/// <summary>
/// Construct an application domain for running a test package
/// </summary>
/// <param name="package">The TestPackage to be run</param>
public AppDomain CreateDomain( TestPackage package )
{
AppDomainSetup setup = CreateAppDomainSetup(package);
string domainName = "test-domain-" + package.Name;
// Setup the Evidence
Evidence evidence = new Evidence(AppDomain.CurrentDomain.Evidence);
if (evidence.Count == 0)
{
Zone zone = new Zone(SecurityZone.MyComputer);
evidence.AddHost(zone);
Assembly assembly = Assembly.GetExecutingAssembly();
Url url = new Url(assembly.CodeBase);
evidence.AddHost(url);
Hash hash = new Hash(assembly);
evidence.AddHost(hash);
}
log.Info("Creating AppDomain " + domainName);
AppDomain runnerDomain = AppDomain.CreateDomain(domainName, evidence, setup);
// Set PrincipalPolicy for the domain if called for in the settings
if (_settingsService != null && _settingsService.GetSetting("Options.TestLoader.SetPrincipalPolicy", false))
{
runnerDomain.SetPrincipalPolicy(_settingsService.GetSetting(
"Options.TestLoader.PrincipalPolicy",
PrincipalPolicy.UnauthenticatedPrincipal));
}
return runnerDomain;
}
public void Check ()
{
ApplicationDirectoryMembershipCondition ad = new ApplicationDirectoryMembershipCondition ();
Evidence e = null;
Assert.IsFalse (ad.Check (e), "Check (null)");
e = new Evidence ();
Assert.IsFalse (ad.Check (e), "Check (empty)");
e.AddHost (new Zone (SecurityZone.MyComputer));
Assert.IsFalse (ad.Check (e), "Check (zone)");
string codebase = Assembly.GetExecutingAssembly ().CodeBase;
Url u = new Url (codebase);
ApplicationDirectory adir = new ApplicationDirectory (codebase);
e.AddHost (u);
Assert.IsFalse (ad.Check (e), "Check (url-host)"); // not enough
e.AddAssembly (adir);
Assert.IsFalse (ad.Check (e), "Check (url-host+adir-assembly)");
e = new Evidence ();
e.AddHost (adir);
Assert.IsFalse (ad.Check (e), "Check (adir-host)"); // not enough
e.AddAssembly (u);
Assert.IsFalse (ad.Check (e), "Check (url-assembly+adir-host)");
e = new Evidence ();
e.AddHost (u);
e.AddHost (adir);
Assert.IsTrue (ad.Check (e), "Check (url+adir host)"); // both!!
}
public static Evidence CreateEvidenceForUrl (string securityUrl)
{
Evidence e = new Evidence ();
if ((securityUrl != null) && (securityUrl.Length > 0)) {
try {
Url url = new Url (securityUrl);
e.AddHost (url);
} catch (ArgumentException) {
}
try {
Zone zone = Zone.CreateFromUrl (securityUrl);
e.AddHost (zone);
} catch (ArgumentException) {
}
try {
Site site = Site.CreateFromUrl (securityUrl);
e.AddHost (site);
} catch (ArgumentException) {
}
}
return e;
}
/// <summary>
/// Construct an application domain for running a test package
/// </summary>
/// <param name="package">The TestPackage to be run</param>
public AppDomain CreateDomain( TestPackage package )
{
AppDomainSetup setup = CreateAppDomainSetup(package);
string domainName = "test-domain-" + package.Name;
// Setup the Evidence
Evidence evidence = new Evidence(AppDomain.CurrentDomain.Evidence);
if (evidence.Count == 0)
{
Zone zone = new Zone(SecurityZone.MyComputer);
evidence.AddHost(zone);
Assembly assembly = Assembly.GetExecutingAssembly();
Url url = new Url(assembly.CodeBase);
evidence.AddHost(url);
Hash hash = new Hash(assembly);
evidence.AddHost(hash);
}
log.Info("Creating AppDomain " + domainName);
AppDomain runnerDomain;
// TODO: Find an approach that works across all platforms
//// TODO: Try to eliminate this test. Currently, running on
//// Linux with the permission set specified causes an
//// unexplained crash when unloading the domain.
//if (Environment.OSVersion.Platform == PlatformID.Win32NT)
//{
// PermissionSet permissionSet = new PermissionSet( PermissionState.Unrestricted );
// runnerDomain = AppDomain.CreateDomain(domainName, evidence, setup, permissionSet, null);
//}
//else
runnerDomain = AppDomain.CreateDomain(domainName, evidence, setup);
// Set PrincipalPolicy for the domain if called for in the settings
if (ServiceContext.UserSettings.GetSetting("Options.TestLoader.SetPrincipalPolicy", false))
runnerDomain.SetPrincipalPolicy((PrincipalPolicy)ServiceContext.UserSettings.GetSetting(
"Options.TestLoader.PrincipalPolicy", PrincipalPolicy.UnauthenticatedPrincipal));
//// HACK: Only pass down our AddinRegistry one level so that tests of NUnit
//// itself start without any addins defined.
//if ( !IsTestDomain( AppDomain.CurrentDomain ) )
// runnerDomain.SetData("AddinRegistry", Services.AddinRegistry);
//// Inject DomainInitializer into the remote domain - there are other
//// approaches, but this works for all CLR versions.
//DomainInitializer initializer = DomainInitializer.CreateInstance(runnerDomain);
//// HACK: Under nunit-console, direct use of the enum fails
//int traceLevel = IsTestDomain(AppDomain.CurrentDomain)
// ? (int)InternalTraceLevel.Off : (int)InternalTrace.Level;
//initializer.InitializeDomain(traceLevel);
return runnerDomain;
}
public static Evidence CreateEvidenceForUrl(string securityUrl) {
Evidence evidence = new Evidence();
if (securityUrl != null && securityUrl.Length > 0) {
evidence.AddHost(new Url(securityUrl));
evidence.AddHost(Zone.CreateFromUrl(securityUrl));
Uri uri = new Uri(securityUrl, UriKind.RelativeOrAbsolute);
if (uri.IsAbsoluteUri && !uri.IsFile) {
evidence.AddHost(Site.CreateFromUrl(securityUrl));
}
}
return evidence;
}
public void Check ()
{
GacMembershipCondition gac = new GacMembershipCondition ();
Evidence e = null;
Assert.IsFalse (gac.Check (e), "Check (null)");
e = new Evidence ();
Assert.IsFalse (gac.Check (e), "Check (empty)");
e.AddHost (new Zone (SecurityZone.MyComputer));
Assert.IsFalse (gac.Check (e), "Check (zone)");
GacInstalled g = new GacInstalled ();
e.AddAssembly (g);
Assert.IsFalse (gac.Check (e), "Check (gac-assembly)");
e.AddHost (g);
Assert.IsTrue (gac.Check (e), "Check (gac-host)");
}
public void Check ()
{
AllMembershipCondition all = new AllMembershipCondition ();
Evidence e = null;
Assert.IsTrue (all.Check (e), "Check (null)");
e = new Evidence ();
Assert.IsTrue (all.Check (e), "Check (empty)");
e.AddHost (new Zone (SecurityZone.MyComputer));
Assert.IsTrue (all.Check (e), "Check (zone)");
Url u = new Url ("http://www.go-mono.com/");
e.AddAssembly (u);
Assert.IsTrue (all.Check (e), "Check (all-assembly)");
Site s = new Site ("www.go-mono.com");
e.AddHost (s);
Assert.IsTrue (all.Check (e), "Check (all-host)");
}
protected static ObjectHandle CreateInstanceHelper (AppDomainSetup adSetup)
{
if (adSetup == null)
throw new ArgumentNullException ("adSetup");
if (adSetup.ActivationArguments == null) {
string msg = Locale.GetText ("{0} is missing it's {1} property");
throw new ArgumentException (String.Format (msg, "AppDomainSetup", "ActivationArguments"), "adSetup");
}
HostSecurityManager hsm = null;
if (AppDomain.CurrentDomain.DomainManager != null)
hsm = AppDomain.CurrentDomain.DomainManager.HostSecurityManager;
else
hsm = new HostSecurityManager (); // default
Evidence applicationEvidence = new Evidence ();
applicationEvidence.AddHost (adSetup.ActivationArguments);
TrustManagerContext context = new TrustManagerContext ();
ApplicationTrust trust = hsm.DetermineApplicationTrust (applicationEvidence, null, context);
if (!trust.IsApplicationTrustedToRun) {
string msg = Locale.GetText ("Current policy doesn't allow execution of addin.");
throw new PolicyException (msg);
}
// FIXME: we're missing the information from the manifest
AppDomain ad = AppDomain.CreateDomain ("friendlyName", null, adSetup);
return ad.CreateInstance ("assemblyName", "typeName", null);
}
public void Check ()
{
ApplicationMembershipCondition app = new ApplicationMembershipCondition ();
Evidence e = null;
Assert.IsFalse (app.Check (e), "Check (null)");
e = new Evidence ();
Assert.IsFalse (app.Check (e), "Check (empty)");
e.AddHost (new Zone (SecurityZone.MyComputer));
Assert.IsFalse (app.Check (e), "Check (zone)");
// TODO - more (non failing ;) tests
}
public void ProvideAppDomainEvidence ()
{
HostSecurityManager hsm = new HostSecurityManager ();
Assert.IsNull (hsm.ProvideAppDomainEvidence (null), "null");
Evidence e = new Evidence ();
Evidence result = hsm.ProvideAppDomainEvidence (e);
Assert.IsNotNull (result, "empty");
Assert.AreEqual (0, result.Count, "Count-0");
e.AddHost (new Zone (SecurityZone.Untrusted));
result = hsm.ProvideAppDomainEvidence (e);
Assert.AreEqual (1, result.Count, "Count-1");
}
static ScriptCompiler()
{
cParams = new CompilerParameters();
cParams.GenerateExecutable = false;
cParams.GenerateInMemory = false;
cParams.IncludeDebugInformation = false;
//cParams.OutputAssembly=ScriptOutputPath;
cParams.ReferencedAssemblies.Add(System.IO.Path.Combine(Program.ExecutableDirectory, "fomm.Scripting.dll"));
cParams.ReferencedAssemblies.Add("System.dll");
cParams.ReferencedAssemblies.Add("System.Drawing.dll");
cParams.ReferencedAssemblies.Add("System.Windows.Forms.dll");
cParams.ReferencedAssemblies.Add("System.Xml.dll");
evidence = new Evidence();
evidence.AddHost(new Zone(System.Security.SecurityZone.Internet));
}
internal Evidence ShallowCopy()
{
Evidence evidence = new Evidence();
IEnumerator enumerator;
enumerator = this.GetHostEnumerator();
while (enumerator.MoveNext())
{
evidence.AddHost(enumerator.Current);
}
enumerator = this.GetAssemblyEnumerator();
while (enumerator.MoveNext())
{
evidence.AddAssembly(enumerator.Current);
}
return(evidence);
}
private static Evidence GetDefaultDomainIdentity()
{
Evidence evidence = new Evidence();
bool zoneEvidence = false;
IEnumerator hostEnumerator = AppDomain.CurrentDomain.Evidence.GetHostEnumerator();
while (hostEnumerator.MoveNext())
{
if (hostEnumerator.Current is Zone)
zoneEvidence = true;
evidence.AddHost(hostEnumerator.Current);
}
hostEnumerator = AppDomain.CurrentDomain.Evidence.GetAssemblyEnumerator();
while (hostEnumerator.MoveNext())
{
evidence.AddAssembly(hostEnumerator.Current);
}
if (!zoneEvidence)
evidence.AddHost(new Zone(SecurityZone.MyComputer));
return evidence;
}
// Code Access Security
internal void Resolve ()
{
lock (this) {
// FIXME: As we (currently) delay the resolution until the first CAS
// Demand it's too late to evaluate the Minimum permission set as a
// condition to load the assembly into the AppDomain
LoadAssemblyPermissions ();
Evidence e = new Evidence (UnprotectedGetEvidence ()); // we need a copy to add PRE
e.AddHost (new PermissionRequestEvidence (_minimum, _optional, _refuse));
_granted = SecurityManager.ResolvePolicy (e,
_minimum, _optional, _refuse, out _denied);
}
}
static internal Evidence GetDefaultHostEvidence(Assembly a)
{
Evidence e = new Evidence();
string aname = a.EscapedCodeBase;
// by default all assembly have the Zone, Url and Hash evidences
e.AddHost(Zone.CreateFromUrl(aname));
e.AddHost(new Url(aname));
e.AddHost(new Hash(a));
// non local files (e.g. http://) also get a Site evidence
if (String.Compare("FILE://", 0, aname, 0, 7, true, CultureInfo.InvariantCulture) != 0)
{
e.AddHost(Site.CreateFromUrl(aname));
}
// strongnamed assemblies gets a StrongName evidence
AssemblyName an = a.GetName();
byte[] pk = an.GetPublicKey();
if ((pk != null) && (pk.Length > 0))
{
StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob(pk);
e.AddHost(new StrongName(blob, an.Name, an.Version));
}
// Authenticode(r) signed assemblies get a Publisher evidence
if (IsAuthenticodePresent(a))
{
// Note: The certificate is part of the evidences even if it is not trusted!
// so we can't call X509Certificate.CreateFromSignedFile
AuthenticodeDeformatter ad = new AuthenticodeDeformatter(a.Location);
if (ad.SigningCertificate != null)
{
X509Certificate x509 = new X509Certificate(ad.SigningCertificate.RawData);
if (x509.GetHashCode() != 0)
{
e.AddHost(new Publisher(x509));
}
}
}
// assemblies loaded from the GAC also get a Gac evidence (new in Fx 2.0)
if (a.GlobalAssemblyCache)
{
e.AddHost(new GacInstalled());
}
// the current HostSecurityManager may add/remove some evidence
AppDomainManager dommgr = AppDomain.CurrentDomain.DomainManager;
if (dommgr != null)
{
if ((dommgr.HostSecurityManager.Flags & HostSecurityManagerOptions.HostAssemblyEvidence) ==
HostSecurityManagerOptions.HostAssemblyEvidence)
{
e = dommgr.HostSecurityManager.ProvideAssemblyEvidence(a, e);
}
}
return(e);
}
public void CompilePlugins(PermissionSet pluginSandboxPermissions, List<String> ignoredPluginClassNames = null) {
try {
if (File.Exists(Path.Combine(this.PluginBaseDirectory, "PluginCache.xml")) == true) {
WritePluginConsole("Loading plugin cache..");
try {
this.PluginCache = XDocument.Load(Path.Combine(this.PluginBaseDirectory, "PluginCache.xml")).Root.FromXElement<PluginCache>();
}
catch (Exception e) {
WritePluginConsole("Error loading plugin cache: {0}", e.Message);
}
}
// Recover from exceptions or logic errors if the document parsed correctly, but didn't deserialize correctly.
if (this.PluginCache == null) {
this.PluginCache = new PluginCache();
}
// Make sure we ignore any plugins passed in. These won't even be loaded again.
if (ignoredPluginClassNames != null) {
IgnoredPluginClassNames = ignoredPluginClassNames;
}
// Clear out all invocations if this is a reload.
Invocations.Clear();
WritePluginConsole("Preparing plugins directory..");
PreparePluginsDirectory();
WritePluginConsole("Moving legacy plugins..");
MoveLegacyPlugins();
WritePluginConsole("Creating compiler..");
// CodeDomProvider pluginsCodeDomProvider = CodeDomProvider.CreateProvider("CSharp");
var providerOptions = new Dictionary<String, String>();
providerOptions.Add("CompilerVersion", "v3.5");
CodeDomProvider pluginsCodeDomProvider = new CSharpCodeProvider(providerOptions);
WritePluginConsole("Configuring compiler..");
CompilerParameters parameters = GenerateCompilerParameters();
// AppDomainSetup domainSetup = new AppDomainSetup() { ApplicationBase = this.PluginBaseDirectory };
// Start of XpKillers mono workaround
AppDomainSetup domainSetup = null;
Type t = Type.GetType("Mono.Runtime");
if (t != null) {
//Console.WriteLine("You are running with the Mono VM");
WritePluginConsole("Running with Mono VM..");
//AppDomain.CurrentDomain.BaseDirectory
domainSetup = new AppDomainSetup() {
ApplicationBase = AppDomain.CurrentDomain.BaseDirectory
};
domainSetup.PrivateBinPath = PluginBaseDirectory;
}
else {
// Console.WriteLine("You are running something else (native .Net)");
WritePluginConsole("Running with native .Net..");
domainSetup = new AppDomainSetup() {
ApplicationBase = PluginBaseDirectory
};
}
// Workaround end
WritePluginConsole("Building sandbox..");
var hostEvidence = new Evidence();
hostEvidence.AddHost(new Zone(SecurityZone.MyComputer));
AppDomainSandbox = AppDomain.CreateDomain(ProconClient.HostName + ProconClient.Port + "Engine", hostEvidence, domainSetup, pluginSandboxPermissions);
WritePluginConsole("Configuring sandbox..");
// create the factory class in the secondary app-domain
PluginFactory = (CPRoConPluginLoaderFactory) AppDomainSandbox.CreateInstance("PRoCon.Core", "PRoCon.Core.Plugin.CPRoConPluginLoaderFactory").Unwrap();
PluginCallbacks = new CPRoConPluginCallbacks(ProconClient.ExecuteCommand, ProconClient.GetAccountPrivileges, ProconClient.GetVariable, ProconClient.GetSvVariable, ProconClient.GetMapDefines, ProconClient.TryGetLocalized, RegisterCommand, UnregisterCommand, GetRegisteredCommands, ProconClient.GetWeaponDefines, ProconClient.GetSpecializationDefines, ProconClient.Layer.GetLoggedInAccounts, RegisterPluginEvents);
WritePluginConsole("Compiling and loading plugins..");
var pluginsDirectoryInfo = new DirectoryInfo(PluginBaseDirectory);
foreach (FileInfo pluginFile in pluginsDirectoryInfo.GetFiles("*.cs")) {
string className = Regex.Replace(pluginFile.Name, "\\.cs$", "");
if (IgnoredPluginClassNames.Contains(className) == false) {
CompilePlugin(pluginFile, className, pluginsCodeDomProvider, parameters);
LoadPlugin(className, PluginFactory, pluginSandboxPermissions.IsUnrestricted());
}
else {
WritePluginConsole("Compiling {0}... ^1^bIgnored", className);
}
}
XDocument pluginCacheDocument = new XDocument(this.PluginCache.ToXElement());
pluginCacheDocument.Save(Path.Combine(this.PluginBaseDirectory, "PluginCache.xml"));
pluginsCodeDomProvider.Dispose();
}
catch (Exception e) {
WritePluginConsole(e.Message);
}
}
internal static PermissionSet AddPermissionForUri(PermissionSet originalPermSet, Uri srcUri)
{
PermissionSet newPermSet = originalPermSet;
if (srcUri != null)
{
Evidence evidence = new Evidence();
evidence.AddHost(new Url(BindUriHelper.UriToString(srcUri))); // important: the parameter must be a UrL object not a UrI object
IMembershipCondition membership = new UrlMembershipCondition(BindUriHelper.UriToString(srcUri));
CodeGroup group = (srcUri.IsFile) ?
(CodeGroup)new FileCodeGroup(membership, FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery)
:(CodeGroup)new NetCodeGroup(membership);
PolicyStatement policy = group.Resolve(evidence);
if (!policy.PermissionSet.IsEmpty())
{
newPermSet = originalPermSet.Union(policy.PermissionSet);
}
}
return newPermSet;
}
private Evidence CreateHostEvidence (object o)
{
Evidence e = new Evidence ();
e.AddHost (o);
return e;
}
private void Resolve_Zone (PolicyLevel level, SecurityZone z, PolicyStatementAttribute attr, bool unrestricted, int count)
{
string prefix = z.ToString () + "-" + attr.ToString () + "-";
Evidence e = new Evidence ();
e.AddHost (new Zone (z));
PolicyStatement result = level.Resolve (e);
if (unrestricted) {
Assert.AreEqual (attr, result.Attributes, prefix + "Attributes");
switch (attr) {
case PolicyStatementAttribute.Nothing:
Assert.AreEqual (String.Empty, result.AttributeString, prefix + "AttributeString");
break;
case PolicyStatementAttribute.Exclusive:
Assert.AreEqual ("Exclusive", result.AttributeString, prefix + "AttributeString");
break;
case PolicyStatementAttribute.LevelFinal:
Assert.AreEqual ("LevelFinal", result.AttributeString, prefix + "AttributeString");
break;
case PolicyStatementAttribute.All:
Assert.AreEqual ("Exclusive LevelFinal", result.AttributeString, prefix + "AttributeString");
break;
}
}
else {
Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, prefix + "Attributes");
Assert.AreEqual (String.Empty, result.AttributeString, prefix + "AttributeString");
}
Assert.AreEqual (unrestricted, result.PermissionSet.IsUnrestricted (), prefix + "IsUnrestricted");
Assert.AreEqual (count, result.PermissionSet.Count, prefix + "Count");
}
public void CreateDomain_StringEvidenceAppDomainSetup ()
{
Evidence e = new Evidence ();
AppDomainSetup info = new AppDomainSetup ();
info.ApplicationName = "ApplicationName";
ad = AppDomain.CreateDomain ("CreateDomain_StringEvidenceAppDomainSetup", e, info);
Assert.IsNotNull (ad.Evidence, "Evidence");
Assert.AreEqual (0, ad.Evidence.Count, "Evidence.Count");
Assert.IsNotNull (ad.SetupInformation, "SetupInformation");
Assert.AreEqual ("ApplicationName", ad.SetupInformation.ApplicationName);
e.AddHost (new Zone (SecurityZone.MyComputer));
Assert.AreEqual (0, ad.Evidence.Count, "Evidence.Count");
// evidence isn't copied but referenced
}
static internal Evidence GetDefaultHostEvidence (Assembly a)
{
Evidence e = new Evidence ();
string aname = a.EscapedCodeBase;
// by default all assembly have the Zone, Url and Hash evidences
e.AddHost (Zone.CreateFromUrl (aname));
e.AddHost (new Url (aname));
e.AddHost (new Hash (a));
// non local files (e.g. http://) also get a Site evidence
if (String.Compare ("FILE://", 0, aname, 0, 7, true, CultureInfo.InvariantCulture) != 0) {
e.AddHost (Site.CreateFromUrl (aname));
}
// strongnamed assemblies gets a StrongName evidence
AssemblyName an = a.GetName ();
byte[] pk = an.GetPublicKey ();
if ((pk != null) && (pk.Length > 0)) {
StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob (pk);
e.AddHost (new StrongName (blob, an.Name, an.Version));
}
// Authenticode(r) signed assemblies get a Publisher evidence
if (IsAuthenticodePresent (a)) {
// Note: The certificate is part of the evidences even if it is not trusted!
// so we can't call X509Certificate.CreateFromSignedFile
AuthenticodeDeformatter ad = new AuthenticodeDeformatter (a.Location);
if (ad.SigningCertificate != null) {
X509Certificate x509 = new X509Certificate (ad.SigningCertificate.RawData);
if (x509.GetHashCode () != 0) {
e.AddHost (new Publisher (x509));
}
}
}
// assemblies loaded from the GAC also get a Gac evidence (new in Fx 2.0)
if (a.GlobalAssemblyCache) {
e.AddHost (new GacInstalled ());
}
// the current HostSecurityManager may add/remove some evidence
AppDomainManager dommgr = AppDomain.CurrentDomain.DomainManager;
if (dommgr != null) {
if ((dommgr.HostSecurityManager.Flags & HostSecurityManagerOptions.HostAssemblyEvidence) ==
HostSecurityManagerOptions.HostAssemblyEvidence) {
e = dommgr.HostSecurityManager.ProvideAssemblyEvidence (a, e);
}
}
return e;
}
public void ProvideAssemblyEvidence ()
{
HostSecurityManager hsm = new HostSecurityManager ();
Assembly a = Assembly.GetExecutingAssembly ();
Evidence result = hsm.ProvideAssemblyEvidence (a, null);
Assert.IsNull (result, "null");
Evidence e = new Evidence ();
result = hsm.ProvideAssemblyEvidence (a, e);
Assert.AreEqual (0, result.Count, "Count-empty");
e.AddHost (new Zone (SecurityZone.Untrusted));
result = hsm.ProvideAssemblyEvidence (a, e);
Assert.AreEqual (1, result.Count, "Count-1");
}
public void GetStore_DomainScope_Evidence_NullAssemblyEvidence ()
{
IsolatedStorageScope scope = IsolatedStorageScope.User | IsolatedStorageScope.Domain | IsolatedStorageScope.Assembly;
Evidence de = new Evidence ();
de.AddHost (new Zone (SecurityZone.Internet));
IsolatedStorageFile isf = IsolatedStorageFile.GetStore (scope, de, typeof (Zone), null, null);
}
public void GetStore_DomainScope_Evidences ()
{
IsolatedStorageScope scope = IsolatedStorageScope.User | IsolatedStorageScope.Domain | IsolatedStorageScope.Assembly;
Evidence de = new Evidence ();
de.AddHost (new Zone (SecurityZone.Internet));
Evidence ae = new Evidence ();
ae.AddHost (new Zone (SecurityZone.Intranet));
IsolatedStorageFile isf = IsolatedStorageFile.GetStore (scope, de, typeof (Zone), ae, typeof (Zone));
// Maximum size for Internet isn't (by default) Int64.MaxValue
Assert.AreEqual (scope, isf.Scope, "Scope");
#if !NET_2_1
Assert.IsTrue ((isf.AssemblyIdentity is Zone), "AssemblyIdentity");
Assert.IsTrue ((isf.AssemblyIdentity.ToString ().IndexOf ("Intranet") > 0), "Zone - Assembly");
Assert.IsTrue ((isf.DomainIdentity is Zone), "DomainIdentity");
Assert.IsTrue ((isf.DomainIdentity.ToString ().IndexOf ("Internet") > 0), isf.DomainIdentity.ToString ()); //"Zone - Domain");
#endif
Assert.IsTrue ((isf.CurrentSize >= 0), "CurrentSize");
}
internal void InitStore(IsolatedStorageScope scope,
Object app, Object assem)
{
Assembly callerAssembly;
PermissionSet psAllowed = null, psDenied = null;
Evidence appEv = null, assemEv = new Evidence();
assemEv.AddHost(assem);
if (IsDomain(scope))
{
appEv = new Evidence();
appEv.AddHost(app);
}
_InitStore(scope, appEv, null, assemEv, null);
// Set the quota based on the caller, not the evidence supplied
if (!IsRoaming(scope)) // No quota for roaming
{
callerAssembly = nGetCaller();
GetControlEvidencePermission().Assert();
callerAssembly.nGetGrantSet(out psAllowed, out psDenied);
if (psAllowed == null)
throw new IsolatedStorageException(
Environment.GetResourceString(
"IsolatedStorage_AssemblyGrantSet"));
}
// This can be called only by trusted assemblies.
// This quota really does not correspond to the permissions
// granted for this evidence.
SetQuota(psAllowed, psDenied);
}
private static void CheckAddedAssemblies( PolicyLevel level, ref ArrayList assemblies )
{
try
{
if (assemblies == null || level == null)
return;
IEnumerator enumerator = assemblies.GetEnumerator();
while (enumerator.MoveNext())
{
Assembly assembly = (Assembly)enumerator.Current;
StrongName sn = FindStrongName( assembly.Evidence );
if (sn == null)
{
PauseCapableWriteLine( manager.GetString( "Dialog_AssemblyNotStrongNamed" ) );
if (!GetAnswer())
throw new ExitException();
}
else if (!sn.Name.Equals( "mscorlib" ))
{
IEnumerator snEnumerator = level.FullTrustAssemblies.GetEnumerator();
bool found = false;
Evidence evidence = new Evidence();
evidence.AddHost( sn );
while (snEnumerator.MoveNext())
{
if (((StrongNameMembershipCondition)snEnumerator.Current).Check( evidence ))
{
found = true;
break;
}
}
if (!found)
{
PauseCapableWriteLine( manager.GetString( "Dialog_StrongNameAssemblyAdded1" ) );
PauseCapableWriteLine( sn.Name + " " + sn.Version );
PauseCapableWriteLine( manager.GetString( "Dialog_StrongNameAssemblyAdded2" ) );
if (GetAnswer())
{
level.AddFullTrustAssembly( sn );
}
}
}
}
}
finally
{
assemblies = new ArrayList();
}
}
static Evidence GenerateShellEvidence( String fileName, String option )
{
Assembly asm = LoadAssembly( fileName, option, false );
if (asm == null)
{
String fullPath = Path.GetFullPath( fileName );
if (fullPath == null || !File.Exists( fullPath ))
Error( option, manager.GetString( "Error_UnableToLoadAssembly" ), -1 );
if (PolicyPrompt)
{
PauseCapableWriteLine( String.Format( manager.GetString( "Dialog_UseFakeEvidenceQuestion" ), fileName ) );
if (!GetAnswer())
{
PauseCapableWriteLine( manager.GetString( "Dialog_OperationAborted" ) );
throw new ExitException();
}
}
else
{
PauseCapableWriteLine( String.Format( manager.GetString( "Dialog_UseFakeEvidence" ), fileName ) );
}
String fileUrl = "file:///" + fullPath;
Evidence evidence = new Evidence();
evidence.AddHost( Zone.CreateFromUrl( fileUrl ) );
evidence.AddHost( new Url( fileUrl ) );
return evidence;
}
else
{
return asm.Evidence;
}
}
static void Main(string[] args)
{
try
{
Console.WriteLine("RiskyType object in CURRENT APPDOMAIN");
// risk1 is instance of RiskyType main AppDomain
RiskyType risk1 = new RiskyType();
#if(UNRESTRICTED)
// show process ID and AppDomain name for RiskType instance
risk1.ProcessID();
risk1.AppDomainName();
#endif
// invoke safe and risky methods in first AppDomain
string safeResult = risk1.LowRisk();
Console.WriteLine(safeResult);
string riskyResult = risk1.HighRisk("risky.txt");
Console.Write(riskyResult);
Console.WriteLine("\n");
#if(UNRESTRICTED)
// create new AppDomain with same privileges as first AppDomain
// to show processID/appdomain name info
AppDomain restrictedDomain = AppDomain.CreateDomain("restrictedDomain");
#else
// create new AppDomain with privileges restricted by security policy
Evidence ev = new Evidence();
ev.AddHost(new Zone(SecurityZone.Internet));
AppDomain restrictedDomain = AppDomain.CreateDomain("restrictedDomain", ev);
#endif
Console.WriteLine("RiskyType object in RESTRICTED APPDOMAIN");
// use reflection to load the assembly Risky into new app domain and create an instance of RiskyType
// the instance, risk2, is a transparent proxy to an instance of RiskyType in restricted domain
// RiskyType must subclass MarshalByRefObject
RiskyType risk2 = (RiskyType)restrictedDomain.CreateInstanceAndUnwrap(
"Risky", "Risky.RiskyType");
#if(UNRESTRICTED)
// show process ID and AppDomain name for RiskType instance accessed through proxy
risk2.ProcessID();
risk2.AppDomainName();
#endif
// invoke safe and risky methods in new AppDomain
safeResult = risk2.LowRisk();
Console.WriteLine(safeResult);
riskyResult = risk2.HighRisk("risky.txt");
Console.Write(riskyResult);
Console.WriteLine("\n");
}
catch (SecurityException e)
{
Console.WriteLine("SecurityException: {0}", e.Message);
}
finally
{
Console.ReadKey();
}
}
public void GetStore_AssemblyScope_Evidence_NullDomainEvidence ()
{
IsolatedStorageScope scope = IsolatedStorageScope.User | IsolatedStorageScope.Assembly;
Evidence ae = new Evidence ();
ae.AddHost (new Zone (SecurityZone.Internet));
IsolatedStorageFile isf = IsolatedStorageFile.GetStore (scope, null, null, ae, typeof (Zone));
}
static Evidence CreateAssemblyEvidence(string fileName)
{
//HACK: I am unsure whether 'Hash' evidence is required - since this will be difficult to obtain, we will not supply it...
Evidence newEvidence = new Evidence();
//We must have zone evidence, or we will get a policy exception
Zone zone = new Zone(SecurityZone.MyComputer);
newEvidence.AddHost(zone);
//If the assembly is strong-named, we must supply this evidence
//for StrongNameIdentityPermission demands
AssemblyName assemblyName = AssemblyName.GetAssemblyName(fileName);
byte[] pk = assemblyName.GetPublicKey();
if (pk!=null && pk.Length != 0)
{
StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob(pk);
StrongName strongName = new StrongName(blob, assemblyName.Name, assemblyName.Version);
newEvidence.AddHost(strongName);
}
return newEvidence;
}
/// <summary>
/// Construct an application domain for running a test package
/// </summary>
/// <param name="package">The TestPackage to be run</param>
public AppDomain CreateDomain( TestPackage package )
{
AppDomainSetup setup = new AppDomainSetup();
//For paralell tests, we need to use distinct application name
setup.ApplicationName = "Tests" + "_" + Environment.TickCount;
FileInfo testFile = package.FullName != null && package.FullName != string.Empty
? new FileInfo(package.FullName)
: null;
string appBase = package.BasePath;
string configFile = package.ConfigurationFile;
string binPath = package.PrivateBinPath;
if (testFile != null)
{
if (appBase == null || appBase == string.Empty)
appBase = testFile.DirectoryName;
if (configFile == null || configFile == string.Empty)
configFile = Services.ProjectService.CanLoadProject(testFile.Name)
? Path.GetFileNameWithoutExtension(testFile.Name) + ".config"
: testFile.Name + ".config";
}
else if (appBase == null || appBase == string.Empty)
appBase = GetCommonAppBase(package.Assemblies);
setup.ApplicationBase = appBase;
// TODO: Check whether Mono still needs full path to config file...
setup.ConfigurationFile = appBase != null && configFile != null
? Path.Combine(appBase, configFile)
: configFile;
if (package.AutoBinPath)
binPath = GetPrivateBinPath( appBase, package.Assemblies );
setup.PrivateBinPath = binPath;
if (package.GetSetting("ShadowCopyFiles", true))
{
setup.ShadowCopyFiles = "true";
setup.ShadowCopyDirectories = appBase;
setup.CachePath = GetCachePath();
}
else
setup.ShadowCopyFiles = "false";
string domainName = "test-domain-" + package.Name;
// Setup the Evidence
Evidence evidence = new Evidence(AppDomain.CurrentDomain.Evidence);
if (evidence.Count == 0)
{
Zone zone = new Zone(SecurityZone.MyComputer);
evidence.AddHost(zone);
Assembly assembly = Assembly.GetExecutingAssembly();
Url url = new Url(assembly.CodeBase);
evidence.AddHost(url);
Hash hash = new Hash(assembly);
evidence.AddHost(hash);
}
log.Info("Creating AppDomain " + domainName);
AppDomain runnerDomain;
// TODO: Try to eliminate this test. Currently, running on
// Linux with the permission set specified causes an
// unexplained crash when unloading the domain.
#if NET_2_0
if (Environment.OSVersion.Platform == PlatformID.Win32NT)
{
PermissionSet permissionSet = new PermissionSet( PermissionState.Unrestricted );
runnerDomain = AppDomain.CreateDomain(domainName, evidence, setup, permissionSet, null);
}
else
#endif
runnerDomain = AppDomain.CreateDomain(domainName, evidence, setup);
// HACK: Only pass down our AddinRegistry one level so that tests of NUnit
// itself start without any addins defined.
if ( !IsTestDomain( AppDomain.CurrentDomain ) )
runnerDomain.SetData("AddinRegistry", Services.AddinRegistry);
// Inject DomainInitializer into the remote domain - there are other
// approaches, but this works for all CLR versions.
DomainInitializer initializer = DomainInitializer.CreateInstance(runnerDomain);
// HACK: Under nunit-console, direct use of the enum fails
int traceLevel = IsTestDomain(AppDomain.CurrentDomain)
? (int)InternalTraceLevel.Off : (int)InternalTrace.Level;
initializer.InitializeDomain(traceLevel);
return runnerDomain;
}
public void CreateDomain_StringEvidence ()
{
Evidence e = new Evidence ();
ad = AppDomain.CreateDomain ("CreateDomain_StringEvidence", e);
Assert.IsNotNull (ad.Evidence, "Evidence");
Assert.AreEqual (0, ad.Evidence.Count, "Evidence.Count");
e.AddHost (new Zone (SecurityZone.MyComputer));
Assert.AreEqual (0, ad.Evidence.Count, "Evidence.Count");
// evidence isn't copied but referenced
}