internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet)
{
HostSecurityManager hostSecurityManager = AppDomain.CurrentDomain.HostSecurityManager;
if (evidence.GetHostEvidence <GacInstalled>() != null)
{
grantSet = new PermissionSet(PermissionState.Unrestricted);
return(true);
}
if ((hostSecurityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
{
PermissionSet permissionSet = hostSecurityManager.ResolvePolicy(evidence);
if (permissionSet == null)
{
throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", new object[]
{
hostSecurityManager.GetType().FullName
}));
}
if (AppDomain.CurrentDomain.IsHomogenous)
{
if (permissionSet.IsEmpty())
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"));
}
PermissionSet permissionSet2 = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet;
if (!permissionSet.IsUnrestricted() && (!permissionSet.IsSubsetOf(permissionSet2) || !permissionSet2.IsSubsetOf(permissionSet)))
{
throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", new object[]
{
hostSecurityManager.GetType().FullName
}));
}
}
grantSet = permissionSet;
return(true);
}
else
{
if (AppDomain.CurrentDomain.IsHomogenous)
{
grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
return(true);
}
grantSet = null;
return(false);
}
}
internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet)
{
Contract.Assert(evidence != null);
HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager;
// GAC assemblies always are fully trusted
if (evidence.GetHostEvidence <GacInstalled>() != null)
{
grantSet = new PermissionSet(PermissionState.Unrestricted);
return(true);
}
// If the host wants to participate in policy resolution, then our next option is to ask it for
// a grant set
else if ((securityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
{
PermissionSet hostGrantSet = securityManager.ResolvePolicy(evidence);
if (hostGrantSet == null)
{
throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", securityManager.GetType().FullName));
}
// If we're in a homogenous domain, we don't want to allow the host to create multiple
// levels of permissions within the domain. So, if we see the host return something other
// than full trust or the homogenous grant set, we reject the grant set.
if (AppDomain.CurrentDomain.IsHomogenous)
{
// Some hosts, such as ASP.NET, return Nothing as a way of saying that the assembly should
// not be allowed to run in the AppDomain. Reject that with a specific
// no-execution-allowed-here exception message, rather than the return value validation
// exception message we'd hit below.
if (hostGrantSet.IsEmpty())
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"));
}
PermissionSet homogenousGrantSet = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet;
bool isValidGrantSet = hostGrantSet.IsUnrestricted() ||
(hostGrantSet.IsSubsetOf(homogenousGrantSet) && homogenousGrantSet.IsSubsetOf(hostGrantSet));
if (!isValidGrantSet)
{
throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", securityManager.GetType().FullName));
}
}
grantSet = hostGrantSet;
return(true);
}
// If we're in a homogenous domain, we can get the grant set directly from the application trust
else if (AppDomain.CurrentDomain.IsHomogenous)
{
grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
return(true);
}
// Otherwise we have no way to figure out what the grant set is
else
{
grantSet = null;
return(false);
}
}
