private static AppDomain CreateRestrictedDomain(string domainName) { // Default to all code getting nothing PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None)); UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy); // Grant all code the named permission set for the test PermissionSet partialTrustPermissionSet = new PermissionSet(PermissionState.None); partialTrustPermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.AllFlags)); partialTrustPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)); PolicyStatement permissions = new PolicyStatement(partialTrustPermissionSet); policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions)); // Create an AppDomain policy level for the policy tree PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel(); appDomainLevel.RootCodeGroup = policyRoot; // Set the Application Base correctly in order to find the test assembly AppDomainSetup ads = new AppDomainSetup(); ads.ApplicationBase = Environment.CurrentDirectory; AppDomain restrictedDomain = AppDomain.CreateDomain(domainName, null, ads); restrictedDomain.SetAppDomainPolicy(appDomainLevel); return restrictedDomain; }
internal CodeGroup Copy (bool childs) { UnionCodeGroup copy = new UnionCodeGroup (MembershipCondition, PolicyStatement); copy.Name = Name; copy.Description = Description; if (childs) { foreach (CodeGroup child in Children) { copy.AddChild (child.Copy ()); } } return copy; }
/// <summary>Makes a deep copy of the current code group.</summary> /// <returns>An equivalent copy of the current code group, including its membership conditions and child code groups.</returns> // Token: 0x06002A5C RID: 10844 RVA: 0x0009D9A8 File Offset: 0x0009BBA8 public override CodeGroup Copy() { UnionCodeGroup unionCodeGroup = new UnionCodeGroup(); unionCodeGroup.MembershipCondition = base.MembershipCondition; unionCodeGroup.PolicyStatement = base.PolicyStatement; unionCodeGroup.Name = base.Name; unionCodeGroup.Description = base.Description; foreach (object obj in base.Children) { unionCodeGroup.AddChild((CodeGroup)obj); } return(unionCodeGroup); }
/// <summary>生成当前代码组的深层副本。</summary> /// <returns>当前代码组(包括其成员条件和子代码组)的等效副本。</returns> /// <PermissionSet> /// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" /> /// </PermissionSet> public override CodeGroup Copy() { UnionCodeGroup unionCodeGroup = new UnionCodeGroup(); unionCodeGroup.MembershipCondition = this.MembershipCondition; unionCodeGroup.PolicyStatement = this.PolicyStatement; unionCodeGroup.Name = this.Name; unionCodeGroup.Description = this.Description; foreach (CodeGroup child in (IEnumerable)this.Children) { unionCodeGroup.AddChild(child); } return((CodeGroup)unionCodeGroup); }
private static void CreateAPolicyLevel() { try { // Create an AppDomain policy level. PolicyLevel pLevel = PolicyLevel.CreateAppDomainLevel(); // The root code group of the policy level combines all permissions of its children. UnionCodeGroup rootCodeGroup; PermissionSet ps = new PermissionSet(PermissionState.None); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); rootCodeGroup = new UnionCodeGroup( new AllMembershipCondition(), new PolicyStatement(ps, PolicyStatementAttribute.Nothing)); // This code group grants FullTrust to assemblies with the strong name key from this assembly. UnionCodeGroup myCodeGroup = new UnionCodeGroup( new StrongNameMembershipCondition( new StrongNamePublicKeyBlob(GetKey()), null, null), new PolicyStatement(new PermissionSet(PermissionState.Unrestricted), PolicyStatementAttribute.Nothing) ); myCodeGroup.Name = "My CodeGroup"; // Add the code groups to the policy level. rootCodeGroup.AddChild(myCodeGroup); pLevel.RootCodeGroup = rootCodeGroup; Console.WriteLine("Permissions granted to all code running in this AppDomain level: "); Console.WriteLine(rootCodeGroup.ToXml()); Console.WriteLine("Child code groups in RootCodeGroup: "); IList codeGroups = pLevel.RootCodeGroup.Children; IEnumerator codeGroup = codeGroups.GetEnumerator(); while (codeGroup.MoveNext()) { Console.WriteLine("\t" + ((CodeGroup)codeGroup.Current).Name); } Console.WriteLine("Demonstrate adding and removing named permission sets."); Console.WriteLine("Original named permissions sets:"); ListPermissionSets(pLevel); NamedPermissionSet myInternet = pLevel.GetNamedPermissionSet("Internet"); } catch { } }
internal CodeGroup Copy(bool childs) { UnionCodeGroup copy = new UnionCodeGroup(MembershipCondition, PolicyStatement); copy.Name = Name; copy.Description = Description; if (childs) { foreach (CodeGroup child in Children) { copy.AddChild(child.Copy()); } } return(copy); }
public override CodeGroup Copy() { UnionCodeGroup group = new UnionCodeGroup { MembershipCondition = base.MembershipCondition, PolicyStatement = base.PolicyStatement, Name = base.Name, Description = base.Description }; IEnumerator enumerator = base.Children.GetEnumerator(); while (enumerator.MoveNext()) { group.AddChild((CodeGroup) enumerator.Current); } return group; }
public override CodeGroup Copy() { UnionCodeGroup group = new UnionCodeGroup { MembershipCondition = base.MembershipCondition, PolicyStatement = base.PolicyStatement, Name = base.Name, Description = base.Description }; IEnumerator enumerator = base.Children.GetEnumerator(); while (enumerator.MoveNext()) { group.AddChild((CodeGroup)enumerator.Current); } return(group); }
internal CodeGroup Copy(bool childs) { UnionCodeGroup unionCodeGroup = new UnionCodeGroup(base.MembershipCondition, base.PolicyStatement); unionCodeGroup.Name = base.Name; unionCodeGroup.Description = base.Description; if (childs) { foreach (object obj in base.Children) { CodeGroup codeGroup = (CodeGroup)obj; unionCodeGroup.AddChild(codeGroup.Copy()); } } return(unionCodeGroup); }
// Make a copy of this code group. public override CodeGroup Copy() { UnionCodeGroup group; group = new UnionCodeGroup (MembershipCondition, PolicyStatement); group.Name = Name; group.Description = Description; IList children = Children; if(children != null) { foreach(CodeGroup child in children) { group.AddChild(child); } } return group; }
/// <include file='doc\UnionCodeGroup.uex' path='docs/doc[@for="UnionCodeGroup.Copy"]/*' /> public override CodeGroup Copy() { UnionCodeGroup group = new UnionCodeGroup(); group.MembershipCondition = this.MembershipCondition; group.PolicyStatement = this.PolicyStatement; group.Name = this.Name; group.Description = this.Description; IEnumerator enumerator = this.Children.GetEnumerator(); while (enumerator.MoveNext()) { group.AddChild((CodeGroup)enumerator.Current); } return(group); }
// Make a copy of this code group. public override CodeGroup Copy() { UnionCodeGroup group; group = new UnionCodeGroup (MembershipCondition, PolicyStatement); group.Name = Name; group.Description = Description; IList children = Children; if (children != null) { foreach (CodeGroup child in children) { group.AddChild(child); } } return(group); }
/// From MRMModule.cs by Adam Frisby /// <summary> /// Create an AppDomain that contains policy restricting code to execute /// with only the permissions granted by a named permission set /// </summary> /// <param name = "permissionSetName">name of the permission set to restrict to</param> /// <param name = "appDomainName">'friendly' name of the appdomain to be created</param> /// <exception cref = "ArgumentNullException"> /// if <paramref name = "permissionSetName" /> is null /// </exception> /// <exception cref = "ArgumentOutOfRangeException"> /// if <paramref name = "permissionSetName" /> is empty /// </exception> /// <returns>AppDomain with a restricted security policy</returns> /// <remarks> /// Substantial portions of this function from: http://blogs.msdn.com/shawnfa/archive/2004/10/25/247379.aspx /// Valid permissionSetName values are: /// * FullTrust /// * SkipVerification /// * Execution /// * Nothing /// * LocalIntranet /// * Internet /// * Everything /// </remarks> public AppDomain CreateRestrictedDomain(string permissionSetName, string appDomainName, AppDomainSetup ads) { if (permissionSetName == null) throw new ArgumentNullException("permissionSetName"); if (permissionSetName.Length == 0) throw new ArgumentOutOfRangeException("permissionSetName", permissionSetName, "Cannot have an empty permission set name"); // Default to all code getting everything PermissionSet setIntersection = new PermissionSet(PermissionState.Unrestricted); AppDomain restrictedDomain = null; #if NET_3_5 PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None)); UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy); bool foundName = false; // iterate over each policy level IEnumerator levelEnumerator = SecurityManager.PolicyHierarchy(); while (levelEnumerator.MoveNext()) { PolicyLevel level = levelEnumerator.Current as PolicyLevel; // if this level has defined a named permission set with the // given name, then intersect it with what we've retrieved // from all the previous levels if (level != null) { PermissionSet levelSet = level.GetNamedPermissionSet(permissionSetName); if (levelSet != null) { foundName = true; if (setIntersection != null) setIntersection = setIntersection.Intersect(levelSet); } } } // Intersect() can return null for an empty set, so convert that // to an empty set object. Also return an empty set if we didn't find // the named permission set we were looking for if (setIntersection == null || !foundName) setIntersection = new PermissionSet(PermissionState.None); else setIntersection = new NamedPermissionSet(permissionSetName, setIntersection); // if no named permission sets were found, return an empty set, // otherwise return the set that was found setIntersection.AddPermission(new SocketPermission(PermissionState.Unrestricted)); setIntersection.AddPermission(new WebPermission(PermissionState.Unrestricted)); setIntersection.AddPermission(new SecurityPermission(PermissionState.Unrestricted)); PolicyStatement permissions = new PolicyStatement(setIntersection); policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions)); // create an AppDomain policy level for the policy tree PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel(); appDomainLevel.RootCodeGroup = policyRoot; // create an AppDomain where this policy will be in effect restrictedDomain = AppDomain.CreateDomain(appDomainName, null, ads); restrictedDomain.SetAppDomainPolicy(appDomainLevel); #else SecurityZone zone = SecurityZone.MyComputer; try { zone = (SecurityZone)Enum.Parse(typeof(SecurityZone), permissionSetName); } catch { zone = SecurityZone.MyComputer; } Evidence ev = new Evidence(); ev.AddHostEvidence(new Zone(zone)); setIntersection = SecurityManager.GetStandardSandbox(ev); setIntersection.AddPermission(new System.Net.SocketPermission(PermissionState.Unrestricted)); setIntersection.AddPermission(new System.Net.WebPermission(PermissionState.Unrestricted)); setIntersection.AddPermission(new System.Security.Permissions.SecurityPermission(PermissionState.Unrestricted)); // create an AppDomain where this policy will be in effect restrictedDomain = AppDomain.CreateDomain(appDomainName, ev, ads, setIntersection, null); #endif return restrictedDomain; }
public void ResolveMatchingCodeGroups_ThreeLevel () { UnionCodeGroup level1 = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.None))); CodeGroup level2 = level1.Copy (); level1.AddChild (level2); UnionCodeGroup level3 = new UnionCodeGroup (new ZoneMembershipCondition (SecurityZone.Untrusted), new PolicyStatement (new PermissionSet (PermissionState.Unrestricted))); level2.AddChild (level3); CodeGroup match = level1.ResolveMatchingCodeGroups (new Evidence ()); Assert.IsNotNull (match, "Match"); Assert.IsTrue (match.Equals (level1, false), "Equals(false)"); // Equals (true) isn't a deep compare (just one level) Assert.IsTrue (match.Equals (level1, true), "Equals(true)"); }
[System.Security.SecurityCritical] // auto-generated private static void SetupSecurity() { PolicyLevel level = PolicyLevel.CreateAppDomainLevel(); CodeGroup rootGroup = new UnionCodeGroup( new AllMembershipCondition(), level.GetNamedPermissionSet( "Execution" ) ); StrongNamePublicKeyBlob microsoftBlob = new StrongNamePublicKeyBlob( AssemblyRef.MicrosoftPublicKeyFull ); CodeGroup microsoftGroup = new UnionCodeGroup( new StrongNameMembershipCondition( microsoftBlob, null, null ), level.GetNamedPermissionSet( "FullTrust" ) ); StrongNamePublicKeyBlob ecmaBlob = new StrongNamePublicKeyBlob( AssemblyRef.EcmaPublicKeyFull ); CodeGroup ecmaGroup = new UnionCodeGroup( new StrongNameMembershipCondition( ecmaBlob, null, null ), level.GetNamedPermissionSet( "FullTrust" ) ); CodeGroup gacGroup = new UnionCodeGroup( new GacMembershipCondition(), level.GetNamedPermissionSet( "FullTrust" ) ); rootGroup.AddChild( microsoftGroup ); rootGroup.AddChild( ecmaGroup ); rootGroup.AddChild( gacGroup ); level.RootCodeGroup = rootGroup; try { AppDomain.CurrentDomain.SetAppDomainPolicy( level ); } catch (PolicyException) { } }
public void ResolveWithChildren () { PermissionSet pset1 = new PermissionSet (PermissionState.None); PermissionSet pset2 = new PermissionSet (PermissionState.None); PermissionSet pset3 = new PermissionSet (PermissionState.None); PermissionSet pset4 = new PermissionSet (PermissionState.None); PermissionSet pset5 = new PermissionSet (PermissionState.None); PermissionSet pset6 = new PermissionSet (PermissionState.None); IPermission perm1 = new UIPermission (PermissionState.Unrestricted); IPermission perm2 = new EnvironmentPermission (PermissionState.Unrestricted); IPermission perm3 = new FileDialogPermission (PermissionState.Unrestricted); IPermission perm4 = new ReflectionPermission (PermissionState.Unrestricted); IPermission perm5 = new RegistryPermission (PermissionState.Unrestricted); IPermission perm6 = new FileIOPermission (PermissionState.Unrestricted); pset1.AddPermission (perm1); PolicyStatement policy1 = new PolicyStatement (pset1); pset2.AddPermission(perm2); PolicyStatement policy2 = new PolicyStatement (pset2); pset3.AddPermission (perm3); PolicyStatement policy3 = new PolicyStatement (pset3); pset4.AddPermission (perm4); PolicyStatement policy4 = new PolicyStatement (pset4); pset5.AddPermission (perm5); PolicyStatement policy5 = new PolicyStatement (pset5); pset6.AddPermission (perm6); PolicyStatement policy6 = new PolicyStatement (pset6); UnionCodeGroup root = new UnionCodeGroup (new AllMembershipCondition (), policy1); UnionCodeGroup child1 = new UnionCodeGroup (new ZoneMembershipCondition (SecurityZone.Internet), policy2); UnionCodeGroup child2 = new UnionCodeGroup (new AllMembershipCondition (), policy3); UnionCodeGroup child3 = new UnionCodeGroup (new AllMembershipCondition (), policy4); UnionCodeGroup childofchild1 = new UnionCodeGroup (new AllMembershipCondition (), policy5); UnionCodeGroup childofchild3 = new UnionCodeGroup (new AllMembershipCondition (), policy6); child1.AddChild (childofchild1); child3.AddChild (childofchild3); root.AddChild (child1); root.AddChild (child2); root.AddChild (child3); PolicyStatement result = root.Resolve (new Evidence ()); PermissionSet correctset = new PermissionSet (PermissionState.None); correctset.AddPermission (perm1); correctset.AddPermission (perm3); correctset.AddPermission (perm4); correctset.AddPermission (perm6); Assert.AreEqual (correctset.Count, result.PermissionSet.Count, "PermissionSet.Count"); foreach (IPermission p in correctset) { IPermission r = result.PermissionSet.GetPermission (p.GetType ()); Assert.IsNotNull (r, "PermissionSet.GetPermission"); } }
public void CopyWithChildren () { UnionCodeGroup cgChild = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.Unrestricted))); UnionCodeGroup cg = new UnionCodeGroup (new AllMembershipCondition (), new PolicyStatement (new PermissionSet (PermissionState.None))); cg.AddChild (cgChild); UnionCodeGroup cg2 = (UnionCodeGroup) cg.Copy (); Assert.AreEqual (cg.Children.Count, cg2.Children.Count, "Children"); Assert.AreEqual (cg.ToXml ().ToString (), cg2.ToXml ().ToString (), "ToXml"); }
private static void SetupSecurity() { PolicyLevel domainPolicy = PolicyLevel.CreateAppDomainLevel(); CodeGroup group = new UnionCodeGroup(new AllMembershipCondition(), domainPolicy.GetNamedPermissionSet("Execution")); StrongNamePublicKeyBlob blob = new StrongNamePublicKeyBlob("002400000480000094000000060200000024000052534131000400000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E821C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8A12436518206DC093344D5AD293"); CodeGroup group2 = new UnionCodeGroup(new StrongNameMembershipCondition(blob, null, null), domainPolicy.GetNamedPermissionSet("FullTrust")); StrongNamePublicKeyBlob blob2 = new StrongNamePublicKeyBlob("00000000000000000400000000000000"); CodeGroup group3 = new UnionCodeGroup(new StrongNameMembershipCondition(blob2, null, null), domainPolicy.GetNamedPermissionSet("FullTrust")); CodeGroup group4 = new UnionCodeGroup(new GacMembershipCondition(), domainPolicy.GetNamedPermissionSet("FullTrust")); group.AddChild(group2); group.AddChild(group3); group.AddChild(group4); domainPolicy.RootCodeGroup = group; try { AppDomain.CurrentDomain.SetAppDomainPolicy(domainPolicy); } catch (PolicyException) { } }
static AppDomain NewDomain () { PolicyStatement statement = new PolicyStatement(new PermissionSet(PermissionState.None),PolicyStatementAttribute.Nothing); PermissionSet ps = new PermissionSet(PermissionState.None); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Assertion)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlAppDomain)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlDomainPolicy)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlPolicy)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlPrincipal)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlThread)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Infrastructure)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.RemotingConfiguration)); ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter)); ps.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); ps.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted)); ps.AddPermission(new ReflectionPermission(PermissionState.Unrestricted)); ps.AddPermission(new RegistryPermission(PermissionState.Unrestricted)); ps.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted)); ps.AddPermission(new EventLogPermission(PermissionState.Unrestricted)); ps.AddPermission(new PerformanceCounterPermission(PermissionState.Unrestricted)); ps.AddPermission(new DnsPermission(PermissionState.Unrestricted)); ps.AddPermission(new UIPermission(PermissionState.Unrestricted)); PolicyStatement statement1 = new PolicyStatement(ps,PolicyStatementAttribute.Exclusive); CodeGroup group; group = new UnionCodeGroup(new AllMembershipCondition(),statement); group.AddChild(new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.MyComputer),statement1)); PolicyLevel level = PolicyLevel.CreateAppDomainLevel(); level.RootCodeGroup = group; AppDomain domain = AppDomain.CreateDomain ("test"); domain.SetAppDomainPolicy(level); return domain; }
public override CodeGroup Copy() { UnionCodeGroup group = new UnionCodeGroup(); group.MembershipCondition = this.MembershipCondition; group.PolicyStatement = this.PolicyStatement; group.Name = this.Name; group.Description = this.Description; IEnumerator enumerator = this.Children.GetEnumerator(); while (enumerator.MoveNext()) { group.AddChild( (CodeGroup)enumerator.Current ); } return group; }