private static NamedPermissionSet BuildLocalIntranet()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.LocalIntranet, PermissionState.None);
nps.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME;USER"));
nps.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission(PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isfp.UserQuota = Int64.MaxValue;
nps.AddPermission(isfp);
nps.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit));
SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
nps.AddPermission(new SecurityPermission(spf));
nps.AddPermission(new UIPermission(PermissionState.Unrestricted));
// DnsPermission requires stuff outside corlib (System)
nps.AddPermission(PermissionBuilder.Create(DnsPermissionClass, PermissionState.Unrestricted));
// PrintingPermission requires stuff outside corlib (System.Drawing)
nps.AddPermission(PermissionBuilder.Create(PrintingPermission("SafePrinting")));
return(nps);
}
private static NamedPermissionSet BuildEverything()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Everything", PermissionState.None);
namedPermissionSet.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new RegistryPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new KeyContainerPermission(PermissionState.Unrestricted));
SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.AllFlags;
securityPermissionFlag &= ~SecurityPermissionFlag.SkipVerification;
namedPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlag));
namedPermissionSet.AddPermission(new UIPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Diagnostics.EventLogPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Diagnostics.PerformanceCounterPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Messaging.MessageQueuePermission, System.Messaging, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.ServiceProcess.ServiceControllerPermission, System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
return(namedPermissionSet);
}
private static NamedPermissionSet BuildInternet()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Internet", PermissionState.None);
namedPermissionSet.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open));
namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.None)
{
UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser,
UserQuota = 512000L
});
namedPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
namedPermissionSet.AddPermission(new UIPermission(UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));
namedPermissionSet.AddPermission(PermissionBuilder.Create(DefaultPolicies.PrintingPermission("SafePrinting")));
return(namedPermissionSet);
}
private static NamedPermissionSet BuildInternet()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.Internet, PermissionState.None);
nps.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission(PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser;
isfp.UserQuota = 512000;
nps.AddPermission(isfp);
nps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
nps.AddPermission(new UIPermission(UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));
// PrintingPermission requires stuff outside corlib (System.Drawing)
nps.AddPermission(PermissionBuilder.Create(PrintingPermission("SafePrinting")));
return(nps);
}
private static NamedPermissionSet BuildLocalIntranet()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("LocalIntranet", PermissionState.None);
namedPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME;USER"));
namedPermissionSet.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.None)
{
UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser,
UserQuota = long.MaxValue
});
namedPermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit));
SecurityPermissionFlag flag = SecurityPermissionFlag.Assertion | SecurityPermissionFlag.Execution;
namedPermissionSet.AddPermission(new SecurityPermission(flag));
namedPermissionSet.AddPermission(new UIPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create(DefaultPolicies.PrintingPermission("SafePrinting")));
return(namedPermissionSet);
}
private static NamedPermissionSet BuildEverything()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.Everything, PermissionState.None);
nps.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted));
nps.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
nps.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
nps.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
nps.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
nps.AddPermission(new RegistryPermission(PermissionState.Unrestricted));
nps.AddPermission(new KeyContainerPermission(PermissionState.Unrestricted));
// not quite all in this case
SecurityPermissionFlag spf = SecurityPermissionFlag.AllFlags;
spf &= ~SecurityPermissionFlag.SkipVerification;
nps.AddPermission(new SecurityPermission(spf));
nps.AddPermission(new UIPermission(PermissionState.Unrestricted));
// others requires stuff outside corlib
#if !MOBILE
nps.AddPermission(PermissionBuilder.Create(DnsPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(PrintingPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(EventLogPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(SocketPermissionClass, PermissionState.Unrestricted));
#endif
nps.AddPermission(PermissionBuilder.Create(WebPermissionClass, PermissionState.Unrestricted));
#if !MOBILE
nps.AddPermission(PermissionBuilder.Create(PerformanceCounterPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(DirectoryServicesPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(MessageQueuePermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(ServiceControllerPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(OleDbPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(SqlClientPermissionClass, PermissionState.Unrestricted));
// nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted));
// nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted));
#endif
return(nps);
}
internal bool CheckDeny(CodeAccessPermission denied)
{
if (denied == null)
{
return(true);
}
Type t = denied.GetType();
if (t != this.GetType())
{
return(true);
}
IPermission inter = Intersect(denied);
if (inter == null)
{
return(true);
}
// sadly that's not enough :( at this stage we must also check
// if an empty (PermissionState.None) is a subset of the denied
// (which is like a empty intersection looks like for flag based
// permissions, e.g. AspNetHostingPermission).
return(denied.IsSubsetOf(PermissionBuilder.Create(t)));
}
