public PermissionSet(PermissionSet permSet) : this() { if (permSet == null) { this.Reset(); } else { this.m_Unrestricted = permSet.m_Unrestricted; this.m_CheckedForNonCas = permSet.m_CheckedForNonCas; this.m_ContainsCas = permSet.m_ContainsCas; this.m_ContainsNonCas = permSet.m_ContainsNonCas; this.m_ignoreTypeLoadFailures = permSet.m_ignoreTypeLoadFailures; if (permSet.m_permSet != null) { this.m_permSet = new TokenBasedSet(permSet.m_permSet); for (int i = this.m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); i++) { object item = this.m_permSet.GetItem(i); IPermission permission = item as IPermission; ISecurityElementFactory factory = item as ISecurityElementFactory; if (permission != null) { this.m_permSet.SetItem(i, permission.Copy()); } else if (factory != null) { this.m_permSet.SetItem(i, factory.Copy()); } } } } }
// This method is called from unmanaged code in a temporary AppDomain, just to be able to call // the right AppDomain.CreateDomain overload. public static AppDomain CreateFullTrustSandbox() { try { Debug.Print("CreateSandboxAndInitialize - in loader AppDomain with Id: " + AppDomain.CurrentDomain.Id); PermissionSet pset = new PermissionSet(PermissionState.Unrestricted); AppDomainSetup loaderAppDomainSetup = AppDomain.CurrentDomain.SetupInformation; AppDomainSetup sandboxAppDomainSetup = new AppDomainSetup(); sandboxAppDomainSetup.ApplicationName = loaderAppDomainSetup.ApplicationName; sandboxAppDomainSetup.ConfigurationFile = loaderAppDomainSetup.ConfigurationFile; sandboxAppDomainSetup.ApplicationBase = loaderAppDomainSetup.ApplicationBase; sandboxAppDomainSetup.ShadowCopyFiles = loaderAppDomainSetup.ShadowCopyFiles; sandboxAppDomainSetup.ShadowCopyDirectories = loaderAppDomainSetup.ShadowCopyDirectories; // create the sandboxed domain AppDomain sandbox = AppDomain.CreateDomain( "FullTrustSandbox(" + AppDomain.CurrentDomain.FriendlyName + ")", null, sandboxAppDomainSetup, pset); Debug.Print("CreateFullTrustSandbox - sandbox AppDomain created. Id: " + sandbox.Id); return sandbox; } catch (Exception ex) { Debug.Print("Error during CreateFullTrustSandbox: " + ex.ToString()); return AppDomain.CurrentDomain; } }
public JintEngine(Options options) { Visitor = new ExecutionVisitor(options); permissionSet = new PermissionSet(PermissionState.None); Visitor.AllowClr = allowClr; MaxRecursions = 400; MaxSteps = 100 * 1000; var global = Visitor.Global as JsObject; global["ToBoolean"] = Visitor.Global.FunctionClass.New(new Func<object, Boolean>(Convert.ToBoolean)); global["ToByte"] = Visitor.Global.FunctionClass.New(new Func<object, Byte>(Convert.ToByte)); global["ToChar"] = Visitor.Global.FunctionClass.New(new Func<object, Char>(Convert.ToChar)); global["ToDateTime"] = Visitor.Global.FunctionClass.New(new Func<object, DateTime>(Convert.ToDateTime)); global["ToDecimal"] = Visitor.Global.FunctionClass.New(new Func<object, Decimal>(Convert.ToDecimal)); global["ToDouble"] = Visitor.Global.FunctionClass.New(new Func<object, Double>(Convert.ToDouble)); global["ToInt16"] = Visitor.Global.FunctionClass.New(new Func<object, Int16>(Convert.ToInt16)); global["ToInt32"] = Visitor.Global.FunctionClass.New(new Func<object, Int32>(Convert.ToInt32)); global["ToInt64"] = Visitor.Global.FunctionClass.New(new Func<object, Int64>(Convert.ToInt64)); global["ToSByte"] = Visitor.Global.FunctionClass.New(new Func<object, SByte>(Convert.ToSByte)); global["ToSingle"] = Visitor.Global.FunctionClass.New(new Func<object, Single>(Convert.ToSingle)); global["ToString"] = Visitor.Global.FunctionClass.New(new Func<object, String>(Convert.ToString)); global["ToUInt16"] = Visitor.Global.FunctionClass.New(new Func<object, UInt16>(Convert.ToUInt16)); global["ToUInt32"] = Visitor.Global.FunctionClass.New(new Func<object, UInt32>(Convert.ToUInt32)); global["ToUInt64"] = Visitor.Global.FunctionClass.New(new Func<object, UInt64>(Convert.ToUInt64)); BreakPoints = new List<BreakPoint>(); }
public int Fill(DataSet dataSet, object ADODBRecordSet, string srcTable) { System.Security.PermissionSet permissionSet = new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None); permissionSet.AddPermission(OleDbConnection.ExecutePermission); // MDAC 77737 permissionSet.AddPermission(new System.Security.Permissions.SecurityPermission(System.Security.Permissions.SecurityPermissionFlag.UnmanagedCode)); permissionSet.Demand(); IntPtr hscp; Bid.ScopeEnter(out hscp, "<oledb.OleDbDataAdapter.Fill|API> %d#, dataSet, ADODBRecordSet, srcTable='%ls'\n", ObjectID, srcTable); try { if (null == dataSet) { throw ADP.ArgumentNull("dataSet"); } if (null == ADODBRecordSet) { throw ADP.ArgumentNull("adodb"); } if (ADP.IsEmpty(srcTable)) { throw ADP.FillRequiresSourceTableName("srcTable"); } // user was required to have UnmanagedCode Permission just to create ADODB // (new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)).Demand(); return(FillFromADODB((object)dataSet, ADODBRecordSet, srcTable, true)); } finally { Bid.ScopeLeave(ref hscp); } }
private System.Security.PermissionSet GetInputPermissionSet() { if (this._inputPermissionSet == null) { XmlElement inputPermissionSetElement = this.GetInputPermissionSetElement(); if (this._preserveFullTrustPermissionSet) { XmlAttribute namedItem = (XmlAttribute)inputPermissionSetElement.Attributes.GetNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted")); this._isFullTrust = (namedItem != null) && bool.Parse(namedItem.Value); if (this._isFullTrust) { XmlDocument document = new XmlDocument(); document.AppendChild(document.ImportNode(inputPermissionSetElement, true)); document.DocumentElement.Attributes.RemoveNamedItem(XmlUtil.TrimPrefix("asmv2:Unrestricted")); inputPermissionSetElement = document.DocumentElement; } this._inputPermissionSet = SecurityUtilities.XmlToPermissionSet(inputPermissionSetElement); } else { this._inputPermissionSet = SecurityUtilities.XmlToPermissionSet(inputPermissionSetElement); this._isFullTrust = this._inputPermissionSet.IsUnrestricted(); } } return(this._inputPermissionSet); }
public void AddDeclarativeSecurity(SecurityAction action, PermissionSet pset) { lock (this.SyncRoot) { this.AddDeclarativeSecurityNoLock(action, pset); } }
private static AppDomain CreatePartialTrustAppDomain() { PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium)); permissions.AddPermission(new DnsPermission(PermissionState.Unrestricted)); permissions.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "TEMP;TMP;USERNAME;OS;COMPUTERNAME")); permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, AppDomain.CurrentDomain.BaseDirectory)); permissions.AddPermission(new IsolatedStorageFilePermission(PermissionState.None) { UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser, UserQuota = Int64.MaxValue }); permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlThread)); permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlPrincipal)); permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.RemotingConfiguration)); permissions.AddPermission(new SmtpPermission(SmtpAccess.Connect)); permissions.AddPermission(new SqlClientPermission(PermissionState.Unrestricted)); permissions.AddPermission(new TypeDescriptorPermission(PermissionState.Unrestricted)); permissions.AddPermission(new WebPermission(PermissionState.Unrestricted)); permissions.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess)); AppDomainSetup setup = new AppDomainSetup() { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory }; setup.PartialTrustVisibleAssemblies = new string[] { "System.Web, PublicKey=002400000480000094000000060200000024000052534131000400000100010007d1fa57c4aed9f0a32e84aa0faefd0de9e8fd6aec8f87fb03766c834c99921eb23be79ad9d5dcc1dd9ad236132102900b723cf980957fc4e177108fc607774f29e8320e92ea05ece4e821c0a5efe8f1645c4c0c93c1ab99285d622caa652c1dfad63d745d6f2de5f17e5eaf0fc4963d261c8a12436518206dc093344d5ad293", "System.Web.Extensions, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9", "System.Web.Abstractions, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9", "System.Web.Routing, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9", "System.ComponentModel.DataAnnotations, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9", "System.Web.DynamicData, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9", "System.Web.DataVisualization, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9", "System.Web.ApplicationServices, PublicKey=0024000004800000940000000602000000240000525341310004000001000100b5fc90e7027f67871e773a8fde8938c81dd402ba65b9201d60593e96c492651e889cc13f1415ebb53fac1131ae0bd333c5ee6021672d9718ea31a8aebd0da0072f25d87dba6fc90ffd598ed4da35e44c398c454307e8e33b8426143daec9f596836f97c8f74750e5975c64e2189f45def46b2a2b1247adc3652bf5c308055da9" }; return AppDomain.CreateDomain("Partial Trust Sandbox", null, setup, permissions); }
// Make an extremely restrictive permission set that allows only: // Execution Permission. private static PermissionSet MakeExecutionOnlyPermSet() { var pSet = new PermissionSet(PermissionState.None); var perm = new SecurityPermission(SecurityPermissionFlag.Execution); pSet.AddPermission(perm); return pSet; }
/// <summary> /// /// </summary> /// <param name="args"></param> public static void Main (string [] args) { if (args.Length < 4 || args.Length > 5) { Console.WriteLine ("Usage: GlPostProcess.exe in.dll out.dll Tao.OpenGl.snk Tao.OpenGl.Gl [Tao.OpenGl.ContextGl]"); return; } string inName = args[0]; string outName = args[1]; string typeName = args[3]; string snkFile = null; if (args[2] != "") snkFile = args[2]; string instanceTypeName = null; if (args.Length == 5) instanceTypeName = args[4]; string outDir = System.IO.Path.GetDirectoryName(outName); string outDll = System.IO.Path.GetFileName(outName); string outNameBase = System.IO.Path.GetFileNameWithoutExtension(outName); // The MS runtime doesn't support a bunch of queries on // dynamic modules, so we have to track this stuff ourselves field_hash = new Hashtable(); // load the input DLL as an Assembly Assembly inputAssembly = Assembly.LoadFrom(inName); // the calli instructions are unverifiable PermissionSet reqPermSet = new PermissionSet(PermissionState.None); reqPermSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification)); AssemblyName outAsName = new AssemblyName(); outAsName.Name = outNameBase; if (snkFile != null) outAsName.KeyPair = new StrongNameKeyPair(File.Open(snkFile, FileMode.Open, FileAccess.Read)); // create a dynamic assembly AssemblyBuilder abuilder = AppDomain.CurrentDomain.DefineDynamicAssembly (outAsName, AssemblyBuilderAccess.Save, outDir != null && outDir.Length > 0 ? outDir : null, reqPermSet, null, null); abuilder.SetCustomAttribute (GetCLSCompliantCAB (true)); // go through and copy over custom attributes //object [] assemblyAttrs = inputAssembly.GetCustomAttributes (false); // copy over references //AssemblyName [] assemblyRefs = inputAssembly.GetReferencedAssemblies (); // create a dynamic module ModuleBuilder mbuilder = abuilder.DefineDynamicModule(outAsName.Name, outDll); mbuilder.SetCustomAttribute (GetCLSCompliantCAB (true)); mbuilder.SetCustomAttribute (GetUnverifiableCodeCAB ()); ProcessType (mbuilder, inputAssembly, typeName, false); if (instanceTypeName != null) ProcessType (mbuilder, inputAssembly, instanceTypeName, false); mbuilder.CreateGlobalFunctions(); abuilder.Save(outDll); }
public static Task<GetManifestCompletedEventArgs> DownloadManifestAsync(this InPlaceHostingManager manager) { var tcs = new TaskCompletionSource<GetManifestCompletedEventArgs>(); manager.GetManifestCompleted += (sender, e) => { if(e.Error != null) { tcs.SetException(e.Error); return; } var trust = new ApplicationTrust(); var permissions = new PermissionSet(PermissionState.Unrestricted); var statement = new PolicyStatement(permissions); trust.DefaultGrantSet = statement; trust.ApplicationIdentity = e.ApplicationIdentity; trust.IsApplicationTrustedToRun = true; ApplicationSecurityManager.UserApplicationTrusts.Add(trust); tcs.SetResult(e); }; manager.GetManifestAsync(); return tcs.Task; }
/// <summary> /// Creates an AppDomain. /// </summary> /// <param name="applicationName">The application name for the new AppDomain, or null if none.</param> /// <param name="applicationBaseDirectory">The application base directory for the new AppDomain, or null to use the current one.</param> /// <param name="configurationFile">The configuration file for the new AppDomain, or null to use the current one.</param> /// <param name="enableShadowCopy">If true, enables shadow copying within the AppDomain.</param> /// <returns>The new AppDomain.</returns> public static AppDomain CreateAppDomain(string applicationName, string applicationBaseDirectory, string configurationFile, bool enableShadowCopy) { AppDomainSetup appDomainSetup = new AppDomainSetup(); appDomainSetup.ApplicationName = applicationName ?? string.Empty; appDomainSetup.ApplicationBase = applicationBaseDirectory ?? AppDomain.CurrentDomain.BaseDirectory; if (configurationFile != null) { // NOTE: We can also use AppDomainSetup.SetConfigurationBytes but it only applies to // CLR-internal configuration settings such as the assembly binding policy. // In order for other configuration mechanisms to operate correctly, we must // use a real configuration file on disk instead. appDomainSetup.ConfigurationFile = configurationFile; } if (enableShadowCopy) { appDomainSetup.ShadowCopyFiles = @"true"; appDomainSetup.ShadowCopyDirectories = null; } // TODO: Might need to be more careful about how the Evidence is derived. Evidence evidence = AppDomain.CurrentDomain.Evidence; if (DotNetRuntimeSupport.IsUsingMono) { return AppDomain.CreateDomain(appDomainSetup.ApplicationName, evidence, appDomainSetup); } else { PermissionSet defaultPermissionSet = new PermissionSet(PermissionState.Unrestricted); StrongName[] fullTrustAssemblies = new StrongName[0]; return AppDomain.CreateDomain(appDomainSetup.ApplicationName, evidence, appDomainSetup, defaultPermissionSet, fullTrustAssemblies); } }
public PermissionRequestEvidence(PermissionSet request, PermissionSet optional, PermissionSet denied) { if (request == null) { this.m_request = null; } else { this.m_request = request.Copy(); } if (optional == null) { this.m_optional = null; } else { this.m_optional = optional.Copy(); } if (denied == null) { this.m_denied = null; } else { this.m_denied = denied.Copy(); } }
private static PermissionSet CreateSkipVerificationSet() { PermissionSet permSet = new PermissionSet(PermissionState.None); #pragma warning disable 618 permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification)); #pragma warning restore 618 return permSet; }
private static PermissionSet Create_permission_set_for_sandbox_AppDomain(string beitragspfad) { PermissionSet permissionSet = new PermissionSet(PermissionState.None); permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, beitragspfad)); return permissionSet; }
/*!*/ private static PermissionSet CreatePermissionSet() { #if CLR2 string name = "Internet"; bool foundName = false; PermissionSet setIntersection = new PermissionSet(PermissionState.Unrestricted); // iterate over each policy level IEnumerator e = SecurityManager.PolicyHierarchy(); while (e.MoveNext()) { PolicyLevel level = (PolicyLevel)e.Current; PermissionSet levelSet = level.GetNamedPermissionSet(name); if (levelSet != null) { foundName = true; setIntersection = setIntersection.Intersect(levelSet); } } if (setIntersection == null || !foundName) { setIntersection = new PermissionSet(PermissionState.None); } else { setIntersection = new NamedPermissionSet(name, setIntersection); } return setIntersection; #else // this functionality is not available on Mono (AddHostEvidence is undefined), use dynamic to resolve it at runtime dynamic e = new Evidence(); e.AddHostEvidence(new Zone(SecurityZone.Internet)); return SecurityManager.GetStandardSandbox((Evidence)e); #endif }
private static bool CanWriteToFolder(string folder) { var permission = new FileIOPermission(FileIOPermissionAccess.Write, folder); var permissionSet = new PermissionSet(PermissionState.None); permissionSet.AddPermission(permission); return permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet); }
public void AddTo(CodeGen code_gen, PEAPI.MetaDataElement elem) { System.Text.UnicodeEncoding ue = new System.Text.UnicodeEncoding(); foreach (DictionaryEntry entry in permissionset_table) { PEAPI.SecurityAction sec_action = (PEAPI.SecurityAction)entry.Key; SSPermissionSet ps = (SSPermissionSet)entry.Value; code_gen.PEFile.AddDeclSecurity(sec_action, ue.GetBytes(ps.ToXml().ToString()), elem); } if (permissionset20_table == null) { return; } foreach (DictionaryEntry entry in permissionset20_table) { PEAPI.SecurityAction sec_action = (PEAPI.SecurityAction)entry.Key; MIPermissionSet ps = (MIPermissionSet)entry.Value; code_gen.PEFile.AddDeclSecurity(sec_action, ps.Resolve(code_gen), elem); } }
[System.Security.SecurityCritical] // auto-generated private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc, PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh) { return secDesc.CheckSetDemand(demandSet, out alteredDemandSet, rmh); }
static bool TryProcessPermissionSetAttribute (SecurityDeclaration declaration, out PermissionSet set) { set = null; if (!declaration.HasSecurityAttributes && declaration.SecurityAttributes.Count != 1) return false; var security_attribute = declaration.SecurityAttributes [0]; if (!security_attribute.AttributeType.IsTypeOf ("System.Security.Permissions", "PermissionSetAttribute")) return false; var attribute = new SSP.PermissionSetAttribute ((SSP.SecurityAction) declaration.Action); var named_argument = security_attribute.Properties [0]; string value = (string) named_argument.Argument.Value; switch (named_argument.Name) { case "XML": attribute.XML = value; break; case "Name": attribute.Name = value; break; default: throw new NotImplementedException (named_argument.Name); } set = attribute.CreatePermissionSet (); return true; }
//Create a SandBox to load Assemblies with "Full Trust" public static ServiceBridge Sandbox(string assemblyFilename, string configPath, ResolveEventHandler handler) { var trustedLoadGrantSet = new PermissionSet(PermissionState.Unrestricted); var trustedLoadSetup = new AppDomainSetup(); trustedLoadSetup.ApplicationBase = Path.GetDirectoryName(assemblyFilename); trustedLoadSetup.PrivateBinPath = Path.GetDirectoryName(assemblyFilename); //trustedLoadSetup.ConfigurationFile = AppDomain.CurrentDomain.SetupInformation.ConfigurationFile; trustedLoadSetup.ConfigurationFile = configPath; AppDomain.CurrentDomain.AssemblyResolve += handler; AppDomain appDomain = AppDomain.CreateDomain("ServiceBridge SandBox", null, trustedLoadSetup, trustedLoadGrantSet); appDomain.SetData("DataDirectory", configPath.Replace("Web.config", "App_Data")); ServiceBridge loader = appDomain.CreateInstanceAndUnwrap( typeof(ServiceBridge).Assembly.GetName().FullName, typeof(ServiceBridge).FullName, false, BindingFlags.Default, null, new object[] { assemblyFilename }, CultureInfo.InvariantCulture, null) as ServiceBridge; return loader; }
public static PluginHost CreateSandbox(string applicationBasePath) { var rand = Path.GetRandomFileName(); var setup = new AppDomainSetup() { ApplicationBase = applicationBasePath, ApplicationName = rand, ConfigurationFile = "", // DO not set to empty string if we want to use the conf file from this domain DisallowBindingRedirects = true, DisallowCodeDownload = true, DisallowPublisherPolicy = true }; var permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); permissions.AddPermission( new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.AllAccess, applicationBasePath)); // If we want to enable NLog (for example) to read our configuration file permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, @"C:\Dev\POC\Krang\src\Krang.App\bin\Debug\Krang.App.vshost.exe.Config")); var domain = AppDomain.CreateDomain(rand, null, setup, permissions, typeof(PluginHost).Assembly.Evidence.GetHostEvidence<StrongName>(), typeof(Plugin).Assembly.Evidence.GetHostEvidence<StrongName>()); return (PluginHost)Activator.CreateInstanceFrom(domain, typeof(PluginHost).Assembly.ManifestModule.FullyQualifiedName, typeof(PluginHost).FullName).Unwrap(); }
static AppDomain NewDomain () { PolicyStatement statement = new PolicyStatement(new PermissionSet(PermissionState.None),PolicyStatementAttribute.Nothing); PermissionSet ps = new PermissionSet(PermissionState.None); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Assertion)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlAppDomain)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlDomainPolicy)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlPolicy)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlPrincipal)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlThread)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Infrastructure)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.RemotingConfiguration)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter)); ps.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); ps.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted)); ps.AddPermission(new ReflectionPermission(PermissionState.Unrestricted)); ps.AddPermission(new RegistryPermission(PermissionState.Unrestricted)); ps.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted)); ps.AddPermission(new EventLogPermission(PermissionState.Unrestricted)); ps.AddPermission(new PerformanceCounterPermission(PermissionState.Unrestricted)); ps.AddPermission(new DnsPermission(PermissionState.Unrestricted)); ps.AddPermission(new UIPermission(PermissionState.Unrestricted)); PolicyStatement statement1 = new PolicyStatement(ps,PolicyStatementAttribute.Exclusive); CodeGroup group; group = new UnionCodeGroup(new AllMembershipCondition(),statement); group.AddChild(new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.MyComputer),statement1)); PolicyLevel level = PolicyLevel.CreateAppDomainLevel(); level.RootCodeGroup = group; AppDomain domain = AppDomain.CreateDomain ("test"); domain.SetAppDomainPolicy(level); return domain; }
public bool Build(X509Certificate2 certificate) { lock (this.m_syncRoot) { if ((certificate == null) || certificate.CertContext.IsInvalid) { throw new ArgumentException(SR.GetString("Cryptography_InvalidContextHandle"), "certificate"); } new StorePermission(StorePermissionFlags.EnumerateCertificates | StorePermissionFlags.OpenStore).Demand(); X509ChainPolicy chainPolicy = this.ChainPolicy; if ((chainPolicy.RevocationMode == X509RevocationMode.Online) && ((certificate.Extensions["2.5.29.31"] != null) || (certificate.Extensions["1.3.6.1.5.5.7.1.1"] != null))) { PermissionSet set = new PermissionSet(PermissionState.None); set.AddPermission(new WebPermission(PermissionState.Unrestricted)); set.AddPermission(new StorePermission(StorePermissionFlags.AddToStore)); set.Demand(); } this.Reset(); if (BuildChain(this.m_useMachineContext ? new IntPtr(1L) : new IntPtr(0L), certificate.CertContext, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout, ref this.m_safeCertChainHandle) != 0) { return false; } this.Init(); CAPIBase.CERT_CHAIN_POLICY_PARA pPolicyPara = new CAPIBase.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_PARA))); CAPIBase.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new CAPIBase.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_STATUS))); pPolicyPara.dwFlags = (uint) chainPolicy.VerificationFlags; if (!CAPISafe.CertVerifyCertificateChainPolicy(new IntPtr(1L), this.m_safeCertChainHandle, ref pPolicyPara, ref pPolicyStatus)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } CAPISafe.SetLastError(pPolicyStatus.dwError); return (pPolicyStatus.dwError == 0); } }
internal void InplaceUnion(PolicyStatement childPolicy) { if (((this.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive) { throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive")); } if (childPolicy.HasDependentEvidence) { bool flag = this.m_permSet.IsSubsetOf(childPolicy.GetPermissionSetNoCopy()) && !childPolicy.GetPermissionSetNoCopy().IsSubsetOf(this.m_permSet); if (this.HasDependentEvidence || flag) { if (this.m_dependentEvidence == null) { this.m_dependentEvidence = new List <IDelayEvaluatedEvidence>(); } this.m_dependentEvidence.AddRange(childPolicy.DependentEvidence); } } if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive) { this.m_permSet = childPolicy.GetPermissionSetNoCopy(); this.Attributes = childPolicy.Attributes; } else { this.m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy()); this.Attributes |= childPolicy.Attributes; } }
/// <summary> /// Initializes the permissions manager with the permissions required by an install script. /// </summary> internal static void Init() { permissions = new PermissionSet(PermissionState.None); //do the following paths need to add to this? // savesPath - fallout 3 var fipFilePermission = new FileIOPermission(FileIOPermissionAccess.AllAccess, new[] { Program.tmpPath, Path.GetTempPath(), Program.GameMode.InstallInfoDirectory, Program.GameMode.PluginsPath }); var lstPaths = new List<string>(Program.GameMode.SettingsFiles.Values); lstPaths.AddRange(Program.GameMode.AdditionalPaths.Values); fipFilePermission.AddPathList(FileIOPermissionAccess.AllAccess, lstPaths.ToArray()); fipFilePermission.AddPathList(FileIOPermissionAccess.Read, Environment.CurrentDirectory); permissions.AddPermission(fipFilePermission); permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)); permissions.AddPermission(new UIPermission(UIPermissionWindow.AllWindows)); // Not sure what permissions are needed for GetTempFileName() to work, so we add them all. permissions.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted)); }
private static AppDomain CreateRestrictedDomain(string domainName) { // Default to all code getting nothing PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None)); UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy); // Grant all code the named permission set for the test PermissionSet partialTrustPermissionSet = new PermissionSet(PermissionState.None); partialTrustPermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.AllFlags)); partialTrustPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)); PolicyStatement permissions = new PolicyStatement(partialTrustPermissionSet); policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions)); // Create an AppDomain policy level for the policy tree PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel(); appDomainLevel.RootCodeGroup = policyRoot; // Set the Application Base correctly in order to find the test assembly AppDomainSetup ads = new AppDomainSetup(); ads.ApplicationBase = Environment.CurrentDirectory; AppDomain restrictedDomain = AppDomain.CreateDomain(domainName, null, ads); restrictedDomain.SetAppDomainPolicy(appDomainLevel); return restrictedDomain; }
private void AddPermission(PEAPI.SecurityAction sec_action, object perm, DeclSecurity decl_sec) { SSPermissionSet ps = perm as SSPermissionSet; if (ps != null) { decl_sec.AddPermissionSet(sec_action, ps); return; } IPermission iper = perm as IPermission; if (iper != null) { decl_sec.AddPermission(sec_action, iper); return; } MIPermissionSet ps20 = perm as MIPermissionSet; if (ps20 != null) { decl_sec.AddPermissionSet(sec_action, ps20); return; } }
public void Open() { if(State != CommunicationState.Created) { return; } try { Opening(this,EventArgs.Empty); //Permission required to read the providers application name and access config PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal)); permissions.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); permissions.Assert(); m_ServiceHostActivator.MembershipApplicationName = Membership.ApplicationName; if(Roles.Enabled) { m_ServiceHostActivator.RolesApplicationName = Roles.ApplicationName; } PermissionSet.RevertAssert(); m_ServiceHostActivator.Open(); State = CommunicationState.Opened; Opened(this,EventArgs.Empty); } catch { State = CommunicationState.Faulted; } }
public void GeneratedTypeForAdditionalInterfaceWithMethodsHavingSignaturesMatchingMethodsInTheBaseClassIsVerifiable() { PermissionSet grantSet = new PermissionSet(PermissionState.None); grantSet.AddPermission( new SecurityPermission( SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)); grantSet.AddPermission( new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess | ReflectionPermissionFlag.MemberAccess)); grantSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); AppDomain sandbox = AppDomain.CreateDomain( "sandbox", AppDomain.CurrentDomain.Evidence, new AppDomainSetup { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory }, grantSet); sandbox.DoCallBack(() => { InterceptingClassGenerator generator = new InterceptingClassGenerator(typeof(MainType), typeof(IDoSomething), typeof(IDoSomethingToo)); Type generatedType = generator.GenerateType(); }); }
private PermissionSet ParsePermissionSet(Parser parser) { SecurityElement topElement = parser.GetTopElement(); PermissionSet set = new PermissionSet(PermissionState.None); set.FromXml(topElement); return set; }
public void Clear() { this._inputPermissionSet = null; this._inputTrustInfoDocument = null; this._isFullTrust = true; this._outputPermissionSet = null; }
static XmlILModule() { AssemblyName asmName; AssemblyBuilder asmBldr; CreateModulePermissionSet = new PermissionSet(PermissionState.None); // CreateDelegate demands MemberAccess permission CreateModulePermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.MemberAccess)); // DynamicMethod constructor demands ControlEvidence permissions. // Emitting symbols in DefineDynamicModule (to allow to debug the stylesheet) requires UnmanagedCode permission. CreateModulePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.UnmanagedCode)); AssemblyId = 0; // 1. LRE assembly only needs to execute // 2. No temp files need be created // 3. Never allow assembly to Assert permissions asmName = CreateAssemblyName(); asmBldr = AppDomain.CurrentDomain.DefineDynamicAssembly(asmName, AssemblyBuilderAccess.Run); try { CreateModulePermissionSet.Assert(); // Add custom attribute to assembly marking it as security transparent so that Assert will not be allowed // and link demands will be converted to full demands. asmBldr.SetCustomAttribute(new CustomAttributeBuilder(XmlILConstructors.Transparent, new object[] {})); // Store LREModule once. If multiple threads are doing this, then some threads might get different // modules. This is OK, since it's not mandatory to share, just preferable. LREModule = asmBldr.DefineDynamicModule("System.Xml.Xsl.CompiledQuery", false); } finally { CodeAccessPermission.RevertAssert(); } }
public AppDomain createAppDomain(string appDomainName, AppDomainSetup appDomainSetup) { try { if (DI.appDomainsControledByO2Kernel.ContainsKey(appDomainName)) DI.log.error("in createAppDomain, appDomainName provided has already been used, appDomainNames must be unique: {0}", appDomainName); else { DI.log.info("Creating AppDomain {0} with Base Directory {1}", appDomainName, appDomainSetup.ApplicationBase); // ensure target directory exits O2Kernel_Files.checkIfDirectoryExistsAndCreateIfNot(appDomainSetup.ApplicationBase); // give our appDomain full trust :) var permissionSet = new PermissionSet(PermissionState.Unrestricted); DI.appDomainsControledByO2Kernel.Add(appDomainName,this); //Create domain appDomain = AppDomain.CreateDomain(appDomainName, null, appDomainSetup, permissionSet); // appDomain.AssemblyResolve += new ResolveEventHandler(assemblyResolve); BaseDirectory = appDomain.BaseDirectory; return appDomain; } } catch (Exception ex) { DI.log.ex(ex, "could not load createAppDomain: " + appDomainName); } return null; }
public JintEngine() { PermissionSet = new PermissionSet(PermissionState.None); TypeSystem = new TypeSystem(); _runtime = new JintRuntime(this); }
public void CanReflectOnSecurityExceptionWithoutPermission() { SecurityPermission denyPermission = new SecurityPermission(SecurityPermissionFlag.ControlPolicy | SecurityPermissionFlag.ControlEvidence); PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(denyPermission); permissions.Deny(); SecurityException exception = null; try { DemandException(denyPermission); } catch (SecurityException e) { exception = e; } ExceptionFormatter formatter = new ExceptionFormatter(); String message = formatter.GetMessage(exception); Match demandedMatch = DemandedEntryRegex.Match(message); Assert.IsNotNull(demandedMatch); Assert.AreEqual(Resources.PropertyAccessFailed, demandedMatch.Groups[1].Value); CodeAccessPermission.RevertDeny(); message = formatter.GetMessage(exception); demandedMatch = DemandedEntryRegex.Match(message); Assert.IsNotNull(demandedMatch); Assert.AreNotEqual(Resources.PropertyAccessFailed, demandedMatch.Groups[1].Value); }
internal void GetGrantSet(out System.Security.PermissionSet newGrant, out System.Security.PermissionSet newDenied) { System.Security.PermissionSet o = null; System.Security.PermissionSet set2 = null; GetGrantSet(this.GetNativeHandle(), JitHelpers.GetObjectHandleOnStack <System.Security.PermissionSet>(ref o), JitHelpers.GetObjectHandleOnStack <System.Security.PermissionSet>(ref set2)); newGrant = o; newDenied = set2; }
private System.Security.PermissionSet GetOutputPermissionSet() { if (this._outputPermissionSet == null) { this._outputPermissionSet = this.GetInputPermissionSet(); } return(this._outputPermissionSet); }
public void SetMethod() { ReflectionPermission rp = new ReflectionPermission(ReflectionPermissionFlag.AllFlags); IsolatedStorageFilePermission isp = new IsolatedStorageFilePermission(PermissionState.Unrestricted); System.Security.PermissionSet ps = new System.Security.PermissionSet(PermissionState.None); ps.AddPermission(rp); ps.AddPermission(isp); ps.Demand(); }
protected internal override System.Security.PermissionSet CreatePermissionSet() { System.Security.PermissionSet permissionSet; if (PossiblePrompt) { permissionSet = new NamedPermissionSet("FullTrust"); } else { permissionSet = new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None); permissionSet.AddPermission(new OleDbPermission(this)); } return permissionSet; }
private void NominaTelecentroForm_Load(object sender, EventArgs e) { ReporteNominaTelecentro_ResultBindingSource.DataSource = new EmpleadosManager().ReporteNominaTLC(FechaFin); System.Security.PermissionSet sec = new System.Security.PermissionSet(System.Security.Permissions.PermissionState.Unrestricted); this.reportViewer1.LocalReport.SetBasePermissionsForSandboxAppDomain(sec); this.reportViewer1.RefreshReport(); }
public void AddPermission(PEAPI.SecurityAction sec_action, IPermission perm) { SSPermissionSet ps = (SSPermissionSet)permissionset_table [sec_action]; if (ps == null) { ps = new SSPermissionSet(PermissionState.None); permissionset_table [sec_action] = ps; } ps.AddPermission(perm); }
protected internal override System.Security.PermissionSet CreatePermissionSet() { System.Security.PermissionSet permissionSet; if (ContainsKey(KEY.SaveFile)) { permissionSet = new NamedPermissionSet("FullTrust"); } else { permissionSet = new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None); permissionSet.AddPermission(new OdbcPermission(this)); } return(permissionSet); }
public PolicyStatement(System.Security.PermissionSet permSet, PolicyStatementAttribute attributes) { if (permSet == null) { this.m_permSet = new System.Security.PermissionSet(false); } else { this.m_permSet = permSet.Copy(); } if (ValidProperties(attributes)) { this.m_attributes = attributes; } }
public void AddPermissionSet(PEAPI.SecurityAction sec_action, SSPermissionSet perm_set) { SSPermissionSet ps = (SSPermissionSet)permissionset_table [sec_action]; if (ps == null) { permissionset_table [sec_action] = perm_set; return; } foreach (IPermission iper in perm_set) { ps.AddPermission(iper); } }
private static bool IsDataObjectFromLessPriviligedApplicationDomain(IDataObject dataObjectToApply) { bool retVal = false; object applicationTrust = null; // Extract the permission set in case of xaml cut and paste // extract permission set if it exists if not data came from full trust app and we do not care bool isApplicationTrustFormatPresent = false; isApplicationTrustFormatPresent = dataObjectToApply.GetDataPresent(DataFormats.ApplicationTrust, /*autoConvert:*/ false); if (isApplicationTrustFormatPresent) { applicationTrust = dataObjectToApply.GetData(DataFormats.ApplicationTrust, /*autoConvert:*/ false); } if (applicationTrust != null) { string applicationTrustText = null; // convert to string applicationTrustText = applicationTrust.ToString(); // Convert string to permission set for getting permission set of source PermissionSet permissionSetSource; try { SecurityElement securityElement = SecurityElement.FromString(applicationTrustText); permissionSetSource = new System.Security.PermissionSet(PermissionState.None); permissionSetSource.FromXml(securityElement); } catch (XmlSyntaxException) { // This is the condition where we have Malformed XML in the clipboard for application trust // here we will fail silently since we do not want to break arbitrary applications // but since we cannot establish the validity of the application trust content we will fall back to // whatever is more secure return(true); } //extract permission set for the current appdomain which is target PermissionSet permissionSetDestination = SecurityHelper.ExtractAppDomainPermissionSetMinusSiteOfOrigin(); //Compare permissions sets if (!permissionSetDestination.IsSubsetOf(permissionSetSource)) { retVal = true; // in case target is not subset of source revert to unicode or text } } return(retVal); }
private PolicyStatement(System.Security.PermissionSet permSet, PolicyStatementAttribute attributes, bool copy) { if (permSet != null) { if (copy) { this.m_permSet = permSet.Copy(); } else { this.m_permSet = permSet; } } else { this.m_permSet = new System.Security.PermissionSet(false); } this.m_attributes = attributes; }
public void Create_PartialTrust() { // basic check of running a host in partial trust AppDomainSetup info = new AppDomainSetup(); info.ApplicationBase = TestHelpers.BinDirectory; info.ApplicationName = "Test"; Evidence evidence = new Evidence(); evidence.AddHost(new Zone(SecurityZone.Internet)); System.Security.PermissionSet permSet = SecurityManager.GetStandardSandbox(evidence); AppDomain newDomain = AppDomain.CreateDomain("test", evidence, info, permSet, null); ScriptRuntime runtime = CreateRemoteRuntime(newDomain); ScriptScope scope = runtime.CreateScope(); scope.SetVariable("test", "value"); AppDomain.Unload(newDomain); }
internal void FromXml(SecurityElement et, PolicyLevel level, bool allowInternalOnly) { if (et == null) { throw new ArgumentNullException("et"); } if (!et.Tag.Equals("PolicyStatement")) { throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Argument_InvalidXMLElement"), new object[] { "PolicyStatement", base.GetType().FullName })); } this.m_attributes = PolicyStatementAttribute.Nothing; string str = et.Attribute("Attributes"); if (str != null) { this.m_attributes = (PolicyStatementAttribute)Enum.Parse(typeof(PolicyStatementAttribute), str); } lock (this) { this.m_permSet = null; if (level != null) { string name = et.Attribute("PermissionSetName"); if (name != null) { this.m_permSet = level.GetNamedPermissionSetInternal(name); if (this.m_permSet == null) { this.m_permSet = new System.Security.PermissionSet(PermissionState.None); } } } if (this.m_permSet == null) { SecurityElement element = et.SearchForChildByTag("PermissionSet"); if (element == null) { throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML")); } string str3 = element.Attribute("class"); if ((str3 != null) && (str3.Equals("NamedPermissionSet") || str3.Equals("System.Security.NamedPermissionSet"))) { this.m_permSet = new NamedPermissionSet("DefaultName", PermissionState.None); } else { this.m_permSet = new System.Security.PermissionSet(PermissionState.None); } try { this.m_permSet.FromXml(element, allowInternalOnly, true); } catch { } } if (this.m_permSet == null) { this.m_permSet = new System.Security.PermissionSet(PermissionState.None); } } }
// internal - get called by JIT generated code private static void InternalDemand(IntPtr permissions, int length) { PermissionSet ps = Decode(permissions, length); ps.Demand(); }
internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy) { PermissionSet permissionSet = null; PolicyLevel current = null; IEnumerator enumerator = this.PolicyLevels.GetEnumerator(); evidence.GetHostEvidence <Zone>(); evidence.GetHostEvidence <StrongName>(); evidence.GetHostEvidence <Url>(); byte[] serializedEvidence = evidence.RawSerialize(); int rawCount = evidence.RawCount; bool flag = AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null; bool flag2 = false; while (enumerator.MoveNext()) { PolicyStatement statement; current = (PolicyLevel)enumerator.Current; if (systemPolicy) { if (current.Type != PolicyLevelType.AppDomain) { goto Label_0078; } continue; } if (flag && (current.Type != PolicyLevelType.AppDomain)) { continue; } Label_0078: statement = current.Resolve(evidence, rawCount, serializedEvidence); if (permissionSet == null) { permissionSet = statement.PermissionSet; } else { permissionSet.InplaceIntersect(statement.GetPermissionSetNoCopy()); } if ((permissionSet == null) || permissionSet.FastIsEmpty()) { break; } if ((statement.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal) { if (current.Type != PolicyLevelType.AppDomain) { flag2 = true; } break; } } if ((permissionSet != null) && flag2) { PolicyLevel level2 = null; for (int i = this.PolicyLevels.Count - 1; i >= 0; i--) { current = (PolicyLevel)this.PolicyLevels[i]; if (current.Type == PolicyLevelType.AppDomain) { level2 = current; break; } } if (level2 != null) { permissionSet.InplaceIntersect(level2.Resolve(evidence, rawCount, serializedEvidence).GetPermissionSetNoCopy()); } } if (permissionSet == null) { permissionSet = new PermissionSet(PermissionState.None); } if (!permissionSet.IsUnrestricted()) { IEnumerator hostEnumerator = evidence.GetHostEnumerator(); while (hostEnumerator.MoveNext()) { object obj2 = hostEnumerator.Current; IIdentityPermissionFactory factory = obj2 as IIdentityPermissionFactory; if (factory != null) { IPermission perm = factory.CreateIdentityPermission(evidence); if (perm != null) { permissionSet.AddPermission(perm); } } } } permissionSet.IgnoreTypeLoadFailures = true; return(permissionSet); }
internal PermissionSetEnumerator(PermissionSet permSet) : base(permSet.m_unrestrictedPermSet) { m_first = true; m_permSet = permSet; }
internal void SetPermissionSetNoCopy(System.Security.PermissionSet permSet) { this.m_permSet = permSet; }
public static AppDomain GetMediumTrustDomain() { if (mediumTrustDomain == null) { var setup = new AppDomainSetup { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory }; var permissions = new System.Security.PermissionSet(null); // MEDIUM TRUST PERMISSION SET: //<IPermission // class="DnsPermission" // version="1" // Unrestricted="true" // /> permissions.AddPermission(new System.Net.DnsPermission(System.Security.Permissions.PermissionState.Unrestricted)); //<IPermission // class="EnvironmentPermission" // version="1" // Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" // /> permissions.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "TEMP;TMP;USERNAME;OS;COMPUTERNAME")); //<IPermission // class="FileIOPermission" // version="1" // Read="$AppDir$" // Write="$AppDir$" // Append="$AppDir$" // PathDiscovery="$AppDir$" // /> string appDir = Directory.GetCurrentDirectory(); permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, appDir)); permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.Write, appDir)); permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.Append, appDir)); permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, appDir)); //<IPermission // class="IsolatedStorageFilePermission" // version="1" // Allowed="AssemblyIsolationByUser" // UserQuota="9223372036854775807" // /> permissions.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted) { UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser, UserQuota = 9223372036854775807 }); //<IPermission // class="PrintingPermission" // version="1" // Level="DefaultPrinting" // /> // DEVNOTE(pqian): System.Drawing.Printing.PrintingPermission - not astoria related //<IPermission // class="SecurityPermission" // version="1" // Flags="Execution, ControlThread, ControlPrincipal, RemotingConfiguration" ///> permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlThread | SecurityPermissionFlag.ControlPrincipal | SecurityPermissionFlag.RemotingConfiguration | SecurityPermissionFlag.SerializationFormatter)); //<IPermission // class="SmtpPermission" // version="1" // Access="Connect" // /> permissions.AddPermission(new System.Net.Mail.SmtpPermission(System.Net.Mail.SmtpAccess.Connect)); //<IPermission // class="SqlClientPermission" // version="1" // Unrestricted="true" ///> permissions.AddPermission(new System.Data.SqlClient.SqlClientPermission(PermissionState.Unrestricted)); //<IPermission // class="TypeDescriptorPermission" // version="1" // Unrestricted="true" // /> permissions.AddPermission(new TypeDescriptorPermission(PermissionState.Unrestricted)); //<IPermission // class="WebPermission" // version="1" // Unrestricted="true" // /> permissions.AddPermission(new System.Net.WebPermission(PermissionState.Unrestricted)); //<IPermission // class="ReflectionPermission" // version="1" // Flags="RestrictedMemberAccess"/> permissions.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess)); mediumTrustDomain = AppDomain.CreateDomain("Partial Trust AppDomain: " + DateTime.Now.Ticks, null, setup, permissions); } return(mediumTrustDomain); }
// // API for PermissionSets // internal static void Assert(PermissionSet permSet, ref StackCrawlMark stackMark) { }
public PolicyStatement(System.Security.PermissionSet permSet) : this(permSet, PolicyStatementAttribute.Nothing) { }
internal PolicyStatement() { this.m_permSet = null; this.m_attributes = PolicyStatementAttribute.Nothing; }
internal void FromXml(SecurityDocument doc, int position, PolicyLevel level, bool allowInternalOnly) { if (doc == null) { throw new ArgumentNullException("doc"); } if (!doc.GetTagForElement(position).Equals("PolicyStatement")) { throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Argument_InvalidXMLElement"), new object[] { "PolicyStatement", base.GetType().FullName })); } this.m_attributes = PolicyStatementAttribute.Nothing; string attributeForElement = doc.GetAttributeForElement(position, "Attributes"); if (attributeForElement != null) { this.m_attributes = (PolicyStatementAttribute)Enum.Parse(typeof(PolicyStatementAttribute), attributeForElement); } lock (this) { this.m_permSet = null; if (level != null) { string name = doc.GetAttributeForElement(position, "PermissionSetName"); if (name != null) { this.m_permSet = level.GetNamedPermissionSetInternal(name); if (this.m_permSet == null) { this.m_permSet = new System.Security.PermissionSet(PermissionState.None); } } } if (this.m_permSet == null) { ArrayList childrenPositionForElement = doc.GetChildrenPositionForElement(position); int num = -1; for (int i = 0; i < childrenPositionForElement.Count; i++) { if (doc.GetTagForElement((int)childrenPositionForElement[i]).Equals("PermissionSet")) { num = (int)childrenPositionForElement[i]; } } if (num == -1) { throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML")); } string str3 = doc.GetAttributeForElement(num, "class"); if ((str3 != null) && (str3.Equals("NamedPermissionSet") || str3.Equals("System.Security.NamedPermissionSet"))) { this.m_permSet = new NamedPermissionSet("DefaultName", PermissionState.None); } else { this.m_permSet = new System.Security.PermissionSet(PermissionState.None); } this.m_permSet.FromXml(doc, num, allowInternalOnly); } if (this.m_permSet == null) { this.m_permSet = new System.Security.PermissionSet(PermissionState.None); } } }
protected internal override System.Security.PermissionSet CreatePermissionSet() { System.Security.PermissionSet permissionSet = new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None); permissionSet.AddPermission(new SqlClientPermission(this)); return(permissionSet); }
internal static void PermitOnly(PermissionSet permSet, ref StackCrawlMark stackMark) { }