public override ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
// Get the activation context from the application evidence.
// This HostSecurityManager does not examine the activator evidence
// nor is it concerned with the TrustManagerContext;
// it simply grants the requested grant in the application manifest.
IEnumerator enumerator = applicationEvidence.GetHostEnumerator();
ActivationArguments activationArgs = null;
while (enumerator.MoveNext())
{
activationArgs = enumerator.Current as ActivationArguments;
if (activationArgs != null)
{
break;
}
}
if (activationArgs == null)
{
return(null);
}
ActivationContext activationContext = activationArgs.ActivationContext;
if (activationContext == null)
{
return(null);
}
//<Snippet4>
ApplicationTrust trust = new ApplicationTrust(activationContext.Identity);
ApplicationSecurityInfo asi = new ApplicationSecurityInfo(activationContext);
trust.DefaultGrantSet = new PolicyStatement(asi.DefaultRequestSet, PolicyStatementAttribute.Nothing);
trust.IsApplicationTrustedToRun = true;
//</Snippet4>
return(trust);
}
public static void TrustManagerContextCallMethods()
{
TrustManagerContext tmc = new TrustManagerContext();
tmc = new TrustManagerContext(new TrustManagerUIContext());
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
return(default(ApplicationTrust));
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
ActivationArguments aa = null;
foreach (object o in applicationEvidence)
{
aa = (o as ActivationArguments);
if (aa != null)
{
break;
}
}
if (aa == null)
{
string msg = Locale.GetText("No {0} found in {1}.");
throw new ArgumentException(string.Format(msg, "ActivationArguments", "Evidence"), "applicationEvidence");
}
if (aa.ActivationContext == null)
{
string msg = Locale.GetText("No {0} found in {1}.");
throw new ArgumentException(string.Format(msg, "ActivationContext", "ActivationArguments"), "applicationEvidence");
}
// FIXME: this part is still untested (requires manifest support)
if (ApplicationSecurityManager.DetermineApplicationTrust(aa.ActivationContext, context))
{
if (aa.ApplicationIdentity == null)
{
return(new ApplicationTrust());
}
else
{
return(new ApplicationTrust(aa.ApplicationIdentity));
}
}
return(null);
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
Contract.EndContractBlock();
// This method looks for a trust decision for the ActivationContext in three locations, in order
// of preference:
//
// 1. Supplied by the host in the AppDomainSetup. If the host supplied a decision this way, it
// will be in the applicationEvidence.
// 2. Reuse the ApplicationTrust from the current AppDomain
// 3. Ask the TrustManager for a trust decision
// get the activation context from the application evidence.
// The default HostSecurityManager does not examine the activatorEvidence
// but other security managers could use it to figure out the
// evidence of the domain attempting to activate the application.
ActivationArguments activationArgs = applicationEvidence.GetHostEvidence <ActivationArguments>();
if (activationArgs == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ActivationContext actCtx = activationArgs.ActivationContext;
if (actCtx == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
// Make sure that any ApplicationTrust we find applies to the ActivationContext we're
// creating the new AppDomain for.
ApplicationTrust appTrust = applicationEvidence.GetHostEvidence <ApplicationTrust>();
if (appTrust != null &&
!CmsUtils.CompareIdentities(appTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
appTrust = null;
}
// If there was not a trust decision supplied in the Evidence, we can reuse the existing trust
// decision from this domain if its identity matches the ActivationContext of the new domain.
// Otherwise consult the TrustManager for a trust decision
if (appTrust == null)
{
if (AppDomain.CurrentDomain.ApplicationTrust != null &&
CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
appTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
appTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(actCtx, context);
}
}
// If the trust decision allows the application to run, then it should also have a permission set
// which is at least the permission set the application requested.
ApplicationSecurityInfo appRequest = new ApplicationSecurityInfo(actCtx);
if (appTrust != null &&
appTrust.IsApplicationTrustedToRun &&
!appRequest.DefaultRequestSet.IsSubsetOf(appTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return(appTrust);
}
/// <summary>Determines whether an application should be executed.</summary>
/// <returns>An <see cref="T:System.Security.Policy.ApplicationTrust" /> object that contains trust information about the application.</returns>
/// <param name="applicationEvidence">The <see cref="T:System.Security.Policy.Evidence" /> for the application to be activated.</param>
/// <param name="activatorEvidence">Optionally, the <see cref="T:System.Security.Policy.Evidence" /> for the activating application domain. </param>
/// <param name="context">A <see cref="T:System.Security.Policy.TrustManagerContext" /> that specifies the trust context. </param>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="applicationEvidence" /> is null.</exception>
/// <exception cref="T:System.ArgumentException">An <see cref="T:System.Runtime.Hosting.ActivationArguments" /> object could not be found in the application evidence.-or-The <see cref="P:System.Runtime.Hosting.ActivationArguments.ActivationContext" /> property in the activation arguments is null.</exception>
/// <exception cref="T:System.InvalidOperationException">The <see cref="T:System.Security.Policy.ApplicationTrust" /> grant set does not contain the minimum request set specified by the <see cref="T:System.ActivationContext" />.</exception>
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
ActivationArguments activationArguments = null;
foreach (object obj in applicationEvidence)
{
activationArguments = (obj as ActivationArguments);
if (activationArguments != null)
{
break;
}
}
if (activationArguments == null)
{
string text = Locale.GetText("No {0} found in {1}.");
throw new ArgumentException(string.Format(text, "ActivationArguments", "Evidence"), "applicationEvidence");
}
if (activationArguments.ActivationContext == null)
{
string text2 = Locale.GetText("No {0} found in {1}.");
throw new ArgumentException(string.Format(text2, "ActivationContext", "ActivationArguments"), "applicationEvidence");
}
if (!ApplicationSecurityManager.DetermineApplicationTrust(activationArguments.ActivationContext, context))
{
return(null);
}
if (activationArguments.ApplicationIdentity == null)
{
return(new ApplicationTrust());
}
return(new ApplicationTrust(activationArguments.ApplicationIdentity));
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
throw new NotImplementedException();
}
// Methods
public static bool DetermineApplicationTrust(System.ActivationContext activationContext, TrustManagerContext context)
{
}
public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
if (applicationEvidence == null)
{
throw new ArgumentNullException("applicationEvidence");
}
ActivationArguments hostEvidence = applicationEvidence.GetHostEvidence <ActivationArguments>();
if (hostEvidence == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ActivationContext activationContext = hostEvidence.ActivationContext;
if (activationContext == null)
{
throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
}
ApplicationTrust applicationTrust = applicationEvidence.GetHostEvidence <ApplicationTrust>();
if ((applicationTrust != null) && !CmsUtils.CompareIdentities(applicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = null;
}
if (applicationTrust == null)
{
if ((AppDomain.CurrentDomain.ApplicationTrust != null) && CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
{
applicationTrust = AppDomain.CurrentDomain.ApplicationTrust;
}
else
{
applicationTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(activationContext, context);
}
}
ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
if (((applicationTrust != null) && applicationTrust.IsApplicationTrustedToRun) && !info.DefaultRequestSet.IsSubsetOf(applicationTrust.DefaultGrantSet.PermissionSet))
{
throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
}
return(applicationTrust);
}
public override ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
EventTrace.EasyTraceEvent(EventTrace.Keyword.KeywordHosting | EventTrace.Keyword.KeywordPerf, EventTrace.Level.Verbose, EventTrace.Event.WpfHost_DetermineApplicationTrustStart);
ApplicationTrust trust;
Uri activationUri = GetUriFromActivationData(0);
bool isDebug = PresentationAppDomainManager.IsDebug ? true : GetBoolFromActivationData(1);
BrowserInteropHelper.SetBrowserHosted(true);
if (isDebug)
{
context.IgnorePersistedDecision = true;
context.Persist = false;
context.KeepAlive = false;
context.NoPrompt = true;
trust = base.DetermineApplicationTrust(applicationEvidence, activatorEvidence, context);
}
else
{
// Elevation prompt for permissions beyond the default for the security zone is allowed only
// in the Intranet and Trusted Sites zones (v4).
Zone hostEvidence = applicationEvidence.GetHostEvidence <Zone>();
context.NoPrompt = !(hostEvidence.SecurityZone == SecurityZone.Intranet || hostEvidence.SecurityZone == SecurityZone.Trusted);
/*
* Now we need to convince the ClickOnce elevation prompt to use the browser's top-level window as
* the owner in order to block the browser's UI (and our Cancel button) and ensure the prompt
* stays on top. This is not easy.
* The prompt dialog is created without an explicit owner, on its own thread.
* There are layers of ClickOnce and pure security code before the UI is invoked (that's
* TrustManagerPromptUIThread in System.Windows.Forms.dll). So, passing the owner window handle
* would require some awkward plumbing.
*
* Since the dialog is shown on a separate thread, intercepting its creation or display is
* complicated. An EVENT_OBJECT_CREATE hook can do it. But there is a cascade of thread
* synchonization/access and window state issues if trying to set the owner on the fly.
*
* The cleanest solution ended up resorting to Detours. When not given an owner window,
* SWF.Form.ShowDialog() uses the active window as owner. Since the call to GetActiveWindow()
* occurs on a new thread, where there are no other windows, we couldn't just pre-set the owner
* as the active window. So, we intercept the GetActiveWindow() call and return the browser's
* top-level window. From that point on, everything in the Microsoft dialog works as if the owner
* was explicitly given. (And owner from a different thread or process is fully supported.)
*
* This condition is an optimization.
* DetermineApplicationTrust() is called up to 3 times: twice in the default AppDomain and once
* in the new one. Empirically, the elevation prompt is shown during the first call.
*/
bool forceOwner = !context.NoPrompt && ElevationPromptOwnerWindow != IntPtr.Zero;
if (forceOwner)
{
// The native code passes the DocObject top window, not the browser's top-level window,
// but we need exactly the top-level one.
IntPtr ownerWindow = UnsafeNativeMethods.GetAncestor(
new HandleRef(null, ElevationPromptOwnerWindow), NativeMethods.GA_ROOT);
SetFakeActiveWindow(ownerWindow);
ElevationPromptOwnerWindow = IntPtr.Zero; // to prevent further prompting
}
try
{
trust = base.DetermineApplicationTrust(applicationEvidence, activatorEvidence, context);
}
finally
{
if (forceOwner)
{
SetFakeActiveWindow(new IntPtr());
}
}
}
// Modify the permission grant set if necessary.
if (trust != null)
{
PermissionSet permissions = trust.DefaultGrantSet.PermissionSet;
if (isDebug)
{
Uri debugSecurityZoneURL = GetUriFromActivationData(2);
if (debugSecurityZoneURL != null)
{
permissions = AddPermissionForUri(permissions, debugSecurityZoneURL);
}
}
// CLR v4 breaking change: In some activation scenarios we get a ReadOnlyPermissionSet.
// This is a problem because:
// - Code may expect AppDomain.PermissionSet (or the old AppDomain.ApplicationTrust.
// DefaultGrantSet.PermissionSet) to return a mutable PermissionSet.
// - The ReadOnlyPermissionSet may have v2 and v3 assembly references--they are not 'unified'
// to the current framework version. This might confuse code doing more involved permission
// set comparisons or calculations.
// See bug Dev10.697110 for the longer story. Workaround is to copy the ROPS to a regular one.
if (permissions is ReadOnlyPermissionSet)
{
permissions = new PermissionSet(permissions);
}
trust.DefaultGrantSet.PermissionSet = permissions;
}
EventTrace.EasyTraceEvent(EventTrace.Keyword.KeywordHosting | EventTrace.Keyword.KeywordPerf, EventTrace.Level.Verbose, EventTrace.Event.WpfHost_DetermineApplicationTrustEnd);
return(trust);
}
public static System.Security.Policy.ApplicationTrust RequestTrust(SubscriptionState subState, bool isShellVisible, bool isUpdate, ActivationContext actCtx, TrustManagerContext tmc)
{
Logger.AddMethodCall("ApplicationTrust.RequestTrust(isShellVisible=" + isShellVisible.ToString() + ", isUpdate=" + isUpdate.ToString() + ", subState.IsInstalled=" + subState.IsInstalled.ToString() + ") called.");
if (!subState.IsInstalled || subState.IsShellVisible != isShellVisible)
{
tmc.IgnorePersistedDecision = true;
}
if (isUpdate)
{
tmc.PreviousApplicationIdentity = subState.CurrentBind.ToApplicationIdentity();
}
bool applicationTrust1;
try
{
Logger.AddInternalState("Calling ApplicationSecurityManager.DetermineApplicationTrust().");
Logger.AddInternalState("Trust Manager Context=" + Logger.Serialize(tmc));
applicationTrust1 = ApplicationSecurityManager.DetermineApplicationTrust(actCtx, tmc);
}
catch (TypeLoadException ex)
{
throw new InvalidDeploymentException(Resources.GetString("Ex_InvalidTrustInfo"), (Exception)ex);
}
if (!applicationTrust1)
{
throw new TrustNotGrantedException(Resources.GetString("Ex_NoTrust"));
}
Logger.AddInternalState("Trust granted.");
System.Security.Policy.ApplicationTrust applicationTrust2 = (System.Security.Policy.ApplicationTrust)null;
for (int index = 0; index < 5; ++index)
{
applicationTrust2 = ApplicationSecurityManager.UserApplicationTrusts[actCtx.Identity.FullName];
if (applicationTrust2 == null)
{
Thread.Sleep(10);
}
else
{
break;
}
}
if (applicationTrust2 == null)
{
throw new InvalidDeploymentException(Resources.GetString("Ex_InvalidMatchTrust"));
}
return(applicationTrust2);
}
public ApplicationTrust DetermineApplicationTrust(ActivationContext appContext, TrustManagerContext context)
{
ApplicationTrust trust = new ApplicationTrust(appContext.Identity);
trust.IsApplicationTrustedToRun = false;
ApplicationSecurityInfo asi = new ApplicationSecurityInfo(appContext);
trust.DefaultGrantSet = new PolicyStatement(asi.DefaultRequestSet, PolicyStatementAttribute.Nothing);
if (context.UIContext == TrustManagerUIContext.Run)
{
string message = "Do you want to run " + asi.ApplicationId.Name + " ?";
string caption = "MyTrustManager";
MessageBoxButtons buttons = MessageBoxButtons.YesNo;
DialogResult result;
// Displays the MessageBox.
result = MessageBox.Show(message, caption, buttons);
if (result == DialogResult.Yes)
{
trust.IsApplicationTrustedToRun = true;
if (context != null)
{
trust.Persist = context.Persist;
}
else
{
trust.Persist = false;
}
}
}
return(trust);
}
public override ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
{
EventTrace.EasyTraceEvent(EventTrace.Keyword.KeywordPerf | EventTrace.Keyword.KeywordHosting, EventTrace.Level.Verbose, EventTrace.Event.WpfHost_DetermineApplicationTrustStart);
Uri uriFromActivationData = this.GetUriFromActivationData(0);
bool flag = PresentationAppDomainManager.IsDebug || this.GetBoolFromActivationData(1);
BrowserInteropHelper.SetBrowserHosted(true);
ApplicationTrust applicationTrust;
if (flag)
{
context.IgnorePersistedDecision = true;
context.Persist = false;
context.KeepAlive = false;
context.NoPrompt = true;
applicationTrust = base.DetermineApplicationTrust(applicationEvidence, activatorEvidence, context);
}
else
{
Zone hostEvidence = applicationEvidence.GetHostEvidence <Zone>();
context.NoPrompt = (hostEvidence.SecurityZone != SecurityZone.Intranet && hostEvidence.SecurityZone != SecurityZone.Trusted);
bool flag2 = !context.NoPrompt && PresentationHostSecurityManager.ElevationPromptOwnerWindow != IntPtr.Zero;
if (flag2)
{
IntPtr ancestor = UnsafeNativeMethods.GetAncestor(new HandleRef(null, PresentationHostSecurityManager.ElevationPromptOwnerWindow), 2);
PresentationHostSecurityManager.SetFakeActiveWindow(ancestor);
PresentationHostSecurityManager.ElevationPromptOwnerWindow = IntPtr.Zero;
}
try
{
applicationTrust = base.DetermineApplicationTrust(applicationEvidence, activatorEvidence, context);
}
finally
{
if (flag2)
{
PresentationHostSecurityManager.SetFakeActiveWindow((IntPtr)0);
}
}
}
if (applicationTrust != null)
{
PermissionSet permissionSet = applicationTrust.DefaultGrantSet.PermissionSet;
if (flag)
{
Uri uriFromActivationData2 = this.GetUriFromActivationData(2);
if (uriFromActivationData2 != null)
{
permissionSet = PresentationHostSecurityManager.AddPermissionForUri(permissionSet, uriFromActivationData2);
}
}
if (permissionSet is ReadOnlyPermissionSet)
{
permissionSet = new PermissionSet(permissionSet);
}
applicationTrust.DefaultGrantSet.PermissionSet = permissionSet;
}
EventTrace.EasyTraceEvent(EventTrace.Keyword.KeywordPerf | EventTrace.Keyword.KeywordHosting, EventTrace.Level.Verbose, EventTrace.Event.WpfHost_DetermineApplicationTrustEnd);
return(applicationTrust);
}
// Methods
public static bool DetermineApplicationTrust(System.ActivationContext activationContext, TrustManagerContext context) {}
