public static void Main()
{
NamedPermissionSet ps = new NamedPermissionSet("SamplePermissionSet", PermissionState.None);
ps.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, @"C:\test\"));
ps.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
Console.WriteLine(ps.ToXml().ToString());
}
private static NamedPermissionSet BuildLocalIntranet()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.LocalIntranet, PermissionState.None);
nps.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME;USER"));
nps.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission(PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isfp.UserQuota = Int64.MaxValue;
nps.AddPermission(isfp);
nps.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit));
SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
nps.AddPermission(new SecurityPermission(spf));
nps.AddPermission(new UIPermission(PermissionState.Unrestricted));
// DnsPermission requires stuff outside corlib (System)
nps.AddPermission(PermissionBuilder.Create(DnsPermissionClass, PermissionState.Unrestricted));
// PrintingPermission requires stuff outside corlib (System.Drawing)
nps.AddPermission(PermissionBuilder.Create(PrintingPermission("SafePrinting")));
#if !NET_2_0
// EventLogPermission requires stuff outside corlib (System)
nps.AddPermission(PermissionBuilder.Create(EventLogPermission(".", "Instrument")));
#endif
return(nps);
}
// Add a named permission set to the specified PolicyStatement.
private static void AddPermissions(ref PolicyStatement policyStatement)
{
// Construct a NamedPermissionSet with basic permissions.
NamedPermissionSet allPerms = new NamedPermissionSet("allPerms");
allPerms.AddPermission(
new SecurityPermission(SecurityPermissionFlag.Execution));
allPerms.AddPermission(
new ZoneIdentityPermission(SecurityZone.MyComputer));
allPerms.AddPermission(
new SiteIdentityPermission("www.contoso.com"));
policyStatement.PermissionSet = allPerms;
}
private static NamedPermissionSet BuildInternet()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Internet", PermissionState.None);
namedPermissionSet.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open));
namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.None)
{
UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser,
UserQuota = 512000L
});
namedPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
namedPermissionSet.AddPermission(new UIPermission(UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));
namedPermissionSet.AddPermission(PermissionBuilder.Create(DefaultPolicies.PrintingPermission("SafePrinting")));
return(namedPermissionSet);
}
// Create a builtin permission set by name.
private static PermissionSet CreateBuiltinPermissionSet(String name)
{
NamedPermissionSet set = null;
switch (name)
{
case "Execution":
{
set = new NamedPermissionSet
("Execution", PermissionState.None);
set.Description = _("Arg_PermissionsExecution");
set.AddPermission(new SecurityPermission
(SecurityPermissionFlag.Execution));
}
break;
case "FullTrust":
{
set = new NamedPermissionSet
("FullTrust", PermissionState.Unrestricted);
set.Description = _("Arg_PermissionsFullTrust");
}
break;
case "Internet":
{
set = new NamedPermissionSet
("Internet", PermissionState.None);
set.Description = _("Arg_PermissionsInternet");
}
break;
case "LocalIntranet":
{
set = new NamedPermissionSet
("LocalIntranet", PermissionState.None);
set.Description = _("Arg_PermissionsLocalIntranet");
}
break;
case "Nothing":
{
set = new NamedPermissionSet
("Nothing", PermissionState.None);
set.Description = _("Arg_PermissionsNothing");
}
break;
case "SkipVerification":
{
set = new NamedPermissionSet
("SkipVerification", PermissionState.None);
set.Description = _("Arg_PermissionsSkipVerification");
set.AddPermission(new SecurityPermission
(SecurityPermissionFlag.SkipVerification));
}
break;
}
return(set);
}
private static NamedPermissionSet BuildExecution()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.Execution, PermissionState.None);
nps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
return(nps);
}
private static NamedPermissionSet BuildExecution()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Execution", PermissionState.None);
namedPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
return(namedPermissionSet);
}
private static NamedPermissionSet BuildSkipVerification()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("SkipVerification", PermissionState.None);
namedPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification));
return(namedPermissionSet);
}
private static NamedPermissionSet BuildInternet()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.Internet, PermissionState.None);
nps.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission(PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser;
isfp.UserQuota = 512000;
nps.AddPermission(isfp);
nps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
nps.AddPermission(new UIPermission(UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));
// PrintingPermission requires stuff outside corlib (System.Drawing)
nps.AddPermission(PermissionBuilder.Create(PrintingPermission("SafePrinting")));
return(nps);
}
public void Copy_Name()
{
NamedPermissionSet nps = new NamedPermissionSet(name);
nps.Description = sentinel;
nps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Assertion));
NamedPermissionSet copy = (NamedPermissionSet)nps.Copy("Copy");
Assert.AreEqual("Copy", copy.Name, "Name");
Assert.AreEqual(nps.Description, copy.Description, "Description");
Assert.AreEqual(nps.Count, copy.Count, "Count");
}
// Add file permission to restrict write access to all files on the
// local machine.
private static void addPolicy(ref FileCodeGroup fileCodeGroup)
{
// Set the PolicyStatement property to a policy with read access to
// the root directory of drive C.
FileIOPermission rootFilePermissions =
new FileIOPermission(PermissionState.None);
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read;
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\");
NamedPermissionSet namedPermissions =
new NamedPermissionSet("RootPermissions");
namedPermissions.AddPermission(rootFilePermissions);
fileCodeGroup.PolicyStatement =
new PolicyStatement(namedPermissions);
}
private static NamedPermissionSet BuildLocalIntranet()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("LocalIntranet", PermissionState.None);
namedPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME;USER"));
namedPermissionSet.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.None)
{
UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser,
UserQuota = long.MaxValue
});
namedPermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit));
SecurityPermissionFlag flag = SecurityPermissionFlag.Assertion | SecurityPermissionFlag.Execution;
namedPermissionSet.AddPermission(new SecurityPermission(flag));
namedPermissionSet.AddPermission(new UIPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create(DefaultPolicies.PrintingPermission("SafePrinting")));
return(namedPermissionSet);
}
// Create a FirstMatchCodeGroup with an exclusive policy and membership
// condition.
private static FirstMatchCodeGroup constructDefaultGroup()
{
// Construct a new FirstMatchCodeGroup with Read, Write, Append
// and PathDiscovery access.
// Create read access permission to the root directory on drive C.
//<Snippet2>
FileIOPermission rootFilePermissions =
new FileIOPermission(PermissionState.None);
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read;
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\");
// Add a permission to a named permission set.
NamedPermissionSet namedPermissions =
new NamedPermissionSet("RootPermissions");
namedPermissions.AddPermission(rootFilePermissions);
// Create a PolicyStatement with exclusive rights to the policy.
PolicyStatement policy = new PolicyStatement(
namedPermissions, PolicyStatementAttribute.Exclusive);
// Create a FirstMatchCodeGroup with a membership condition that
// matches all code, and an exclusive policy.
FirstMatchCodeGroup codeGroup =
new FirstMatchCodeGroup(
new AllMembershipCondition(),
policy);
//</Snippet2>
// Set the name of the first match code group.
//<Snippet3>
codeGroup.Name = "TempCodeGroup";
//</Snippet3>
// Set the description of the first match code group.
//<Snippet4>
codeGroup.Description = "Temp folder permissions group";
//</Snippet4>
return(codeGroup);
}
// Add file permission to restrict write access to all files
// on the local machine.
private static void addPolicy(ref FirstMatchCodeGroup codeGroup)
{
// Set the PolicyStatement property to a policy with read access to
// the root directory on drive C.
FileIOPermission rootFilePermissions =
new FileIOPermission(PermissionState.None);
rootFilePermissions.AllLocalFiles = FileIOPermissionAccess.Read;
rootFilePermissions.SetPathList(FileIOPermissionAccess.Read, "C:\\");
NamedPermissionSet namedPermissions =
new NamedPermissionSet("RootPermissions");
namedPermissions.AddPermission(rootFilePermissions);
// Create a PolicyStatement with exclusive rights to the policy.
PolicyStatement policy = new PolicyStatement(
namedPermissions,
PolicyStatementAttribute.Exclusive);
codeGroup.PolicyStatement = policy;
}
private void CreateAppDomain()
{
bool lockTaken = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
Monitor.Enter(s_AppDomains.SyncRoot, ref lockTaken);
if (s_CleanedUp)
{
throw new InvalidOperationException(SR.GetString("net_cant_perform_during_shutdown"));
}
if (s_AppDomainInfo == null)
{
s_AppDomainInfo = new AppDomainSetup();
s_AppDomainInfo.DisallowBindingRedirects = true;
s_AppDomainInfo.DisallowCodeDownload = true;
NamedPermissionSet permSet = new NamedPermissionSet("__WebProxySandbox", PermissionState.None);
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
ApplicationTrust trust = new ApplicationTrust {
DefaultGrantSet = new PolicyStatement(permSet)
};
s_AppDomainInfo.ApplicationTrust = trust;
s_AppDomainInfo.ApplicationBase = Environment.SystemDirectory;
}
AppDomain context = s_ExcessAppDomain;
if (context != null)
{
TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(AutoWebProxyScriptWrapper.CloseAppDomainCallback), context);
throw new InvalidOperationException(SR.GetString("net_cant_create_environment"));
}
this.appDomainIndex = s_NextAppDomainIndex++;
try
{
}
finally
{
PermissionSet grantSet = new PermissionSet(PermissionState.None);
grantSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
s_ExcessAppDomain = AppDomain.CreateDomain("WebProxyScript", null, s_AppDomainInfo, grantSet, null);
try
{
s_AppDomains.Add(this.appDomainIndex, s_ExcessAppDomain);
this.scriptDomain = s_ExcessAppDomain;
}
finally
{
if (object.ReferenceEquals(this.scriptDomain, s_ExcessAppDomain))
{
s_ExcessAppDomain = null;
}
else
{
try
{
s_AppDomains.Remove(this.appDomainIndex);
}
finally
{
TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(AutoWebProxyScriptWrapper.CloseAppDomainCallback), s_ExcessAppDomain);
}
}
}
}
}
finally
{
if (lockTaken)
{
Monitor.Exit(s_AppDomains.SyncRoot);
}
}
}
internal static NamedPermissionSet CreateSkipVerificationSet()
{
NamedPermissionSet permSet;
permSet = new NamedPermissionSet( "SkipVerification", PermissionState.None );
permSet.Description = "Grants right to bypass the verification";
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification));
return permSet;
}
private static NamedPermissionSet BuildEverything ()
{
NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Everything, PermissionState.None);
nps.AddPermission (new EnvironmentPermission (PermissionState.Unrestricted));
nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
nps.AddPermission (new FileIOPermission (PermissionState.Unrestricted));
nps.AddPermission (new IsolatedStorageFilePermission (PermissionState.Unrestricted));
nps.AddPermission (new ReflectionPermission (PermissionState.Unrestricted));
nps.AddPermission (new RegistryPermission (PermissionState.Unrestricted));
nps.AddPermission (new KeyContainerPermission (PermissionState.Unrestricted));
// not quite all in this case
SecurityPermissionFlag spf = SecurityPermissionFlag.AllFlags;
spf &= ~SecurityPermissionFlag.SkipVerification;
nps.AddPermission (new SecurityPermission (spf));
nps.AddPermission (new UIPermission (PermissionState.Unrestricted));
// others requires stuff outside corlib
nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (PrintingPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (EventLogPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (SocketPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (WebPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (PerformanceCounterPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (DirectoryServicesPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (MessageQueuePermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (ServiceControllerPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (OleDbPermissionClass, PermissionState.Unrestricted));
nps.AddPermission (PermissionBuilder.Create (SqlClientPermissionClass, PermissionState.Unrestricted));
// nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted));
// nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted));
return nps;
}
private static NamedPermissionSet BuildExecution ()
{
NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Execution, PermissionState.None);
nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
return nps;
}
private static NamedPermissionSet BuildInternet ()
{
NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Internet, PermissionState.None);
nps.AddPermission (new FileDialogPermission (FileDialogPermissionAccess.Open));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser;
isfp.UserQuota = 512000;
nps.AddPermission (isfp);
nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
nps.AddPermission (new UIPermission (UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));
// PrintingPermission requires stuff outside corlib (System.Drawing)
nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
return nps;
}
private static NamedPermissionSet BuildLocalIntranet ()
{
NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.LocalIntranet, PermissionState.None);
nps.AddPermission (new EnvironmentPermission (EnvironmentPermissionAccess.Read, "USERNAME;USER"));
nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isfp.UserQuota = Int64.MaxValue;
nps.AddPermission (isfp);
nps.AddPermission (new ReflectionPermission (ReflectionPermissionFlag.ReflectionEmit));
SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
nps.AddPermission (new SecurityPermission (spf));
nps.AddPermission (new UIPermission (PermissionState.Unrestricted));
// DnsPermission requires stuff outside corlib (System)
nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
// PrintingPermission requires stuff outside corlib (System.Drawing)
nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
return nps;
}
/// <summary>
/// Creates a new instance providing default "FullTrust", "Nothing", "MediumTrust" and "LowTrust" permissionsets
/// </summary>
/// <param name="allowUnmanagedCode">NCover requires unmangaged code permissions, set this flag <c>true</c> in this case.</param>
public SecurityTemplate(bool allowUnmanagedCode)
{
PolicyLevel pLevel = PolicyLevel.CreateAppDomainLevel();
// NOTHING permissionset
if (null == pLevel.GetNamedPermissionSet(PERMISSIONSET_NOTHING))
{
NamedPermissionSet noPermissionSet = new NamedPermissionSet(PERMISSIONSET_NOTHING, PermissionState.None);
noPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.NoFlags));
pLevel.AddNamedPermissionSet(noPermissionSet);
}
// FULLTRUST permissionset
if (null == pLevel.GetNamedPermissionSet(PERMISSIONSET_FULLTRUST))
{
NamedPermissionSet fulltrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_FULLTRUST, PermissionState.Unrestricted);
pLevel.AddNamedPermissionSet(fulltrustPermissionSet);
}
// MEDIUMTRUST permissionset (corresponds to ASP.Net permission set in web_mediumtrust.config)
NamedPermissionSet mediumTrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_MEDIUMTRUST, PermissionState.None);
mediumTrustPermissionSet.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium));
mediumTrustPermissionSet.AddPermission(new DnsPermission(PermissionState.Unrestricted));
mediumTrustPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read,
"TEMP;TMP;USERNAME;OS;COMPUTERNAME"));
mediumTrustPermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess,
AppDomain.CurrentDomain.BaseDirectory));
IsolatedStorageFilePermission isolatedStorageFilePermission = new IsolatedStorageFilePermission(PermissionState.None);
isolatedStorageFilePermission.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isolatedStorageFilePermission.UserQuota = 9223372036854775807;
mediumTrustPermissionSet.AddPermission(isolatedStorageFilePermission);
mediumTrustPermissionSet.AddPermission(new PrintingPermission(PrintingPermissionLevel.DefaultPrinting));
SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.Assertion | SecurityPermissionFlag.Execution |
SecurityPermissionFlag.ControlThread | SecurityPermissionFlag.ControlPrincipal |
SecurityPermissionFlag.RemotingConfiguration;
if (allowUnmanagedCode)
{
securityPermissionFlag |= SecurityPermissionFlag.UnmanagedCode;
}
mediumTrustPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlag));
mediumTrustPermissionSet.AddPermission(new System.Net.Mail.SmtpPermission(System.Net.Mail.SmtpAccess.Connect));
mediumTrustPermissionSet.AddPermission(new SqlClientPermission(PermissionState.Unrestricted));
mediumTrustPermissionSet.AddPermission(new WebPermission());
pLevel.AddNamedPermissionSet(mediumTrustPermissionSet);
// LOWTRUST permissionset (corresponds to ASP.Net permission set in web_mediumtrust.config)
NamedPermissionSet lowTrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_LOWTRUST, PermissionState.None);
lowTrustPermissionSet.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Low));
lowTrustPermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery,
AppDomain.CurrentDomain.BaseDirectory));
IsolatedStorageFilePermission isolatedStorageFilePermissionLow = new IsolatedStorageFilePermission(PermissionState.None);
isolatedStorageFilePermissionLow.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isolatedStorageFilePermissionLow.UserQuota = 1048576;
lowTrustPermissionSet.AddPermission(isolatedStorageFilePermissionLow);
SecurityPermissionFlag securityPermissionFlagLow = SecurityPermissionFlag.Execution;
if (allowUnmanagedCode)
{
securityPermissionFlagLow |= SecurityPermissionFlag.UnmanagedCode;
}
lowTrustPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlagLow));
pLevel.AddNamedPermissionSet(lowTrustPermissionSet);
// UnionCodeGroup rootCodeGroup = new UnionCodeGroup(new AllMembershipCondition(), new PolicyStatement(noPermissionSet, PolicyStatementAttribute.Nothing));
// pLevel.RootCodeGroup = rootCodeGroup;
_domainPolicy = pLevel;
}
private void CreateAppDomain()
{
// Locking s_AppDomains must happen in a CER so we don't orphan a lock that gets taken by AppDomain.DomainUnload.
bool lockHeld = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
Monitor.Enter(s_AppDomains.SyncRoot, ref lockHeld);
if (s_CleanedUp)
{
throw new InvalidOperationException(SR.GetString(SR.net_cant_perform_during_shutdown));
}
// Create singleton.
if (s_AppDomainInfo == null)
{
s_AppDomainInfo = new AppDomainSetup();
s_AppDomainInfo.DisallowBindingRedirects = true;
s_AppDomainInfo.DisallowCodeDownload = true;
NamedPermissionSet perms = new NamedPermissionSet("__WebProxySandbox", PermissionState.None);
perms.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
ApplicationTrust trust = new ApplicationTrust();
trust.DefaultGrantSet = new PolicyStatement(perms);
s_AppDomainInfo.ApplicationTrust = trust;
s_AppDomainInfo.ApplicationBase = Environment.SystemDirectory;
}
// If something's already in s_ExcessAppDomain, try to dislodge it again.
AppDomain excessAppDomain = s_ExcessAppDomain;
if (excessAppDomain != null)
{
TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(CloseAppDomainCallback), excessAppDomain);
throw new InvalidOperationException(SR.GetString(SR.net_cant_create_environment));
}
appDomainIndex = s_NextAppDomainIndex++;
try { }
finally
{
PermissionSet permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
//
s_ExcessAppDomain = AppDomain.CreateDomain(c_appDomainName, null, s_AppDomainInfo, permissionSet, null);
try
{
s_AppDomains.Add(appDomainIndex, s_ExcessAppDomain);
// This indicates to the finally and the finalizer that everything succeeded.
scriptDomain = s_ExcessAppDomain;
}
finally
{
// ReferenceEquals has a ReliabilityContract.
if (object.ReferenceEquals(scriptDomain, s_ExcessAppDomain))
{
s_ExcessAppDomain = null;
}
else
{
// Something failed. Leave the domain in s_ExcessAppDomain until we can get rid of it. No
// more AppDomains can be created until we do. In the mean time, keep attempting to get the
// TimerThread to remove it. Also, might as well remove it from the hash if it made it in.
try
{
s_AppDomains.Remove(appDomainIndex);
}
finally
{
// Can't call AppDomain.Unload from a user thread (or in a lock).
TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(CloseAppDomainCallback), s_ExcessAppDomain);
}
}
}
}
}
finally
{
if (lockHeld)
{
Monitor.Exit(s_AppDomains.SyncRoot);
}
}
}
internal static NamedPermissionSet CreateExecutionSet()
{
NamedPermissionSet permSet;
permSet = new NamedPermissionSet( "Execution", PermissionState.None );
permSet.Description = "Permits execution";
permSet.AddPermission( new SecurityPermission( SecurityPermissionFlag.Execution ) );
return permSet;
}
private static NamedPermissionSet BuildEverything()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.Everything, PermissionState.None);
nps.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted));
nps.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
nps.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
nps.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
nps.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
nps.AddPermission(new RegistryPermission(PermissionState.Unrestricted));
nps.AddPermission(new KeyContainerPermission(PermissionState.Unrestricted));
// not quite all in this case
SecurityPermissionFlag spf = SecurityPermissionFlag.AllFlags;
spf &= ~SecurityPermissionFlag.SkipVerification;
nps.AddPermission(new SecurityPermission(spf));
nps.AddPermission(new UIPermission(PermissionState.Unrestricted));
// others requires stuff outside corlib
nps.AddPermission(PermissionBuilder.Create(DnsPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(PrintingPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(EventLogPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(SocketPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(WebPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(PerformanceCounterPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(DirectoryServicesPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(MessageQueuePermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(ServiceControllerPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(OleDbPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(SqlClientPermissionClass, PermissionState.Unrestricted));
// nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted));
// nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted));
return(nps);
}
private static NamedPermissionSet BuildEverything()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Everything", PermissionState.None);
namedPermissionSet.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new RegistryPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new KeyContainerPermission(PermissionState.Unrestricted));
SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.AllFlags;
securityPermissionFlag &= ~SecurityPermissionFlag.SkipVerification;
namedPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlag));
namedPermissionSet.AddPermission(new UIPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Diagnostics.EventLogPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Diagnostics.PerformanceCounterPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Messaging.MessageQueuePermission, System.Messaging, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.ServiceProcess.ServiceControllerPermission, System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
return(namedPermissionSet);
}
private static NamedPermissionSet CreateSkipVerificationSet() {
NamedPermissionSet permSet = new NamedPermissionSet("SkipVerification", PermissionState.None);
permSet.m_descrResource = "Policy_PS_SkipVerification";
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification));
return permSet;
}
