public void CopyWithChildren ()
{
FirstMatchCodeGroup cgChild = new FirstMatchCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.Unrestricted)));
FirstMatchCodeGroup cg = new FirstMatchCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.None)));
cg.AddChild (cgChild);
FirstMatchCodeGroup cg2 = (FirstMatchCodeGroup) cg.Copy ();
AssertEquals ("Children", cg.Children.Count, cg2.Children.Count);
AssertEquals ("ToXml", cg.ToXml ().ToString (), cg2.ToXml ().ToString ());
}
//
// Public Methods
//
public override CodeGroup Copy()
{
FirstMatchCodeGroup copy = CopyNoChildren();
foreach (CodeGroup child in Children)
{
copy.AddChild(child.Copy()); // deep copy
}
return(copy);
}
/// <summary>Makes a deep copy of the code group.</summary>
/// <returns>An equivalent copy of the code group, including its membership conditions and child code groups.</returns>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" />
/// </PermissionSet>
public override CodeGroup Copy()
{
FirstMatchCodeGroup firstMatchCodeGroup = this.CopyNoChildren();
foreach (object obj in base.Children)
{
CodeGroup codeGroup = (CodeGroup)obj;
firstMatchCodeGroup.AddChild(codeGroup.Copy());
}
return(firstMatchCodeGroup);
}
/// <summary>生成代码组的深层副本。</summary>
/// <returns>代码组(包括其成员条件和子代码组)的等效副本。</returns>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" />
/// </PermissionSet>
public override CodeGroup Copy()
{
FirstMatchCodeGroup firstMatchCodeGroup = new FirstMatchCodeGroup();
firstMatchCodeGroup.MembershipCondition = this.MembershipCondition;
firstMatchCodeGroup.PolicyStatement = this.PolicyStatement;
firstMatchCodeGroup.Name = this.Name;
firstMatchCodeGroup.Description = this.Description;
foreach (CodeGroup child in (IEnumerable)this.Children)
{
firstMatchCodeGroup.AddChild(child);
}
return((CodeGroup)firstMatchCodeGroup);
}
/// <summary>Makes a deep copy of the code group.</summary>
/// <returns>An equivalent copy of the code group, including its membership conditions and child code groups.</returns>
// Token: 0x0600294A RID: 10570 RVA: 0x000986A4 File Offset: 0x000968A4
public override CodeGroup Copy()
{
FirstMatchCodeGroup firstMatchCodeGroup = new FirstMatchCodeGroup();
firstMatchCodeGroup.MembershipCondition = base.MembershipCondition;
firstMatchCodeGroup.PolicyStatement = base.PolicyStatement;
firstMatchCodeGroup.Name = base.Name;
firstMatchCodeGroup.Description = base.Description;
foreach (object obj in base.Children)
{
firstMatchCodeGroup.AddChild((CodeGroup)obj);
}
return(firstMatchCodeGroup);
}
public override CodeGroup Copy()
{
FirstMatchCodeGroup group = new FirstMatchCodeGroup {
MembershipCondition = base.MembershipCondition,
PolicyStatement = base.PolicyStatement,
Name = base.Name,
Description = base.Description
};
IEnumerator enumerator = base.Children.GetEnumerator();
while (enumerator.MoveNext())
{
group.AddChild((CodeGroup) enumerator.Current);
}
return group;
}
public override CodeGroup Copy()
{
FirstMatchCodeGroup group = new FirstMatchCodeGroup {
MembershipCondition = base.MembershipCondition,
PolicyStatement = base.PolicyStatement,
Name = base.Name,
Description = base.Description
};
IEnumerator enumerator = base.Children.GetEnumerator();
while (enumerator.MoveNext())
{
group.AddChild((CodeGroup)enumerator.Current);
}
return(group);
}
// Make a copy of this code group.
public override CodeGroup Copy()
{
FirstMatchCodeGroup group;
group = new FirstMatchCodeGroup
(MembershipCondition, PolicyStatement);
group.Name = Name;
group.Description = Description;
IList children = Children;
if(children != null)
{
foreach(CodeGroup child in children)
{
group.AddChild(child);
}
}
return group;
}
/// <include file='doc\FirstMatchCodeGroup.uex' path='docs/doc[@for="FirstMatchCodeGroup.Copy"]/*' />
public override CodeGroup Copy()
{
FirstMatchCodeGroup group = new FirstMatchCodeGroup();
group.MembershipCondition = this.MembershipCondition;
group.PolicyStatement = this.PolicyStatement;
group.Name = this.Name;
group.Description = this.Description;
IEnumerator enumerator = this.Children.GetEnumerator();
while (enumerator.MoveNext())
{
group.AddChild((CodeGroup)enumerator.Current);
}
return(group);
}
// Make a copy of this code group.
public override CodeGroup Copy()
{
FirstMatchCodeGroup group;
group = new FirstMatchCodeGroup
(MembershipCondition, PolicyStatement);
group.Name = Name;
group.Description = Description;
IList children = Children;
if (children != null)
{
foreach (CodeGroup child in children)
{
group.AddChild(child);
}
}
return(group);
}
/// <include file='doc\FirstMatchCodeGroup.uex' path='docs/doc[@for="FirstMatchCodeGroup.Copy"]/*' />
public override CodeGroup Copy()
{
FirstMatchCodeGroup group = new FirstMatchCodeGroup();
group.MembershipCondition = this.MembershipCondition;
group.PolicyStatement = this.PolicyStatement;
group.Name = this.Name;
group.Description = this.Description;
IEnumerator enumerator = this.Children.GetEnumerator();
while (enumerator.MoveNext())
{
group.AddChild( (CodeGroup)enumerator.Current );
}
return group;
}
/// <summary>
/// Loads a policy from a file (<see cref="SecurityManager.LoadPolicyLevelFromFile"/>),
/// replacing placeholders
/// <list>
/// <item>$AppDir$, $AppDirUrl$ => <paramref name="appDirectory"/></item>
/// <item>$CodeGen$ => (TODO)</item>
/// <item>$OriginHost$ => <paramref name="originUrl"/></item>
/// <item>$Gac$ => the current machine's GAC path</item>
/// </list>
/// </summary>
/// <param name="policyFileLocation"></param>
/// <param name="originUrl"></param>
/// <param name="appDirectory"></param>
/// <returns></returns>
public static PolicyLevel LoadDomainPolicyFromUri(Uri policyFileLocation, string appDirectory, string originUrl)
{
bool foundGacToken = false;
PolicyLevel domainPolicy = CreatePolicyLevel(policyFileLocation, appDirectory, appDirectory, originUrl, out foundGacToken);
if (foundGacToken)
{
CodeGroup rootCodeGroup = domainPolicy.RootCodeGroup;
bool hasGacMembershipCondition = false;
foreach (CodeGroup childCodeGroup in rootCodeGroup.Children)
{
if (childCodeGroup.MembershipCondition is GacMembershipCondition)
{
hasGacMembershipCondition = true;
break;
}
}
if (!hasGacMembershipCondition && (rootCodeGroup is FirstMatchCodeGroup))
{
FirstMatchCodeGroup firstMatchCodeGroup = (FirstMatchCodeGroup)rootCodeGroup;
if ((firstMatchCodeGroup.MembershipCondition is AllMembershipCondition) && (firstMatchCodeGroup.PermissionSetName == PERMISSIONSET_NOTHING))
{
PermissionSet unrestrictedPermissionSet = new PermissionSet(PermissionState.Unrestricted);
CodeGroup gacGroup = new UnionCodeGroup(new GacMembershipCondition(), new PolicyStatement(unrestrictedPermissionSet));
CodeGroup rootGroup = new FirstMatchCodeGroup(rootCodeGroup.MembershipCondition, rootCodeGroup.PolicyStatement);
foreach (CodeGroup childGroup in rootCodeGroup.Children)
{
if (((childGroup is UnionCodeGroup) && (childGroup.MembershipCondition is UrlMembershipCondition)) && (childGroup.PolicyStatement.PermissionSet.IsUnrestricted() && (gacGroup != null)))
{
rootGroup.AddChild(gacGroup);
gacGroup = null;
}
rootGroup.AddChild(childGroup);
}
domainPolicy.RootCodeGroup = rootGroup;
}
}
}
return domainPolicy;
}
private static PolicyLevel GetPartialTrustPolicyLevel(TrustSection trustSection, SecurityPolicySection securityPolicySection, CompilationSection compilationSection, string physicalPath, VirtualPath virtualPath)
{
if ((securityPolicySection == null) || (securityPolicySection.TrustLevels[trustSection.Level] == null))
{
throw new ConfigurationErrorsException(System.Web.SR.GetString("Unable_to_get_policy_file", new object[] { trustSection.Level }), string.Empty, 0);
}
string policyFileExpanded = securityPolicySection.TrustLevels[trustSection.Level].PolicyFileExpanded;
if ((policyFileExpanded == null) || !System.Web.Util.FileUtil.FileExists(policyFileExpanded))
{
throw new HttpException(System.Web.SR.GetString("Unable_to_get_policy_file", new object[] { trustSection.Level }));
}
PolicyLevel level = null;
string path = System.Web.Util.FileUtil.RemoveTrailingDirectoryBackSlash(physicalPath);
string newValue = HttpRuntime.MakeFileUrl(path);
string tempDirectory = null;
string tempDirAttribName = null;
string configFileName = null;
int configLineNumber = 0;
if ((compilationSection != null) && !string.IsNullOrEmpty(compilationSection.TempDirectory))
{
tempDirectory = compilationSection.TempDirectory;
compilationSection.GetTempDirectoryErrorInfo(out tempDirAttribName, out configFileName, out configLineNumber);
}
if (tempDirectory != null)
{
tempDirectory = tempDirectory.Trim();
if (!Path.IsPathRooted(tempDirectory))
{
tempDirectory = null;
}
else
{
try
{
tempDirectory = new DirectoryInfo(tempDirectory).FullName;
}
catch
{
tempDirectory = null;
}
}
if (tempDirectory == null)
{
throw new ConfigurationErrorsException(System.Web.SR.GetString("Invalid_temp_directory", new object[] { tempDirAttribName }), configFileName, configLineNumber);
}
try
{
Directory.CreateDirectory(tempDirectory);
goto Label_0165;
}
catch (Exception exception)
{
throw new ConfigurationErrorsException(System.Web.SR.GetString("Invalid_temp_directory", new object[] { tempDirAttribName }), exception, configFileName, configLineNumber);
}
}
tempDirectory = Path.Combine(RuntimeEnvironment.GetRuntimeDirectory(), "Temporary ASP.NET Files");
Label_0165:
if (!Util.HasWriteAccessToDirectory(tempDirectory))
{
if (!Environment.UserInteractive)
{
throw new HttpException(System.Web.SR.GetString("No_codegen_access", new object[] { Util.GetCurrentAccountName(), tempDirectory }));
}
tempDirectory = Path.Combine(Path.GetTempPath(), "Temporary ASP.NET Files");
}
string str7 = AppManagerAppDomainFactory.ConstructSimpleAppName(VirtualPath.GetVirtualPathStringNoTrailingSlash(virtualPath));
string str9 = HttpRuntime.MakeFileUrl(System.Web.Util.FileUtil.RemoveTrailingDirectoryBackSlash(Path.Combine(tempDirectory, str7)));
string originUrl = trustSection.OriginUrl;
FileStream stream = new FileStream(policyFileExpanded, FileMode.Open, FileAccess.Read);
StreamReader reader = new StreamReader(stream, Encoding.UTF8);
string str = reader.ReadToEnd();
reader.Close();
str = str.Replace("$AppDir$", path).Replace("$AppDirUrl$", newValue).Replace("$CodeGen$", str9);
if (originUrl == null)
{
originUrl = string.Empty;
}
str = str.Replace("$OriginHost$", originUrl);
string gacLocation = null;
if (str.IndexOf("$Gac$", StringComparison.Ordinal) != -1)
{
gacLocation = HttpRuntime.GetGacLocation();
if (gacLocation != null)
{
gacLocation = HttpRuntime.MakeFileUrl(gacLocation);
}
if (gacLocation == null)
{
gacLocation = string.Empty;
}
str = str.Replace("$Gac$", gacLocation);
}
level = SecurityManager.LoadPolicyLevelFromString(str, PolicyLevelType.AppDomain);
if (level == null)
{
throw new ConfigurationErrorsException(System.Web.SR.GetString("Unable_to_get_policy_file", new object[] { trustSection.Level }));
}
if (gacLocation != null)
{
CodeGroup rootCodeGroup = level.RootCodeGroup;
bool flag = false;
foreach (CodeGroup group2 in rootCodeGroup.Children)
{
if (group2.MembershipCondition is GacMembershipCondition)
{
flag = true;
break;
}
}
if (!flag && (rootCodeGroup is FirstMatchCodeGroup))
{
FirstMatchCodeGroup group3 = (FirstMatchCodeGroup) rootCodeGroup;
if (!(group3.MembershipCondition is AllMembershipCondition) || !(group3.PermissionSetName == "Nothing"))
{
return level;
}
PermissionSet permSet = new PermissionSet(PermissionState.Unrestricted);
CodeGroup group = new UnionCodeGroup(new GacMembershipCondition(), new PolicyStatement(permSet));
CodeGroup group5 = new FirstMatchCodeGroup(rootCodeGroup.MembershipCondition, rootCodeGroup.PolicyStatement);
foreach (CodeGroup group6 in rootCodeGroup.Children)
{
if (((group6 is UnionCodeGroup) && (group6.MembershipCondition is UrlMembershipCondition)) && (group6.PolicyStatement.PermissionSet.IsUnrestricted() && (group != null)))
{
group5.AddChild(group);
group = null;
}
group5.AddChild(group6);
}
level.RootCodeGroup = group5;
}
}
return level;
}
// This routine sets up the Code Access Security policy that Terrarium runs under. It is key
// to ensuring that organisms can never do anything dangerous.
//
// The policy tree looks like this:
// All Code - Nothing
// My Computer - Nothing
// Terrarium Code Directory - Execute permission only
// Terrarium Key - Full Trust
// System.dll Code base - Full Trust (for XML serialization emitted assemblies)
// MS Name - Full Trust
// ECMA Name - Full Trust
// Terrarium.Exe Code Dir - Execute Only
//
// Order is important since we're using a first match code group. If an assembly lives in the cache directory,
// it gets nothing.
internal static PolicyLevel MakePolicyLevel(string cacheDir)
{
var noPerms = new PermissionSet(PermissionState.None);
// All Code, Nothing
var allCode = new FirstMatchCodeGroup(new AllMembershipCondition(),
new PolicyStatement(noPerms));
// My Computer, Nothing
var myComputer =
new FirstMatchCodeGroup(new ZoneMembershipCondition(SecurityZone.MyComputer),
new PolicyStatement(noPerms));
// Terrarium code dir: if name is blank, skip it
UnionCodeGroup cacheDirGroup = null;
if (cacheDir != null)
{
var cacheDirFull = Path.GetFullPath(cacheDir);
if (Directory.Exists(cacheDirFull))
{
var fileCanon = cacheDirFull.Replace("\\", "/");
var fileUrl = String.Format("file://{0}/*", fileCanon);
cacheDirGroup = new UnionCodeGroup(new UrlMembershipCondition(fileUrl),
new PolicyStatement(MakeExecutionOnlyPermSet()));
}
}
// When webservices creates a serialization dll dynamically, it loads it into memory
// and it gets the evidence from System.Dll. Thus, to make sure these assemblies get
// full trust, we need to make sure that anything that has this same evidence is
// added to policy
var codeBase = typeof (Process).Assembly.CodeBase;
var systemDll =
new UnionCodeGroup(new UrlMembershipCondition(codeBase),
new PolicyStatement(MakeTrustedPermSet()));
var myCodeTrust =
new UnionCodeGroup(new StrongNameMembershipCondition(
MakeSelfRelativeBlob(), null, null),
new PolicyStatement(MakeTrustedPermSet()));
var myMSTrust = MakeMSCodeGroup();
var ecmaTrust = MakeEcmaCodeGroup();
// Terrarium does a Load(byte []) on assemblies to check them before it copies them to the PAC to
// truly load them. However, since unsigned (by MS or Terrarium) assemblies outside of the PAC
// don't get execute permissions, this load fails. Since we are doing a Load(byte []), the evidence
// will say that the assembly is coming from the same location as Terrarium.Exe, therefore
// we need to add policy that gives unsigned assemblies in the same location as terrarium.exe
// Execute permissions. This is the exact code (and logic) we use for the systemDll code group above.
var terrariumCodeBase = typeof (GameEngine).Assembly.CodeBase;
var checkAssemblyTrust = new UnionCodeGroup(new UrlMembershipCondition(terrariumCodeBase),
new PolicyStatement(MakeExecutionOnlyPermSet()));
// add children of MyComputer CG
if (cacheDirGroup != null)
{
myComputer.AddChild(cacheDirGroup);
}
myComputer.AddChild(myCodeTrust);
myComputer.AddChild(systemDll);
myComputer.AddChild(myMSTrust);
myComputer.AddChild(ecmaTrust);
myComputer.AddChild(checkAssemblyTrust);
// add MyComputer under All Code
allCode.AddChild(myComputer);
var level = PolicyLevel.CreateAppDomainLevel();
level.RootCodeGroup = allCode;
return level;
}