// Create a child code group with read-access file permissions and add it
// to the specified code group.
private static void addChildCodeGroup(ref FirstMatchCodeGroup codeGroup)
{
// Create a first match code group with read access.
//<Snippet8>
FileIOPermission rootFilePermissions =
new FileIOPermission(PermissionState.None);
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read;
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\");
PermissionSet permissions =
new PermissionSet(PermissionState.Unrestricted);
permissions.AddPermission(rootFilePermissions);
FirstMatchCodeGroup tempFolderCodeGroup = new FirstMatchCodeGroup(
new AllMembershipCondition(),
new PolicyStatement(permissions));
// Set the name of the child code group and add it to
// the specified code group.
tempFolderCodeGroup.Name = "Read-only code group";
codeGroup.AddChild(tempFolderCodeGroup);
//</Snippet8>
}
public void Constructor()
{
FirstMatchCodeGroup cg = new FirstMatchCodeGroup(new AllMembershipCondition(), new PolicyStatement(new PermissionSet(PermissionState.None)));
Assert.IsNotNull(cg.PolicyStatement, "PolicyStatement");
Assert.IsNotNull(cg.MembershipCondition, "MembershipCondition");
}
// If a domain attribute is not found in the specified
// FirstMatchCodeGroup, add a child XML element identifying a custom
// membership condition.
private static void addXmlMember(ref FirstMatchCodeGroup codeGroup)
{
//<Snippet10>
SecurityElement xmlElement = codeGroup.ToXml();
//</Snippet10>
SecurityElement rootElement = new SecurityElement("CodeGroup");
if (xmlElement.Attribute("domain") == null)
{
//<Snippet11>
SecurityElement newElement =
new SecurityElement("CustomMembershipCondition");
newElement.AddAttribute("class", "CustomMembershipCondition");
newElement.AddAttribute("version", "1");
newElement.AddAttribute("domain", "contoso.com");
rootElement.AddChild(newElement);
codeGroup.FromXml(rootElement);
//</Snippet11>
}
Console.WriteLine("Added a custom membership condition:");
Console.WriteLine(rootElement.ToString());
}
public void Constructor_MembershipConditionPolicyStatementNull()
{
// legal
FirstMatchCodeGroup cg = new FirstMatchCodeGroup(new AllMembershipCondition(), null);
Assert.IsNull(cg.PolicyStatement, "PolicyStatement");
}
static void Main(string[] args)
{
// Create a new FirstMatchCodeGroup.
FirstMatchCodeGroup codeGroup = constructDefaultGroup();
// Create a deep copy of the FirstMatchCodeGroup.
FirstMatchCodeGroup copyCodeGroup =
(FirstMatchCodeGroup)codeGroup.Copy();
// Compare the original code group with the copy.
CompareTwoCodeGroups(codeGroup, copyCodeGroup);
addPolicy(ref codeGroup);
addXmlMember(ref codeGroup);
updateMembershipCondition(ref codeGroup);
addChildCodeGroup(ref codeGroup);
Console.Write("Comparing the resolved code group ");
Console.WriteLine("with the initial code group.");
FirstMatchCodeGroup resolvedCodeGroup =
ResolveGroupToEvidence(codeGroup);
if (CompareTwoCodeGroups(codeGroup, resolvedCodeGroup))
{
PrintCodeGroup(resolvedCodeGroup);
}
else
{
PrintCodeGroup(codeGroup);
}
Console.WriteLine("This sample completed successfully; " +
"press Enter to exit.");
Console.ReadLine();
}
void Method()
{
FirstMatchCodeGroup codeGroup = new FirstMatchCodeGroup(null, new PolicyStatement(new PermissionSet(PermissionState.None)));
// <Snippet1>
codeGroup.PolicyStatement = new PolicyStatement(new NamedPermissionSet("MyPermissionSet"));
// </Snippet1>
}
public static void FirstMatchCodeGroupCallMethods()
{
FirstMatchCodeGroup fmcg = new FirstMatchCodeGroup(new GacMembershipCondition(), new PolicyStatement(new PermissionSet(new PermissionState())));
CodeGroup cg = fmcg.Copy();
PolicyStatement ps = fmcg.Resolve(new Evidence());
cg = fmcg.ResolveMatchingCodeGroups(new Evidence());
}
//----------------------------------------------------------------------------
// ConstructAppPolicy
//----------------------------------------------------------------------------
public PolicyLevel ConstructAppPolicy(Evidence securityEvidence)
{
Console.WriteLine("Constructing App Policy Level...");
// NOTENOTE: not effective if not both url and zone in evidence
// Populate the PolicyLevel with code groups that will do the following:
// 1) For all assemblies that come from this app's cache directory,
// give permissions from retrieved permission set from SecurityManager.
// 2) For all other assemblies, give FullTrust permission set. Remember,
// since the permissions will be intersected with other policy levels,
// just because we grant full trust to all other assemblies does not mean
// those assemblies will end up with full trust.
PolicyLevel AppPolicy = null;
// ResolvePolicy will return a System.Security.PermissionSet
PermissionSet AppPerms = SecurityManager.ResolvePolicy(securityEvidence);
// Create a new System.Security.Policy.PolicyStatement that does not contain any permissions.
PolicyStatement Nada = new PolicyStatement(new PermissionSet(PermissionState.None)); //PermissionSet());
// Create a PolicyStatement for the permissions that we want to grant to code from the app directory:
PolicyStatement AppStatement = new PolicyStatement(AppPerms);
// Create Full trust PolicyStatement so all other code gets full trust, by passing in an _unrestricted_ PermissionSet
PolicyStatement FullTrustStatement = new PolicyStatement(new PermissionSet(PermissionState.Unrestricted));
// Create a System.Security.Policy.FirstMatchCodeGroup as the root that matches all
// assemblies by supplying an AllMembershipCondition:
FirstMatchCodeGroup RootCG = new FirstMatchCodeGroup(new AllMembershipCondition(), Nada);
// Create a child UnionCodeGroup to handle the assemblies from the app cache. We do this
// by using a UrlMembershipCondition set to the app cache directory:
UnionCodeGroup AppCG = new UnionCodeGroup(new UrlMembershipCondition("file://" + _sAppBase + "*"), AppStatement);
// Add AppCG to RootCG as first child. This is important because we need it to be evaluated first
RootCG.AddChild(AppCG);
// Create a second child UnionCodeGroup to handle all other code, by using the AllMembershipCondition again
UnionCodeGroup AllCG = new UnionCodeGroup(new AllMembershipCondition(), FullTrustStatement);
// Add AllCG to RootCG after AppCG. If AppCG doesnt apply to the assembly, AllCG will.
RootCG.AddChild(AllCG);
// This will be the PolicyLevel that we will associate with the new AppDomain.
AppPolicy = PolicyLevel.CreateAppDomainLevel();
// Set the RootCG as the root code group on the new policy level
AppPolicy.RootCodeGroup = RootCG;
// NOTENOTE
// Code from the site that lives on the local machine will get the reduced permissions as expected.
// Dependencies of this app (not under app dir or maybe dependencies that live in the GAC) would still get full trust.
// If the full trust dependencies need to do something trusted, they carry the burden of asserting to overcome the stack walk.
return(AppPolicy);
}
// Set the membership condition of the code group.
private static void updateMembershipCondition(
ref FirstMatchCodeGroup codeGroup)
{
// Set the membership condition of the specified FirstMatchCodeGroup
// to the Intranet zone.
ZoneMembershipCondition zoneCondition =
new ZoneMembershipCondition(SecurityZone.Intranet);
codeGroup.MembershipCondition = zoneCondition;
}
public void CopyWithChildren()
{
FirstMatchCodeGroup cgChild = new FirstMatchCodeGroup(new AllMembershipCondition(), new PolicyStatement(new PermissionSet(PermissionState.Unrestricted)));
FirstMatchCodeGroup cg = new FirstMatchCodeGroup(new AllMembershipCondition(), new PolicyStatement(new PermissionSet(PermissionState.None)));
cg.AddChild(cgChild);
FirstMatchCodeGroup cg2 = (FirstMatchCodeGroup)cg.Copy();
Assert.AreEqual(cg.Children.Count, cg2.Children.Count, "Children");
Assert.AreEqual(cg.ToXml().ToString(), cg2.ToXml().ToString(), "ToXml");
}
// Retrieve the resolved code group based on the evidence from the
// specified code group.
private static FirstMatchCodeGroup ResolveGroupToEvidence(
FirstMatchCodeGroup codeGroup)
{
// Resolve matching code groups to the executing assembly.
Assembly assembly = typeof(Members).Assembly;
Evidence evidence = assembly.Evidence;
CodeGroup resolvedCodeGroup =
codeGroup.ResolveMatchingCodeGroups(evidence);
return((FirstMatchCodeGroup)resolvedCodeGroup);
}
public void Copy()
{
FirstMatchCodeGroup cg = new FirstMatchCodeGroup(new AllMembershipCondition(), new PolicyStatement(new PermissionSet(PermissionState.None)));
FirstMatchCodeGroup cg2 = (FirstMatchCodeGroup)cg.Copy();
Assert.AreEqual(cg.AttributeString, cg2.AttributeString, "AttributeString");
Assert.AreEqual(cg.Children.Count, cg2.Children.Count, "Children");
Assert.AreEqual(cg.Description, cg2.Description, "Description");
Assert.AreEqual(cg.MergeLogic, cg2.MergeLogic, "MergeLogic");
Assert.AreEqual(cg.Name, cg2.Name, "Name");
Assert.AreEqual(cg.PermissionSetName, cg2.PermissionSetName, "PermissionSetName");
Assert.AreEqual(cg.ToXml().ToString(), cg2.ToXml().ToString(), "ToXml");
}
// Compare the two FirstMatchCodeGroups.
private static bool CompareTwoCodeGroups(
FirstMatchCodeGroup firstCodeGroup,
FirstMatchCodeGroup secondCodeGroup)
{
// Compare the two specified FirstMatchCodeGroups for equality.
if (firstCodeGroup.Equals(secondCodeGroup))
{
Console.WriteLine("The two code groups are equal.");
return(true);
}
else
{
Console.WriteLine("The two code groups are not equal.");
return(false);
}
}
// Create a FirstMatchCodeGroup with an exclusive policy and membership
// condition.
private static FirstMatchCodeGroup constructDefaultGroup()
{
// Construct a new FirstMatchCodeGroup with Read, Write, Append
// and PathDiscovery access.
// Create read access permission to the root directory on drive C.
//<Snippet2>
FileIOPermission rootFilePermissions =
new FileIOPermission(PermissionState.None);
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read;
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\");
// Add a permission to a named permission set.
NamedPermissionSet namedPermissions =
new NamedPermissionSet("RootPermissions");
namedPermissions.AddPermission(rootFilePermissions);
// Create a PolicyStatement with exclusive rights to the policy.
PolicyStatement policy = new PolicyStatement(
namedPermissions, PolicyStatementAttribute.Exclusive);
// Create a FirstMatchCodeGroup with a membership condition that
// matches all code, and an exclusive policy.
FirstMatchCodeGroup codeGroup =
new FirstMatchCodeGroup(
new AllMembershipCondition(),
policy);
//</Snippet2>
// Set the name of the first match code group.
//<Snippet3>
codeGroup.Name = "TempCodeGroup";
//</Snippet3>
// Set the description of the first match code group.
//<Snippet4>
codeGroup.Description = "Temp folder permissions group";
//</Snippet4>
return(codeGroup);
}
public void ToFromXmlRoundtrip()
{
const string ps_Name = "TestName";
PolicyStatement ps = new PolicyStatement(new NamedPermissionSet(ps_Name));
FirstMatchCodeGroup cg = new FirstMatchCodeGroup(new AllMembershipCondition(), ps);
cg.Name = "SomeName";
cg.Description = "Some Description";
Assert.IsTrue(cg.Equals(cg), "Equals (itself)");
SecurityElement se = cg.ToXml();
FirstMatchCodeGroup cg2 = new FirstMatchCodeGroup(new AllMembershipCondition(), ps);
cg2.Name = "SomeOtherName";
cg2.Description = "Some Other Description";
Assert.IsTrue(!cg.Equals(cg2), "Equals (another)");
cg2.FromXml(se);
Assert.IsTrue(cg.Equals(cg2), "Equals (FromXml)");
}
/// <summary>
/// Loads a policy from a file (<see cref="SecurityManager.LoadPolicyLevelFromFile"/>),
/// replacing placeholders
/// <list>
/// <item>$AppDir$, $AppDirUrl$ => <paramref name="appDirectory"/></item>
/// <item>$CodeGen$ => (TODO)</item>
/// <item>$OriginHost$ => <paramref name="originUrl"/></item>
/// <item>$Gac$ => the current machine's GAC path</item>
/// </list>
/// </summary>
/// <param name="policyFileLocation"></param>
/// <param name="originUrl"></param>
/// <param name="appDirectory"></param>
/// <returns></returns>
public static PolicyLevel LoadDomainPolicyFromUri(Uri policyFileLocation, string appDirectory, string originUrl)
{
bool foundGacToken = false;
PolicyLevel domainPolicy = CreatePolicyLevel(policyFileLocation, appDirectory, appDirectory, originUrl, out foundGacToken);
if (foundGacToken)
{
CodeGroup rootCodeGroup = domainPolicy.RootCodeGroup;
bool hasGacMembershipCondition = false;
foreach (CodeGroup childCodeGroup in rootCodeGroup.Children)
{
if (childCodeGroup.MembershipCondition is GacMembershipCondition)
{
hasGacMembershipCondition = true;
break;
}
}
if (!hasGacMembershipCondition && (rootCodeGroup is FirstMatchCodeGroup))
{
FirstMatchCodeGroup firstMatchCodeGroup = (FirstMatchCodeGroup)rootCodeGroup;
if ((firstMatchCodeGroup.MembershipCondition is AllMembershipCondition) && (firstMatchCodeGroup.PermissionSetName == PERMISSIONSET_NOTHING))
{
PermissionSet unrestrictedPermissionSet = new PermissionSet(PermissionState.Unrestricted);
CodeGroup gacGroup = new UnionCodeGroup(new GacMembershipCondition(), new PolicyStatement(unrestrictedPermissionSet));
CodeGroup rootGroup = new FirstMatchCodeGroup(rootCodeGroup.MembershipCondition, rootCodeGroup.PolicyStatement);
foreach (CodeGroup childGroup in rootCodeGroup.Children)
{
if (((childGroup is UnionCodeGroup) && (childGroup.MembershipCondition is UrlMembershipCondition)) && (childGroup.PolicyStatement.PermissionSet.IsUnrestricted() && (gacGroup != null)))
{
rootGroup.AddChild(gacGroup);
gacGroup = null;
}
rootGroup.AddChild(childGroup);
}
domainPolicy.RootCodeGroup = rootGroup;
}
}
}
return(domainPolicy);
}
// Add file permission to restrict write access to all files
// on the local machine.
private static void addPolicy(ref FirstMatchCodeGroup codeGroup)
{
// Set the PolicyStatement property to a policy with read access to
// the root directory on drive C.
FileIOPermission rootFilePermissions =
new FileIOPermission(PermissionState.None);
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read;
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\");
NamedPermissionSet namedPermissions =
new NamedPermissionSet("RootPermissions");
namedPermissions.AddPermission(rootFilePermissions);
// Create a PolicyStatement with exclusive rights to the policy.
PolicyStatement policy = new PolicyStatement(
namedPermissions,
PolicyStatementAttribute.Exclusive);
codeGroup.PolicyStatement = policy;
}
// Arguments: Codebase, flags, zone, srcurl
// If the flags indicate zone then a zone must be provided.
// If the flags indicate a site then a srcurl must be provided, codebase must be a filepath
public int Execute(string codebase, Int32 flags, Int32 evidenceZone, string evidenceSrcUrl, string stringArg)
{
string file = codebase;
if ((file.Length == 0) || (file[0] == '\0'))
{
throw new ArgumentException("Invalid codebase");
}
Console.WriteLine("Codebase- {0}", file);
// Find the appbase of the executable. For now we assume the
// form to be http://blah/... with forward slashes. This
// need to be update.
// Note: aso works with '\' as in file paths
string appbase = null;
string ConfigurationFile = null;
int k = file.LastIndexOf('/');
if (k <= 0)
{
k = file.LastIndexOf('\\');
if (k == 0)
{
appbase = file;
ConfigurationFile = file;
}
}
if (k != 0)
{
// if k is still < 0 at this point, appbase should be an empty string
appbase = file.Substring(0, k + 1);
if (k + 1 < file.Length)
{
ConfigurationFile = file.Substring(k + 1);
}
}
// Check 1: disallow non-fully qualified path/codebase
if ((appbase.Length == 0) || (appbase[0] == '.'))
{
throw new ArgumentException("Codebase must be fully qualified");
}
// BUGBUG: should appbase be the source of the code, not local?
Console.WriteLine("AppBase- {0}", appbase);
// Build up the configuration File name
if (ConfigurationFile != null)
{
StringBuilder bld = new StringBuilder();
bld.Append(ConfigurationFile);
bld.Append(".config");
ConfigurationFile = bld.ToString();
}
Console.WriteLine("Config- {0}", ConfigurationFile);
// Get the flags
// 0x1 we have Zone
// 0x2 we have a unique id.
int dwFlag = flags;
Evidence securityEvidence = null;
// Check 2: disallow called with no evidence
if (dwFlag == SECURITY_NONE)
{
// BUGBUG?: disallow executing with no evidence
throw new ArgumentException("Flag set at no evidence");
}
if ((dwFlag & SECURITY_SITE) != 0 ||
(dwFlag & SECURITY_ZONE) != 0)
{
securityEvidence = new Evidence();
}
// BUGBUG: check other invalid cases for dwFlag
string appURLbase = null;
if ((dwFlag & SECURITY_ZONE) != 0)
{
int zone = evidenceZone;
securityEvidence.AddHost(new Zone((System.Security.SecurityZone)zone));
Console.WriteLine("Evidence Zone- {0}", zone);
}
if ((dwFlag & SECURITY_SITE) != 0)
{
if (file.Length < 7 || String.Compare(file.Substring(0, 7), "file://", true) != 0)
{
securityEvidence.AddHost(System.Security.Policy.Site.CreateFromUrl(evidenceSrcUrl));
Console.WriteLine("Evidence SiteFromUrl- {0}", evidenceSrcUrl);
// BUGBUG: possible security hole? - if this intersects with Url/Zone _may_ resolve to a less restrictive policy...
// if srcUrl is given, assume file/appbase is a local file path
StringBuilder bld = new StringBuilder();
bld.Append("file://");
bld.Append(appbase);
securityEvidence.AddHost(new ApplicationDirectory(bld.ToString()));
Console.WriteLine("Evidence AppDir- {0}", bld);
}
// URLs may be matched exactly or by a wildcard in the final position,
// for example: http://www.fourthcoffee.com/process/*
StringBuilder bld2 = new StringBuilder();
if (evidenceSrcUrl[evidenceSrcUrl.Length - 1] == '/')
{
bld2.Append(evidenceSrcUrl);
}
else
{
int j = evidenceSrcUrl.LastIndexOf('/');
if (j > 0)
{
if (j > 7) // evidenceSrcUrl == "http://a/file.exe"
{
bld2.Append(evidenceSrcUrl.Substring(0, j + 1));
}
else
{
// evidenceSrcUrl == "http://foo.com" -> but why?
bld2.Append(evidenceSrcUrl);
bld2.Append('/');
}
}
else
{
throw new ArgumentException("Invalid Url format");
}
}
appURLbase = bld2.ToString();
bld2.Append('*');
securityEvidence.AddHost(new Url(bld2.ToString()));
Console.WriteLine("Evidence Url- {0}", bld2);
}
// other evidence: Hash, Publisher, StrongName
// NOTENOTE: not effective if not both url and zone in evidence
// Populate the PolicyLevel with code groups that will do the following:
// 1) For all assemblies that come from this app's cache directory,
// give permissions from retrieved permission set from SecurityManager.
// 2) For all other assemblies, give FullTrust permission set. Remember,
// since the permissions will be intersected with other policy levels,
// just because we grant full trust to all other assemblies does not mean
// those assemblies will end up with full trust.
// Create a new System.Security.Policy.PolicyStatement that does not contain any permissions.
PolicyStatement Nada = new PolicyStatement(new PermissionSet(PermissionState.None));//PermissionSet());
// Create a System.Security.Policy.FirstMatchCodeGroup as the root that matches all
// assemblies by supplying an AllMembershipCondition:
FirstMatchCodeGroup RootCG = new FirstMatchCodeGroup(new AllMembershipCondition(), Nada);
// ResolvePolicy will return a System.Security.PermissionSet
PermissionSet AppPerms = SecurityManager.ResolvePolicy(securityEvidence);
// Create another PolicyStatement for the permissions that we want to grant to code from the app directory:
PolicyStatement AppStatement = new PolicyStatement(AppPerms);
// Create a child UnionCodeGroup to handle the assemblies from the app cache. We do this
// by using a UrlMembershipCondition set to the app cache directory:
UnionCodeGroup AppCG = new UnionCodeGroup(new UrlMembershipCondition("file://" + appbase + "*"), AppStatement);
// Add AppCG to RootCG as first child. This is important because we need it to be evaluated first
// if ((dwFlag & TYPE_AVALON) == 0)
RootCG.AddChild(AppCG);
// Create another PolicyStatement so all other code gets full trust, by passing in an _unrestricted_ PermissionSet
PolicyStatement FullTrustStatement = new PolicyStatement(new PermissionSet(PermissionState.Unrestricted));
// Create a second child UnionCodeGroup to handle all other code, by using the AllMembershipCondition again
UnionCodeGroup AllCG = new UnionCodeGroup(new AllMembershipCondition(), FullTrustStatement);
// Add AllCG to RootCG after AppCG. If AppCG doesnt apply to the assembly, AllCG will.
RootCG.AddChild(AllCG);
// This will be the PolicyLevel that we will associate with the new AppDomain.
PolicyLevel AppPolicy = PolicyLevel.CreateAppDomainLevel();
// Set the RootCG as the root code group on the new policy level
AppPolicy.RootCodeGroup = RootCG;
// NOTENOTE
// Code from the site that lives on the local machine will get the reduced permissions as expected.
// Dependencies of this app (not under app dir or maybe dependencies that live in the GAC) would still get full trust.
// If the full trust dependencies need to do something trusted, they carry the burden of asserting to overcome the stack walk.
// Set domain name to site name if possible
string friendlyName = null;
if ((dwFlag & SECURITY_SITE) != 0)
{
friendlyName = GetSiteName(evidenceSrcUrl);
}
else
{
friendlyName = GetSiteName(file);
}
Console.WriteLine("AppDomain friendlyName- {0}", friendlyName);
// set up arguments
// only allow 1 for now
string[] args;
if (stringArg != null)
{
args = new string[1];
args[0] = stringArg;
}
else
{
args = new string[0];
}
AppDomainSetup properties = new AppDomainSetup();
// properties.DisallowPublisherPolicy=true; // not allowed to set safe mode
properties.ApplicationBase = appbase; // BUGBUG: security? see note on ApplicationDirectory above
properties.PrivateBinPath = "bin";
if (ConfigurationFile != null)
{
properties.ConfigurationFile = ConfigurationFile; // should not set config file if it doesnot exist?
}
AppDomain proxy = AppDomain.CreateDomain(friendlyName, null, properties);
if (proxy != null)
{
// set the AppPolicy policy level as the policy level for the AppDomain
proxy.SetAppDomainPolicy(AppPolicy);
AssemblyName asmname = Assembly.GetExecutingAssembly().GetName();
Console.WriteLine("AsmExecute name- {0}", asmname);
try
{
// Use remoting. Otherwise asm will be loaded both in current and the new AppDomain
// ... as explained by URT dev
// asmexec.dll must be found on path (CorPath?) or in the GAC for this to work.
ObjectHandle handle = proxy.CreateInstance(asmname.FullName, "FusionCLRHost.AsmExecute");
if (handle != null)
{
AsmExecute execproxy = (AsmExecute)handle.Unwrap();
int retVal = -1;
if (execproxy != null)
{
// prepare for on-demand/asm resolution
execproxy.InitOnDemand(appbase, appURLbase);
}
Console.WriteLine("\n========");
if (execproxy != null)
{
if ((dwFlag & TYPE_AVALON) != 0)
{
retVal = execproxy.ExecuteAsAvalon(file, securityEvidence, args);
}
else
{
retVal = execproxy.ExecuteAsAssembly(file, securityEvidence, args);
}
}
Console.WriteLine("\n========");
return(retVal);
}
}
catch (Exception e)
{
Console.WriteLine("AsmExecute CreateInstance(AsmExecute) / execute assembly failed:\n{0}: {1}", e.GetType(), e.Message);
throw e;
}
}
else
{
Console.WriteLine("AsmExecute CreateDomain failed");
}
// BUGBUG: throw Exception?
return(-1);
}
// This routine sets up the Code Access Security policy that Terrarium runs under. It is key
// to ensuring that organisms can never do anything dangerous.
//
// The policy tree looks like this:
// All Code - Nothing
// My Computer - Nothing
// Terrarium Code Directory - Execute permission only
// Terrarium Key - Full Trust
// System.dll Code base - Full Trust (for XML serialization emitted assemblies)
// MS Name - Full Trust
// ECMA Name - Full Trust
// Terrarium.Exe Code Dir - Execute Only
//
// Order is important since we're using a first match code group. If an assembly lives in the cache directory,
// it gets nothing.
internal static PolicyLevel MakePolicyLevel(string cacheDir)
{
var noPerms = new PermissionSet(PermissionState.None);
// All Code, Nothing
var allCode = new FirstMatchCodeGroup(new AllMembershipCondition(),
new PolicyStatement(noPerms));
// My Computer, Nothing
var myComputer =
new FirstMatchCodeGroup(new ZoneMembershipCondition(SecurityZone.MyComputer),
new PolicyStatement(noPerms));
// Terrarium code dir: if name is blank, skip it
UnionCodeGroup cacheDirGroup = null;
if (cacheDir != null)
{
var cacheDirFull = Path.GetFullPath(cacheDir);
if (Directory.Exists(cacheDirFull))
{
var fileCanon = cacheDirFull.Replace("\\", "/");
var fileUrl = String.Format("file://{0}/*", fileCanon);
cacheDirGroup = new UnionCodeGroup(new UrlMembershipCondition(fileUrl),
new PolicyStatement(MakeExecutionOnlyPermSet()));
}
}
// When webservices creates a serialization dll dynamically, it loads it into memory
// and it gets the evidence from System.Dll. Thus, to make sure these assemblies get
// full trust, we need to make sure that anything that has this same evidence is
// added to policy
var codeBase = typeof(Process).Assembly.CodeBase;
var systemDll =
new UnionCodeGroup(new UrlMembershipCondition(codeBase),
new PolicyStatement(MakeTrustedPermSet()));
var myCodeTrust =
new UnionCodeGroup(new StrongNameMembershipCondition(
MakeSelfRelativeBlob(), null, null),
new PolicyStatement(MakeTrustedPermSet()));
var myMSTrust = MakeMSCodeGroup();
var ecmaTrust = MakeEcmaCodeGroup();
// Terrarium does a Load(byte []) on assemblies to check them before it copies them to the PAC to
// truly load them. However, since unsigned (by MS or Terrarium) assemblies outside of the PAC
// don't get execute permissions, this load fails. Since we are doing a Load(byte []), the evidence
// will say that the assembly is coming from the same location as Terrarium.Exe, therefore
// we need to add policy that gives unsigned assemblies in the same location as terrarium.exe
// Execute permissions. This is the exact code (and logic) we use for the systemDll code group above.
var terrariumCodeBase = typeof(GameEngine).Assembly.CodeBase;
var checkAssemblyTrust = new UnionCodeGroup(new UrlMembershipCondition(terrariumCodeBase),
new PolicyStatement(MakeExecutionOnlyPermSet()));
// add children of MyComputer CG
if (cacheDirGroup != null)
{
myComputer.AddChild(cacheDirGroup);
}
myComputer.AddChild(myCodeTrust);
myComputer.AddChild(systemDll);
myComputer.AddChild(myMSTrust);
myComputer.AddChild(ecmaTrust);
myComputer.AddChild(checkAssemblyTrust);
// add MyComputer under All Code
allCode.AddChild(myComputer);
var level = PolicyLevel.CreateAppDomainLevel();
level.RootCodeGroup = allCode;
return(level);
}
public void ResolveMatchingCodeGroups_Null()
{
FirstMatchCodeGroup cg = new FirstMatchCodeGroup(new AllMembershipCondition(), new PolicyStatement(new PermissionSet(PermissionState.None)));
cg.ResolveMatchingCodeGroups(null);
}
// Print the properties of the specified code group to the console.
private static void PrintCodeGroup(CodeGroup codeGroup)
{
// Compare the type of the specified object with the
// FirstMatchCodeGroup type.
//<Snippet12>
if (!codeGroup.GetType().Equals(typeof(FirstMatchCodeGroup)))
//</Snippet12>
{
throw new ArgumentException(
"Expected the FirstMatchCodeGroup type.");
}
string codeGroupName = codeGroup.Name;
string membershipCondition = codeGroup.MembershipCondition.ToString();
//<Snippet13>
string permissionSetName = codeGroup.PermissionSetName;
//</Snippet13>
//<Snippet14>
int hashCode = codeGroup.GetHashCode();
//</Snippet14>
string mergeLogic = "";
//<Snippet15>
if (codeGroup.MergeLogic.Equals("First Match"))
//</Snippet15>
{
mergeLogic = "with first-match merge logic";
}
// Retrieve the class path for the FirstMatchCodeGroup.
//<Snippet16>
string firstMatchGroupClass = codeGroup.ToString();
//</Snippet16>
string attributeString = "";
// Retrieve the string representation of the FirstMatchCodeGroup's
// attributes.
//<Snippet5>
if (codeGroup.AttributeString != null)
{
attributeString = codeGroup.AttributeString;
}
//</Snippet5>
// Write a summary to the console window.
Console.WriteLine("\n*** " + firstMatchGroupClass + " summary ***");
Console.Write("A FirstMatchCodeGroup named ");
Console.Write(codeGroupName + mergeLogic);
Console.Write(" has been created with hash code(" + hashCode + ").");
Console.Write("\nThis code group contains a " + membershipCondition);
Console.Write(" membership condition with the ");
Console.WriteLine(permissionSetName + " permission set.");
Console.Write("The code group contains the following policy: ");
Console.Write(ResolveEvidence(codeGroup));
Console.Write("\nIt also contains the following attributes: ");
Console.WriteLine(attributeString);
int childCount = codeGroup.Children.Count;
if (childCount > 0)
{
Console.Write("There are " + childCount);
Console.WriteLine(" child elements in the code group.");
// Iterate through the child code groups to display their names
// and then remove them from the specified code group.
for (int i = 0; i < childCount; i++)
{
// Retrieve a child code group, which has been cast as a
// FirstMatchCodeGroup type.
//<Snippet21>
FirstMatchCodeGroup childCodeGroup =
(FirstMatchCodeGroup)codeGroup.Children[i];
//</Snippet21>
Console.Write("Removing the " + childCodeGroup.Name + ".");
// Remove the child code group.
//<Snippet17>
codeGroup.RemoveChild(childCodeGroup);
//</Snippet17>
}
Console.WriteLine();
}
else
{
Console.WriteLine(" No child code groups were found in this" +
" code group.");
}
}
public void MergeLogic()
{
FirstMatchCodeGroup cg = new FirstMatchCodeGroup(new AllMembershipCondition(), new PolicyStatement(new PermissionSet(PermissionState.None)));
Assert.AreEqual("First Match", cg.MergeLogic, "MergeLogic");
}
// Here is the managed portion of the QuickCache code. It
// is mainly concerned with detecting whether it is valid
// for us to use the quick cache, and then calculating the
// proper mapping of partial evidence to partial mapping.
//
// The choice of the partial evidence sets is fairly arbitrary
// and in this case is tailored to give us meaningful
// results from default policy.
//
// The choice of whether or not we can use the quick cache
// is far from arbitrary. There are a couple conditions that must
// be true for the QuickCache to produce valid result. These
// are:
//
// * equivalent evidence objects must produce the same
// grant set (i.e. it must be independent of time of day,
// space on the harddisk, other "external" factors, and
// cannot be random).
//
// * evidence must be used positively (i.e. if evidence A grants
// permission X, then evidence A+B must grant at least permission
// X).
//
// In particular for our implementation, this means that we
// limit the classes that can be used by policy to just
// the ones defined within mscorlib and that there are
// no Exclusive bits set on any code groups.
internal static bool CanUseQuickCache(CodeGroup group)
{
ArrayList list = new ArrayList();
list.Add(group);
for (int i = 0; i < list.Count; ++i)
{
group = (CodeGroup)list[i];
NetCodeGroup netGroup = group as NetCodeGroup;
UnionCodeGroup unionGroup = group as UnionCodeGroup;
FirstMatchCodeGroup firstGroup = group as FirstMatchCodeGroup;
FileCodeGroup fileGroup = group as FileCodeGroup;
if (netGroup != null)
{
if (!TestPolicyStatement(netGroup.PolicyStatement))
{
return(false);
}
}
else if (unionGroup != null)
{
if (!TestPolicyStatement(unionGroup.PolicyStatement))
{
return(false);
}
}
else if (firstGroup != null)
{
if (!TestPolicyStatement(firstGroup.PolicyStatement))
{
return(false);
}
}
else if (fileGroup != null)
{
if (!TestPolicyStatement(fileGroup.PolicyStatement))
{
return(false);
}
}
else
{
return(false);
}
IMembershipCondition cond = group.MembershipCondition;
if (cond != null && !(cond is IConstantMembershipCondition))
{
return(false);
}
IList children = group.Children;
if (children != null && children.Count > 0)
{
IEnumerator enumerator = children.GetEnumerator();
while (enumerator.MoveNext())
{
list.Add(enumerator.Current);
}
}
}
return(true);
}
public void Constructor_MembershipConditionNullPolicyStatement()
{
FirstMatchCodeGroup cg = new FirstMatchCodeGroup(null, new PolicyStatement(new PermissionSet(PermissionState.None)));
}
