/// <summary> /// Generate the Internet permission set, optionally extending it with same site permissions /// </summary> private static PermissionSet GetInternetPermissionSet(Url sourceUrl) { PermissionSet internet = MachinePolicyLevel.GetNamedPermissionSet("Internet"); // If we have a source URL, try to generate same-site web permissions to add to the internet set if (sourceUrl != null) { Evidence evidence = new Evidence(); evidence.AddHostEvidence(new Zone(SecurityZone.Internet)); evidence.AddHostEvidence(sourceUrl); PolicyStatement webPolicy = new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence); if (webPolicy != null) { internet = internet.Union(webPolicy.PermissionSet); } } // If WPF is available on the machine, then extend the permission set with some additional WPF // permissions as well. internet = internet.Union(WpfPermissionSet); return(internet); }
/// <summary> /// Obtain a copy of the Everything permission set /// </summary> private static PermissionSet GetEverythingPermissionSet() { PermissionSet everything = MachinePolicyLevel.GetNamedPermissionSet("Everything"); // WPF extends the Internet and LocalIntranet permission sets with additional permissions that // don't appear in the Everything permission set. Since it's desirable to have Everything be a // superset of the other permission sets, if we find that Internet has been extended, we'll add // unrestricted versions of the extended permissions to our Everything set as well. foreach (IPermission permission in WpfPermissionSet) { if (everything.GetPermission(permission.GetType()) == null) { // We found an extended permission - add a new version of it into our permission set ConstructorInfo permissionConstructor = permission.GetType().GetConstructor(new Type[] { typeof(PermissionState) }); if (permissionConstructor != null) { IPermission extendedPermission = permissionConstructor.Invoke(new object[] { PermissionState.Unrestricted }) as IPermission; everything.AddPermission(extendedPermission); } } } return(everything); }
/// <summary> /// Generate the LocalIntranet permission set, optionally extending it with same site permissions /// </summary> private static PermissionSet GetLocalIntranetPermissionSet(Url sourceUrl) { PermissionSet localIntranet = MachinePolicyLevel.GetNamedPermissionSet("LocalIntranet"); // If we have a source URL, try to generate same-site web and file permissions to add to the // local intranet set if (sourceUrl != null) { Evidence evidence = new Evidence(); evidence.AddHostEvidence(new Zone(SecurityZone.Intranet)); evidence.AddHostEvidence(sourceUrl); PolicyStatement webPolicy = new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence); if (webPolicy != null) { localIntranet = localIntranet.Union(webPolicy.PermissionSet); } PolicyStatement filePolicy = new FileCodeGroup(new AllMembershipCondition(), FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery).Resolve(evidence); if (filePolicy != null) { localIntranet = localIntranet.Union(filePolicy.PermissionSet); } } // If WPF is available on the machine, then extend the permission set with some additional WPF // permissions as well. localIntranet = localIntranet.Union(WpfPermissionSet); return(localIntranet); }