internal PermissionSet Resolve(Evidence evidence) { // The host might have implemented a ResolvePolicy method in their HostSecurityManager, // so take that into account for non-GAC assemblies. if (!IsGacAssembly(evidence)) { HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager; if ((securityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy) { return(securityManager.ResolvePolicy(evidence)); } } return(ResolveHelper(evidence)); }
internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet) { HostSecurityManager hostSecurityManager = AppDomain.CurrentDomain.HostSecurityManager; if (evidence.GetHostEvidence <GacInstalled>() != null) { grantSet = new PermissionSet(PermissionState.Unrestricted); return(true); } if ((hostSecurityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy) { PermissionSet permissionSet = hostSecurityManager.ResolvePolicy(evidence); if (permissionSet == null) { throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", new object[] { hostSecurityManager.GetType().FullName })); } if (AppDomain.CurrentDomain.IsHomogenous) { if (permissionSet.IsEmpty()) { throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission")); } PermissionSet permissionSet2 = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet; if (!permissionSet.IsUnrestricted() && (!permissionSet.IsSubsetOf(permissionSet2) || !permissionSet2.IsSubsetOf(permissionSet))) { throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", new object[] { hostSecurityManager.GetType().FullName })); } } grantSet = permissionSet; return(true); } else { if (AppDomain.CurrentDomain.IsHomogenous) { grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence); return(true); } grantSet = null; return(false); } }
public void ResolvePolicy_CurrentAssemblyEvidence () { HostSecurityManager hsm = new HostSecurityManager (); Assembly a = Assembly.GetExecutingAssembly (); PermissionSet ps = hsm.ResolvePolicy (a.Evidence); PermissionSet expected = SecurityManager.ResolvePolicy (a.Evidence); Assert.AreEqual (expected.ToString (), ps.ToString (), "PermissionSet"); }
public void ResolvePolicy_Empty () { HostSecurityManager hsm = new HostSecurityManager (); PermissionSet ps = hsm.ResolvePolicy (new Evidence ()); Assert.AreEqual (0, ps.Count, "Count"); Assert.IsFalse (ps.IsUnrestricted (), "IsUnrestricted"); }
public void ResolvePolicy_Null () { HostSecurityManager hsm = new HostSecurityManager (); PermissionSet ps = hsm.ResolvePolicy (null); }
internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet) { Contract.Assert(evidence != null); HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager; // GAC assemblies always are fully trusted if (evidence.GetHostEvidence <GacInstalled>() != null) { grantSet = new PermissionSet(PermissionState.Unrestricted); return(true); } // If the host wants to participate in policy resolution, then our next option is to ask it for // a grant set else if ((securityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy) { PermissionSet hostGrantSet = securityManager.ResolvePolicy(evidence); if (hostGrantSet == null) { throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", securityManager.GetType().FullName)); } // If we're in a homogenous domain, we don't want to allow the host to create multiple // levels of permissions within the domain. So, if we see the host return something other // than full trust or the homogenous grant set, we reject the grant set. if (AppDomain.CurrentDomain.IsHomogenous) { // Some hosts, such as ASP.NET, return Nothing as a way of saying that the assembly should // not be allowed to run in the AppDomain. Reject that with a specific // no-execution-allowed-here exception message, rather than the return value validation // exception message we'd hit below. if (hostGrantSet.IsEmpty()) { throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission")); } PermissionSet homogenousGrantSet = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet; bool isValidGrantSet = hostGrantSet.IsUnrestricted() || (hostGrantSet.IsSubsetOf(homogenousGrantSet) && homogenousGrantSet.IsSubsetOf(hostGrantSet)); if (!isValidGrantSet) { throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", securityManager.GetType().FullName)); } } grantSet = hostGrantSet; return(true); } // If we're in a homogenous domain, we can get the grant set directly from the application trust else if (AppDomain.CurrentDomain.IsHomogenous) { grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence); return(true); } // Otherwise we have no way to figure out what the grant set is else { grantSet = null; return(false); } }