public void DeInitializeSandbox()
{
lock (this)
{
try
{
if (newDomain != null)
{
newDomainInstance = null;
AppDomain.Unload(newDomain);
}
}
catch (Exception ex)
{
DebugEx.TraceError(ex, "Could not unload sandbox domain");
}
//release references
newDomainInstance = null;
newDomain = null;
}
}
public void InitializeSandbox(string TempPath, string AssemblyPath)
{
lock (this)
{
//deinit if not null
if (newDomain != null)
DeInitializeSandbox();
//Setting the AppDomainSetup.
//It is very important to set the ApplicationBase to a folder other than the one in which the sandboxer resides.
var adSetup = new AppDomainSetup();
adSetup.ApplicationBase = Path.GetFullPath(TempPath);
//Setting the permissions for the AppDomain.
//We give the permission to execute and to read/discover the location where the untrusted code is loaded.
var permSet = new PermissionSet(PermissionState.None);
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
//We want the sandboxer assembly's strong name, so that we can add it to the full trust list.
//var fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();
//Now we have everything we need to create the AppDomain, so let's create it.
//var newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, fullTrustAssembly);
newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet);
//Use CreateInstanceFrom to load an instance of the Sandboxer class into the new AppDomain.
var handle = Activator.CreateInstanceFrom
(
newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName,
typeof(Sandboxer).FullName
);
//Unwrap the new domain instance into a reference in this domain and use it to execute the untrusted code.
newDomainInstance = (Sandboxer)handle.Unwrap();
newDomainInstance.InitSandboxedInstance(File.ReadAllBytes(AssemblyPath));
}
}