ResolvePolicy() private method

private ResolvePolicy ( Evidence evidence ) : PermissionSet
evidence System.Security.Policy.Evidence
return PermissionSet
Exemplo n.º 1
0
 internal PermissionSet Resolve(Evidence evidence)
 {
     // The host might have implemented a ResolvePolicy method in their HostSecurityManager,
     // so take that into account for non-GAC assemblies.
     if (!IsGacAssembly(evidence))
     {
         HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager;
         if ((securityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
         {
             return(securityManager.ResolvePolicy(evidence));
         }
     }
     return(ResolveHelper(evidence));
 }
Exemplo n.º 2
0
        internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet)
        {
            HostSecurityManager hostSecurityManager = AppDomain.CurrentDomain.HostSecurityManager;

            if (evidence.GetHostEvidence <GacInstalled>() != null)
            {
                grantSet = new PermissionSet(PermissionState.Unrestricted);
                return(true);
            }
            if ((hostSecurityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
            {
                PermissionSet permissionSet = hostSecurityManager.ResolvePolicy(evidence);
                if (permissionSet == null)
                {
                    throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", new object[]
                    {
                        hostSecurityManager.GetType().FullName
                    }));
                }
                if (AppDomain.CurrentDomain.IsHomogenous)
                {
                    if (permissionSet.IsEmpty())
                    {
                        throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"));
                    }
                    PermissionSet permissionSet2 = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet;
                    if (!permissionSet.IsUnrestricted() && (!permissionSet.IsSubsetOf(permissionSet2) || !permissionSet2.IsSubsetOf(permissionSet)))
                    {
                        throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", new object[]
                        {
                            hostSecurityManager.GetType().FullName
                        }));
                    }
                }
                grantSet = permissionSet;
                return(true);
            }
            else
            {
                if (AppDomain.CurrentDomain.IsHomogenous)
                {
                    grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
                    return(true);
                }
                grantSet = null;
                return(false);
            }
        }
		public void ResolvePolicy_CurrentAssemblyEvidence ()
		{
			HostSecurityManager hsm = new HostSecurityManager ();
			Assembly a = Assembly.GetExecutingAssembly ();
			PermissionSet ps = hsm.ResolvePolicy (a.Evidence);

			PermissionSet expected = SecurityManager.ResolvePolicy (a.Evidence);
			Assert.AreEqual (expected.ToString (), ps.ToString (), "PermissionSet");
		}
		public void ResolvePolicy_Empty ()
		{
			HostSecurityManager hsm = new HostSecurityManager ();
			PermissionSet ps = hsm.ResolvePolicy (new Evidence ());
			Assert.AreEqual (0, ps.Count, "Count");
			Assert.IsFalse (ps.IsUnrestricted (), "IsUnrestricted");
		}
		public void ResolvePolicy_Null ()
		{
			HostSecurityManager hsm = new HostSecurityManager ();
			PermissionSet ps = hsm.ResolvePolicy (null);
		}
Exemplo n.º 6
0
        internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet)
        {
            Contract.Assert(evidence != null);

            HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager;

            // GAC assemblies always are fully trusted
            if (evidence.GetHostEvidence <GacInstalled>() != null)
            {
                grantSet = new PermissionSet(PermissionState.Unrestricted);
                return(true);
            }
            // If the host wants to participate in policy resolution, then our next option is to ask it for
            // a grant set
            else if ((securityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
            {
                PermissionSet hostGrantSet = securityManager.ResolvePolicy(evidence);

                if (hostGrantSet == null)
                {
                    throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", securityManager.GetType().FullName));
                }

                // If we're in a homogenous domain, we don't want to allow the host to create multiple
                // levels of permissions within the domain.  So, if we see the host return something other
                // than full trust or the homogenous grant set, we reject the grant set.
                if (AppDomain.CurrentDomain.IsHomogenous)
                {
                    // Some hosts, such as ASP.NET, return Nothing as a way of saying that the assembly should
                    // not be allowed to run in the AppDomain.  Reject that with a specific
                    // no-execution-allowed-here exception message, rather than the return value validation
                    // exception message we'd hit below.
                    if (hostGrantSet.IsEmpty())
                    {
                        throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"));
                    }

                    PermissionSet homogenousGrantSet = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet;
                    bool          isValidGrantSet    = hostGrantSet.IsUnrestricted() ||
                                                       (hostGrantSet.IsSubsetOf(homogenousGrantSet) && homogenousGrantSet.IsSubsetOf(hostGrantSet));

                    if (!isValidGrantSet)
                    {
                        throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", securityManager.GetType().FullName));
                    }
                }

                grantSet = hostGrantSet;
                return(true);
            }
            // If we're in a homogenous domain, we can get the grant set directly from the application trust
            else if (AppDomain.CurrentDomain.IsHomogenous)
            {
                grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
                return(true);
            }
            // Otherwise we have no way to figure out what the grant set is
            else
            {
                grantSet = null;
                return(false);
            }
        }