public override void Install(System.Collections.IDictionary stateSaver)
{
PolicyLevel ent;
PolicyLevel mach;
PolicyLevel user;
string sAssemblyPath = this.Context.Parameters["custassembly"];
//string sAssemblyPath = this.Context.Parameters["XWord.dll"];
System.Collections.IEnumerator policies = SecurityManager.PolicyHierarchy();
policies.MoveNext();
ent = (PolicyLevel)policies.Current;
policies.MoveNext();
mach = (PolicyLevel)policies.Current;
policies.MoveNext();
user = (PolicyLevel)policies.Current;
PermissionSet fullTrust = user.GetNamedPermissionSet("FullTrust");
PolicyStatement statement = new PolicyStatement(fullTrust, PolicyStatementAttribute.Nothing);
UrlMembershipCondition condition = new UrlMembershipCondition(sAssemblyPath);
CodeGroup group = new UnionCodeGroup(condition, statement);
group.Name = "TestWordAddInCS";
user.RootCodeGroup.AddChild(group);
SecurityManager.SavePolicy();
base.Install(stateSaver);
}
public static Task<GetManifestCompletedEventArgs> DownloadManifestAsync(this InPlaceHostingManager manager) {
var tcs = new TaskCompletionSource<GetManifestCompletedEventArgs>();
manager.GetManifestCompleted += (sender, e) => {
if(e.Error != null) {
tcs.SetException(e.Error);
return;
}
var trust = new ApplicationTrust();
var permissions = new PermissionSet(PermissionState.Unrestricted);
var statement = new PolicyStatement(permissions);
trust.DefaultGrantSet = statement;
trust.ApplicationIdentity = e.ApplicationIdentity;
trust.IsApplicationTrustedToRun = true;
ApplicationSecurityManager.UserApplicationTrusts.Add(trust);
tcs.SetResult(e);
};
manager.GetManifestAsync();
return tcs.Task;
}
private static AppDomain CreateRestrictedDomain(string domainName)
{
// Default to all code getting nothing
PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None));
UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy);
// Grant all code the named permission set for the test
PermissionSet partialTrustPermissionSet = new PermissionSet(PermissionState.None);
partialTrustPermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.AllFlags));
partialTrustPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy));
PolicyStatement permissions = new PolicyStatement(partialTrustPermissionSet);
policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions));
// Create an AppDomain policy level for the policy tree
PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel();
appDomainLevel.RootCodeGroup = policyRoot;
// Set the Application Base correctly in order to find the test assembly
AppDomainSetup ads = new AppDomainSetup();
ads.ApplicationBase = Environment.CurrentDirectory;
AppDomain restrictedDomain = AppDomain.CreateDomain(domainName, null, ads);
restrictedDomain.SetAppDomainPolicy(appDomainLevel);
return restrictedDomain;
}
static AppDomain NewDomain () {
PolicyStatement statement = new PolicyStatement(new PermissionSet(PermissionState.None),PolicyStatementAttribute.Nothing);
PermissionSet ps = new PermissionSet(PermissionState.None);
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Assertion));
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlAppDomain));
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlDomainPolicy));
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence));
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlPolicy));
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlPrincipal));
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlThread));
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Infrastructure));
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.RemotingConfiguration));
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter));
ps.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
ps.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted));
ps.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
ps.AddPermission(new RegistryPermission(PermissionState.Unrestricted));
ps.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
ps.AddPermission(new EventLogPermission(PermissionState.Unrestricted));
ps.AddPermission(new PerformanceCounterPermission(PermissionState.Unrestricted));
ps.AddPermission(new DnsPermission(PermissionState.Unrestricted));
ps.AddPermission(new UIPermission(PermissionState.Unrestricted));
PolicyStatement statement1 = new PolicyStatement(ps,PolicyStatementAttribute.Exclusive);
CodeGroup group;
group = new UnionCodeGroup(new AllMembershipCondition(),statement);
group.AddChild(new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.MyComputer),statement1));
PolicyLevel level = PolicyLevel.CreateAppDomainLevel();
level.RootCodeGroup = group;
AppDomain domain = AppDomain.CreateDomain ("test");
domain.SetAppDomainPolicy(level);
return domain;
}
public void Constructor_PermissionSet_Null ()
{
PolicyStatement ps = new PolicyStatement (null);
Assert.AreEqual (PolicyStatementAttribute.Nothing, ps.Attributes, "Attributes");
Assert.AreEqual (String.Empty, ps.AttributeString, "AttributeString");
Assert.AreEqual (Empty.ToString (), ps.PermissionSet.ToString (), "PermissionSet");
Assert.AreEqual (ps.ToXml ().ToString (), ps.Copy ().ToXml ().ToString (), "Copy");
}
public void Constructor_PermissionSetPolicyStatementAttribute_Null ()
{
PolicyStatement ps = new PolicyStatement (null, PolicyStatementAttribute.All);
Assert.AreEqual (PolicyStatementAttribute.All, ps.Attributes, "Attributes");
Assert.AreEqual ("Exclusive LevelFinal", ps.AttributeString, "AttributeString");
Assert.AreEqual (Empty.ToString (), ps.PermissionSet.ToString (), "PermissionSet");
Assert.AreEqual (ps.ToXml ().ToString (), ps.Copy ().ToXml ().ToString (), "Copy");
}
internal CodeGroup()
{
m_membershipCondition = null;
m_children = null;
m_policy = null;
m_element = null;
m_parentLevel = null;
}
// PolicyLevel m_level;
protected CodeGroup (IMembershipCondition membershipCondition, PolicyStatement policy)
{
if (null == membershipCondition)
throw new ArgumentNullException ("membershipCondition");
if (policy != null)
m_policy = policy.Copy ();
m_membershipCondition = membershipCondition.Copy ();
}
public void Constructor_PermissionSet_Unrestricted ()
{
PermissionSet pset = new PermissionSet (PermissionState.Unrestricted);
PolicyStatement ps = new PolicyStatement (pset);
Assert.AreEqual (PolicyStatementAttribute.Nothing, ps.Attributes, "Attributes");
Assert.AreEqual (String.Empty, ps.AttributeString, "AttributeString");
Assert.AreEqual (Unrestricted.ToString (), ps.PermissionSet.ToString (), "PermissionSet");
Assert.AreEqual (ps.ToXml ().ToString (), ps.Copy ().ToXml ().ToString (), "Copy");
}
public PolicyStatement Copy()
{
PolicyStatement statement = new PolicyStatement(this.m_permSet, this.Attributes, true);
if (this.HasDependentEvidence)
{
statement.m_dependentEvidence = new List<IDelayEvaluatedEvidence>(this.m_dependentEvidence);
}
return statement;
}
/// <include file='doc\FirstMatchCodeGroup.uex' path='docs/doc[@for="FirstMatchCodeGroup.Resolve"]/*' />
public override PolicyStatement Resolve( Evidence evidence )
{
if (evidence == null)
throw new ArgumentNullException("evidence");
if (this.MembershipCondition.Check( evidence ))
{
PolicyStatement childPolicy = null;
IEnumerator enumerator = this.Children.GetEnumerator();
while (enumerator.MoveNext())
{
childPolicy = ((CodeGroup)enumerator.Current).Resolve( evidence );
// If the child has a policy, we are done.
if (childPolicy != null)
break;
}
PolicyStatement thisPolicy = this.PolicyStatement;
if (thisPolicy == null)
{
return childPolicy;
}
else if (childPolicy != null)
{
// Combine the child and this policy and return it.
PolicyStatement combined = new PolicyStatement();
combined.SetPermissionSetNoCopy( thisPolicy.GetPermissionSetNoCopy().Union( childPolicy.GetPermissionSetNoCopy() ) );
// if both this group and matching child group are exclusive we need to throw an exception
if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
throw new PolicyException( Environment.GetResourceString( "Policy_MultipleExclusive" ) );
combined.Attributes = thisPolicy.Attributes | childPolicy.Attributes;
return combined;
}
else
{
// Otherwise we just copy the this policy.
return this.PolicyStatement;
}
}
else
{
return null;
}
}
// Constructors.
public CodeGroup(IMembershipCondition membershipCondition,
PolicyStatement policy)
{
if(membershipCondition == null)
{
throw new ArgumentNullException("membershipCondition");
}
this.membershipCondition = membershipCondition;
this.policy = policy;
this.children = new ArrayList();
}
public override void Install(System.Collections.IDictionary stateSaver)
{
try
{
PolicyLevel enterprise;
PolicyLevel machine;
PolicyLevel user;
string assemblyLocation = this.Context.Parameters["assemblyLocation"];
string groupName = this.Context.Parameters["groupName"];
IEnumerator enumerator = SecurityManager.PolicyHierarchy();
// 1st one is enterprise
enumerator.MoveNext();
enterprise = (PolicyLevel)enumerator.Current;
// 2nd one is machine
enumerator.MoveNext();
machine = (PolicyLevel)enumerator.Current;
// 3rd one is user
enumerator.MoveNext();
user = (PolicyLevel)enumerator.Current;
PermissionSet permissionSet = user.GetNamedPermissionSet("FullTrust");
PolicyStatement statement = new PolicyStatement(permissionSet, PolicyStatementAttribute.Nothing);
UrlMembershipCondition condition = new UrlMembershipCondition(assemblyLocation);
CodeGroup codeGroup = new UnionCodeGroup(condition, statement);
codeGroup.Name = groupName;
// see if the code group already exists, and if so, remove it
CodeGroup existingCodeGroup = null;
foreach (CodeGroup group in user.RootCodeGroup.Children)
{
if (group.Name == codeGroup.Name)
{
existingCodeGroup = group;
break;
}
}
if (existingCodeGroup != null) user.RootCodeGroup.RemoveChild(existingCodeGroup);
SecurityManager.SavePolicy();
// add the code group
user.RootCodeGroup.AddChild(codeGroup);
SecurityManager.SavePolicy();
}
catch (Exception ex)
{
throw new InstallException("Cannot set the security policy.", ex);
}
// Call the base implementation.
base.Install(stateSaver);
}
internal CodeGroup( IMembershipCondition membershipCondition, PermissionSet permSet )
{
BCLDebug.Assert( membershipCondition != null, "membershipCondition != null" );
BCLDebug.Assert( permSet != null, "permSet != null" );
m_membershipCondition = membershipCondition;
m_policy = new PolicyStatement();
m_policy.SetPermissionSetNoCopy( permSet );
m_children = ArrayList.Synchronized( new ArrayList() );
m_element = null;
m_parentLevel = null;
}
public static void PolicyStatementCallMethods()
{
PolicyStatement ps = new PolicyStatement(new PermissionSet(new PermissionState()));
PolicyStatement ps2 = ps.Copy();
bool equals = ps.Equals(ps2);
int hash = ps.GetHashCode();
SecurityElement se = new SecurityElement("");
PolicyLevel pl = (PolicyLevel)Activator.CreateInstance(typeof(PolicyLevel), true);
ps.FromXml(se);
ps.FromXml(se, pl);
se = ps.ToXml();
se = ps.ToXml(pl);
}
protected CodeGroup( IMembershipCondition membershipCondition, PolicyStatement policy )
{
if (membershipCondition == null)
throw new ArgumentNullException( "membershipCondition" );
if (policy == null)
m_policy = null;
else
m_policy = policy.Copy();
m_membershipCondition = membershipCondition.Copy();
m_children = ArrayList.Synchronized( new ArrayList() );
m_element = null;
m_parentLevel = null;
}
ApplicationTrust (PermissionSet defaultGrantSet, IEnumerable<StrongName> fullTrustAssemblies)
{
if (defaultGrantSet == null)
throw new ArgumentNullException ("defaultGrantSet");
_defaultPolicy = new PolicyStatement (defaultGrantSet);
if (fullTrustAssemblies == null)
throw new ArgumentNullException ("fullTrustAssemblies");
this.fullTrustAssemblies = new List<StrongName> ();
foreach (var a in fullTrustAssemblies) {
if (a == null)
throw new ArgumentException ("fullTrustAssemblies contains an assembly that does not have a StrongName");
this.fullTrustAssemblies.Add ((StrongName) a.Copy ());
}
}
public override PolicyStatement Resolve(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
object usedEvidence = (object)null;
if (!PolicyManager.CheckMembershipCondition(this.MembershipCondition, evidence, out usedEvidence))
{
return((PolicyStatement)null);
}
PolicyStatement assemblyPolicy = this.CalculateAssemblyPolicy(evidence);
IDelayEvaluatedEvidence dependentEvidence = usedEvidence as IDelayEvaluatedEvidence;
if ((dependentEvidence == null ? 0 : (!dependentEvidence.IsVerified ? 1 : 0)) != 0)
{
assemblyPolicy.AddDependentEvidence(dependentEvidence);
}
bool flag = false;
IEnumerator enumerator = this.Children.GetEnumerator();
while (enumerator.MoveNext() && !flag)
{
PolicyStatement childPolicy = PolicyManager.ResolveCodeGroup(enumerator.Current as CodeGroup, evidence);
if (childPolicy != null)
{
assemblyPolicy.InplaceUnion(childPolicy);
if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
flag = true;
}
}
}
return(assemblyPolicy);
}
/// <include file='doc\UnionCodeGroup.uex' path='docs/doc[@for="UnionCodeGroup.Resolve"]/*' />
public override PolicyStatement Resolve(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (this.MembershipCondition.Check(evidence))
{
PolicyStatement thisPolicy = this.PolicyStatement;
IEnumerator enumerator = this.Children.GetEnumerator();
while (enumerator.MoveNext())
{
PolicyStatement childPolicy = ((CodeGroup)enumerator.Current).Resolve(evidence);
if (childPolicy != null)
{
if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
}
thisPolicy.GetPermissionSetNoCopy().InplaceUnion(childPolicy.GetPermissionSetNoCopy());
thisPolicy.Attributes = thisPolicy.Attributes | childPolicy.Attributes;
}
}
return(thisPolicy);
}
else
{
return(null);
}
}
internal PolicyStatement CalculatePolicy( String host, String scheme, String port )
{
SecurityElement webPerm = CreateWebPermission( host, scheme, port );
SecurityElement root = new SecurityElement( "PolicyStatement" );
SecurityElement permSet = new SecurityElement( "PermissionSet" );
permSet.AddAttribute( "class", "System.Security.PermissionSet" );
permSet.AddAttribute( "version", "1" );
if (webPerm != null)
permSet.AddChild( webPerm );
root.AddChild( permSet );
PolicyStatement policy = new PolicyStatement();
policy.FromXml( root );
return policy;
}
internal static string GetDataFormBaseDir()
{
string str = config.Configs["DataForm"].GetString("BaseDir", string.Empty);
if (str.StartsWith("http://") || str.StartsWith("ftp://"))
{
IEnumerator enumerator = SecurityManager.PolicyHierarchy();
enumerator.MoveNext();
for (PolicyLevel level = enumerator.Current as PolicyLevel; level != null; level = enumerator.Current as PolicyLevel)
{
if (level.Label == "Machine")
{
foreach (NamedPermissionSet set in level.NamedPermissionSets)
{
if (set.Name == "FullTrust")
{
UrlMembershipCondition membershipCondition = new UrlMembershipCondition(str + "*");
PolicyStatement policy = new PolicyStatement(set);
UnionCodeGroup group = new UnionCodeGroup(membershipCondition, policy);
level.RootCodeGroup.AddChild(group);
}
}
return str;
}
enumerator.MoveNext();
}
return str;
}
return string.Concat(new object[] { "file://", AppDomain.CurrentDomain.BaseDirectory, Path.DirectorySeparatorChar, str });
}
public void FromXml(SecurityElement element)
{
if (element == null)
{
throw new ArgumentNullException("element");
}
if (string.Compare(element.Tag, "ApplicationTrust", StringComparison.Ordinal) != 0)
{
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML"));
}
this.m_appTrustedToRun = false;
string strA = element.Attribute("TrustedToRun");
if ((strA != null) && (string.Compare(strA, "true", StringComparison.Ordinal) == 0))
{
this.m_appTrustedToRun = true;
}
this.m_persist = false;
string str2 = element.Attribute("Persist");
if ((str2 != null) && (string.Compare(str2, "true", StringComparison.Ordinal) == 0))
{
this.m_persist = true;
}
this.m_appId = null;
string applicationIdentityFullName = element.Attribute("FullName");
if ((applicationIdentityFullName != null) && (applicationIdentityFullName.Length > 0))
{
this.m_appId = new System.ApplicationIdentity(applicationIdentityFullName);
}
this.m_psDefaultGrant = null;
this.m_grantSetSpecialFlags = 0;
SecurityElement element2 = element.SearchForChildByTag("DefaultGrant");
if (element2 != null)
{
SecurityElement et = element2.SearchForChildByTag("PolicyStatement");
if (et != null)
{
PolicyStatement statement = new PolicyStatement(null);
statement.FromXml(et);
this.m_psDefaultGrant = statement;
this.m_grantSetSpecialFlags = SecurityManager.GetSpecialFlags(statement.PermissionSet, null);
}
}
List <StrongName> list = new List <StrongName>();
SecurityElement element4 = element.SearchForChildByTag("FullTrustAssemblies");
if ((element4 != null) && (element4.InternalChildren != null))
{
IEnumerator enumerator = element4.Children.GetEnumerator();
while (enumerator.MoveNext())
{
StrongName item = new StrongName();
item.FromXml(enumerator.Current as SecurityElement);
list.Add(item);
}
}
this.m_fullTrustAssemblies = list.AsReadOnly();
this.m_elExtraInfo = element.SearchForChildByTag("ExtraInfo");
}
protected CodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy)
{
}
public UnionCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy) : base(membershipCondition, policy)
{
}
// Resolve the policy for this code group.
public override PolicyStatement Resolve(Evidence evidence)
{
PolicyStatement stmt;
PolicyStatement childStmt;
IEnumerator e;
Site site;
UrlParser url;
// Validate the parameter.
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
// Check the membership condition.
if (!MembershipCondition.Check(evidence))
{
return(null);
}
// Scan the host evidence for a policy and site.
stmt = null;
site = null;
e = evidence.GetHostEnumerator();
while (e.MoveNext())
{
if (e.Current is Url)
{
url = ((Url)(e.Current)).parser;
stmt = MakePolicy(url.Scheme, url.Host);
}
else if (e.Current is Site && site == null)
{
site = (Site)(e.Current);
}
}
// Create a default policy statement if necessary.
if (stmt == null && site != null)
{
stmt = MakePolicy(null, site.Name);
}
else if (stmt == null)
{
stmt = new PolicyStatement
(new PermissionSet(PermissionState.None),
PolicyStatementAttribute.Nothing);
}
// Modify the policy statement from this code group.
foreach (CodeGroup group in Children)
{
childStmt = group.Resolve(evidence);
if (childStmt != null)
{
if ((stmt.Attributes &
PolicyStatementAttribute.Exclusive) != 0 &&
(childStmt.Attributes &
PolicyStatementAttribute.Exclusive) != 0)
{
throw new PolicyException(_("Security_Exclusive"));
}
}
stmt.PermissionSetNoCopy =
stmt.PermissionSetNoCopy.Union
(childStmt.PermissionSetNoCopy);
stmt.Attributes |= childStmt.Attributes;
}
return(stmt);
}
public void FromXml(SecurityElement element)
{
if (element == null)
{
throw new ArgumentNullException("element");
}
if (String.Compare(element.Tag, "ApplicationTrust", StringComparison.Ordinal) != 0)
{
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML"));
}
m_psDefaultGrant = null;
m_fullTrustAssemblies = null;
m_appTrustedToRun = false;
string isAppTrustedToRun = element.Attribute("TrustedToRun");
if (isAppTrustedToRun != null && String.Compare(isAppTrustedToRun, "true", StringComparison.Ordinal) == 0)
{
m_appTrustedToRun = true;
}
string persist = element.Attribute("Persist");
if (persist != null && String.Compare(persist, "true", StringComparison.Ordinal) == 0)
{
m_persist = true;
}
string fullName = element.Attribute("FullName");
if (fullName != null && fullName.Length > 0)
{
m_appId = new ApplicationIdentity(fullName);
}
SecurityElement elDefaultGrant = element.SearchForChildByTag("DefaultGrant");
if (elDefaultGrant != null)
{
SecurityElement elDefaultGrantPS = elDefaultGrant.SearchForChildByTag("PolicyStatement");
if (elDefaultGrantPS != null)
{
PolicyStatement ps = new PolicyStatement(null);
ps.FromXml(elDefaultGrantPS);
m_psDefaultGrant = ps;
}
}
SecurityElement elFullTrustAssemblies = element.SearchForChildByTag("FullTrustAssemblies");
if (elFullTrustAssemblies != null && elFullTrustAssemblies.InternalChildren != null)
{
m_fullTrustAssemblies = new StrongName[elFullTrustAssemblies.Children.Count];
IEnumerator enumerator = elFullTrustAssemblies.Children.GetEnumerator();
int index = 0;
while (enumerator.MoveNext())
{
m_fullTrustAssemblies[index] = new StrongName();
m_fullTrustAssemblies[index].FromXml(enumerator.Current as SecurityElement);
index++;
}
}
m_elExtraInfo = element.SearchForChildByTag("ExtraInfo");
}
private void Resolve_Zone_Unrestricted_Attribute (SecurityZone zone, PolicyStatementAttribute attr)
{
IMembershipCondition mc = new ZoneMembershipCondition (zone);
PolicyStatement ps = new PolicyStatement (new PermissionSet (PermissionState.Unrestricted));
ps.Attributes = attr;
PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
pl.RootCodeGroup = new UnionCodeGroup (mc, ps);
Resolve_Zone (pl, SecurityZone.Internet, attr, (zone == SecurityZone.Internet), 0);
Resolve_Zone (pl, SecurityZone.Intranet, attr, (zone == SecurityZone.Intranet), 0);
Resolve_Zone (pl, SecurityZone.MyComputer, attr, (zone == SecurityZone.MyComputer), 0);
Resolve_Zone (pl, SecurityZone.NoZone, attr, (zone == SecurityZone.NoZone), 0);
Resolve_Zone (pl, SecurityZone.Trusted, attr, (zone == SecurityZone.Trusted), 0);
Resolve_Zone (pl, SecurityZone.Untrusted, attr, (zone == SecurityZone.Untrusted), 0);
}
public UnionCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy)
{
}
public UnionCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy)
{
return(default(UnionCodeGroup));
}
/// <summary>Initializes a new instance of the <see cref="T:System.Security.Policy.UnionCodeGroup" /> class.</summary><param name="membershipCondition">A membership condition that tests evidence to determine whether this code group applies policy. </param><param name="policy">The policy statement for the code group in the form of a permission set and attributes to grant code that matches the membership condition. </param><exception cref="T:System.ArgumentException">The type of the <paramref name="membershipCondition" /> parameter is not valid.-or- The type of the <paramref name="policy" /> parameter is not valid. </exception>
public UnionCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy)
: base(null, null)
{
throw new NotImplementedException();
}
public FirstMatchCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy)
{
return(default(FirstMatchCodeGroup));
}
internal ApplicationTrust(PermissionSet defaultGrantSet, StrongName[] fullTrustAssemblies)
{
DefaultGrantSet = new PolicyStatement(defaultGrantSet);
FullTrustAssemblies = fullTrustAssemblies;
}
/// <include file='doc\FirstMatchCodeGroup.uex' path='docs/doc[@for="FirstMatchCodeGroup.FirstMatchCodeGroup"]/*' />
public FirstMatchCodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy)
: base(membershipCondition, policy)
{
}
public void FromXml (SecurityElement element) {
if (element == null)
throw new ArgumentNullException("element");
if (String.Compare(element.Tag, "ApplicationTrust", StringComparison.Ordinal) != 0)
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML"));
#if FEATURE_CLICKONCE
m_appTrustedToRun = false;
string isAppTrustedToRun = element.Attribute("TrustedToRun");
if (isAppTrustedToRun != null && String.Compare(isAppTrustedToRun, "true", StringComparison.Ordinal) == 0) {
m_appTrustedToRun = true;
}
m_persist = false;
string persist = element.Attribute("Persist");
if (persist != null && String.Compare(persist, "true", StringComparison.Ordinal) == 0) {
m_persist = true;
}
m_appId = null;
string fullName = element.Attribute("FullName");
if (fullName != null && fullName.Length > 0) {
m_appId = new ApplicationIdentity(fullName);
}
#endif // FEATURE_CLICKONCE
m_psDefaultGrant = null;
m_grantSetSpecialFlags = 0;
SecurityElement elDefaultGrant = element.SearchForChildByTag("DefaultGrant");
if (elDefaultGrant != null) {
SecurityElement elDefaultGrantPS = elDefaultGrant.SearchForChildByTag("PolicyStatement");
if (elDefaultGrantPS != null) {
PolicyStatement ps = new PolicyStatement(null);
ps.FromXml(elDefaultGrantPS);
m_psDefaultGrant = ps;
m_grantSetSpecialFlags = SecurityManager.GetSpecialFlags(ps.PermissionSet, null);
}
}
List<StrongName> fullTrustAssemblies = new List<StrongName>();
SecurityElement elFullTrustAssemblies = element.SearchForChildByTag("FullTrustAssemblies");
if (elFullTrustAssemblies != null && elFullTrustAssemblies.InternalChildren != null) {
IEnumerator enumerator = elFullTrustAssemblies.Children.GetEnumerator();
while (enumerator.MoveNext()) {
StrongName fullTrustAssembly = new StrongName();
fullTrustAssembly.FromXml(enumerator.Current as SecurityElement);
fullTrustAssemblies.Add(fullTrustAssembly);
}
}
m_fullTrustAssemblies = fullTrustAssemblies.AsReadOnly();
#if FEATURE_CLICKONCE
m_elExtraInfo = element.SearchForChildByTag("ExtraInfo");
#endif // FEATURE_CLICKONCE
}
/// <summary>从 XML 编码重新构造具有给定状态的 <see cref="T:System.Security.Policy.ApplicationTrust" /> 对象。</summary>
/// <param name="element">用于重新构造 <see cref="T:System.Security.Policy.ApplicationTrust" /> 对象的 XML 编码。</param>
/// <exception cref="T:System.ArgumentNullException">
/// <paramref name="element" /> 为 null。</exception>
/// <exception cref="T:System.ArgumentException">用于 <paramref name="element" /> 的 XML 编码无效。</exception>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode, ControlEvidence" />
/// </PermissionSet>
public void FromXml(SecurityElement element)
{
if (element == null)
{
throw new ArgumentNullException("element");
}
if (string.Compare(element.Tag, "ApplicationTrust", StringComparison.Ordinal) != 0)
{
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML"));
}
this.m_appTrustedToRun = false;
string strA1 = element.Attribute("TrustedToRun");
if (strA1 != null && string.Compare(strA1, "true", StringComparison.Ordinal) == 0)
{
this.m_appTrustedToRun = true;
}
this.m_persist = false;
string strA2 = element.Attribute("Persist");
if (strA2 != null && string.Compare(strA2, "true", StringComparison.Ordinal) == 0)
{
this.m_persist = true;
}
this.m_appId = (ApplicationIdentity)null;
string applicationIdentityFullName = element.Attribute("FullName");
if (applicationIdentityFullName != null && applicationIdentityFullName.Length > 0)
{
this.m_appId = new ApplicationIdentity(applicationIdentityFullName);
}
this.m_psDefaultGrant = (PolicyStatement)null;
this.m_grantSetSpecialFlags = 0;
SecurityElement securityElement1 = element.SearchForChildByTag("DefaultGrant");
if (securityElement1 != null)
{
SecurityElement et = securityElement1.SearchForChildByTag("PolicyStatement");
if (et != null)
{
PolicyStatement policyStatement = new PolicyStatement((PermissionSet)null);
policyStatement.FromXml(et);
this.m_psDefaultGrant = policyStatement;
this.m_grantSetSpecialFlags = SecurityManager.GetSpecialFlags(policyStatement.PermissionSet, (PermissionSet)null);
}
}
List <StrongName> strongNameList = new List <StrongName>();
SecurityElement securityElement2 = element.SearchForChildByTag("FullTrustAssemblies");
if (securityElement2 != null && securityElement2.InternalChildren != null)
{
foreach (object child in securityElement2.Children)
{
StrongName strongName = new StrongName();
strongName.FromXml(child as SecurityElement);
strongNameList.Add(strongName);
}
}
this.m_fullTrustAssemblies = (IList <StrongName>)strongNameList.AsReadOnly();
this.m_elExtraInfo = element.SearchForChildByTag("ExtraInfo");
}
/// <include file='doc\NetCodeGroup.uex' path='docs/doc[@for="NetCodeGroup.Resolve"]/*' />
public override PolicyStatement Resolve(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (this.MembershipCondition.Check(evidence))
{
PolicyStatement thisPolicy = null;
IEnumerator evidenceEnumerator = evidence.GetHostEnumerator();
Site site = null;
while (evidenceEnumerator.MoveNext())
{
Url url = evidenceEnumerator.Current as Url;
if (url != null)
{
thisPolicy = CalculatePolicy(url.GetURLString().Host, url.GetURLString().Scheme);
}
else
{
if (site == null)
{
site = evidenceEnumerator.Current as Site;
}
}
}
if (thisPolicy == null && site != null)
{
thisPolicy = CalculatePolicy(site.Name, null);
}
if (thisPolicy == null)
{
thisPolicy = new PolicyStatement(new PermissionSet(false), PolicyStatementAttribute.Nothing);
}
IEnumerator enumerator = this.Children.GetEnumerator();
while (enumerator.MoveNext())
{
PolicyStatement childPolicy = ((CodeGroup)enumerator.Current).Resolve(evidence);
if (childPolicy != null)
{
if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
}
thisPolicy.GetPermissionSetNoCopy().InplaceUnion(childPolicy.GetPermissionSetNoCopy());
thisPolicy.Attributes = thisPolicy.Attributes | childPolicy.Attributes;
}
}
return(thisPolicy);
}
else
{
return(null);
}
}
public UnionCodeGroup(IMembershipCondition membershipCondition,
PolicyStatement policy)
: base(membershipCondition, policy)
{
// Nothing to do here.
}
public void FromXml(SecurityElement element)
{
if (element == null)
{
throw new ArgumentNullException("element");
}
if (element.Tag != "ApplicationTrust")
{
throw new ArgumentException("element");
}
string s = element.Attribute("FullName");
if (s != null)
{
_appid = new ApplicationIdentity(s);
}
else
{
_appid = null;
}
_defaultPolicy = null;
SecurityElement defaultGrant = element.SearchForChildByTag("DefaultGrant");
if (defaultGrant != null)
{
for (int i = 0; i < defaultGrant.Children.Count; i++)
{
SecurityElement se = (defaultGrant.Children [i] as SecurityElement);
if (se.Tag == "PolicyStatement")
{
DefaultGrantSet.FromXml(se, null);
break;
}
}
}
if (!Boolean.TryParse(element.Attribute("TrustedToRun"), out _trustrun))
{
_trustrun = false;
}
if (!Boolean.TryParse(element.Attribute("Persist"), out _persist))
{
_persist = false;
}
_xtranfo = null;
SecurityElement xtra = element.SearchForChildByTag("ExtraInfo");
if (xtra != null)
{
s = xtra.Attribute("Data");
if (s != null)
{
byte[] data = CryptoConvert.FromHex(s);
using (MemoryStream ms = new MemoryStream(data)) {
BinaryFormatter bf = new BinaryFormatter();
_xtranfo = bf.Deserialize(ms);
}
}
}
}
private void ParsePolicy()
{
// There is a potential deadlock situation here
// since the PolicyStatement.FromXml method calls
// into PolicyLevel and we are holding this CodeGroup's lock.
// We solve this by releasing the lock for the duration of
// the FromXml call, but this leads us into some race conditions
// with other threads trying to alter the state of this object.
// The trickiest of these is the case from FromXml gets called on
// this object, in which case we will loop and try the decode again.
while (true)
{
PolicyStatement policy = new PolicyStatement();
bool needToParse = false;
SecurityElement elPolicy = new SecurityElement("PolicyStatement");
elPolicy.AddAttribute("version", "1");
SecurityElement localRef = m_element;
lock (this)
{
// We create an xml representation of a policy statement from the
// xml for a code group. We do this to hide the policy statement from
// users in the config file.
if (m_element != null)
{
String permSetName = m_element.Attribute("PermissionSetName");
if (permSetName != null)
{
elPolicy.AddAttribute("PermissionSetName", permSetName);
needToParse = true;
}
else
{
SecurityElement elPermSet = m_element.SearchForChildByTag("PermissionSet");
if (elPermSet != null)
{
elPolicy.AddChild(elPermSet);
needToParse = true;
}
else
{
elPolicy.AddChild(new PermissionSet(false).ToXml());
needToParse = true;
}
}
String attributes = m_element.Attribute("Attributes");
if (attributes != null)
{
elPolicy.AddAttribute("Attributes", attributes);
needToParse = true;
}
}
}
if (needToParse)
{
policy.FromXml(elPolicy, m_parentLevel);
}
else
{
policy.PermissionSet = null;
}
lock (this)
{
if (localRef == m_element && m_policy == null)
{
m_policy = policy;
break;
}
else if (m_policy != null)
{
break;
}
}
}
if (m_policy != null && m_children != null && m_membershipCondition != null)
{
//m_element = null;
//m_parentLevel = null;
}
}
public CodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy)
{
Contract.Requires(membershipCondition != null);
return(default(CodeGroup));
}
public ApplicationTrust(PermissionSet defaultGrantSet, IEnumerable<StrongName> fullTrustAssemblies) {
if (defaultGrantSet == null) {
throw new ArgumentNullException("defaultGrantSet");
}
if (fullTrustAssemblies == null) {
throw new ArgumentNullException("fullTrustAssemblies");
}
// Creating a PolicyStatement copies the incoming permission set, so we don't have to worry
// about the PermissionSet parameter changing underneath us after we've calculated the
// permisison flags in the DefaultGrantSet setter.
DefaultGrantSet = new PolicyStatement(defaultGrantSet);
List<StrongName> fullTrustList = new List<StrongName>();
foreach (StrongName strongName in fullTrustAssemblies) {
if (strongName == null) {
throw new ArgumentException(Environment.GetResourceString("Argument_NullFullTrustAssembly"));
}
fullTrustList.Add(new StrongName(strongName.PublicKey, strongName.Name, strongName.Version));
}
m_fullTrustAssemblies = fullTrustList.AsReadOnly();
}
// Token: 0x060028D4 RID: 10452 RVA: 0x00096790 File Offset: 0x00094990
private void ParsePolicy()
{
for (;;)
{
PolicyStatement policyStatement = new PolicyStatement();
bool flag = false;
SecurityElement securityElement = new SecurityElement("PolicyStatement");
securityElement.AddAttribute("version", "1");
SecurityElement element = this.m_element;
lock (this)
{
if (this.m_element != null)
{
string text = this.m_element.Attribute("PermissionSetName");
if (text != null)
{
securityElement.AddAttribute("PermissionSetName", text);
flag = true;
}
else
{
SecurityElement securityElement2 = this.m_element.SearchForChildByTag("PermissionSet");
if (securityElement2 != null)
{
securityElement.AddChild(securityElement2);
flag = true;
}
else
{
securityElement.AddChild(new PermissionSet(false).ToXml());
flag = true;
}
}
string text2 = this.m_element.Attribute("Attributes");
if (text2 != null)
{
securityElement.AddAttribute("Attributes", text2);
flag = true;
}
}
}
if (flag)
{
policyStatement.FromXml(securityElement, this.m_parentLevel);
}
else
{
policyStatement.PermissionSet = null;
}
lock (this)
{
if (element == this.m_element && this.m_policy == null)
{
this.m_policy = policyStatement;
}
else if (this.m_policy == null)
{
continue;
}
}
break;
}
if (this.m_policy != null && this.m_children != null)
{
IMembershipCondition membershipCondition = this.m_membershipCondition;
}
}
private void SetSandBoxPolicy()
{
if (!this.SandBox)
throw new InvalidOperationException("SandBox property is not set to true");
// http://www.dotnetthis.com/Articles/DynamicSandboxing.htm
// Now we need to set the appdomain policy,
// and to do that we will need to create a Policy Level.
// A Policy Level is a tree-like structure that has Code Groups as its nodes.
// Each code group consists of a Membership Condition (something that
// defines if an assembly in question belongs to the code group) and
// a Permission Set that is granted to the assembly if it does.
PolicyLevel domainPolicy = PolicyLevel.CreateAppDomainLevel();
// Let's create a code group that gives Internet permission set
// to all code.
// First, let's create a membership condition that accepts all code.
AllMembershipCondition allCodeMC = new AllMembershipCondition();
// If you were to build a more complex policy (giving different permissions
// to different assemblies) you could use other membership conditions,
// such as ZoneMembershipCondition, StrongNameMembershipCondition, etc.
// Now let's create a policy statement that represents Internet permissions.
// Here we just grab named permission set called "Internet" from the default policy,
// but you could also create your own permission set with whatever permissions
// you want in there.
PermissionSet internetPermissionSet = domainPolicy.GetNamedPermissionSet("Internet");
PolicyStatement internetPolicyStatement = new PolicyStatement(internetPermissionSet);
// We are ready to create a code group that maps all code to Internet permissions
CodeGroup allCodeInternetCG = new UnionCodeGroup(allCodeMC, internetPolicyStatement);
// We have used a UnionCodeGroup here. It does not make much difference for
// a simple policy like ours here, but if you were to set up a more complex one
// you would probably add some child code groups and then the type of the parent
// code group would matter. UnionCodeGroup unions all permissions granted by its
// child code groups (as opposed to FirstMatchCodeGroup that only takes one child
// code group into effect).
// Once we have the CodeGroup set up we can add it to our Policy Level.
domainPolicy.RootCodeGroup = allCodeInternetCG;
// If our root code group had any children the whole tree would be added
// to the appdomain security policy now.
// Imagine you wanted to modify our policy so that your strongname signed
// assemblies would get FullTrust and all other assemblies would get Internet
// permissions. Do accomplish that you would create a new UnionCodeGroup,
// whose membership condition would be a StrongNameMembershipCondition
// specifying your public key, and its permission set would be a "FullTrust"
// or just a "new PermissionSet(PermissionState.Unrestricted)".
// Then you would add that code group as a child to our allCodeInternetCG by
// calling its AddChild method. Whenever you then loaded a correct strong
// name signed assembly into your appdomain it would get Internet from the
// root code group and FullTrust from the child code group, and the effective
// permissions would be a union of the two, which is FullTrust.
// and our final policy related step is setting the AppDomain policy
this.Domain.SetAppDomainPolicy(domainPolicy);
}
[System.Security.SecurityCritical] // auto-generated
private PolicyStatement CheckCache (int count, byte[] serializedEvidence) {
if (m_configId == ConfigId.None)
return null;
if (serializedEvidence == null)
return null;
byte[] cachedValue;
if (!Config.GetCacheEntry(m_configId, count, serializedEvidence, out cachedValue))
return null;
PolicyStatement cachedSet = new PolicyStatement();
SecurityDocument doc = new SecurityDocument(cachedValue);
cachedSet.FromXml(doc, 0, null, true);
return cachedSet;
}
/// From MRMModule.cs by Adam Frisby
/// <summary>
/// Create an AppDomain that contains policy restricting code to execute
/// with only the permissions granted by a named permission set
/// </summary>
/// <param name = "permissionSetName">name of the permission set to restrict to</param>
/// <param name = "appDomainName">'friendly' name of the appdomain to be created</param>
/// <exception cref = "ArgumentNullException">
/// if <paramref name = "permissionSetName" /> is null
/// </exception>
/// <exception cref = "ArgumentOutOfRangeException">
/// if <paramref name = "permissionSetName" /> is empty
/// </exception>
/// <returns>AppDomain with a restricted security policy</returns>
/// <remarks>
/// Substantial portions of this function from: http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx
/// Valid permissionSetName values are:
/// * FullTrust
/// * SkipVerification
/// * Execution
/// * Nothing
/// * LocalIntranet
/// * Internet
/// * Everything
/// </remarks>
public AppDomain CreateRestrictedDomain(string permissionSetName, string appDomainName, AppDomainSetup ads)
{
if (permissionSetName == null)
throw new ArgumentNullException("permissionSetName");
if (permissionSetName.Length == 0)
throw new ArgumentOutOfRangeException("permissionSetName", permissionSetName,
"Cannot have an empty permission set name");
// Default to all code getting everything
PermissionSet setIntersection = new PermissionSet(PermissionState.Unrestricted);
AppDomain restrictedDomain = null;
#if NET_3_5
PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None));
UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy);
bool foundName = false;
// iterate over each policy level
IEnumerator levelEnumerator = SecurityManager.PolicyHierarchy();
while (levelEnumerator.MoveNext())
{
PolicyLevel level = levelEnumerator.Current as PolicyLevel;
// if this level has defined a named permission set with the
// given name, then intersect it with what we've retrieved
// from all the previous levels
if (level != null)
{
PermissionSet levelSet = level.GetNamedPermissionSet(permissionSetName);
if (levelSet != null)
{
foundName = true;
if (setIntersection != null)
setIntersection = setIntersection.Intersect(levelSet);
}
}
}
// Intersect() can return null for an empty set, so convert that
// to an empty set object. Also return an empty set if we didn't find
// the named permission set we were looking for
if (setIntersection == null || !foundName)
setIntersection = new PermissionSet(PermissionState.None);
else
setIntersection = new NamedPermissionSet(permissionSetName, setIntersection);
// if no named permission sets were found, return an empty set,
// otherwise return the set that was found
setIntersection.AddPermission(new SocketPermission(PermissionState.Unrestricted));
setIntersection.AddPermission(new WebPermission(PermissionState.Unrestricted));
setIntersection.AddPermission(new SecurityPermission(PermissionState.Unrestricted));
PolicyStatement permissions = new PolicyStatement(setIntersection);
policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions));
// create an AppDomain policy level for the policy tree
PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel();
appDomainLevel.RootCodeGroup = policyRoot;
// create an AppDomain where this policy will be in effect
restrictedDomain = AppDomain.CreateDomain(appDomainName, null, ads);
restrictedDomain.SetAppDomainPolicy(appDomainLevel);
#else
SecurityZone zone = SecurityZone.MyComputer;
try
{
zone = (SecurityZone)Enum.Parse(typeof(SecurityZone), permissionSetName);
}
catch
{
zone = SecurityZone.MyComputer;
}
Evidence ev = new Evidence();
ev.AddHostEvidence(new Zone(zone));
setIntersection = SecurityManager.GetStandardSandbox(ev);
setIntersection.AddPermission(new System.Net.SocketPermission(PermissionState.Unrestricted));
setIntersection.AddPermission(new System.Net.WebPermission(PermissionState.Unrestricted));
setIntersection.AddPermission(new System.Security.Permissions.SecurityPermission(PermissionState.Unrestricted));
// create an AppDomain where this policy will be in effect
restrictedDomain = AppDomain.CreateDomain(appDomainName, ev, ads, setIntersection, null);
#endif
return restrictedDomain;
}
/// <summary>Initializes a new instance of <see cref="T:System.Security.Policy.CodeGroup" />.</summary><param name="membershipCondition">A membership condition that tests evidence to determine whether this code group applies policy. </param><param name="policy">The policy statement for the code group in the form of a permission set and attributes to grant code that matches the membership condition. </param><exception cref="T:System.ArgumentNullException">The <paramref name="membershipCondition" /> parameter is null. </exception><exception cref="T:System.ArgumentException">The type of the <paramref name="membershipCondition" /> parameter is not valid.-or- The type of the <paramref name="policy" /> parameter is not valid. </exception>
protected CodeGroup(IMembershipCondition membershipCondition, PolicyStatement policy)
{
throw new NotImplementedException();
}
public FirstMatchCodeGroup (IMembershipCondition membershipCondition, PolicyStatement policy) {
return default(FirstMatchCodeGroup);
}
[System.Security.SecuritySafeCritical] // auto-generated
public override PolicyStatement Resolve(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
Contract.EndContractBlock();
object usedEvidence = null;
if (PolicyManager.CheckMembershipCondition(MembershipCondition,
evidence,
out usedEvidence))
{
PolicyStatement childPolicy = null;
IEnumerator enumerator = this.Children.GetEnumerator();
while (enumerator.MoveNext())
{
childPolicy = PolicyManager.ResolveCodeGroup(enumerator.Current as CodeGroup,
evidence);
// If the child has a policy, we are done.
if (childPolicy != null)
{
break;
}
}
// If any delay-evidence was used to generate this grant set, then we need to keep track of
// that for potentially later forcing it to be verified.
IDelayEvaluatedEvidence delayEvidence = usedEvidence as IDelayEvaluatedEvidence;
bool delayEvidenceNeedsVerification = delayEvidence != null && !delayEvidence.IsVerified;
PolicyStatement thisPolicy = this.PolicyStatement; // PolicyStatement getter makes a copy for us
if (thisPolicy == null)
{
// We didn't add any permissions, but we enabled our children to be evaluated, and
// therefore its grant set is dependent on any of our delay evidence.
if (delayEvidenceNeedsVerification)
{
childPolicy = childPolicy.Copy();
childPolicy.AddDependentEvidence(delayEvidence);
}
return(childPolicy);
}
else if (childPolicy != null)
{
// Combine the child and this policy and return it.
PolicyStatement combined = thisPolicy.Copy();
if (delayEvidenceNeedsVerification)
{
combined.AddDependentEvidence(delayEvidence);
}
combined.InplaceUnion(childPolicy);
return(combined);
}
else
{
// Otherwise we just copy the this policy.
if (delayEvidenceNeedsVerification)
{
thisPolicy.AddDependentEvidence(delayEvidence);
}
return(thisPolicy);
}
}
else
{
return(null);
}
}
public override bool Equals(object obj)
{
PolicyStatement policyStatement = obj as PolicyStatement;
return(policyStatement != null && this.m_attributes == policyStatement.m_attributes && object.Equals(this.m_permSet, policyStatement.m_permSet));
}
public void FromXml(SecurityElement e, PolicyLevel level)
{
if (null == e)
{
throw new ArgumentNullException("e");
}
PermissionSet ps = null;
string psetname = e.Attribute("PermissionSetName");
if ((psetname != null) && (level != null))
{
ps = level.GetNamedPermissionSet(psetname);
}
else
{
SecurityElement pset = e.SearchForChildByTag("PermissionSet");
if (pset != null)
{
Type classType = Type.GetType(pset.Attribute("class"));
ps = (PermissionSet)Activator.CreateInstance(classType, true);
ps.FromXml(pset);
}
else
{
ps = new PermissionSet(new PermissionSet(PermissionState.None));
}
}
m_policy = new PolicyStatement(ps);
m_children.Clear();
if ((e.Children != null) && (e.Children.Count > 0))
{
foreach (SecurityElement se in e.Children)
{
if (se.Tag == "CodeGroup")
{
this.AddChild(CodeGroup.CreateFromXml(se, level));
}
}
}
m_membershipCondition = null;
SecurityElement mc = e.SearchForChildByTag("IMembershipCondition");
if (mc != null)
{
string className = mc.Attribute("class");
Type classType = Type.GetType(className);
if (classType == null)
{
classType = Type.GetType("System.Security.Policy." + className);
}
m_membershipCondition = (IMembershipCondition)Activator.CreateInstance(classType, true);
m_membershipCondition.FromXml(mc, level);
}
m_name = e.Attribute("Name");
m_description = e.Attribute("Description");
// seems like we might need this to Resolve() in subclasses
m_level = level;
ParseXml(e, level);
}
private void ParsePolicy()
{
label_0:
PolicyStatement policyStatement = new PolicyStatement();
bool flag = false;
SecurityElement et = new SecurityElement("PolicyStatement");
et.AddAttribute("version", "1");
SecurityElement securityElement = this.m_element;
lock (this)
{
if (this.m_element != null)
{
string local_6 = this.m_element.Attribute("PermissionSetName");
if (local_6 != null)
{
et.AddAttribute("PermissionSetName", local_6);
flag = true;
}
else
{
SecurityElement local_8 = this.m_element.SearchForChildByTag("PermissionSet");
if (local_8 != null)
{
et.AddChild(local_8);
flag = true;
}
else
{
et.AddChild(new PermissionSet(false).ToXml());
flag = true;
}
}
string local_7 = this.m_element.Attribute("Attributes");
if (local_7 != null)
{
et.AddAttribute("Attributes", local_7);
flag = true;
}
}
}
if (flag)
{
policyStatement.FromXml(et, this.m_parentLevel);
}
else
{
policyStatement.PermissionSet = (PermissionSet)null;
}
lock (this)
{
if (securityElement == this.m_element && this.m_policy == null)
{
this.m_policy = policyStatement;
}
else if (this.m_policy == null)
{
goto label_0;
}
}
if (this.m_policy == null || this.m_children == null)
{
return;
}
IMembershipCondition membershipCondition = this.m_membershipCondition;
}
private PolicyStatement CalculateAssemblyPolicy( Evidence evidence )
{
PolicyStatement thisPolicy = null;
Url url = evidence.GetHostEvidence<Url>();
if (url != null)
{
thisPolicy = CalculatePolicy( url.GetURLString().Host, url.GetURLString().Scheme, url.GetURLString().Port );
}
if (thisPolicy == null)
{
Site site = evidence.GetHostEvidence<Site>();
if (site != null)
{
thisPolicy = CalculatePolicy(site.Name, null, null);
}
}
if (thisPolicy == null)
thisPolicy = new PolicyStatement( new PermissionSet( false ), PolicyStatementAttribute.Nothing );
return thisPolicy;
}
private PolicyStatement CalculateAssemblyPolicy( Evidence evidence )
{
IEnumerator evidenceEnumerator = evidence.GetHostEnumerator();
PolicyStatement thisPolicy = null;
Site site = null;
while (evidenceEnumerator.MoveNext())
{
Url url = evidenceEnumerator.Current as Url;
if (url != null)
{
thisPolicy = CalculatePolicy( url.GetURLString().Host, url.GetURLString().Scheme, url.GetURLString().Port );
}
else
{
if (site == null)
site = evidenceEnumerator.Current as Site;
}
}
if (thisPolicy == null && site != null)
thisPolicy = CalculatePolicy( site.Name, null, null );
if (thisPolicy == null)
thisPolicy = new PolicyStatement( new PermissionSet( false ), PolicyStatementAttribute.Nothing );
return thisPolicy;
}
public void FromXml(SecurityElement element)
{
if (element == null)
{
throw new ArgumentNullException("element");
}
if (String.Compare(element.Tag, "ApplicationTrust", StringComparison.Ordinal) != 0)
{
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML"));
}
#if FEATURE_CLICKONCE
m_appTrustedToRun = false;
string isAppTrustedToRun = element.Attribute("TrustedToRun");
if (isAppTrustedToRun != null && String.Compare(isAppTrustedToRun, "true", StringComparison.Ordinal) == 0)
{
m_appTrustedToRun = true;
}
m_persist = false;
string persist = element.Attribute("Persist");
if (persist != null && String.Compare(persist, "true", StringComparison.Ordinal) == 0)
{
m_persist = true;
}
m_appId = null;
string fullName = element.Attribute("FullName");
if (fullName != null && fullName.Length > 0)
{
m_appId = new ApplicationIdentity(fullName);
}
#endif // FEATURE_CLICKONCE
m_psDefaultGrant = null;
m_grantSetSpecialFlags = 0;
SecurityElement elDefaultGrant = element.SearchForChildByTag("DefaultGrant");
if (elDefaultGrant != null)
{
SecurityElement elDefaultGrantPS = elDefaultGrant.SearchForChildByTag("PolicyStatement");
if (elDefaultGrantPS != null)
{
PolicyStatement ps = new PolicyStatement(null);
ps.FromXml(elDefaultGrantPS);
m_psDefaultGrant = ps;
m_grantSetSpecialFlags = SecurityManager.GetSpecialFlags(ps.PermissionSet, null);
}
}
List <StrongName> fullTrustAssemblies = new List <StrongName>();
SecurityElement elFullTrustAssemblies = element.SearchForChildByTag("FullTrustAssemblies");
if (elFullTrustAssemblies != null && elFullTrustAssemblies.InternalChildren != null)
{
IEnumerator enumerator = elFullTrustAssemblies.Children.GetEnumerator();
while (enumerator.MoveNext())
{
StrongName fullTrustAssembly = new StrongName();
fullTrustAssembly.FromXml(enumerator.Current as SecurityElement);
fullTrustAssemblies.Add(fullTrustAssembly);
}
}
m_fullTrustAssemblies = fullTrustAssemblies.AsReadOnly();
#if FEATURE_CLICKONCE
m_elExtraInfo = element.SearchForChildByTag("ExtraInfo");
#endif // FEATURE_CLICKONCE
}
/// <include file='doc\FirstMatchCodeGroup.uex' path='docs/doc[@for="FirstMatchCodeGroup.Resolve"]/*' />
public override PolicyStatement Resolve(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (this.MembershipCondition.Check(evidence))
{
PolicyStatement childPolicy = null;
IEnumerator enumerator = this.Children.GetEnumerator();
while (enumerator.MoveNext())
{
childPolicy = ((CodeGroup)enumerator.Current).Resolve(evidence);
// If the child has a policy, we are done.
if (childPolicy != null)
{
break;
}
}
PolicyStatement thisPolicy = this.PolicyStatement;
if (thisPolicy == null)
{
return(childPolicy);
}
else if (childPolicy != null)
{
// Combine the child and this policy and return it.
PolicyStatement combined = new PolicyStatement();
combined.SetPermissionSetNoCopy(thisPolicy.GetPermissionSetNoCopy().Union(childPolicy.GetPermissionSetNoCopy()));
// if both this group and matching child group are exclusive we need to throw an exception
if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
}
combined.Attributes = thisPolicy.Attributes | childPolicy.Attributes;
return(combined);
}
else
{
// Otherwise we just copy the this policy.
return(this.PolicyStatement);
}
}
else
{
return(null);
}
}
public FirstMatchCodeGroup (IMembershipCondition membershipCondition, PolicyStatement policy)
: base (membershipCondition, policy)
{
}
