private static bool ExistingTrustApplicable(ApplicationSecurityInfo info, ArrayList matchingTrusts)
        {
            int index = 0;

            while (index < matchingTrusts.Count)
            {
                ApplicationTrust trust = (ApplicationTrust)matchingTrusts[index];
                if (!trust.IsApplicationTrustedToRun)
                {
                    matchingTrusts.RemoveAt(index);
                }
                PermissionSet requestedPermissionSet = GetRequestedPermissionSet(info);
                PermissionSet permissionSet          = trust.DefaultGrantSet.PermissionSet;
                if ((permissionSet == null) && (requestedPermissionSet != null))
                {
                    matchingTrusts.RemoveAt(index);
                }
                else if ((permissionSet != null) && (requestedPermissionSet == null))
                {
                    index++;
                    continue;
                }
                if (requestedPermissionSet.IsSubsetOf(permissionSet))
                {
                    index++;
                }
                else
                {
                    matchingTrusts.RemoveAt(index);
                }
            }
            return(matchingTrusts.Count > 0);
        }
Пример #2
0
 /// <summary>
 /// Gets the public key token for the current ClickOnce app.
 /// </summary>
 /// <returns></returns>
 private static string GetPublicKeyToken()
 {
     ApplicationSecurityInfo asi = new ApplicationSecurityInfo(AppDomain.CurrentDomain.ActivationContext);
     byte[] pk = asi.ApplicationId.PublicKeyToken;
     StringBuilder pkt = new StringBuilder();
     for (int i = 0; i < pk.GetLength(0); i++)
         pkt.Append($"{pk[i]:x}");
     return pkt.ToString();
 }
        private static string GetDeploymentUrl(ApplicationSecurityInfo info)
        {
            Url hostEvidence = info.ApplicationEvidence.GetHostEvidence <Url>();

            if (hostEvidence != null)
            {
                return(hostEvidence.Value);
            }
            return(null);
        }
        private static PermissionSet GetRequestedPermissionSet(ApplicationSecurityInfo info)
        {
            PermissionSet defaultRequestSet = info.DefaultRequestSet;
            PermissionSet set2 = null;

            if (defaultRequestSet != null)
            {
                set2 = defaultRequestSet.Copy();
            }
            return(set2);
        }
 public static System.Security.Policy.ApplicationTrust PersistTrustWithoutEvaluation(ActivationContext actCtx)
 {
     ApplicationSecurityInfo info = new ApplicationSecurityInfo(actCtx);
     System.Security.Policy.ApplicationTrust trust = new System.Security.Policy.ApplicationTrust(actCtx.Identity) {
         IsApplicationTrustedToRun = true,
         DefaultGrantSet = new PolicyStatement(info.DefaultRequestSet, PolicyStatementAttribute.Nothing),
         Persist = true,
         ApplicationIdentity = actCtx.Identity
     };
     ApplicationSecurityManager.UserApplicationTrusts.Add(trust);
     return trust;
 }
 private static bool AppRequestsBeyondDefaultTrust(ApplicationSecurityInfo info)
 {
     try
     {
         PermissionSet standardSandbox        = SecurityManager.GetStandardSandbox(info.ApplicationEvidence);
         PermissionSet requestedPermissionSet = GetRequestedPermissionSet(info);
         if ((standardSandbox == null) && (requestedPermissionSet != null))
         {
             return(true);
         }
         if ((standardSandbox != null) && (requestedPermissionSet == null))
         {
             return(false);
         }
         return(!requestedPermissionSet.IsSubsetOf(standardSandbox));
     }
     catch (Exception)
     {
         return(true);
     }
 }
 private static bool AppRequestsBeyondDefaultTrust(ApplicationSecurityInfo info)
 {
     try
     {
         PermissionSet standardSandbox = SecurityManager.GetStandardSandbox(info.ApplicationEvidence);
         PermissionSet requestedPermissionSet = GetRequestedPermissionSet(info);
         if ((standardSandbox == null) && (requestedPermissionSet != null))
         {
             return true;
         }
         if ((standardSandbox != null) && (requestedPermissionSet == null))
         {
             return false;
         }
         return !requestedPermissionSet.IsSubsetOf(standardSandbox);
     }
     catch (Exception)
     {
         return true;
     }
 }
 public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
 {
     if (applicationEvidence == null)
     {
         throw new ArgumentNullException("applicationEvidence");
     }
     ActivationArguments hostEvidence = applicationEvidence.GetHostEvidence<ActivationArguments>();
     if (hostEvidence == null)
     {
         throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
     }
     ActivationContext activationContext = hostEvidence.ActivationContext;
     if (activationContext == null)
     {
         throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
     }
     ApplicationTrust applicationTrust = applicationEvidence.GetHostEvidence<ApplicationTrust>();
     if ((applicationTrust != null) && !CmsUtils.CompareIdentities(applicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
     {
         applicationTrust = null;
     }
     if (applicationTrust == null)
     {
         if ((AppDomain.CurrentDomain.ApplicationTrust != null) && CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
         {
             applicationTrust = AppDomain.CurrentDomain.ApplicationTrust;
         }
         else
         {
             applicationTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(activationContext, context);
         }
     }
     ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
     if (((applicationTrust != null) && applicationTrust.IsApplicationTrustedToRun) && !info.DefaultRequestSet.IsSubsetOf(applicationTrust.DefaultGrantSet.PermissionSet))
     {
         throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
     }
     return applicationTrust;
 }
 private static ApplicationTrust CreateApplicationTrust(ActivationContext activationContext, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, bool trust, bool persist)
 {
     return new ApplicationTrust(activationContext.Identity) { ExtraInfo = appTrustExtraInfo, IsApplicationTrustedToRun = trust, DefaultGrantSet = new PolicyStatement(info.DefaultRequestSet, PolicyStatementAttribute.Nothing), Persist = persist };
 }
 private static ApplicationTrust BlockingPrompt(ActivationContext activationContext, ParsedData parsedData, string deploymentUrl, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName, bool permissionElevationRequired)
 {
     TrustManagerPromptOptions options = CompletePromptOptions(permissionElevationRequired ? (TrustManagerPromptOptions.RequiresPermissions | TrustManagerPromptOptions.StopApp) : TrustManagerPromptOptions.StopApp, appTrustExtraInfo, zoneName, info);
     try
     {
         new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher, parsedData.Certificate, options).ShowDialog();
     }
     catch (Exception)
     {
     }
     return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
 }
 private bool DetermineTrustCore(bool blocking, TrustParams tp)
 {
     try
     {
         Logger.AddMethodCall(this._log, "DeploymentManager.DetermineTrustCore() called.");
         SubscriptionState subscriptionState = this._subStore.GetSubscriptionState(this._actDesc.DeployManifest);
         TrustManagerContext tmc = new TrustManagerContext {
             IgnorePersistedDecision = false,
             NoPrompt = false,
             Persist = true
         };
         if (tp != null)
         {
             tmc.NoPrompt = tp.NoPrompt;
         }
         if (!blocking && this._cancellationPending)
         {
             return true;
         }
         if (subscriptionState.IsInstalled && !string.Equals(subscriptionState.EffectiveCertificatePublicKeyToken, this._actDesc.EffectiveCertificatePublicKeyToken, StringComparison.Ordinal))
         {
             Logger.AddInternalState(this._log, "Application family is installed but effective certificate public key token has changed between versions: subState.EffectiveCertificatePublicKeyToken=" + subscriptionState.EffectiveCertificatePublicKeyToken + ",_actDesc.EffectiveCertificatePublicKeyToken=" + this._actDesc.EffectiveCertificatePublicKeyToken);
             Logger.AddInternalState(this._log, "Removing cached trust for the CurrentBind.");
             System.Deployment.Application.ApplicationTrust.RemoveCachedTrust(subscriptionState.CurrentBind);
         }
         bool isUpdate = false;
         if (this._actDesc.IsUpdate)
         {
             isUpdate = true;
         }
         if (this._actDesc.IsUpdateInPKTGroup)
         {
             isUpdate = false;
             ApplicationSecurityInfo info = new ApplicationSecurityInfo(this._actCtx);
             this._actDesc.IsFullTrustRequested = info.DefaultRequestSet.IsUnrestricted();
         }
         this._actDesc.Trust = System.Deployment.Application.ApplicationTrust.RequestTrust(subscriptionState, this._actDesc.DeployManifest.Deployment.Install, isUpdate, this._actCtx, tmc);
     }
     catch (Exception exception)
     {
         this.LogError(Resources.GetString("Ex_DetermineTrustFailed"), exception);
         Logger.AddInternalState(this._log, "Exception thrown in  DetermineTrustCore(): " + exception.GetType().ToString() + " : " + exception.Message + "\r\n" + exception.StackTrace);
         throw;
     }
     return false;
 }
Пример #12
0
        private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext,
                                                       ParsedData parsedData,
                                                       String deploymentUrl,
                                                       HostContextInternal hostContextInternal, 
                                                       ApplicationSecurityInfo info, 
                                                       ApplicationTrustExtraInfo appTrustExtraInfo,
                                                       string zoneName)
        {
            DialogResult ret;
            TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info);
            try
            {
                TrustManagerPromptUIThread highRiskDialog = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName,
                                                                               DefaultBrowserExePath,
                                                                               parsedData.SupportUrl, 
                                                                               GetHostFromDeploymentUrl(deploymentUrl),
                                                                               parsedData.AuthenticodedPublisher /*publisherName*/, 
                                                                               parsedData.Certificate,
                                                                               options);
                ret = highRiskDialog.ShowDialog();
            }
            catch (Exception ex)
            {
                Debug.Fail("Error occurred while showing high risk dialog: " + ex.Message);
                ret = DialogResult.No;
            }

            return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, ret == DialogResult.OK /*trust*/, hostContextInternal.Persist && ret == DialogResult.OK /*persist*/);
        }
Пример #13
0
        private static string GetDeploymentUrl(ApplicationSecurityInfo info)
        {
            Debug.Assert(info != null);
            Evidence appEvidence = info.ApplicationEvidence;

            Url deploymentUrl = appEvidence.GetHostEvidence<Url>();
            if (deploymentUrl != null)
            {
                return deploymentUrl.Value;
            }

            // Couldn't find deployment Url
            return null;
        }
Пример #14
0
        private static ApplicationTrust CreateApplicationTrust(ActivationContext activationContext,
                                                               ApplicationSecurityInfo info,
                                                               ApplicationTrustExtraInfo appTrustExtraInfo,
                                                               bool trust,
                                                               bool persist)
        {
            ApplicationTrust appTrust = new ApplicationTrust(activationContext.Identity);

            appTrust.ExtraInfo = appTrustExtraInfo;
            appTrust.IsApplicationTrustedToRun = trust;
            appTrust.DefaultGrantSet = new PolicyStatement(info.DefaultRequestSet, (PolicyStatementAttribute) 0);
            appTrust.Persist = persist;

            return appTrust;
        }
Пример #15
0
        public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext)
        {            
            if (activationContext == null)
            {
                throw new ArgumentNullException("activationContext");
            }

            ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
            ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo();
            // ISSUE - fix this....
            HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext);

            ICMS cms = (ICMS)InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext);            

            ParsedData parsedData = new ParsedData();
            if (ParseManifest(cms, parsedData))
            {
                appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration; 
            }

            string deploymentUrl = GetDeploymentUrl(info);
            string zoneName = GetZoneNameFromDeploymentUrl(deploymentUrl);
            MemoryStream ms;
            PromptsAllowed promptsAllowed;

            if (!ExtractManifestContent(cms, out ms))
            {
                // Block prompt
                return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
            }
            
            bool distrustedPublisher, trustedPublisher, noCertificate;
            AnalyzeCertificate(parsedData, ms, out distrustedPublisher, out trustedPublisher, out noCertificate);

            /// Check whether application manifest allows to use deployment manifest certificate.
            /// If not then we have to use application manifest certificate instead.
            ICMS applicationCms = (ICMS)InternalActivationContextHelper.GetApplicationComponentManifest(activationContext);
            ParsedData applicationParsedData = new ParsedData();
            if (ParseManifest(applicationCms, applicationParsedData))
            {
                if (applicationParsedData.UseManifestForTrust)
                {
                    MemoryStream applicationMs;
                    if (ExtractManifestContent(applicationCms, out applicationMs))
                    {
                        /// Use the old parsedData.
                        bool applicationDistrustedPublisher, applicationTrustedPublisher, applicationNoCertificate;
                        AnalyzeCertificate(parsedData, applicationMs, out applicationDistrustedPublisher, out applicationTrustedPublisher, out applicationNoCertificate);
                        distrustedPublisher = applicationDistrustedPublisher;
                        trustedPublisher = applicationTrustedPublisher;
                        noCertificate = applicationNoCertificate;
                        parsedData.AppName = applicationParsedData.AppName;
                        parsedData.AppPublisher = applicationParsedData.AppPublisher;
                        parsedData.SupportUrl = applicationParsedData.SupportUrl;
                    }
                }
            }

            if (distrustedPublisher)
            {             
                promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
                if (promptsAllowed == PromptsAllowed.None)
                {
                    // No prompt allowed, return Do Not Trust.
                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
                }
                return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
            }            

            if (noCertificate)
            {            
                parsedData.AuthenticodedPublisher = null;
                parsedData.Certificate = null;
            }

            if (!hostContextInternal.IgnorePersistedDecision)
            {
                // Check if there are previously trusted versions installed.
                ArrayList matchingTrusts;
                if (SearchPreviousTrustedVersion(activationContext, out matchingTrusts))
                {
                    Debug.Assert(matchingTrusts != null && matchingTrusts.Count > 0);

                    // Found a matching app, with normally a different version.
                    if (ExistingTrustApplicable(info, matchingTrusts))
                    {
                        // There is at least one old version that requires at the same or more permissions.
                        // ExistingTrustApplicable removed the non-applicable version from the matchingTrusts arrays.
                        Debug.Assert(matchingTrusts != null && matchingTrusts.Count > 0);

                        // Check if the new app requires shell integration while none of the old ones did
                        if (appTrustExtraInfo.RequestsShellIntegration &&
                            !SomePreviousTrustedVersionRequiresShellIntegration(matchingTrusts) &&
                            !trustedPublisher)
                        {
                            promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
                            switch (promptsAllowed)
                            {
                                case PromptsAllowed.None:
                                    // No prompt allowed, return Do Not Trust.
                                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
                                case PromptsAllowed.BlockingOnly:
                                    return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
                                case PromptsAllowed.All:
                                    // New app requires shell integration - bring up the Basic Install Prompt
                                    return BasicInstallPrompt(activationContext,
                                                              parsedData, 
                                                              deploymentUrl, 
                                                              hostContextInternal, 
                                                              info, 
                                                              appTrustExtraInfo,
                                                              zoneName, 
                                                              AppRequestsBeyondDefaultTrust(info) /*permissionElevationRequired*/);
                            }
                        }

                        // No prompt, return Trust & Persist.
                        return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true /*trust*/, hostContextInternal.Persist /*persist*/);
                    }
                }
            }            

            bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info);
            if (!permissionElevationRequired || trustedPublisher)
            {             
                if (!trustedPublisher)
                {
                    Debug.Assert(!permissionElevationRequired);
                    promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
                    switch (promptsAllowed)
                    {
                        case PromptsAllowed.BlockingOnly:
                            return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, permissionElevationRequired);
                        case PromptsAllowed.None:
                            // XBaps should also prompt in InternetZone
                            // Originally xbaps were silently trusted, along with other ClickOnce apps
                        case PromptsAllowed.All:
                            // App shell integrates and is not from a trusted deployer, bring up the Basic Install Prompt.
                            return BasicInstallPrompt(activationContext,
                                                      parsedData, 
                                                      deploymentUrl, 
                                                      hostContextInternal, 
                                                      info,
                                                      appTrustExtraInfo,
                                                      zoneName,
                                                      false /*permissionElevationRequired*/);
                    }
                }
                else
                {
                    // App does not shell integrate and does not run in "Internet" zone, or is from a trusted deployer, return Trust
                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true /*trust*/, hostContextInternal.Persist /*persist*/);
                }
            }            

            promptsAllowed = GetPromptsAllowed(hostContextInternal, zoneName, parsedData);
            switch (promptsAllowed)
            {
                case PromptsAllowed.None:
                    // No prompt allowed, return Do Not Trust.
                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
                case PromptsAllowed.BlockingOnly:
                    return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneName, true /*permissionElevationRequired*/);
                default: // PromptsAllowed.All:
                    // Bring up the HighRisk Install Prompt if the app shell integrates, or the HighRisk Run Prompt otherwise.
                    return HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneName);
            }
        }
        public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext)
        {
            MemoryStream stream;
            bool flag;
            bool flag2;
            bool flag3;
            MemoryStream stream2;
            ArrayList list;
            if (activationContext == null)
            {
                throw new ArgumentNullException("activationContext");
            }
            ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
            ApplicationTrustExtraInfo appTrustExtraInfo = new ApplicationTrustExtraInfo();
            HostContextInternal hostContextInternal = new HostContextInternal(trustManagerContext);
            System.Deployment.Internal.Isolation.Manifest.ICMS deploymentComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS) InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext);
            ParsedData parsedData = new ParsedData();
            if (ParseManifest(deploymentComponentManifest, parsedData))
            {
                appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration;
            }
            string deploymentUrl = GetDeploymentUrl(info);
            string zoneNameFromDeploymentUrl = GetZoneNameFromDeploymentUrl(deploymentUrl);
            if (!ExtractManifestContent(deploymentComponentManifest, out stream))
            {
                return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));
            }
            AnalyzeCertificate(parsedData, stream, out flag, out flag2, out flag3);
            System.Deployment.Internal.Isolation.Manifest.ICMS applicationComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS) InternalActivationContextHelper.GetApplicationComponentManifest(activationContext);
            ParsedData data2 = new ParsedData();
            if ((ParseManifest(applicationComponentManifest, data2) && data2.UseManifestForTrust) && ExtractManifestContent(applicationComponentManifest, out stream2))
            {
                bool flag4;
                bool flag5;
                bool flag6;
                AnalyzeCertificate(parsedData, stream2, out flag4, out flag5, out flag6);
                flag = flag4;
                flag2 = flag5;
                flag3 = flag6;
                parsedData.AppName = data2.AppName;
                parsedData.AppPublisher = data2.AppPublisher;
                parsedData.SupportUrl = data2.SupportUrl;
            }
            if (flag)
            {
                if (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData) == PromptsAllowed.None)
                {
                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
                }
                return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));
            }
            if (flag3)
            {
                parsedData.AuthenticodedPublisher = null;
                parsedData.Certificate = null;
            }
            if ((!hostContextInternal.IgnorePersistedDecision && SearchPreviousTrustedVersion(activationContext, hostContextInternal.PreviousAppId, out list)) && ExistingTrustApplicable(info, list))
            {
                if ((appTrustExtraInfo.RequestsShellIntegration && !SomePreviousTrustedVersionRequiresShellIntegration(list)) && !flag2)
                {
                    switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
                    {
                        case PromptsAllowed.All:
                            return BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));

                        case PromptsAllowed.BlockingOnly:
                            return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info));

                        case PromptsAllowed.None:
                            return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
                    }
                }
                return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist);
            }
            bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info);
            if (!permissionElevationRequired || flag2)
            {
                if (flag2)
                {
                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist);
                }
                switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
                {
                    case PromptsAllowed.All:
                    case PromptsAllowed.None:
                        return BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, false);

                    case PromptsAllowed.BlockingOnly:
                        return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, permissionElevationRequired);
                }
            }
            switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
            {
                case PromptsAllowed.BlockingOnly:
                    return BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, true);

                case PromptsAllowed.None:
                    return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false);
            }
            return HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl);
        }
 private static bool ExistingTrustApplicable(ApplicationSecurityInfo info, ArrayList matchingTrusts)
 {
     int index = 0;
     while (index < matchingTrusts.Count)
     {
         ApplicationTrust trust = (ApplicationTrust) matchingTrusts[index];
         if (!trust.IsApplicationTrustedToRun)
         {
             matchingTrusts.RemoveAt(index);
         }
         PermissionSet requestedPermissionSet = GetRequestedPermissionSet(info);
         PermissionSet permissionSet = trust.DefaultGrantSet.PermissionSet;
         if ((permissionSet == null) && (requestedPermissionSet != null))
         {
             matchingTrusts.RemoveAt(index);
         }
         else if ((permissionSet != null) && (requestedPermissionSet == null))
         {
             index++;
             continue;
         }
         if (requestedPermissionSet.IsSubsetOf(permissionSet))
         {
             index++;
         }
         else
         {
             matchingTrusts.RemoveAt(index);
         }
     }
     return (matchingTrusts.Count > 0);
 }
 private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext, ParsedData parsedData, string deploymentUrl, HostContextInternal hostContextInternal, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName)
 {
     DialogResult no;
     TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info);
     try
     {
         no = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher, parsedData.Certificate, options).ShowDialog();
     }
     catch (Exception)
     {
         no = DialogResult.No;
     }
     return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, no == DialogResult.OK, hostContextInternal.Persist && (no == DialogResult.OK));
 }
 private static PermissionSet GetRequestedPermissionSet(ApplicationSecurityInfo info)
 {
     PermissionSet defaultRequestSet = info.DefaultRequestSet;
     PermissionSet set2 = null;
     if (defaultRequestSet != null)
     {
         set2 = defaultRequestSet.Copy();
     }
     return set2;
 }
 private static string GetDeploymentUrl(ApplicationSecurityInfo info)
 {
     Url hostEvidence = info.ApplicationEvidence.GetHostEvidence<Url>();
     if (hostEvidence != null)
     {
         return hostEvidence.Value;
     }
     return null;
 }
        private static ApplicationTrust HighRiskPrompt(ActivationContext activationContext, ParsedData parsedData, string deploymentUrl, HostContextInternal hostContextInternal, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName)
        {
            DialogResult no;
            TrustManagerPromptOptions options = CompletePromptOptions(TrustManagerPromptOptions.RequiresPermissions, appTrustExtraInfo, zoneName, info);

            try
            {
                no = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher, parsedData.Certificate, options).ShowDialog();
            }
            catch (Exception)
            {
                no = DialogResult.No;
            }
            return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, no == DialogResult.OK, hostContextInternal.Persist && (no == DialogResult.OK)));
        }
 protected void InitStore(IsolatedStorageScope scope, Type appEvidenceType)
 {
     PermissionSet psAllowed = null;
     PermissionSet psDenied = null;
     GetCaller();
     GetControlEvidencePermission().Assert();
     if (IsApp(scope))
     {
         AppDomain domain = Thread.GetDomain();
         if (!IsRoaming(scope))
         {
             psAllowed = domain.PermissionSet;
             if (psAllowed == null)
             {
                 throw new IsolatedStorageException(Environment.GetResourceString("IsolatedStorage_DomainGrantSet"));
             }
         }
         ActivationContext activationContext = AppDomain.CurrentDomain.ActivationContext;
         if (activationContext == null)
         {
             throw new IsolatedStorageException(Environment.GetResourceString("IsolatedStorage_ApplicationMissingIdentity"));
         }
         ApplicationSecurityInfo info = new ApplicationSecurityInfo(activationContext);
         this._InitStore(scope, null, null, null, null, info.ApplicationEvidence, appEvidenceType);
     }
     this.SetQuota(psAllowed, psDenied);
 }
Пример #23
0
        private static bool AppRequestsBeyondDefaultTrust(ApplicationSecurityInfo info)
        {
            Debug.Assert(info != null);

            try
            {
                PermissionSet permSetDefaultZone = SecurityManager.GetStandardSandbox(info.ApplicationEvidence);
                PermissionSet permSetRequested = GetRequestedPermissionSet(info);

                if (permSetDefaultZone == null && permSetRequested != null)
                {
                    // No permissions are granted, and this launch requests some permissions
                    return true;
                }
                else if (permSetDefaultZone != null && permSetRequested == null)
                {
                    // Some permissions are granted, and this launch does not require any permissions
                    return false;
                }

                Debug.Assert(permSetDefaultZone != null);
                Debug.Assert(permSetRequested != null);

                return !permSetRequested.IsSubsetOf(permSetDefaultZone);
            }
            catch (Exception)
            {
                return true;
            }
        }
Пример #24
0
        internal static Evidence MergeApplicationEvidence(Evidence evidence,
                                                          ApplicationIdentity applicationIdentity,
                                                          ActivationContext activationContext,
                                                          string[] activationData,
                                                          ApplicationTrust applicationTrust)
        {
            Evidence appEvidence = new Evidence();

            ActivationArguments activationArgs = (activationContext == null ? new ActivationArguments(applicationIdentity, activationData) : new ActivationArguments(activationContext, activationData));
            appEvidence = new Evidence();
            appEvidence.AddHostEvidence(activationArgs);

            if (applicationTrust != null)
                appEvidence.AddHostEvidence(applicationTrust);

            if (activationContext != null)
            {
                Evidence asiEvidence = new ApplicationSecurityInfo(activationContext).ApplicationEvidence;
                if (asiEvidence != null)
                    appEvidence.MergeWithNoDuplicates(asiEvidence);
            }

            if (evidence != null)
                appEvidence.MergeWithNoDuplicates(evidence);

            return appEvidence;
        }
Пример #25
0
 private static TrustManagerPromptOptions CompletePromptOptions(TrustManagerPromptOptions options,
                                                                ApplicationTrustExtraInfo appTrustExtraInfo,
                                                                string zoneName, 
                                                                ApplicationSecurityInfo info)
 {
     if (appTrustExtraInfo.RequestsShellIntegration)
     {
         options |= TrustManagerPromptOptions.AddsShortcut;
     }
     if (zoneName != null)
     {
         if (string.Compare(zoneName, "Internet", true, CultureInfo.InvariantCulture) == 0)
         {
             options |= TrustManagerPromptOptions.InternetSource;
         }
         else if (string.Compare(zoneName, "TrustedSites", true, CultureInfo.InvariantCulture) == 0)
         {
             options |= TrustManagerPromptOptions.TrustedSitesSource;
         }
         else if (string.Compare(zoneName, "UntrustedSites", true, CultureInfo.InvariantCulture) == 0)
         {
             options |= TrustManagerPromptOptions.UntrustedSitesSource;
         }
         else if (string.Compare(zoneName, "LocalIntranet", true, CultureInfo.InvariantCulture) == 0)
         {
             options |= TrustManagerPromptOptions.LocalNetworkSource;
         }
         else if (string.Compare(zoneName, "MyComputer", true, CultureInfo.InvariantCulture) == 0)
         {
             options |= TrustManagerPromptOptions.LocalComputerSource;
         }
     }
     if (info != null)
     {
         PermissionSet pset = info.DefaultRequestSet;
         if (pset != null && pset.IsUnrestricted())
         {
             options |= TrustManagerPromptOptions.WillHaveFullTrust;
         }
     }
     return options;
 }
        private static ApplicationTrust BlockingPrompt(ActivationContext activationContext, ParsedData parsedData, string deploymentUrl, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName, bool permissionElevationRequired)
        {
            TrustManagerPromptOptions options = CompletePromptOptions(permissionElevationRequired ? (TrustManagerPromptOptions.RequiresPermissions | TrustManagerPromptOptions.StopApp) : TrustManagerPromptOptions.StopApp, appTrustExtraInfo, zoneName, info);

            try
            {
                new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName, DefaultBrowserExePath, parsedData.SupportUrl, GetHostFromDeploymentUrl(deploymentUrl), parsedData.AuthenticodedPublisher, parsedData.Certificate, options).ShowDialog();
            }
            catch (Exception)
            {
            }
            return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
        }
Пример #27
0
        private static bool ExistingTrustApplicable(ApplicationSecurityInfo info, 
                                                    ArrayList matchingTrusts)
        {
            Debug.Assert(info != null);
            Debug.Assert(matchingTrusts != null);

            int entry = 0;
            while (entry < matchingTrusts.Count)
            {
                ApplicationTrust matchingTrust = (ApplicationTrust) matchingTrusts[entry];
                if (!matchingTrust.IsApplicationTrustedToRun)
                {
                    // [....]: Can this ever happen?  I have serious doubts...
                    matchingTrusts.RemoveAt(entry);
                }

                PermissionSet permSetRequested = GetRequestedPermissionSet(info);
                PermissionSet permSetGranted = matchingTrust.DefaultGrantSet.PermissionSet; //PolicyStatement makes of copy of its permission set here.

                if (permSetGranted == null && permSetRequested != null)
                {
                    // No permissions were granted, and this launch requests some permissions
                    matchingTrusts.RemoveAt(entry);
                }
                else if (permSetGranted != null && permSetRequested == null)
                {
                    // Some permissions were granted, and this launch does not require any permissions
                    entry++;
                    continue;
                }

                Debug.Assert(permSetGranted != null);
                Debug.Assert(permSetRequested != null);

                if (permSetRequested.IsSubsetOf(permSetGranted))
                {
                    entry++; // Found a version that requires at least as much
                }
                else
                {
                    // This version does not require as much
                    matchingTrusts.RemoveAt(entry);
                }
            }
            return matchingTrusts.Count > 0;
        }
 private static TrustManagerPromptOptions CompletePromptOptions(TrustManagerPromptOptions options, ApplicationTrustExtraInfo appTrustExtraInfo, string zoneName, ApplicationSecurityInfo info)
 {
     if (appTrustExtraInfo.RequestsShellIntegration)
     {
         options |= TrustManagerPromptOptions.AddsShortcut;
     }
     if (zoneName != null)
     {
         if (string.Compare(zoneName, "Internet", true, CultureInfo.InvariantCulture) == 0)
         {
             options |= TrustManagerPromptOptions.InternetSource;
         }
         else if (string.Compare(zoneName, "TrustedSites", true, CultureInfo.InvariantCulture) == 0)
         {
             options |= TrustManagerPromptOptions.TrustedSitesSource;
         }
         else if (string.Compare(zoneName, "UntrustedSites", true, CultureInfo.InvariantCulture) == 0)
         {
             options |= TrustManagerPromptOptions.UntrustedSitesSource;
         }
         else if (string.Compare(zoneName, "LocalIntranet", true, CultureInfo.InvariantCulture) == 0)
         {
             options |= TrustManagerPromptOptions.LocalNetworkSource;
         }
         else if (string.Compare(zoneName, "MyComputer", true, CultureInfo.InvariantCulture) == 0)
         {
             options |= TrustManagerPromptOptions.LocalComputerSource;
         }
     }
     if (info != null)
     {
         PermissionSet defaultRequestSet = info.DefaultRequestSet;
         if ((defaultRequestSet != null) && defaultRequestSet.IsUnrestricted())
         {
             options |= TrustManagerPromptOptions.WillHaveFullTrust;
         }
     }
     return(options);
 }
Пример #29
0
        private static PermissionSet GetRequestedPermissionSet(ApplicationSecurityInfo info)
        {
            Debug.Assert(info != null);

            PermissionSet pset = info.DefaultRequestSet;
            PermissionSet permSetRequested = null;
            if (pset != null)
            {
                permSetRequested = pset.Copy();
            }
            return permSetRequested;
        }
 private static ApplicationTrust CreateApplicationTrust(ActivationContext activationContext, ApplicationSecurityInfo info, ApplicationTrustExtraInfo appTrustExtraInfo, bool trust, bool persist)
 {
     return(new ApplicationTrust(activationContext.Identity)
     {
         ExtraInfo = appTrustExtraInfo, IsApplicationTrustedToRun = trust, DefaultGrantSet = new PolicyStatement(info.DefaultRequestSet, PolicyStatementAttribute.Nothing), Persist = persist
     });
 }
Пример #31
0
        private static ApplicationTrust BlockingPrompt(ActivationContext activationContext,
                                                       ParsedData parsedData,
                                                       String deploymentUrl,
                                                       ApplicationSecurityInfo info,
                                                       ApplicationTrustExtraInfo appTrustExtraInfo,
                                                       string zoneName,
                                                       bool permissionElevationRequired)
        {
            TrustManagerPromptOptions options = CompletePromptOptions(permissionElevationRequired ? (TrustManagerPromptOptions.StopApp | TrustManagerPromptOptions.RequiresPermissions) : TrustManagerPromptOptions.StopApp,
                                                                      appTrustExtraInfo, zoneName, info);
            try
            {
                TrustManagerPromptUIThread errorDialog = new TrustManagerPromptUIThread(string.IsNullOrEmpty(parsedData.AppName) ? info.ApplicationId.Name : parsedData.AppName,
                                                                            DefaultBrowserExePath,
                                                                            parsedData.SupportUrl,
                                                                            GetHostFromDeploymentUrl(deploymentUrl),
                                                                            parsedData.AuthenticodedPublisher /*publisherName*/,
                                                                            parsedData.Certificate,
                                                                            options);
                errorDialog.ShowDialog();
            }
            catch (Exception ex)
            {
                Debug.Fail("Error occurred while showing error dialog: " + ex.Message);
            }

            // Trust Manager should prompt, but is not allowed to. Return Don't Trust and Don't Persist.
            return CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false /*trust*/, false /*persist*/);
        }
        public ApplicationTrust DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext trustManagerContext)
        {
            MemoryStream stream;
            bool         flag;
            bool         flag2;
            bool         flag3;
            MemoryStream stream2;
            ArrayList    list;

            if (activationContext == null)
            {
                throw new ArgumentNullException("activationContext");
            }
            ApplicationSecurityInfo   info = new ApplicationSecurityInfo(activationContext);
            ApplicationTrustExtraInfo appTrustExtraInfo   = new ApplicationTrustExtraInfo();
            HostContextInternal       hostContextInternal = new HostContextInternal(trustManagerContext);

            System.Deployment.Internal.Isolation.Manifest.ICMS deploymentComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS)InternalActivationContextHelper.GetDeploymentComponentManifest(activationContext);
            ParsedData parsedData = new ParsedData();

            if (ParseManifest(deploymentComponentManifest, parsedData))
            {
                appTrustExtraInfo.RequestsShellIntegration = parsedData.RequestsShellIntegration;
            }
            string deploymentUrl             = GetDeploymentUrl(info);
            string zoneNameFromDeploymentUrl = GetZoneNameFromDeploymentUrl(deploymentUrl);

            if (!ExtractManifestContent(deploymentComponentManifest, out stream))
            {
                return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));
            }
            AnalyzeCertificate(parsedData, stream, out flag, out flag2, out flag3);
            System.Deployment.Internal.Isolation.Manifest.ICMS applicationComponentManifest = (System.Deployment.Internal.Isolation.Manifest.ICMS)InternalActivationContextHelper.GetApplicationComponentManifest(activationContext);
            ParsedData data2 = new ParsedData();

            if ((ParseManifest(applicationComponentManifest, data2) && data2.UseManifestForTrust) && ExtractManifestContent(applicationComponentManifest, out stream2))
            {
                bool flag4;
                bool flag5;
                bool flag6;
                AnalyzeCertificate(parsedData, stream2, out flag4, out flag5, out flag6);
                flag  = flag4;
                flag2 = flag5;
                flag3 = flag6;
                parsedData.AppName      = data2.AppName;
                parsedData.AppPublisher = data2.AppPublisher;
                parsedData.SupportUrl   = data2.SupportUrl;
            }
            if (flag)
            {
                if (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData) == PromptsAllowed.None)
                {
                    return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
                }
                return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));
            }
            if (flag3)
            {
                parsedData.AuthenticodedPublisher = null;
                parsedData.Certificate            = null;
            }
            if ((!hostContextInternal.IgnorePersistedDecision && SearchPreviousTrustedVersion(activationContext, hostContextInternal.PreviousAppId, out list)) && ExistingTrustApplicable(info, list))
            {
                if ((appTrustExtraInfo.RequestsShellIntegration && !SomePreviousTrustedVersionRequiresShellIntegration(list)) && !flag2)
                {
                    switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
                    {
                    case PromptsAllowed.All:
                        return(BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));

                    case PromptsAllowed.BlockingOnly:
                        return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, AppRequestsBeyondDefaultTrust(info)));

                    case PromptsAllowed.None:
                        return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
                    }
                }
                return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist));
            }
            bool permissionElevationRequired = AppRequestsBeyondDefaultTrust(info);

            if (!permissionElevationRequired || flag2)
            {
                if (flag2)
                {
                    return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, true, hostContextInternal.Persist));
                }
                switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
                {
                case PromptsAllowed.All:
                case PromptsAllowed.None:
                    return(BasicInstallPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, false));

                case PromptsAllowed.BlockingOnly:
                    return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, permissionElevationRequired));
                }
            }
            switch (GetPromptsAllowed(hostContextInternal, zoneNameFromDeploymentUrl, parsedData))
            {
            case PromptsAllowed.BlockingOnly:
                return(BlockingPrompt(activationContext, parsedData, deploymentUrl, info, appTrustExtraInfo, zoneNameFromDeploymentUrl, true));

            case PromptsAllowed.None:
                return(CreateApplicationTrust(activationContext, info, appTrustExtraInfo, false, false));
            }
            return(HighRiskPrompt(activationContext, parsedData, deploymentUrl, hostContextInternal, info, appTrustExtraInfo, zoneNameFromDeploymentUrl));
        }
Пример #33
0
        public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
        {
            if (applicationEvidence == null)
                throw new ArgumentNullException("applicationEvidence");
            Contract.EndContractBlock();

            // This method looks for a trust decision for the ActivationContext in three locations, in order
            // of preference:
            //
            // 1. Supplied by the host in the AppDomainSetup. If the host supplied a decision this way, it
            //    will be in the applicationEvidence.
            // 2. Reuse the ApplicationTrust from the current AppDomain
            // 3. Ask the TrustManager for a trust decision

            // get the activation context from the application evidence.
            // The default HostSecurityManager does not examine the activatorEvidence
            // but other security managers could use it to figure out the 
            // evidence of the domain attempting to activate the application.

            ActivationArguments activationArgs = applicationEvidence.GetHostEvidence<ActivationArguments>();
            if (activationArgs == null)
                throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));

            ActivationContext actCtx = activationArgs.ActivationContext;
            if (actCtx == null)
                throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));

            // Make sure that any ApplicationTrust we find applies to the ActivationContext we're
            // creating the new AppDomain for.
            ApplicationTrust appTrust = applicationEvidence.GetHostEvidence<ApplicationTrust>();
            if (appTrust != null &&
                !CmsUtils.CompareIdentities(appTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
            {
                appTrust = null;
            }

            // If there was not a trust decision supplied in the Evidence, we can reuse the existing trust
            // decision from this domain if its identity matches the ActivationContext of the new domain.
            // Otherwise consult the TrustManager for a trust decision
            if (appTrust == null)
            {
                if (AppDomain.CurrentDomain.ApplicationTrust != null &&
                    CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
                {
                    appTrust = AppDomain.CurrentDomain.ApplicationTrust;
                }
                else
                {
                    appTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(actCtx, context);
                }
            }

            // If the trust decision allows the application to run, then it should also have a permission set
            // which is at least the permission set the application requested.
            ApplicationSecurityInfo appRequest = new ApplicationSecurityInfo(actCtx);
            if (appTrust != null && 
                appTrust.IsApplicationTrustedToRun &&
                !appRequest.DefaultRequestSet.IsSubsetOf(appTrust.DefaultGrantSet.PermissionSet))
            {
                throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
            }

                return appTrust;
        }
Пример #34
0
 internal static Evidence MergeApplicationEvidence(Evidence evidence, ApplicationIdentity applicationIdentity, ActivationContext activationContext, string[] activationData, ApplicationTrust applicationTrust)
 {
     Evidence evidence2 = new Evidence();
     ActivationArguments id = (activationContext == null) ? new ActivationArguments(applicationIdentity, activationData) : new ActivationArguments(activationContext, activationData);
     evidence2 = new Evidence();
     evidence2.AddHost(id);
     if (applicationTrust != null)
     {
         evidence2.AddHost(applicationTrust);
     }
     if (activationContext != null)
     {
         Evidence applicationEvidence = new ApplicationSecurityInfo(activationContext).ApplicationEvidence;
         if (applicationEvidence != null)
         {
             evidence2.MergeWithNoDuplicates(applicationEvidence);
         }
     }
     if (evidence != null)
     {
         evidence2.MergeWithNoDuplicates(evidence);
     }
     return evidence2;
 }