public void Copy_Name ()
{
NamedPermissionSet nps = new NamedPermissionSet (name);
nps.Description = sentinel;
nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Assertion));
NamedPermissionSet copy = (NamedPermissionSet)nps.Copy ("Copy");
Assert.AreEqual ("Copy", copy.Name, "Name");
Assert.AreEqual (nps.Description, copy.Description, "Description");
Assert.AreEqual (nps.Count, copy.Count, "Count");
}
private void CreateAppDomain()
{
// Locking s_AppDomains must happen in a CER so we don't orphan a lock that gets taken by AppDomain.DomainUnload.
bool lockHeld = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
try { }
finally
{
Monitor.Enter(s_AppDomains.SyncRoot);
lockHeld = true;
}
if (s_CleanedUp)
{
throw new InvalidOperationException(SR.GetString(SR.net_cant_perform_during_shutdown));
}
// Create singleton.
if (s_AppDomainInfo == null)
{
s_AppDomainInfo = new AppDomainSetup();
s_AppDomainInfo.DisallowBindingRedirects = true;
s_AppDomainInfo.DisallowCodeDownload = true;
NamedPermissionSet perms = new NamedPermissionSet("__WebProxySandbox", PermissionState.None);
perms.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
}
// If something's already in s_ExcessAppDomain, try to dislodge it again.
AppDomain excessAppDomain = s_ExcessAppDomain;
if (excessAppDomain != null)
{
TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(CloseAppDomainCallback), excessAppDomain);
throw new InvalidOperationException(SR.GetString(SR.net_cant_create_environment));
}
appDomainIndex = s_NextAppDomainIndex++;
try { }
finally
{
//
s_ExcessAppDomain = AppDomain.CreateDomain(c_appDomainName, null, s_AppDomainInfo);
try
{
s_AppDomains.Add(appDomainIndex, s_ExcessAppDomain);
// This indicates to the finally and the finalizer that everything succeeded.
scriptDomain = s_ExcessAppDomain;
}
finally
{
// ReferenceEquals has a ReliabilityContract.
if (object.ReferenceEquals(scriptDomain, s_ExcessAppDomain))
{
s_ExcessAppDomain = null;
}
else
{
// Something failed. Leave the domain in s_ExcessAppDomain until we can get rid of it. No
// more AppDomains can be created until we do. In the mean time, keep attempting to get the
// TimerThread to remove it. Also, might as well remove it from the hash if it made it in.
try
{
s_AppDomains.Remove(appDomainIndex);
}
finally
{
// Can't call AppDomain.Unload from a user thread (or in a lock).
TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(CloseAppDomainCallback), s_ExcessAppDomain);
}
}
}
}
}
finally
{
if (lockHeld)
{
Monitor.Exit(s_AppDomains.SyncRoot);
}
}
}
/// <summary>
/// Creates a new instance providing default "FullTrust", "Nothing", "MediumTrust" and "LowTrust" permissionsets
/// </summary>
/// <param name="allowUnmanagedCode">NCover requires unmangaged code permissions, set this flag <c>true</c> in this case.</param>
public SecurityTemplate(bool allowUnmanagedCode)
{
PolicyLevel pLevel = PolicyLevel.CreateAppDomainLevel();
// NOTHING permissionset
if (null == pLevel.GetNamedPermissionSet(PERMISSIONSET_NOTHING) )
{
NamedPermissionSet noPermissionSet = new NamedPermissionSet(PERMISSIONSET_NOTHING, PermissionState.None);
noPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.NoFlags));
pLevel.AddNamedPermissionSet(noPermissionSet);
}
// FULLTRUST permissionset
if (null == pLevel.GetNamedPermissionSet(PERMISSIONSET_FULLTRUST))
{
NamedPermissionSet fulltrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_FULLTRUST, PermissionState.Unrestricted);
pLevel.AddNamedPermissionSet(fulltrustPermissionSet);
}
// MEDIUMTRUST permissionset (corresponds to ASP.Net permission set in web_mediumtrust.config)
NamedPermissionSet mediumTrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_MEDIUMTRUST, PermissionState.None);
mediumTrustPermissionSet.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium));
mediumTrustPermissionSet.AddPermission(new DnsPermission(PermissionState.Unrestricted));
mediumTrustPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read,
"TEMP;TMP;USERNAME;OS;COMPUTERNAME"));
mediumTrustPermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess,
AppDomain.CurrentDomain.BaseDirectory));
IsolatedStorageFilePermission isolatedStorageFilePermission = new IsolatedStorageFilePermission(PermissionState.None);
isolatedStorageFilePermission.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isolatedStorageFilePermission.UserQuota = 9223372036854775807;
mediumTrustPermissionSet.AddPermission(isolatedStorageFilePermission);
mediumTrustPermissionSet.AddPermission(new PrintingPermission(PrintingPermissionLevel.DefaultPrinting));
SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.Assertion | SecurityPermissionFlag.Execution |
SecurityPermissionFlag.ControlThread | SecurityPermissionFlag.ControlPrincipal |
SecurityPermissionFlag.RemotingConfiguration;
if (allowUnmanagedCode)
{
securityPermissionFlag |= SecurityPermissionFlag.UnmanagedCode;
}
mediumTrustPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlag));
mediumTrustPermissionSet.AddPermission(new System.Net.Mail.SmtpPermission(System.Net.Mail.SmtpAccess.Connect));
mediumTrustPermissionSet.AddPermission(new SqlClientPermission(PermissionState.Unrestricted));
mediumTrustPermissionSet.AddPermission(new WebPermission());
pLevel.AddNamedPermissionSet(mediumTrustPermissionSet);
// LOWTRUST permissionset (corresponds to ASP.Net permission set in web_mediumtrust.config)
NamedPermissionSet lowTrustPermissionSet = new NamedPermissionSet(PERMISSIONSET_LOWTRUST, PermissionState.None);
lowTrustPermissionSet.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Low));
lowTrustPermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read|FileIOPermissionAccess.PathDiscovery,
AppDomain.CurrentDomain.BaseDirectory));
IsolatedStorageFilePermission isolatedStorageFilePermissionLow = new IsolatedStorageFilePermission(PermissionState.None);
isolatedStorageFilePermissionLow.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isolatedStorageFilePermissionLow.UserQuota = 1048576;
lowTrustPermissionSet.AddPermission(isolatedStorageFilePermissionLow);
SecurityPermissionFlag securityPermissionFlagLow = SecurityPermissionFlag.Execution;
if (allowUnmanagedCode)
{
securityPermissionFlagLow |= SecurityPermissionFlag.UnmanagedCode;
}
lowTrustPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlagLow));
pLevel.AddNamedPermissionSet(lowTrustPermissionSet);
// UnionCodeGroup rootCodeGroup = new UnionCodeGroup(new AllMembershipCondition(), new PolicyStatement(noPermissionSet, PolicyStatementAttribute.Nothing));
// pLevel.RootCodeGroup = rootCodeGroup;
_domainPolicy = pLevel;
}
// Create a builtin permission set by name.
private static PermissionSet CreateBuiltinPermissionSet(String name)
{
NamedPermissionSet set = null;
switch(name)
{
case "Execution":
{
set = new NamedPermissionSet
("Execution", PermissionState.None);
set.Description = _("Arg_PermissionsExecution");
set.AddPermission(new SecurityPermission
(SecurityPermissionFlag.Execution));
}
break;
case "FullTrust":
{
set = new NamedPermissionSet
("FullTrust", PermissionState.Unrestricted);
set.Description = _("Arg_PermissionsFullTrust");
}
break;
case "Internet":
{
set = new NamedPermissionSet
("Internet", PermissionState.None);
set.Description = _("Arg_PermissionsInternet");
}
break;
case "LocalIntranet":
{
set = new NamedPermissionSet
("LocalIntranet", PermissionState.None);
set.Description = _("Arg_PermissionsLocalIntranet");
}
break;
case "Nothing":
{
set = new NamedPermissionSet
("Nothing", PermissionState.None);
set.Description = _("Arg_PermissionsNothing");
}
break;
case "SkipVerification":
{
set = new NamedPermissionSet
("SkipVerification", PermissionState.None);
set.Description = _("Arg_PermissionsSkipVerification");
set.AddPermission(new SecurityPermission
(SecurityPermissionFlag.SkipVerification));
}
break;
}
return set;
}
public void Copy ()
{
NamedPermissionSet nps = new NamedPermissionSet (name);
nps.Description = sentinel;
nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Assertion));
NamedPermissionSet copy = (NamedPermissionSet)nps.Copy ();
AssertEquals ("Name", nps.Name, copy.Name);
AssertEquals ("Description", nps.Description, copy.Description);
AssertEquals ("Count", nps.Count, copy.Count);
}
private void CreateAppDomain()
{
bool lockTaken = false;
RuntimeHelpers.PrepareConstrainedRegions();
try
{
Monitor.Enter(s_AppDomains.SyncRoot, ref lockTaken);
if (s_CleanedUp)
{
throw new InvalidOperationException(SR.GetString("net_cant_perform_during_shutdown"));
}
if (s_AppDomainInfo == null)
{
s_AppDomainInfo = new AppDomainSetup();
s_AppDomainInfo.DisallowBindingRedirects = true;
s_AppDomainInfo.DisallowCodeDownload = true;
NamedPermissionSet permSet = new NamedPermissionSet("__WebProxySandbox", PermissionState.None);
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
ApplicationTrust trust = new ApplicationTrust {
DefaultGrantSet = new PolicyStatement(permSet)
};
s_AppDomainInfo.ApplicationTrust = trust;
s_AppDomainInfo.ApplicationBase = Environment.SystemDirectory;
}
AppDomain context = s_ExcessAppDomain;
if (context != null)
{
TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(AutoWebProxyScriptWrapper.CloseAppDomainCallback), context);
throw new InvalidOperationException(SR.GetString("net_cant_create_environment"));
}
this.appDomainIndex = s_NextAppDomainIndex++;
try
{
}
finally
{
PermissionSet grantSet = new PermissionSet(PermissionState.None);
grantSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
s_ExcessAppDomain = AppDomain.CreateDomain("WebProxyScript", null, s_AppDomainInfo, grantSet, null);
try
{
s_AppDomains.Add(this.appDomainIndex, s_ExcessAppDomain);
this.scriptDomain = s_ExcessAppDomain;
}
finally
{
if (object.ReferenceEquals(this.scriptDomain, s_ExcessAppDomain))
{
s_ExcessAppDomain = null;
}
else
{
try
{
s_AppDomains.Remove(this.appDomainIndex);
}
finally
{
TimerThread.GetOrCreateQueue(0).CreateTimer(new TimerThread.Callback(AutoWebProxyScriptWrapper.CloseAppDomainCallback), s_ExcessAppDomain);
}
}
}
}
}
finally
{
if (lockTaken)
{
Monitor.Exit(s_AppDomains.SyncRoot);
}
}
}
