protected static ObjectHandle CreateInstanceHelper (AppDomainSetup adSetup)
{
if (adSetup == null)
throw new ArgumentNullException ("adSetup");
if (adSetup.ActivationArguments == null) {
string msg = Locale.GetText ("{0} is missing it's {1} property");
throw new ArgumentException (String.Format (msg, "AppDomainSetup", "ActivationArguments"), "adSetup");
}
HostSecurityManager hsm = null;
if (AppDomain.CurrentDomain.DomainManager != null)
hsm = AppDomain.CurrentDomain.DomainManager.HostSecurityManager;
else
hsm = new HostSecurityManager (); // default
Evidence applicationEvidence = new Evidence ();
applicationEvidence.AddHost (adSetup.ActivationArguments);
TrustManagerContext context = new TrustManagerContext ();
ApplicationTrust trust = hsm.DetermineApplicationTrust (applicationEvidence, null, context);
if (!trust.IsApplicationTrustedToRun) {
string msg = Locale.GetText ("Current policy doesn't allow execution of addin.");
throw new PolicyException (msg);
}
// FIXME: we're missing the information from the manifest
AppDomain ad = AppDomain.CreateDomain ("friendlyName", null, adSetup);
return ad.CreateInstance ("assemblyName", "typeName", null);
}
public void ProvideAppDomainEvidence ()
{
HostSecurityManager hsm = new HostSecurityManager ();
Assert.IsNull (hsm.ProvideAppDomainEvidence (null), "null");
Evidence e = new Evidence ();
Evidence result = hsm.ProvideAppDomainEvidence (e);
Assert.IsNotNull (result, "empty");
Assert.AreEqual (0, result.Count, "Count-0");
e.AddHost (new Zone (SecurityZone.Untrusted));
result = hsm.ProvideAppDomainEvidence (e);
Assert.AreEqual (1, result.Count, "Count-1");
}
internal PermissionSet Resolve(Evidence evidence)
{
// The host might have implemented a ResolvePolicy method in their HostSecurityManager,
// so take that into account for non-GAC assemblies.
if (!IsGacAssembly(evidence))
{
HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager;
if ((securityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
{
return(securityManager.ResolvePolicy(evidence));
}
}
return(ResolveHelper(evidence));
}
internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet)
{
HostSecurityManager hostSecurityManager = AppDomain.CurrentDomain.HostSecurityManager;
if (evidence.GetHostEvidence <GacInstalled>() != null)
{
grantSet = new PermissionSet(PermissionState.Unrestricted);
return(true);
}
if ((hostSecurityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
{
PermissionSet permissionSet = hostSecurityManager.ResolvePolicy(evidence);
if (permissionSet == null)
{
throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", new object[]
{
hostSecurityManager.GetType().FullName
}));
}
if (AppDomain.CurrentDomain.IsHomogenous)
{
if (permissionSet.IsEmpty())
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"));
}
PermissionSet permissionSet2 = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet;
if (!permissionSet.IsUnrestricted() && (!permissionSet.IsSubsetOf(permissionSet2) || !permissionSet2.IsSubsetOf(permissionSet)))
{
throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", new object[]
{
hostSecurityManager.GetType().FullName
}));
}
}
grantSet = permissionSet;
return(true);
}
else
{
if (AppDomain.CurrentDomain.IsHomogenous)
{
grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
return(true);
}
grantSet = null;
return(false);
}
}
public void ProvideAssemblyEvidence ()
{
HostSecurityManager hsm = new HostSecurityManager ();
Assembly a = Assembly.GetExecutingAssembly ();
Evidence result = hsm.ProvideAssemblyEvidence (a, null);
Assert.IsNull (result, "null");
Evidence e = new Evidence ();
result = hsm.ProvideAssemblyEvidence (a, e);
Assert.AreEqual (0, result.Count, "Count-empty");
e.AddHost (new Zone (SecurityZone.Untrusted));
result = hsm.ProvideAssemblyEvidence (a, e);
Assert.AreEqual (1, result.Count, "Count-1");
}
public void DetermineApplicationTrust_Evidence_Evidence_Null ()
{
HostSecurityManager hsm = new HostSecurityManager ();
hsm.DetermineApplicationTrust (new Evidence (), new Evidence (), null);
}
public void DetermineApplicationTrust_Evidence_Null_TrustManagerContext ()
{
HostSecurityManager hsm = new HostSecurityManager ();
hsm.DetermineApplicationTrust (new Evidence (), null, new TrustManagerContext ());
}
public void Defaults ()
{
HostSecurityManager hsm = new HostSecurityManager ();
Assert.IsNull (hsm.DomainPolicy, "DomainPolicy");
Assert.AreEqual (HostSecurityManagerOptions.AllFlags, hsm.Flags, "Flags");
}
public void ResolvePolicy_CurrentAssemblyEvidence ()
{
HostSecurityManager hsm = new HostSecurityManager ();
Assembly a = Assembly.GetExecutingAssembly ();
PermissionSet ps = hsm.ResolvePolicy (a.Evidence);
PermissionSet expected = SecurityManager.ResolvePolicy (a.Evidence);
Assert.AreEqual (expected.ToString (), ps.ToString (), "PermissionSet");
}
public void ResolvePolicy_Empty ()
{
HostSecurityManager hsm = new HostSecurityManager ();
PermissionSet ps = hsm.ResolvePolicy (new Evidence ());
Assert.AreEqual (0, ps.Count, "Count");
Assert.IsFalse (ps.IsUnrestricted (), "IsUnrestricted");
}
public void ResolvePolicy_Null ()
{
HostSecurityManager hsm = new HostSecurityManager ();
PermissionSet ps = hsm.ResolvePolicy (null);
}
internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet)
{
Contract.Assert(evidence != null);
HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager;
// GAC assemblies always are fully trusted
if (evidence.GetHostEvidence <GacInstalled>() != null)
{
grantSet = new PermissionSet(PermissionState.Unrestricted);
return(true);
}
// If the host wants to participate in policy resolution, then our next option is to ask it for
// a grant set
else if ((securityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
{
PermissionSet hostGrantSet = securityManager.ResolvePolicy(evidence);
if (hostGrantSet == null)
{
throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", securityManager.GetType().FullName));
}
// If we're in a homogenous domain, we don't want to allow the host to create multiple
// levels of permissions within the domain. So, if we see the host return something other
// than full trust or the homogenous grant set, we reject the grant set.
if (AppDomain.CurrentDomain.IsHomogenous)
{
// Some hosts, such as ASP.NET, return Nothing as a way of saying that the assembly should
// not be allowed to run in the AppDomain. Reject that with a specific
// no-execution-allowed-here exception message, rather than the return value validation
// exception message we'd hit below.
if (hostGrantSet.IsEmpty())
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"));
}
PermissionSet homogenousGrantSet = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet;
bool isValidGrantSet = hostGrantSet.IsUnrestricted() ||
(hostGrantSet.IsSubsetOf(homogenousGrantSet) && homogenousGrantSet.IsSubsetOf(hostGrantSet));
if (!isValidGrantSet)
{
throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", securityManager.GetType().FullName));
}
}
grantSet = hostGrantSet;
return(true);
}
// If we're in a homogenous domain, we can get the grant set directly from the application trust
else if (AppDomain.CurrentDomain.IsHomogenous)
{
grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
return(true);
}
// Otherwise we have no way to figure out what the grant set is
else
{
grantSet = null;
return(false);
}
}
