public override bool Execute() { TrustInfo info = new TrustInfo { IsFullTrust = false }; FrameworkName name = null; string str = string.Empty; if (!string.IsNullOrEmpty(this.TargetFrameworkMoniker)) { name = new FrameworkName(this.TargetFrameworkMoniker); str = name.Version.ToString(); } if ((this.BaseManifest != null) && File.Exists(this.BaseManifest.ItemSpec)) { try { info.ReadManifest(this.BaseManifest.ItemSpec); } catch (Exception exception) { base.Log.LogErrorWithCodeFromResources("GenerateManifest.ReadInputManifestFailed", new object[] { this.BaseManifest.ItemSpec, exception.Message }); return false; } } if (!string.IsNullOrEmpty(this.ExcludedPermissions)) { base.Log.LogWarningFromResources("GenerateManifest.ExcludedPermissionsNotSupported", new object[0]); } try { if ((!string.IsNullOrEmpty(this.targetZone) && (info.PermissionSet != null)) && ((info.PermissionSet.Count > 0) && !string.Equals(this.targetZone, "Custom", StringComparison.OrdinalIgnoreCase))) { base.Log.LogErrorFromResources("GenerateManifest.KnownTargetZoneCannotHaveAdditionalPermissionType", new object[0]); return false; } info.PermissionSet = SecurityUtilities.ComputeZonePermissionSetHelper(this.TargetZone, info.PermissionSet, this.applicationDependencies, this.TargetFrameworkMoniker); if (info.PermissionSet == null) { base.Log.LogErrorWithCodeFromResources("GenerateManifest.NoPermissionSetForTargetZone", new object[] { str }); return false; } } catch (ArgumentNullException) { base.Log.LogErrorWithCodeFromResources("GenerateManifest.NoPermissionSetForTargetZone", new object[] { str }); return false; } catch (ArgumentException exception2) { if (!string.Equals(exception2.ParamName, "TargetZone", StringComparison.OrdinalIgnoreCase)) { throw; } base.Log.LogWarningWithCodeFromResources("GenerateManifest.InvalidItemValue", new object[] { "TargetZone", this.TargetZone }); } info.Write(this.TrustInfoFile.ItemSpec); return true; }
public void Basic() { TrustInfo t = new TrustInfo(); string file = FileUtilities.GetTemporaryFile(); File.Delete(file); t.WriteManifest(file); Assert.IsTrue(File.Exists(file)); // Writing a second time is an in-place modification. t.WriteManifest(file); Assert.IsTrue(File.Exists(file)); File.Delete(file); }
private void ValidateReferenceForPartialTrust(AssemblyReference assembly, TrustInfo trustInfo) { if (trustInfo.IsFullTrust) { return; } string path = assembly.ResolvedPath; AssemblyAttributeFlags flags = new AssemblyAttributeFlags(path); // if it's targeting v2.0 CLR then use the old logic to check for partial trust callers. if (Util.CompareFrameworkVersions(this.TargetFrameworkVersion, Constants.TargetFrameworkVersion35) <= 0) { if (assembly.IsPrimary && flags.IsSigned && !flags.HasAllowPartiallyTrustedCallersAttribute) { OutputMessages.AddWarningMessage("GenerateManifest.AllowPartiallyTrustedCallers", Path.GetFileNameWithoutExtension(path)); } } else { if (assembly.AssemblyIdentity != null && assembly.AssemblyIdentity.IsInFramework(Constants.DotNetFrameworkIdentifier, TargetFrameworkVersion)) { // if the binary is targeting v4.0 and it has the transparent attribute then we may allow partially trusted callers. if (assembly.IsPrimary && !(flags.HasAllowPartiallyTrustedCallersAttribute || flags.HasSecurityTransparentAttribute)) { OutputMessages.AddWarningMessage("GenerateManifest.AllowPartiallyTrustedCallers", Path.GetFileNameWithoutExtension(path)); } } else { // if the binary is targeting v4.0 and it has the transparent attribute then we may allow partially trusted callers. if (assembly.IsPrimary && flags.IsSigned && !(flags.HasAllowPartiallyTrustedCallersAttribute || flags.HasSecurityTransparentAttribute)) { OutputMessages.AddWarningMessage("GenerateManifest.AllowPartiallyTrustedCallers", Path.GetFileNameWithoutExtension(path)); } } } if (flags.HasPrimaryInteropAssemblyAttribute || flags.HasImportedFromTypeLibAttribute) { OutputMessages.AddWarningMessage("GenerateManifest.UnmanagedCodePermission", Path.GetFileNameWithoutExtension(path)); } }
/// <summary> /// Set the application's trust information /// </summary> /// <param name="manifest">ApplicationManifest object</param> /// <param name="trustLevel">Trust level</param> private static void SetTrustLevel(ApplicationManifest manifest, Command.TrustLevels trustLevel) { if (trustLevel != Command.TrustLevels.None) { TrustInfo ti = new Microsoft.Build.Tasks.Deployment.ManifestUtilities.TrustInfo(); manifest.TrustInfo = ti; if (trustLevel == Command.TrustLevels.FullTrust) { ti.IsFullTrust = true; } else { ti.PermissionSet = SecurityUtilities.ComputeZonePermissionSet(trustLevel.ToString(), null, null); ti.IsFullTrust = false; } } }
public override bool Execute() { TrustInfo trustInfo = new TrustInfo(); trustInfo.IsFullTrust = false; FrameworkNameVersioning fn = null; string dotNetVersion = string.Empty; if (!string.IsNullOrEmpty(TargetFrameworkMoniker)) { fn = new FrameworkNameVersioning(TargetFrameworkMoniker); dotNetVersion = fn.Version.ToString(); } // Read trust-info from app.manifest if (BaseManifest != null && File.Exists(BaseManifest.ItemSpec)) { try { trustInfo.ReadManifest(BaseManifest.ItemSpec); } catch (Exception ex) { Log.LogErrorWithCodeFromResources("GenerateManifest.ReadInputManifestFailed", BaseManifest.ItemSpec, ex.Message); return false; } } if (!String.IsNullOrEmpty(ExcludedPermissions)) Log.LogWarningFromResources("GenerateManifest.ExcludedPermissionsNotSupported"); try { // If it's a known zone and the user add additional permission to it. if (!String.IsNullOrEmpty(_targetZone) && trustInfo.PermissionSet != null && trustInfo.PermissionSet.Count > 0 && !String.Equals(_targetZone, Custom, StringComparison.OrdinalIgnoreCase)) { Log.LogErrorFromResources("GenerateManifest.KnownTargetZoneCannotHaveAdditionalPermissionType"); return false; } else { trustInfo.PermissionSet = SecurityUtilities.ComputeZonePermissionSetHelper(TargetZone, trustInfo.PermissionSet, _applicationDependencies, TargetFrameworkMoniker); if (trustInfo.PermissionSet == null) { Log.LogErrorWithCodeFromResources("GenerateManifest.NoPermissionSetForTargetZone", dotNetVersion); return false; } } } catch (ArgumentNullException) { Log.LogErrorWithCodeFromResources("GenerateManifest.NoPermissionSetForTargetZone", dotNetVersion); return false; } catch (ArgumentException ex) { if (String.Equals(ex.ParamName, "TargetZone", StringComparison.OrdinalIgnoreCase)) Log.LogWarningWithCodeFromResources("GenerateManifest.InvalidItemValue", "TargetZone", TargetZone); else throw; } // Write trust-info back to a stand-alone trust file trustInfo.Write(TrustInfoFile.ItemSpec); return true; }
private void ValidateReferenceForPartialTrust(AssemblyReference assembly, TrustInfo trustInfo) { if (trustInfo.IsFullTrust) return; string path = assembly.ResolvedPath; AssemblyAttributeFlags flags = new AssemblyAttributeFlags(path); // if it's targeting v2.0 CLR then use the old logic to check for partial trust callers. if (Util.CompareFrameworkVersions(this.TargetFrameworkVersion, Constants.TargetFrameworkVersion35) <= 0) { if (assembly.IsPrimary && flags.IsSigned && !flags.HasAllowPartiallyTrustedCallersAttribute) OutputMessages.AddWarningMessage("GenerateManifest.AllowPartiallyTrustedCallers", Path.GetFileNameWithoutExtension(path)); } else { if (assembly.AssemblyIdentity != null && assembly.AssemblyIdentity.IsInFramework(Constants.DotNetFrameworkIdentifier, TargetFrameworkVersion)) { // if the binary is targeting v4.0 and it has the transparent attribute then we may allow partially trusted callers. if (assembly.IsPrimary && !(flags.HasAllowPartiallyTrustedCallersAttribute || flags.HasSecurityTransparentAttribute)) OutputMessages.AddWarningMessage("GenerateManifest.AllowPartiallyTrustedCallers", Path.GetFileNameWithoutExtension(path)); } else { // if the binary is targeting v4.0 and it has the transparent attribute then we may allow partially trusted callers. if (assembly.IsPrimary && flags.IsSigned && !(flags.HasAllowPartiallyTrustedCallersAttribute || flags.HasSecurityTransparentAttribute)) OutputMessages.AddWarningMessage("GenerateManifest.AllowPartiallyTrustedCallers", Path.GetFileNameWithoutExtension(path)); } } if (flags.HasPrimaryInteropAssemblyAttribute || flags.HasImportedFromTypeLibAttribute) OutputMessages.AddWarningMessage("GenerateManifest.UnmanagedCodePermission", Path.GetFileNameWithoutExtension(path)); }