public ApplicationProxyInternal Initialize()
{
SecurityHelper.DemandUIWindowPermission();
this._context = ActivationContext.CreatePartialActivationContext(this.GetApplicationIdentity(), new string[]
{
this._deploymentManifestPath,
this._applicationManifestPath
});
ApplicationTrust trust = new ApplicationTrust(this.GetApplicationIdentity());
ApplicationSecurityManager.UserApplicationTrusts.Remove(trust);
PresentationAppDomainManager.IsDebug = true;
PresentationAppDomainManager.DebugSecurityZoneURL = this._debugSecurityZoneURL.Value;
PresentationAppDomainManager.SaveAppDomain = true;
ObjectHandle objectHandle = Activator.CreateInstance(this._context);
if (PresentationAppDomainManager.SaveAppDomain)
{
AppDomain newAppDomain = objectHandle.Unwrap() as AppDomain;
PresentationAppDomainManager.NewAppDomain = newAppDomain;
}
PresentationAppDomainManager presentationAppDomainManager = PresentationAppDomainManager.NewAppDomain.DomainManager as PresentationAppDomainManager;
ApplicationProxyInternal applicationProxyInternal = presentationAppDomainManager.CreateApplicationProxyInternal();
applicationProxyInternal.SetDebugSecurityZoneURL(this._debugSecurityZoneURL.Value);
PresentationAppDomainManager.SaveAppDomain = false;
return(applicationProxyInternal);
}
internal static Evidence MergeApplicationEvidence(Evidence evidence,
ApplicationIdentity applicationIdentity,
ActivationContext activationContext,
string[] activationData,
ApplicationTrust applicationTrust)
{
Evidence appEvidence = new Evidence();
ActivationArguments activationArgs = (activationContext == null ? new ActivationArguments(applicationIdentity, activationData) : new ActivationArguments(activationContext, activationData));
appEvidence = new Evidence();
appEvidence.AddHostEvidence(activationArgs);
if (applicationTrust != null)
{
appEvidence.AddHostEvidence(applicationTrust);
}
if (activationContext != null)
{
Evidence asiEvidence = new ApplicationSecurityInfo(activationContext).ApplicationEvidence;
if (asiEvidence != null)
{
appEvidence.MergeWithNoDuplicates(asiEvidence);
}
}
if (evidence != null)
{
appEvidence.MergeWithNoDuplicates(evidence);
}
return(appEvidence);
}
public void ExtraInfo_NotSerializable()
{
ApplicationTrust at = new ApplicationTrust();
at.ExtraInfo = this;
SecurityElement se = at.ToXml();
}
// Called from the VM to do a pre-domain initialization check of the security state of the
// AppDomain. This method looks at the state of the security of an AppDomain before it is
// completely initialized - so the output of this method does not always match what will be true
// when the domain is completely initialized. Instead, it is used to read what the input parameters
// to the domain setup say about the domain.
private static void PreResolve(out bool isFullyTrusted, out bool isHomogeneous)
{
//
// There are three main cases:
// 1. The AppDomain has an explict ApplicationTrust - we can use this to read the input state
// of the AppDomain.
// 2. The AppDomain is using legacy CAS policy - this means we can't tell much about the
// domain itself without a full policy resolution.
// 3. The domain is a standard v4+ AppDomain - these are always full trust and homogenous by
// default.
//
// If the AppDomain is setup with an ApplicationTrust then it is always homogenous and we can
// tell its grant set right from the ApplicaitonTrust
ApplicationTrust domainTrust = AppDomain.CurrentDomain.SetupInformation.ApplicationTrust;
if (domainTrust != null)
{
isFullyTrusted = domainTrust.DefaultGrantSet.PermissionSet.IsUnrestricted();
isHomogeneous = true;
return;
}
// Otherwise, see if the domain is being configured on input to use legacy CAS policy
if (CompatibilitySwitches.IsNetFx40LegacySecurityPolicy || AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
{
isFullyTrusted = false;
isHomogeneous = false;
return;
}
// If none of the above is true, then we must be a standard AppDomain
isFullyTrusted = true;
isHomogeneous = true;
}
public static Task<GetManifestCompletedEventArgs> DownloadManifestAsync(this InPlaceHostingManager manager) {
var tcs = new TaskCompletionSource<GetManifestCompletedEventArgs>();
manager.GetManifestCompleted += (sender, e) => {
if(e.Error != null) {
tcs.SetException(e.Error);
return;
}
var trust = new ApplicationTrust();
var permissions = new PermissionSet(PermissionState.Unrestricted);
var statement = new PolicyStatement(permissions);
trust.DefaultGrantSet = statement;
trust.ApplicationIdentity = e.ApplicationIdentity;
trust.IsApplicationTrustedToRun = true;
ApplicationSecurityManager.UserApplicationTrusts.Add(trust);
tcs.SetResult(e);
};
manager.GetManifestAsync();
return tcs.Task;
}
protected static ObjectHandle CreateInstanceHelper(AppDomainSetup adSetup)
{
if (adSetup.ActivationArguments == null)
{
throw new ArgumentException(Environment.GetResourceString("Arg_MissingActivationArguments"));
}
adSetup.ActivationArguments.ActivateInstance = true;
Evidence evidence = AppDomain.CurrentDomain.Evidence;
Evidence applicationEvidence = CmsUtils.MergeApplicationEvidence((Evidence)null, adSetup.ActivationArguments.ApplicationIdentity, adSetup.ActivationArguments.ActivationContext, adSetup.ActivationArguments.ActivationData);
ApplicationTrust applicationTrust = AppDomain.CurrentDomain.HostSecurityManager.DetermineApplicationTrust(applicationEvidence, evidence, new TrustManagerContext());
if (applicationTrust == null || !applicationTrust.IsApplicationTrustedToRun)
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"), -2146233320, (Exception)null);
}
string fullName = adSetup.ActivationArguments.ApplicationIdentity.FullName;
AppDomainSetup setup = adSetup;
Evidence providedSecurityInfo = applicationEvidence;
Evidence creatorsSecurityInfo = providedSecurityInfo == null ? AppDomain.CurrentDomain.InternalEvidence : (Evidence)null;
IntPtr securityDescriptor = AppDomain.CurrentDomain.GetSecurityDescriptor();
ObjRef instance = AppDomain.nCreateInstance(fullName, setup, providedSecurityInfo, creatorsSecurityInfo, securityDescriptor);
if (instance == null)
{
return((ObjectHandle)null);
}
return(RemotingServices.Unmarshal(instance) as ObjectHandle);
}
public static void ApplicationTrustCallMethods()
{
ApplicationTrust at = new ApplicationTrust();
SecurityElement se = new SecurityElement("");
at.FromXml(se);
se = at.ToXml();
}
public void FromXml_InvalidTag()
{
ApplicationTrust at = new ApplicationTrust();
SecurityElement se = at.ToXml();
se.Tag = "MonoTrust";
at.FromXml(se);
}
public void ApplicationIdentity_Null()
{
ApplicationTrust at = new ApplicationTrust();
at.ApplicationIdentity = new ApplicationIdentity("Mono Unit Test");
// once set it cannot be "unset" ...
at.ApplicationIdentity = null;
}
public void ApplicationIdentity_Change()
{
ApplicationTrust at = new ApplicationTrust();
at.ApplicationIdentity = new ApplicationIdentity("Mono Unit Test");
// ... but it can be changed
at.ApplicationIdentity = new ApplicationIdentity("Mono Unit Test Too");
}
internal ApplicationTrust InternalGetApplicationTrust()
{
if (_ApplicationTrust == null)
{
return(null);
}
ApplicationTrust grantSet = new ApplicationTrust();
return(grantSet);
}
public void ApplicationIdentity()
{
ApplicationTrust at = new ApplicationTrust();
at.ApplicationIdentity = new ApplicationIdentity("Mono Unit Test");
Assert.IsNotNull(at.ApplicationIdentity, "not null");
string expected = AdjustLineEnds("<ApplicationTrust version=\"1\"\r\nFullName=\"Mono Unit Test, Culture=neutral\">\r\n<DefaultGrant>\r\n<PolicyStatement version=\"1\">\r\n<PermissionSet class=\"System.Security.PermissionSet\"\r\nversion=\"1\"/>\r\n</PolicyStatement>\r\n</DefaultGrant>\r\n</ApplicationTrust>\r\n");
Assert.AreEqual(expected, AdjustLineEnds(at.ToXml().ToString()), "XML");
}
public void GetFullTrustAssembliesListTest()
{
// We can only set a full trust list via the AppDomain creation code path
AppDomainSetup ads = new AppDomainSetup();
ads.ApplicationBase = AppDomain.CurrentDomain.BaseDirectory;
PermissionSet sandbox = new PermissionSet(PermissionState.None);
sandbox.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
StrongName[] fullTrustList = new StrongName[]
{
typeof(object).Assembly.GetStrongName(),
typeof(System.Security.Cryptography.AesManaged).Assembly.GetStrongName(),
typeof(System.Security.Cryptography.Xml.SignedXml).Assembly.GetStrongName()
};
AppDomain domain = AppDomainFactory.CreateHomogenousDomain(sandbox, fullTrustList);
ApplicationTrust domainTrust = domain.ApplicationTrust;
IList <StrongName> trustedAssemblies = domainTrust.GetFullTrustAssemblies();
Assert.AreEqual(3, trustedAssemblies.Count);
bool foundMscorlib = false;
bool foundSystemCore = false;
bool foundSystemSecurity = false;
foreach (StrongName sn in trustedAssemblies)
{
if (String.Equals("mscorlib", sn.Name, StringComparison.OrdinalIgnoreCase) &&
String.Equals(s_ecmaPublicKey, sn.PublicKey.ToString(), StringComparison.OrdinalIgnoreCase) &&
sn.Version.Major >= 2)
{
foundMscorlib = true;
}
else if (String.Equals("System.Core", sn.Name, StringComparison.OrdinalIgnoreCase) &&
String.Equals(s_ecmaPublicKey, sn.PublicKey.ToString(), StringComparison.OrdinalIgnoreCase) &&
sn.Version.Major >= 3)
{
foundSystemCore = true;
}
else if (String.Equals("System.Security", sn.Name, StringComparison.OrdinalIgnoreCase) &&
String.Equals(s_microsoftPublicKey, sn.PublicKey.ToString(), StringComparison.OrdinalIgnoreCase) &&
sn.Version.Major >= 2)
{
foundSystemSecurity = true;
}
}
Assert.IsTrue(foundMscorlib);
Assert.IsTrue(foundSystemCore);
Assert.IsTrue(foundSystemSecurity);
}
/// <summary>
/// An ApplicationTrust object contains a default grant set as well as a list of assemblies which
/// are fully trusted. The GetFullTrustAssemblies method retrieves the strong names of assemblies
/// which the ApplicationTrust object considers to be fully trusted.
/// </summary>
public static IList <StrongName> GetFullTrustAssemblies(this ApplicationTrust applicationTrust)
{
List <StrongName> fullTrustAssemblies = new List <StrongName>();
// ApplicationTrust does not expose the full trust list programatically. To access this
// information, we need to write out the ApplicationTrust XML and then pull out the strong names
// from the serialized XML.
SecurityElement applicationTrustXml = applicationTrust.ToXml();
// First look for the FullTrustAssemblies node
SecurityElement fullTrustAssembliesXml = null;
if (applicationTrustXml.Children != null)
{
for (int i = 0; i < applicationTrustXml.Children.Count && fullTrustAssembliesXml == null; ++i)
{
SecurityElement currentChild = applicationTrustXml.Children[i] as SecurityElement;
if (String.Equals(currentChild.Tag, "FullTrustAssemblies", StringComparison.Ordinal))
{
fullTrustAssembliesXml = currentChild;
}
}
}
// If we found a FullTrustAssemblies node, each child will represent the strong name of one
// fully trusted assembly
if (fullTrustAssembliesXml != null &&
fullTrustAssembliesXml.Children != null)
{
foreach (SecurityElement fullTrustAssemblyXml in fullTrustAssembliesXml.Children)
{
// We only know how to parse v1 StrongName XML
if (String.Equals(fullTrustAssemblyXml.Tag, "StrongName", StringComparison.Ordinal) &&
String.Equals(fullTrustAssemblyXml.Attribute("version"), "1", StringComparison.Ordinal))
{
string assemblyName = fullTrustAssemblyXml.Attribute("Name");
assemblyName = assemblyName != null ? assemblyName : String.Empty;
string assemblyVersionString = fullTrustAssemblyXml.Attribute("Version");
Version assemblyVersion = assemblyVersionString != null ? new Version(assemblyVersionString) : new Version();
string assemblyKeyString = fullTrustAssemblyXml.Attribute("Key");
byte[] assemblyKey = assemblyKeyString != null?HexToBytes(assemblyKeyString) : new byte[0];
StrongName fullTrustAssembly = new StrongName(new StrongNamePublicKeyBlob(assemblyKey),
assemblyName,
assemblyVersion);
fullTrustAssemblies.Add(fullTrustAssembly);
}
}
}
return(fullTrustAssemblies.AsReadOnly());
}
public void FromXml_NoVersion()
{
ApplicationTrust at = new ApplicationTrust();
SecurityElement se = at.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
foreach (SecurityElement child in se.Children)
{
w.AddChild(child);
}
at.FromXml(w);
}
public void Persist()
{
ApplicationTrust at = new ApplicationTrust();
at.Persist = true;
Assert.IsTrue(at.Persist, "true");
string expected = AdjustLineEnds("<ApplicationTrust version=\"1\"\r\nPersist=\"true\">\r\n<DefaultGrant>\r\n<PolicyStatement version=\"1\">\r\n<PermissionSet class=\"System.Security.PermissionSet\"\r\nversion=\"1\"/>\r\n</PolicyStatement>\r\n</DefaultGrant>\r\n</ApplicationTrust>\r\n");
Assert.AreEqual(expected, AdjustLineEnds(at.ToXml().ToString()), "XML");
at.Persist = false;
Assert.IsFalse(at.Persist, "false");
}
public void ExtraInfo()
{
ApplicationTrust at = new ApplicationTrust();
at.ExtraInfo = "Mono";
Assert.IsNotNull(at.ExtraInfo, "not null");
string expected = AdjustLineEnds("<ApplicationTrust version=\"1\">\r\n<DefaultGrant>\r\n<PolicyStatement version=\"1\">\r\n<PermissionSet class=\"System.Security.PermissionSet\"\r\nversion=\"1\"/>\r\n</PolicyStatement>\r\n</DefaultGrant>\r\n<ExtraInfo Data=\"0001000000FFFFFFFF01000000000000000601000000044D6F6E6F0B\"/>\r\n</ApplicationTrust>\r\n");
Assert.AreEqual(expected, AdjustLineEnds(at.ToXml().ToString()), "XML");
at.ExtraInfo = null;
Assert.IsNull(at.ExtraInfo, "null");
}
public void FromXml_InvalidVersion()
{
ApplicationTrust at = new ApplicationTrust();
SecurityElement se = at.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
w.AddAttribute("version", "2");
foreach (SecurityElement child in se.Children)
{
w.AddChild(child);
}
at.FromXml(w);
}
public void Constructor_Empty()
{
ApplicationTrust at = new ApplicationTrust();
Assert.IsNull(at.ApplicationIdentity, "ApplicationIdentity");
Assert.AreEqual(PolicyStatementAttribute.Nothing, at.DefaultGrantSet.Attributes, "DefaultGrantSet.Attributes");
Assert.AreEqual(String.Empty, at.DefaultGrantSet.AttributeString, "DefaultGrantSet.AttributeString");
Assert.IsTrue(at.DefaultGrantSet.PermissionSet.IsEmpty(), "DefaultGrantSet.PermissionSet.IsEmpty");
Assert.IsFalse(at.DefaultGrantSet.PermissionSet.IsUnrestricted(), "DefaultGrantSet.PermissionSet.IsUnrestricted");
Assert.IsNull(at.ExtraInfo, "ExtraInfo");
Assert.IsFalse(at.IsApplicationTrustedToRun, "IsApplicationTrustedToRun");
Assert.IsFalse(at.Persist, "Persist");
string expected = AdjustLineEnds("<ApplicationTrust version=\"1\">\r\n<DefaultGrant>\r\n<PolicyStatement version=\"1\">\r\n<PermissionSet class=\"System.Security.PermissionSet\"\r\nversion=\"1\"/>\r\n</PolicyStatement>\r\n</DefaultGrant>\r\n</ApplicationTrust>\r\n");
Assert.AreEqual(expected, AdjustLineEnds(at.ToXml().ToString()), "XML");
}
public static void ApplicationTrustCollectionCallMethods()
{
ApplicationTrustCollection atc = (ApplicationTrustCollection)FormatterServices.GetUninitializedObject(typeof(ApplicationTrustCollection));
ApplicationTrust at = new ApplicationTrust();
int testint = atc.Add(at);
ApplicationTrust[] atarray = new ApplicationTrust[1];
atc.AddRange(atarray);
atc.AddRange(atc);
atc.Clear();
atc.CopyTo(atarray, 0);
ApplicationTrustEnumerator ate = atc.GetEnumerator();
atc.Remove(at);
atc.RemoveRange(atarray);
atc.RemoveRange(atc);
}
private static void FixTrust(ApplicationDeployment currentDeployment)
{
//Create the appropriate Trust settings so the Application can do
//Click-Once Related updating
var deploymentFullName = currentDeployment.UpdatedApplicationFullName;
var appId = new ApplicationIdentity(deploymentFullName);
var everything = new PermissionSet(PermissionState.Unrestricted);
var trust = new ApplicationTrust(appId)
{
DefaultGrantSet = new PolicyStatement(everything),
IsApplicationTrustedToRun = true,
Persist = true
};
ApplicationSecurityManager.UserApplicationTrusts.Add(trust);
}
public static void ApplicationTrustCollectionCallMethods()
{
ApplicationTrustCollection atc = (ApplicationTrustCollection)Activator.CreateInstance(typeof(ApplicationTrustCollection), true);
ApplicationTrust at = new ApplicationTrust();
int testint = atc.Add(at);
ApplicationTrust[] atarray = new ApplicationTrust[1];
atc.AddRange(atarray);
atc.AddRange(atc);
atc.Clear();
atc.CopyTo(atarray, 0);
ApplicationTrustEnumerator ate = atc.GetEnumerator();
atc.Remove(at);
atc.RemoveRange(atarray);
atc.RemoveRange(atc);
}
static void Main(string[] args)
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
if (args.Length > 0 && args[0] == "startui")
{
Application.Run(new Form1());
}
else
{
PermissionSet permissions = new PermissionSet(PermissionState.Unrestricted);
string AppName = Assembly.GetEntryAssembly().GetName().Name;
string AppExe = $"{AppName}.exe";
string DebugSecurityZoneURL = $"{AppExe}.manifest";
string AppManifestPath = $"{AppName}.application";
string appType = "win32";
AssemblyIdentity ca = AssemblyIdentity.FromManifest(AppManifestPath);
string appIdentitySubString = $"Version={ca.Version}, Culture={ca.Culture}, PublicKeyToken={ca.PublicKeyToken}, ProcessorArchitecture={ca.ProcessorArchitecture}";
string assemblyIdentity = $"http://tempuri.org/{AppManifestPath}#{AppManifestPath}, {appIdentitySubString}/{AppExe}, {appIdentitySubString},Type={appType}";
System.ApplicationIdentity applicationIdentity = new System.ApplicationIdentity(assemblyIdentity);
ApplicationTrust appTrust = new ApplicationTrust();
appTrust.DefaultGrantSet = new PolicyStatement(permissions, PolicyStatementAttribute.Nothing);
appTrust.IsApplicationTrustedToRun = true;
appTrust.ApplicationIdentity = applicationIdentity;
AppDomainSetup adSetup = new AppDomainSetup
{
ApplicationBase = AppDomain.CurrentDomain.BaseDirectory,
ActivationArguments = new ActivationArguments(
ActivationContext.CreatePartialActivationContext(
applicationIdentity,
new string[] { AppManifestPath, DebugSecurityZoneURL })
),
ApplicationTrust = appTrust
};
Evidence e = new Evidence();
e.AddHostEvidence(appTrust);
AppDomain a = AppDomain.CreateDomain("Internet Security Zone AppDomain", e, adSetup, permissions);
a.ExecuteAssembly(AppExe, e, new string[] { "startui" });
}
}
public override ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
// Get the activation context from the application evidence.
// This HostSecurityManager does not examine the activator evidence
// nor is it concerned with the TrustManagerContext;
// it simply grants the requested grant in the application manifest.
IEnumerator enumerator = applicationEvidence.GetHostEnumerator();
ActivationArguments activationArgs = null;
while (enumerator.MoveNext())
{
activationArgs = enumerator.Current as ActivationArguments;
if (activationArgs != null)
{
break;
}
}
if (activationArgs == null)
{
return(null);
}
ActivationContext activationContext = activationArgs.ActivationContext;
if (activationContext == null)
{
return(null);
}
//<Snippet4>
ApplicationTrust trust = new ApplicationTrust(activationContext.Identity);
ApplicationSecurityInfo asi = new ApplicationSecurityInfo(activationContext);
trust.DefaultGrantSet = new PolicyStatement(asi.DefaultRequestSet, PolicyStatementAttribute.Nothing);
trust.IsApplicationTrustedToRun = true;
//</Snippet4>
return(trust);
}
public void DefaultGrantSet()
{
ApplicationTrust at = new ApplicationTrust();
at.DefaultGrantSet = new PolicyStatement(new PermissionSet(PermissionState.Unrestricted));
Assert.IsNotNull(at.DefaultGrantSet, "not null");
string expected = AdjustLineEnds("<ApplicationTrust version=\"1\">\r\n<DefaultGrant>\r\n<PolicyStatement version=\"1\">\r\n<PermissionSet class=\"System.Security.PermissionSet\"\r\nversion=\"1\"\r\nUnrestricted=\"true\"/>\r\n</PolicyStatement>\r\n</DefaultGrant>\r\n</ApplicationTrust>\r\n");
Assert.AreEqual(expected, AdjustLineEnds(at.ToXml().ToString()), "XML");
at.DefaultGrantSet = null;
// returns to defaults
Assert.IsNotNull(at.DefaultGrantSet, "null");
Assert.AreEqual(PolicyStatementAttribute.Nothing, at.DefaultGrantSet.Attributes, "DefaultGrantSet.Attributes");
Assert.AreEqual(String.Empty, at.DefaultGrantSet.AttributeString, "DefaultGrantSet.AttributeString");
Assert.IsTrue(at.DefaultGrantSet.PermissionSet.IsEmpty(), "DefaultGrantSet.PermissionSet.IsEmpty");
Assert.IsFalse(at.DefaultGrantSet.PermissionSet.IsUnrestricted(), "DefaultGrantSet.PermissionSet.IsUnrestricted");
}
// Token: 0x06001C6B RID: 7275 RVA: 0x00061834 File Offset: 0x0005FA34
private static void PreResolve(out bool isFullyTrusted, out bool isHomogeneous)
{
ApplicationTrust applicationTrust = AppDomain.CurrentDomain.SetupInformation.ApplicationTrust;
if (applicationTrust != null)
{
isFullyTrusted = applicationTrust.DefaultGrantSet.PermissionSet.IsUnrestricted();
isHomogeneous = true;
return;
}
if (CompatibilitySwitches.IsNetFx40LegacySecurityPolicy || AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
{
isFullyTrusted = false;
isHomogeneous = false;
return;
}
isFullyTrusted = true;
isHomogeneous = true;
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
ActivationArguments hostEvidence = applicationEvidence.GetHostEvidence <ActivationArguments>();
if (hostEvidence == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ActivationContext activationContext = hostEvidence.ActivationContext;
if (activationContext == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ApplicationTrust applicationTrust = applicationEvidence.GetHostEvidence <ApplicationTrust>();
if ((applicationTrust != null) && !CmsUtils.CompareIdentities(applicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = null;
}
if (applicationTrust == null)
{
if ((AppDomain.CurrentDomain.ApplicationTrust != null) && CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
applicationTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(activationContext, context);
}
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
if (((applicationTrust != null) && applicationTrust.IsApplicationTrustedToRun) && !info.DefaultRequestSet.IsSubsetOf(applicationTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return(applicationTrust);
}
private void DeserializeNonPrimitives()
{
lock (this) {
if (serialized_non_primitives == null)
{
return;
}
BinaryFormatter bf = new BinaryFormatter();
MemoryStream ms = new MemoryStream(serialized_non_primitives);
object [] arr = (object [])bf.Deserialize(ms);
_activationArguments = (ActivationArguments)arr [0];
domain_initializer = (AppDomainInitializer)arr [1];
application_trust = (ApplicationTrust)arr [2];
serialized_non_primitives = null;
}
}
public void FromXml_NoChild()
{
ApplicationTrust at = new ApplicationTrust();
SecurityElement se = at.ToXml();
SecurityElement w = new SecurityElement(se.Tag);
w.AddAttribute("version", "1");
at.FromXml(w);
Assert.IsNull(at.ApplicationIdentity, "ApplicationIdentity");
Assert.AreEqual(PolicyStatementAttribute.Nothing, at.DefaultGrantSet.Attributes, "DefaultGrantSet.Attributes");
Assert.AreEqual(String.Empty, at.DefaultGrantSet.AttributeString, "DefaultGrantSet.AttributeString");
Assert.IsTrue(at.DefaultGrantSet.PermissionSet.IsEmpty(), "DefaultGrantSet.PermissionSet.IsEmpty");
Assert.IsFalse(at.DefaultGrantSet.PermissionSet.IsUnrestricted(), "DefaultGrantSet.PermissionSet.IsUnrestricted");
Assert.IsNull(at.ExtraInfo, "ExtraInfo");
Assert.IsFalse(at.IsApplicationTrustedToRun, "IsApplicationTrustedToRun");
Assert.IsFalse(at.Persist, "Persist");
}
private void SetupDomainSecurityForHomogeneousDomain(ApplicationTrust appTrust,
bool runtimeSuppliedHomogenousGrantSet)
{
// If the CLR has supplied the homogenous grant set (that is, this domain would have been
// heterogenous in v2.0), then we need to strip the ApplicationTrust from the AppDomainSetup of
// the current domain. This prevents code which does:
// AppDomain.CreateDomain(..., AppDomain.CurrentDomain.SetupInformation);
//
// From looking like it is trying to create a homogenous domain intentionally, and therefore
// having its evidence check bypassed.
if (runtimeSuppliedHomogenousGrantSet)
{
BCLDebug.Assert(_FusionStore.ApplicationTrust != null, "Expected to find runtime supplied ApplicationTrust");
}
_applicationTrust = appTrust;
// Set the homogeneous bit in the VM's ApplicationSecurityDescriptor.
SetSecurityHomogeneousFlag(GetNativeHandle(),
runtimeSuppliedHomogenousGrantSet);
}
public void ToFromXmlRoundtrip()
{
ApplicationTrust at = new ApplicationTrust();
at.ApplicationIdentity = new ApplicationIdentity("Mono Unit Test");
at.DefaultGrantSet = new PolicyStatement(new PermissionSet(PermissionState.Unrestricted));
at.ExtraInfo = "Mono";
at.IsApplicationTrustedToRun = true;
at.Persist = true;
SecurityElement se = at.ToXml();
string expected = AdjustLineEnds("<ApplicationTrust version=\"1\"\r\nFullName=\"Mono Unit Test, Culture=neutral\"\r\nTrustedToRun=\"true\"\r\nPersist=\"true\">\r\n<DefaultGrant>\r\n<PolicyStatement version=\"1\">\r\n<PermissionSet class=\"System.Security.PermissionSet\"\r\nversion=\"1\"\r\nUnrestricted=\"true\"/>\r\n</PolicyStatement>\r\n</DefaultGrant>\r\n<ExtraInfo Data=\"0001000000FFFFFFFF01000000000000000601000000044D6F6E6F0B\"/>\r\n</ApplicationTrust>\r\n");
Assert.AreEqual(expected, AdjustLineEnds(at.ToXml().ToString()), "XML");
ApplicationTrust copy = new ApplicationTrust();
copy.FromXml(se);
se = copy.ToXml();
Assert.AreEqual(expected, AdjustLineEnds(at.ToXml().ToString()), "Copy");
}
public void RemoveRange(ApplicationTrust[] trusts) {}
public void CopyTo(ApplicationTrust[] array, int index) {}
private void DeleteCachedApplicationTrust(ApplicationIdentity identity)
{
if (identity != null)
{
ApplicationTrust trust = new ApplicationTrust(identity);
// This does not throw if the trust isn't there.
ApplicationSecurityManager.UserApplicationTrusts.Remove(trust);
}
}
// Methods
public int Add(ApplicationTrust trust) {}
public void AddRange(ApplicationTrust[] trusts) {}
public void Remove(ApplicationTrust trust) {}
private static void FixTrust(ApplicationDeployment currentDeployment)
{
//Create the appropriate Trust settings so the Application can do
//Click-Once Related updating
var deploymentFullName = currentDeployment.UpdatedApplicationFullName;
var appId = new ApplicationIdentity(deploymentFullName);
var everything = new PermissionSet(PermissionState.Unrestricted);
var trust = new ApplicationTrust(appId)
{
DefaultGrantSet = new PolicyStatement(everything),
IsApplicationTrustedToRun = true,
Persist = true
};
ApplicationSecurityManager.UserApplicationTrusts.Add(trust);
}
