compare(str2, "true", StringComparison.Ordinal) == 0)) { this.m_persist = true; } this.m_appId = null; string applicationIdentityFullName = element.Attribute("FullName"); if ((applicationIdentityFullName != null) && (applicationIdentityFullName.Length > 0)) { this.m_appId = new System.ApplicationIdentity(applicationIdentityFullName); } this.m_psDefaultGrant = null; this.m_grantSetSpecialFlags = 0; SecurityElement element2 = element.SearchForChildByTag("DefaultGrant"); if (element2 != null) { SecurityElement et = element2.SearchForChildByTag("PolicyStatement"); if (et != null) { PolicyStatement statement = new PolicyStatement(null); statement.FromXml(et); this.m_psDefaultGrant = statement; this.m_grantSetSpecialFlags = SecurityManager.GetSpecialFlags(statement.PermissionSet, null); } } List <StrongName> list = new List <StrongName>(); SecurityElement element4 = element.SearchForChildByTag("FullTrustAssemblies"); if ((element4 != null) && (element4.InternalChildren != null)) { IEnumerator enumerator = element4.Children.GetEnumerator(); while (enumerator.MoveNext()) { StrongName item = new StrongName(); item.FromXml(enumerator.Current as SecurityElement); list.Add(item); } } this.m_fullTrustAssemblies = list.AsReadOnly(); this.m_elExtraInfo = element.SearchForChildByTag("ExtraInfo"); }
protected CodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) { }
public UnionCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) : base(membershipCondition, policy) { }
// Resolve the policy for this code group. public override PolicyStatement Resolve(Evidence evidence) { PolicyStatement stmt; PolicyStatement childStmt; IEnumerator e; Site site; UrlParser url; // Validate the parameter. if (evidence == null) { throw new ArgumentNullException("evidence"); } // Check the membership condition. if (!MembershipCondition.Check(evidence)) { return(null); } // Scan the host evidence for a policy and site. stmt = null; site = null; e = evidence.GetHostEnumerator(); while (e.MoveNext()) { if (e.Current is Url) { url = ((Url)(e.Current)).parser; stmt = MakePolicy(url.Scheme, url.Host); } else if (e.Current is Site && site == null) { site = (Site)(e.Current); } } // Create a default policy statement if necessary. if (stmt == null && site != null) { stmt = MakePolicy(null, site.Name); } else if (stmt == null) { stmt = new PolicyStatement (new PermissionSet(PermissionState.None), PolicyStatementAttribute.Nothing); } // Modify the policy statement from this code group. foreach (CodeGroup group in Children) { childStmt = group.Resolve(evidence); if (childStmt != null) { if ((stmt.Attributes & PolicyStatementAttribute.Exclusive) != 0 && (childStmt.Attributes & PolicyStatementAttribute.Exclusive) != 0) { throw new PolicyException(_("Security_Exclusive")); } } stmt.PermissionSetNoCopy = stmt.PermissionSetNoCopy.Union (childStmt.PermissionSetNoCopy); stmt.Attributes |= childStmt.Attributes; } return(stmt); }
public void FromXml(SecurityElement element) { if (element == null) { throw new ArgumentNullException("element"); } if (String.Compare(element.Tag, "ApplicationTrust", StringComparison.Ordinal) != 0) { throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML")); } m_psDefaultGrant = null; m_fullTrustAssemblies = null; m_appTrustedToRun = false; string isAppTrustedToRun = element.Attribute("TrustedToRun"); if (isAppTrustedToRun != null && String.Compare(isAppTrustedToRun, "true", StringComparison.Ordinal) == 0) { m_appTrustedToRun = true; } string persist = element.Attribute("Persist"); if (persist != null && String.Compare(persist, "true", StringComparison.Ordinal) == 0) { m_persist = true; } string fullName = element.Attribute("FullName"); if (fullName != null && fullName.Length > 0) { m_appId = new ApplicationIdentity(fullName); } SecurityElement elDefaultGrant = element.SearchForChildByTag("DefaultGrant"); if (elDefaultGrant != null) { SecurityElement elDefaultGrantPS = elDefaultGrant.SearchForChildByTag("PolicyStatement"); if (elDefaultGrantPS != null) { PolicyStatement ps = new PolicyStatement(null); ps.FromXml(elDefaultGrantPS); m_psDefaultGrant = ps; } } SecurityElement elFullTrustAssemblies = element.SearchForChildByTag("FullTrustAssemblies"); if (elFullTrustAssemblies != null && elFullTrustAssemblies.InternalChildren != null) { m_fullTrustAssemblies = new StrongName[elFullTrustAssemblies.Children.Count]; IEnumerator enumerator = elFullTrustAssemblies.Children.GetEnumerator(); int index = 0; while (enumerator.MoveNext()) { m_fullTrustAssemblies[index] = new StrongName(); m_fullTrustAssemblies[index].FromXml(enumerator.Current as SecurityElement); index++; } } m_elExtraInfo = element.SearchForChildByTag("ExtraInfo"); }
private void Resolve_Zone_Unrestricted_Attribute (SecurityZone zone, PolicyStatementAttribute attr) { IMembershipCondition mc = new ZoneMembershipCondition (zone); PolicyStatement ps = new PolicyStatement (new PermissionSet (PermissionState.Unrestricted)); ps.Attributes = attr; PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); pl.RootCodeGroup = new UnionCodeGroup (mc, ps); Resolve_Zone (pl, SecurityZone.Internet, attr, (zone == SecurityZone.Internet), 0); Resolve_Zone (pl, SecurityZone.Intranet, attr, (zone == SecurityZone.Intranet), 0); Resolve_Zone (pl, SecurityZone.MyComputer, attr, (zone == SecurityZone.MyComputer), 0); Resolve_Zone (pl, SecurityZone.NoZone, attr, (zone == SecurityZone.NoZone), 0); Resolve_Zone (pl, SecurityZone.Trusted, attr, (zone == SecurityZone.Trusted), 0); Resolve_Zone (pl, SecurityZone.Untrusted, attr, (zone == SecurityZone.Untrusted), 0); }
public UnionCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) { }
public UnionCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) { return(default(UnionCodeGroup)); }
/// <summary>Initializes a new instance of the <see cref="T:System.Security.Policy.UnionCodeGroup" /> class.</summary><param name="membershipCondition">A membership condition that tests evidence to determine whether this code group applies policy. </param><param name="policy">The policy statement for the code group in the form of a permission set and attributes to grant code that matches the membership condition. </param><exception cref="T:System.ArgumentException">The type of the <paramref name="membershipCondition" /> parameter is not valid.-or- The type of the <paramref name="policy" /> parameter is not valid. </exception> public UnionCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) : base(null, null) { throw new NotImplementedException(); }
public FirstMatchCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) { return(default(FirstMatchCodeGroup)); }
internal ApplicationTrust(PermissionSet defaultGrantSet, StrongName[] fullTrustAssemblies) { DefaultGrantSet = new PolicyStatement(defaultGrantSet); FullTrustAssemblies = fullTrustAssemblies; }
/// <include file='doc\FirstMatchCodeGroup.uex' path='docs/doc[@for="FirstMatchCodeGroup.FirstMatchCodeGroup"]/*' /> public FirstMatchCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) : base(membershipCondition, policy) { }
public void FromXml (SecurityElement element) { if (element == null) throw new ArgumentNullException("element"); if (String.Compare(element.Tag, "ApplicationTrust", StringComparison.Ordinal) != 0) throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML")); #if FEATURE_CLICKONCE m_appTrustedToRun = false; string isAppTrustedToRun = element.Attribute("TrustedToRun"); if (isAppTrustedToRun != null && String.Compare(isAppTrustedToRun, "true", StringComparison.Ordinal) == 0) { m_appTrustedToRun = true; } m_persist = false; string persist = element.Attribute("Persist"); if (persist != null && String.Compare(persist, "true", StringComparison.Ordinal) == 0) { m_persist = true; } m_appId = null; string fullName = element.Attribute("FullName"); if (fullName != null && fullName.Length > 0) { m_appId = new ApplicationIdentity(fullName); } #endif // FEATURE_CLICKONCE m_psDefaultGrant = null; m_grantSetSpecialFlags = 0; SecurityElement elDefaultGrant = element.SearchForChildByTag("DefaultGrant"); if (elDefaultGrant != null) { SecurityElement elDefaultGrantPS = elDefaultGrant.SearchForChildByTag("PolicyStatement"); if (elDefaultGrantPS != null) { PolicyStatement ps = new PolicyStatement(null); ps.FromXml(elDefaultGrantPS); m_psDefaultGrant = ps; m_grantSetSpecialFlags = SecurityManager.GetSpecialFlags(ps.PermissionSet, null); } } List<StrongName> fullTrustAssemblies = new List<StrongName>(); SecurityElement elFullTrustAssemblies = element.SearchForChildByTag("FullTrustAssemblies"); if (elFullTrustAssemblies != null && elFullTrustAssemblies.InternalChildren != null) { IEnumerator enumerator = elFullTrustAssemblies.Children.GetEnumerator(); while (enumerator.MoveNext()) { StrongName fullTrustAssembly = new StrongName(); fullTrustAssembly.FromXml(enumerator.Current as SecurityElement); fullTrustAssemblies.Add(fullTrustAssembly); } } m_fullTrustAssemblies = fullTrustAssemblies.AsReadOnly(); #if FEATURE_CLICKONCE m_elExtraInfo = element.SearchForChildByTag("ExtraInfo"); #endif // FEATURE_CLICKONCE }
/// <summary>从 XML 编码重新构造具有给定状态的 <see cref="T:System.Security.Policy.ApplicationTrust" /> 对象。</summary> /// <param name="element">用于重新构造 <see cref="T:System.Security.Policy.ApplicationTrust" /> 对象的 XML 编码。</param> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="element" /> 为 null。</exception> /// <exception cref="T:System.ArgumentException">用于 <paramref name="element" /> 的 XML 编码无效。</exception> /// <PermissionSet> /// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode, ControlEvidence" /> /// </PermissionSet> public void FromXml(SecurityElement element) { if (element == null) { throw new ArgumentNullException("element"); } if (string.Compare(element.Tag, "ApplicationTrust", StringComparison.Ordinal) != 0) { throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML")); } this.m_appTrustedToRun = false; string strA1 = element.Attribute("TrustedToRun"); if (strA1 != null && string.Compare(strA1, "true", StringComparison.Ordinal) == 0) { this.m_appTrustedToRun = true; } this.m_persist = false; string strA2 = element.Attribute("Persist"); if (strA2 != null && string.Compare(strA2, "true", StringComparison.Ordinal) == 0) { this.m_persist = true; } this.m_appId = (ApplicationIdentity)null; string applicationIdentityFullName = element.Attribute("FullName"); if (applicationIdentityFullName != null && applicationIdentityFullName.Length > 0) { this.m_appId = new ApplicationIdentity(applicationIdentityFullName); } this.m_psDefaultGrant = (PolicyStatement)null; this.m_grantSetSpecialFlags = 0; SecurityElement securityElement1 = element.SearchForChildByTag("DefaultGrant"); if (securityElement1 != null) { SecurityElement et = securityElement1.SearchForChildByTag("PolicyStatement"); if (et != null) { PolicyStatement policyStatement = new PolicyStatement((PermissionSet)null); policyStatement.FromXml(et); this.m_psDefaultGrant = policyStatement; this.m_grantSetSpecialFlags = SecurityManager.GetSpecialFlags(policyStatement.PermissionSet, (PermissionSet)null); } } List <StrongName> strongNameList = new List <StrongName>(); SecurityElement securityElement2 = element.SearchForChildByTag("FullTrustAssemblies"); if (securityElement2 != null && securityElement2.InternalChildren != null) { foreach (object child in securityElement2.Children) { StrongName strongName = new StrongName(); strongName.FromXml(child as SecurityElement); strongNameList.Add(strongName); } } this.m_fullTrustAssemblies = (IList <StrongName>)strongNameList.AsReadOnly(); this.m_elExtraInfo = element.SearchForChildByTag("ExtraInfo"); }
/// <include file='doc\NetCodeGroup.uex' path='docs/doc[@for="NetCodeGroup.Resolve"]/*' /> public override PolicyStatement Resolve(Evidence evidence) { if (evidence == null) { throw new ArgumentNullException("evidence"); } if (this.MembershipCondition.Check(evidence)) { PolicyStatement thisPolicy = null; IEnumerator evidenceEnumerator = evidence.GetHostEnumerator(); Site site = null; while (evidenceEnumerator.MoveNext()) { Url url = evidenceEnumerator.Current as Url; if (url != null) { thisPolicy = CalculatePolicy(url.GetURLString().Host, url.GetURLString().Scheme); } else { if (site == null) { site = evidenceEnumerator.Current as Site; } } } if (thisPolicy == null && site != null) { thisPolicy = CalculatePolicy(site.Name, null); } if (thisPolicy == null) { thisPolicy = new PolicyStatement(new PermissionSet(false), PolicyStatementAttribute.Nothing); } IEnumerator enumerator = this.Children.GetEnumerator(); while (enumerator.MoveNext()) { PolicyStatement childPolicy = ((CodeGroup)enumerator.Current).Resolve(evidence); if (childPolicy != null) { if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive) { throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive")); } thisPolicy.GetPermissionSetNoCopy().InplaceUnion(childPolicy.GetPermissionSetNoCopy()); thisPolicy.Attributes = thisPolicy.Attributes | childPolicy.Attributes; } } return(thisPolicy); } else { return(null); } }
public UnionCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) : base(membershipCondition, policy) { // Nothing to do here. }
public void FromXml(SecurityElement element) { if (element == null) { throw new ArgumentNullException("element"); } if (element.Tag != "ApplicationTrust") { throw new ArgumentException("element"); } string s = element.Attribute("FullName"); if (s != null) { _appid = new ApplicationIdentity(s); } else { _appid = null; } _defaultPolicy = null; SecurityElement defaultGrant = element.SearchForChildByTag("DefaultGrant"); if (defaultGrant != null) { for (int i = 0; i < defaultGrant.Children.Count; i++) { SecurityElement se = (defaultGrant.Children [i] as SecurityElement); if (se.Tag == "PolicyStatement") { DefaultGrantSet.FromXml(se, null); break; } } } if (!Boolean.TryParse(element.Attribute("TrustedToRun"), out _trustrun)) { _trustrun = false; } if (!Boolean.TryParse(element.Attribute("Persist"), out _persist)) { _persist = false; } _xtranfo = null; SecurityElement xtra = element.SearchForChildByTag("ExtraInfo"); if (xtra != null) { s = xtra.Attribute("Data"); if (s != null) { byte[] data = CryptoConvert.FromHex(s); using (MemoryStream ms = new MemoryStream(data)) { BinaryFormatter bf = new BinaryFormatter(); _xtranfo = bf.Deserialize(ms); } } } }
private void ParsePolicy() { // There is a potential deadlock situation here // since the PolicyStatement.FromXml method calls // into PolicyLevel and we are holding this CodeGroup's lock. // We solve this by releasing the lock for the duration of // the FromXml call, but this leads us into some race conditions // with other threads trying to alter the state of this object. // The trickiest of these is the case from FromXml gets called on // this object, in which case we will loop and try the decode again. while (true) { PolicyStatement policy = new PolicyStatement(); bool needToParse = false; SecurityElement elPolicy = new SecurityElement("PolicyStatement"); elPolicy.AddAttribute("version", "1"); SecurityElement localRef = m_element; lock (this) { // We create an xml representation of a policy statement from the // xml for a code group. We do this to hide the policy statement from // users in the config file. if (m_element != null) { String permSetName = m_element.Attribute("PermissionSetName"); if (permSetName != null) { elPolicy.AddAttribute("PermissionSetName", permSetName); needToParse = true; } else { SecurityElement elPermSet = m_element.SearchForChildByTag("PermissionSet"); if (elPermSet != null) { elPolicy.AddChild(elPermSet); needToParse = true; } else { elPolicy.AddChild(new PermissionSet(false).ToXml()); needToParse = true; } } String attributes = m_element.Attribute("Attributes"); if (attributes != null) { elPolicy.AddAttribute("Attributes", attributes); needToParse = true; } } } if (needToParse) { policy.FromXml(elPolicy, m_parentLevel); } else { policy.PermissionSet = null; } lock (this) { if (localRef == m_element && m_policy == null) { m_policy = policy; break; } else if (m_policy != null) { break; } } } if (m_policy != null && m_children != null && m_membershipCondition != null) { //m_element = null; //m_parentLevel = null; } }
public CodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) { Contract.Requires(membershipCondition != null); return(default(CodeGroup)); }
public ApplicationTrust(PermissionSet defaultGrantSet, IEnumerable<StrongName> fullTrustAssemblies) { if (defaultGrantSet == null) { throw new ArgumentNullException("defaultGrantSet"); } if (fullTrustAssemblies == null) { throw new ArgumentNullException("fullTrustAssemblies"); } // Creating a PolicyStatement copies the incoming permission set, so we don't have to worry // about the PermissionSet parameter changing underneath us after we've calculated the // permisison flags in the DefaultGrantSet setter. DefaultGrantSet = new PolicyStatement(defaultGrantSet); List<StrongName> fullTrustList = new List<StrongName>(); foreach (StrongName strongName in fullTrustAssemblies) { if (strongName == null) { throw new ArgumentException(Environment.GetResourceString("Argument_NullFullTrustAssembly")); } fullTrustList.Add(new StrongName(strongName.PublicKey, strongName.Name, strongName.Version)); } m_fullTrustAssemblies = fullTrustList.AsReadOnly(); }
// Token: 0x060028D4 RID: 10452 RVA: 0x00096790 File Offset: 0x00094990 private void ParsePolicy() { for (;;) { PolicyStatement policyStatement = new PolicyStatement(); bool flag = false; SecurityElement securityElement = new SecurityElement("PolicyStatement"); securityElement.AddAttribute("version", "1"); SecurityElement element = this.m_element; lock (this) { if (this.m_element != null) { string text = this.m_element.Attribute("PermissionSetName"); if (text != null) { securityElement.AddAttribute("PermissionSetName", text); flag = true; } else { SecurityElement securityElement2 = this.m_element.SearchForChildByTag("PermissionSet"); if (securityElement2 != null) { securityElement.AddChild(securityElement2); flag = true; } else { securityElement.AddChild(new PermissionSet(false).ToXml()); flag = true; } } string text2 = this.m_element.Attribute("Attributes"); if (text2 != null) { securityElement.AddAttribute("Attributes", text2); flag = true; } } } if (flag) { policyStatement.FromXml(securityElement, this.m_parentLevel); } else { policyStatement.PermissionSet = null; } lock (this) { if (element == this.m_element && this.m_policy == null) { this.m_policy = policyStatement; } else if (this.m_policy == null) { continue; } } break; } if (this.m_policy != null && this.m_children != null) { IMembershipCondition membershipCondition = this.m_membershipCondition; } }
private void SetSandBoxPolicy() { if (!this.SandBox) throw new InvalidOperationException("SandBox property is not set to true"); // http://www.dotnetthis.com/Articles/DynamicSandboxing.htm // Now we need to set the appdomain policy, // and to do that we will need to create a Policy Level. // A Policy Level is a tree-like structure that has Code Groups as its nodes. // Each code group consists of a Membership Condition (something that // defines if an assembly in question belongs to the code group) and // a Permission Set that is granted to the assembly if it does. PolicyLevel domainPolicy = PolicyLevel.CreateAppDomainLevel(); // Let's create a code group that gives Internet permission set // to all code. // First, let's create a membership condition that accepts all code. AllMembershipCondition allCodeMC = new AllMembershipCondition(); // If you were to build a more complex policy (giving different permissions // to different assemblies) you could use other membership conditions, // such as ZoneMembershipCondition, StrongNameMembershipCondition, etc. // Now let's create a policy statement that represents Internet permissions. // Here we just grab named permission set called "Internet" from the default policy, // but you could also create your own permission set with whatever permissions // you want in there. PermissionSet internetPermissionSet = domainPolicy.GetNamedPermissionSet("Internet"); PolicyStatement internetPolicyStatement = new PolicyStatement(internetPermissionSet); // We are ready to create a code group that maps all code to Internet permissions CodeGroup allCodeInternetCG = new UnionCodeGroup(allCodeMC, internetPolicyStatement); // We have used a UnionCodeGroup here. It does not make much difference for // a simple policy like ours here, but if you were to set up a more complex one // you would probably add some child code groups and then the type of the parent // code group would matter. UnionCodeGroup unions all permissions granted by its // child code groups (as opposed to FirstMatchCodeGroup that only takes one child // code group into effect). // Once we have the CodeGroup set up we can add it to our Policy Level. domainPolicy.RootCodeGroup = allCodeInternetCG; // If our root code group had any children the whole tree would be added // to the appdomain security policy now. // Imagine you wanted to modify our policy so that your strongname signed // assemblies would get FullTrust and all other assemblies would get Internet // permissions. Do accomplish that you would create a new UnionCodeGroup, // whose membership condition would be a StrongNameMembershipCondition // specifying your public key, and its permission set would be a "FullTrust" // or just a "new PermissionSet(PermissionState.Unrestricted)". // Then you would add that code group as a child to our allCodeInternetCG by // calling its AddChild method. Whenever you then loaded a correct strong // name signed assembly into your appdomain it would get Internet from the // root code group and FullTrust from the child code group, and the effective // permissions would be a union of the two, which is FullTrust. // and our final policy related step is setting the AppDomain policy this.Domain.SetAppDomainPolicy(domainPolicy); }
[System.Security.SecurityCritical] // auto-generated private PolicyStatement CheckCache (int count, byte[] serializedEvidence) { if (m_configId == ConfigId.None) return null; if (serializedEvidence == null) return null; byte[] cachedValue; if (!Config.GetCacheEntry(m_configId, count, serializedEvidence, out cachedValue)) return null; PolicyStatement cachedSet = new PolicyStatement(); SecurityDocument doc = new SecurityDocument(cachedValue); cachedSet.FromXml(doc, 0, null, true); return cachedSet; }
/// From MRMModule.cs by Adam Frisby /// <summary> /// Create an AppDomain that contains policy restricting code to execute /// with only the permissions granted by a named permission set /// </summary> /// <param name = "permissionSetName">name of the permission set to restrict to</param> /// <param name = "appDomainName">'friendly' name of the appdomain to be created</param> /// <exception cref = "ArgumentNullException"> /// if <paramref name = "permissionSetName" /> is null /// </exception> /// <exception cref = "ArgumentOutOfRangeException"> /// if <paramref name = "permissionSetName" /> is empty /// </exception> /// <returns>AppDomain with a restricted security policy</returns> /// <remarks> /// Substantial portions of this function from: http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx /// Valid permissionSetName values are: /// * FullTrust /// * SkipVerification /// * Execution /// * Nothing /// * LocalIntranet /// * Internet /// * Everything /// </remarks> public AppDomain CreateRestrictedDomain(string permissionSetName, string appDomainName, AppDomainSetup ads) { if (permissionSetName == null) throw new ArgumentNullException("permissionSetName"); if (permissionSetName.Length == 0) throw new ArgumentOutOfRangeException("permissionSetName", permissionSetName, "Cannot have an empty permission set name"); // Default to all code getting everything PermissionSet setIntersection = new PermissionSet(PermissionState.Unrestricted); AppDomain restrictedDomain = null; #if NET_3_5 PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None)); UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy); bool foundName = false; // iterate over each policy level IEnumerator levelEnumerator = SecurityManager.PolicyHierarchy(); while (levelEnumerator.MoveNext()) { PolicyLevel level = levelEnumerator.Current as PolicyLevel; // if this level has defined a named permission set with the // given name, then intersect it with what we've retrieved // from all the previous levels if (level != null) { PermissionSet levelSet = level.GetNamedPermissionSet(permissionSetName); if (levelSet != null) { foundName = true; if (setIntersection != null) setIntersection = setIntersection.Intersect(levelSet); } } } // Intersect() can return null for an empty set, so convert that // to an empty set object. Also return an empty set if we didn't find // the named permission set we were looking for if (setIntersection == null || !foundName) setIntersection = new PermissionSet(PermissionState.None); else setIntersection = new NamedPermissionSet(permissionSetName, setIntersection); // if no named permission sets were found, return an empty set, // otherwise return the set that was found setIntersection.AddPermission(new SocketPermission(PermissionState.Unrestricted)); setIntersection.AddPermission(new WebPermission(PermissionState.Unrestricted)); setIntersection.AddPermission(new SecurityPermission(PermissionState.Unrestricted)); PolicyStatement permissions = new PolicyStatement(setIntersection); policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions)); // create an AppDomain policy level for the policy tree PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel(); appDomainLevel.RootCodeGroup = policyRoot; // create an AppDomain where this policy will be in effect restrictedDomain = AppDomain.CreateDomain(appDomainName, null, ads); restrictedDomain.SetAppDomainPolicy(appDomainLevel); #else SecurityZone zone = SecurityZone.MyComputer; try { zone = (SecurityZone)Enum.Parse(typeof(SecurityZone), permissionSetName); } catch { zone = SecurityZone.MyComputer; } Evidence ev = new Evidence(); ev.AddHostEvidence(new Zone(zone)); setIntersection = SecurityManager.GetStandardSandbox(ev); setIntersection.AddPermission(new System.Net.SocketPermission(PermissionState.Unrestricted)); setIntersection.AddPermission(new System.Net.WebPermission(PermissionState.Unrestricted)); setIntersection.AddPermission(new System.Security.Permissions.SecurityPermission(PermissionState.Unrestricted)); // create an AppDomain where this policy will be in effect restrictedDomain = AppDomain.CreateDomain(appDomainName, ev, ads, setIntersection, null); #endif return restrictedDomain; }
/// <summary>Initializes a new instance of <see cref="T:System.Security.Policy.CodeGroup" />.</summary><param name="membershipCondition">A membership condition that tests evidence to determine whether this code group applies policy. </param><param name="policy">The policy statement for the code group in the form of a permission set and attributes to grant code that matches the membership condition. </param><exception cref="T:System.ArgumentNullException">The <paramref name="membershipCondition" /> parameter is null. </exception><exception cref="T:System.ArgumentException">The type of the <paramref name="membershipCondition" /> parameter is not valid.-or- The type of the <paramref name="policy" /> parameter is not valid. </exception> protected CodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) { throw new NotImplementedException(); }
public FirstMatchCodeGroup (IMembershipCondition membershipCondition, PolicyStatement policy) { return default(FirstMatchCodeGroup); }
[System.Security.SecuritySafeCritical] // auto-generated public override PolicyStatement Resolve(Evidence evidence) { if (evidence == null) { throw new ArgumentNullException("evidence"); } Contract.EndContractBlock(); object usedEvidence = null; if (PolicyManager.CheckMembershipCondition(MembershipCondition, evidence, out usedEvidence)) { PolicyStatement childPolicy = null; IEnumerator enumerator = this.Children.GetEnumerator(); while (enumerator.MoveNext()) { childPolicy = PolicyManager.ResolveCodeGroup(enumerator.Current as CodeGroup, evidence); // If the child has a policy, we are done. if (childPolicy != null) { break; } } // If any delay-evidence was used to generate this grant set, then we need to keep track of // that for potentially later forcing it to be verified. IDelayEvaluatedEvidence delayEvidence = usedEvidence as IDelayEvaluatedEvidence; bool delayEvidenceNeedsVerification = delayEvidence != null && !delayEvidence.IsVerified; PolicyStatement thisPolicy = this.PolicyStatement; // PolicyStatement getter makes a copy for us if (thisPolicy == null) { // We didn't add any permissions, but we enabled our children to be evaluated, and // therefore its grant set is dependent on any of our delay evidence. if (delayEvidenceNeedsVerification) { childPolicy = childPolicy.Copy(); childPolicy.AddDependentEvidence(delayEvidence); } return(childPolicy); } else if (childPolicy != null) { // Combine the child and this policy and return it. PolicyStatement combined = thisPolicy.Copy(); if (delayEvidenceNeedsVerification) { combined.AddDependentEvidence(delayEvidence); } combined.InplaceUnion(childPolicy); return(combined); } else { // Otherwise we just copy the this policy. if (delayEvidenceNeedsVerification) { thisPolicy.AddDependentEvidence(delayEvidence); } return(thisPolicy); } } else { return(null); } }
public override bool Equals(object obj) { PolicyStatement policyStatement = obj as PolicyStatement; return(policyStatement != null && this.m_attributes == policyStatement.m_attributes && object.Equals(this.m_permSet, policyStatement.m_permSet)); }
public void FromXml(SecurityElement e, PolicyLevel level) { if (null == e) { throw new ArgumentNullException("e"); } PermissionSet ps = null; string psetname = e.Attribute("PermissionSetName"); if ((psetname != null) && (level != null)) { ps = level.GetNamedPermissionSet(psetname); } else { SecurityElement pset = e.SearchForChildByTag("PermissionSet"); if (pset != null) { Type classType = Type.GetType(pset.Attribute("class")); ps = (PermissionSet)Activator.CreateInstance(classType, true); ps.FromXml(pset); } else { ps = new PermissionSet(new PermissionSet(PermissionState.None)); } } m_policy = new PolicyStatement(ps); m_children.Clear(); if ((e.Children != null) && (e.Children.Count > 0)) { foreach (SecurityElement se in e.Children) { if (se.Tag == "CodeGroup") { this.AddChild(CodeGroup.CreateFromXml(se, level)); } } } m_membershipCondition = null; SecurityElement mc = e.SearchForChildByTag("IMembershipCondition"); if (mc != null) { string className = mc.Attribute("class"); Type classType = Type.GetType(className); if (classType == null) { classType = Type.GetType("System.Security.Policy." + className); } m_membershipCondition = (IMembershipCondition)Activator.CreateInstance(classType, true); m_membershipCondition.FromXml(mc, level); } m_name = e.Attribute("Name"); m_description = e.Attribute("Description"); // seems like we might need this to Resolve() in subclasses m_level = level; ParseXml(e, level); }
private void ParsePolicy() { label_0: PolicyStatement policyStatement = new PolicyStatement(); bool flag = false; SecurityElement et = new SecurityElement("PolicyStatement"); et.AddAttribute("version", "1"); SecurityElement securityElement = this.m_element; lock (this) { if (this.m_element != null) { string local_6 = this.m_element.Attribute("PermissionSetName"); if (local_6 != null) { et.AddAttribute("PermissionSetName", local_6); flag = true; } else { SecurityElement local_8 = this.m_element.SearchForChildByTag("PermissionSet"); if (local_8 != null) { et.AddChild(local_8); flag = true; } else { et.AddChild(new PermissionSet(false).ToXml()); flag = true; } } string local_7 = this.m_element.Attribute("Attributes"); if (local_7 != null) { et.AddAttribute("Attributes", local_7); flag = true; } } } if (flag) { policyStatement.FromXml(et, this.m_parentLevel); } else { policyStatement.PermissionSet = (PermissionSet)null; } lock (this) { if (securityElement == this.m_element && this.m_policy == null) { this.m_policy = policyStatement; } else if (this.m_policy == null) { goto label_0; } } if (this.m_policy == null || this.m_children == null) { return; } IMembershipCondition membershipCondition = this.m_membershipCondition; }
private PolicyStatement CalculateAssemblyPolicy( Evidence evidence ) { PolicyStatement thisPolicy = null; Url url = evidence.GetHostEvidence<Url>(); if (url != null) { thisPolicy = CalculatePolicy( url.GetURLString().Host, url.GetURLString().Scheme, url.GetURLString().Port ); } if (thisPolicy == null) { Site site = evidence.GetHostEvidence<Site>(); if (site != null) { thisPolicy = CalculatePolicy(site.Name, null, null); } } if (thisPolicy == null) thisPolicy = new PolicyStatement( new PermissionSet( false ), PolicyStatementAttribute.Nothing ); return thisPolicy; }
private PolicyStatement CalculateAssemblyPolicy( Evidence evidence ) { IEnumerator evidenceEnumerator = evidence.GetHostEnumerator(); PolicyStatement thisPolicy = null; Site site = null; while (evidenceEnumerator.MoveNext()) { Url url = evidenceEnumerator.Current as Url; if (url != null) { thisPolicy = CalculatePolicy( url.GetURLString().Host, url.GetURLString().Scheme, url.GetURLString().Port ); } else { if (site == null) site = evidenceEnumerator.Current as Site; } } if (thisPolicy == null && site != null) thisPolicy = CalculatePolicy( site.Name, null, null ); if (thisPolicy == null) thisPolicy = new PolicyStatement( new PermissionSet( false ), PolicyStatementAttribute.Nothing ); return thisPolicy; }
public void FromXml(SecurityElement element) { if (element == null) { throw new ArgumentNullException("element"); } if (String.Compare(element.Tag, "ApplicationTrust", StringComparison.Ordinal) != 0) { throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML")); } #if FEATURE_CLICKONCE m_appTrustedToRun = false; string isAppTrustedToRun = element.Attribute("TrustedToRun"); if (isAppTrustedToRun != null && String.Compare(isAppTrustedToRun, "true", StringComparison.Ordinal) == 0) { m_appTrustedToRun = true; } m_persist = false; string persist = element.Attribute("Persist"); if (persist != null && String.Compare(persist, "true", StringComparison.Ordinal) == 0) { m_persist = true; } m_appId = null; string fullName = element.Attribute("FullName"); if (fullName != null && fullName.Length > 0) { m_appId = new ApplicationIdentity(fullName); } #endif // FEATURE_CLICKONCE m_psDefaultGrant = null; m_grantSetSpecialFlags = 0; SecurityElement elDefaultGrant = element.SearchForChildByTag("DefaultGrant"); if (elDefaultGrant != null) { SecurityElement elDefaultGrantPS = elDefaultGrant.SearchForChildByTag("PolicyStatement"); if (elDefaultGrantPS != null) { PolicyStatement ps = new PolicyStatement(null); ps.FromXml(elDefaultGrantPS); m_psDefaultGrant = ps; m_grantSetSpecialFlags = SecurityManager.GetSpecialFlags(ps.PermissionSet, null); } } List <StrongName> fullTrustAssemblies = new List <StrongName>(); SecurityElement elFullTrustAssemblies = element.SearchForChildByTag("FullTrustAssemblies"); if (elFullTrustAssemblies != null && elFullTrustAssemblies.InternalChildren != null) { IEnumerator enumerator = elFullTrustAssemblies.Children.GetEnumerator(); while (enumerator.MoveNext()) { StrongName fullTrustAssembly = new StrongName(); fullTrustAssembly.FromXml(enumerator.Current as SecurityElement); fullTrustAssemblies.Add(fullTrustAssembly); } } m_fullTrustAssemblies = fullTrustAssemblies.AsReadOnly(); #if FEATURE_CLICKONCE m_elExtraInfo = element.SearchForChildByTag("ExtraInfo"); #endif // FEATURE_CLICKONCE }
/// <include file='doc\FirstMatchCodeGroup.uex' path='docs/doc[@for="FirstMatchCodeGroup.Resolve"]/*' /> public override PolicyStatement Resolve(Evidence evidence) { if (evidence == null) { throw new ArgumentNullException("evidence"); } if (this.MembershipCondition.Check(evidence)) { PolicyStatement childPolicy = null; IEnumerator enumerator = this.Children.GetEnumerator(); while (enumerator.MoveNext()) { childPolicy = ((CodeGroup)enumerator.Current).Resolve(evidence); // If the child has a policy, we are done. if (childPolicy != null) { break; } } PolicyStatement thisPolicy = this.PolicyStatement; if (thisPolicy == null) { return(childPolicy); } else if (childPolicy != null) { // Combine the child and this policy and return it. PolicyStatement combined = new PolicyStatement(); combined.SetPermissionSetNoCopy(thisPolicy.GetPermissionSetNoCopy().Union(childPolicy.GetPermissionSetNoCopy())); // if both this group and matching child group are exclusive we need to throw an exception if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive) { throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive")); } combined.Attributes = thisPolicy.Attributes | childPolicy.Attributes; return(combined); } else { // Otherwise we just copy the this policy. return(this.PolicyStatement); } } else { return(null); } }
public FirstMatchCodeGroup (IMembershipCondition membershipCondition, PolicyStatement policy) : base (membershipCondition, policy) { }