static void Main(string[] args) { // Pfad, muss absolut sein für FileIOPermission string path = @"C:\Users\philipp\Dropbox\Dokumente\Schule\PR\src\dot-net-security-and-encryption\AppDomainTest\Evil\bin\Debug"; // PermissionSet ohne Berechtigungen Erstellen PermissionSet set = new PermissionSet(PermissionState.None); // Berechtigen zum Ausführen des Programmes hinzufügen set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); // Berechtigungen zum Lesen des Pfades hinzufügen set.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, path)); // Info, wird benötigt um Domain zu erstellen var info = new AppDomainSetup { ApplicationBase = path }; // Erstellen der Domain AppDomain domain = AppDomain.CreateDomain("Sandbox", null, info, set, null); // Laden der Instance Example evil = (Example) domain.CreateInstanceFromAndUnwrap(path + @"\Evil.dll", "Evil.Example"); // Ausführen der (bösen) Methode evil.DoSomethingEvil(); Console.ReadKey(); }
private AppDomain CreateAnalyzerDomain() { AppDomainSetup ads = new AppDomainSetup(); AppDomain result; PermissionSet perms; ads.ApplicationBase = Environment.CurrentDirectory; ads.ShadowCopyDirectories = "shadow"; ads.ShadowCopyFiles = "shadow"; ads.DisallowCodeDownload = true; perms = new PermissionSet(PermissionState.None); FileIOPermission fiop = new FileIOPermission(PermissionState.Unrestricted); perms.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); perms.AddPermission(new SecurityPermission(SecurityPermissionFlag.AllFlags)); fiop.AddPathList(FileIOPermissionAccess.PathDiscovery, Environment.CurrentDirectory); fiop.AddPathList(FileIOPermissionAccess.Read, Environment.CurrentDirectory); fiop.AddPathList(FileIOPermissionAccess.PathDiscovery, Environment.CurrentDirectory + "Extensions\\"); fiop.AddPathList(FileIOPermissionAccess.Read, Environment.CurrentDirectory + "Extensions\\"); //fiop.AllLocalFiles = FileIOPermissionAccess.AllAccess //fiop.AllFiles = FileIOPermissionAccess.AllAccess perms.AddPermission(fiop); perms.AddPermission(new UIPermission(UIPermissionWindow.AllWindows, UIPermissionClipboard.OwnClipboard)); perms.AddPermission(new ReflectionPermission(PermissionState.Unrestricted)); PolicyLevel policy = PolicyLevel.CreateAppDomainLevel(); policy.RootCodeGroup.PolicyStatement = new PolicyStatement(perms); // create the Domain result = AppDomain.CreateDomain("analyzer", null, ads); result.SetAppDomainPolicy(policy); return result; }
/// <summary> /// Initializes the permissions manager with the permissions required by an install script. /// </summary> internal static void Init() { permissions = new PermissionSet(PermissionState.None); //do the following paths need to add to this? // savesPath - fallout 3 var fipFilePermission = new FileIOPermission(FileIOPermissionAccess.AllAccess, new[] { Program.tmpPath, Path.GetTempPath(), Program.GameMode.InstallInfoDirectory, Program.GameMode.PluginsPath }); var lstPaths = new List<string>(Program.GameMode.SettingsFiles.Values); lstPaths.AddRange(Program.GameMode.AdditionalPaths.Values); fipFilePermission.AddPathList(FileIOPermissionAccess.AllAccess, lstPaths.ToArray()); fipFilePermission.AddPathList(FileIOPermissionAccess.Read, Environment.CurrentDirectory); permissions.AddPermission(fipFilePermission); permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)); permissions.AddPermission(new UIPermission(UIPermissionWindow.AllWindows)); // Not sure what permissions are needed for GetTempFileName() to work, so we add them all. permissions.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted)); }
private static AppDomain CreateRestrictedDomain(string domainName) { // Default to all code getting nothing PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None)); UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy); // Grant all code the named permission set for the test PermissionSet partialTrustPermissionSet = new PermissionSet(PermissionState.None); partialTrustPermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.AllFlags)); partialTrustPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)); PolicyStatement permissions = new PolicyStatement(partialTrustPermissionSet); policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions)); // Create an AppDomain policy level for the policy tree PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel(); appDomainLevel.RootCodeGroup = policyRoot; // Set the Application Base correctly in order to find the test assembly AppDomainSetup ads = new AppDomainSetup(); ads.ApplicationBase = Environment.CurrentDirectory; AppDomain restrictedDomain = AppDomain.CreateDomain(domainName, null, ads); restrictedDomain.SetAppDomainPolicy(appDomainLevel); return restrictedDomain; }
public void Open() { if(State != CommunicationState.Created) { return; } try { Opening(this,EventArgs.Empty); //Permission required to read the providers application name and access config PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal)); permissions.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); permissions.Assert(); m_ServiceHostActivator.MembershipApplicationName = Membership.ApplicationName; if(Roles.Enabled) { m_ServiceHostActivator.RolesApplicationName = Roles.ApplicationName; } PermissionSet.RevertAssert(); m_ServiceHostActivator.Open(); State = CommunicationState.Opened; Opened(this,EventArgs.Empty); } catch { State = CommunicationState.Faulted; } }
public bool Build(X509Certificate2 certificate) { lock (this.m_syncRoot) { if ((certificate == null) || certificate.CertContext.IsInvalid) { throw new ArgumentException(SR.GetString("Cryptography_InvalidContextHandle"), "certificate"); } new StorePermission(StorePermissionFlags.EnumerateCertificates | StorePermissionFlags.OpenStore).Demand(); X509ChainPolicy chainPolicy = this.ChainPolicy; if ((chainPolicy.RevocationMode == X509RevocationMode.Online) && ((certificate.Extensions["2.5.29.31"] != null) || (certificate.Extensions["1.3.6.1.5.5.7.1.1"] != null))) { PermissionSet set = new PermissionSet(PermissionState.None); set.AddPermission(new WebPermission(PermissionState.Unrestricted)); set.AddPermission(new StorePermission(StorePermissionFlags.AddToStore)); set.Demand(); } this.Reset(); if (BuildChain(this.m_useMachineContext ? new IntPtr(1L) : new IntPtr(0L), certificate.CertContext, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout, ref this.m_safeCertChainHandle) != 0) { return false; } this.Init(); CAPIBase.CERT_CHAIN_POLICY_PARA pPolicyPara = new CAPIBase.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_PARA))); CAPIBase.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new CAPIBase.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_STATUS))); pPolicyPara.dwFlags = (uint) chainPolicy.VerificationFlags; if (!CAPISafe.CertVerifyCertificateChainPolicy(new IntPtr(1L), this.m_safeCertChainHandle, ref pPolicyPara, ref pPolicyStatus)) { throw new CryptographicException(Marshal.GetLastWin32Error()); } CAPISafe.SetLastError(pPolicyStatus.dwError); return (pPolicyStatus.dwError == 0); } }
public void GeneratedTypeForAdditionalInterfaceWithMethodsHavingSignaturesMatchingMethodsInTheBaseClassIsVerifiable() { PermissionSet grantSet = new PermissionSet(PermissionState.None); grantSet.AddPermission( new SecurityPermission( SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)); grantSet.AddPermission( new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess | ReflectionPermissionFlag.MemberAccess)); grantSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); AppDomain sandbox = AppDomain.CreateDomain( "sandbox", AppDomain.CurrentDomain.Evidence, new AppDomainSetup { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory }, grantSet); sandbox.DoCallBack(() => { InterceptingClassGenerator generator = new InterceptingClassGenerator(typeof(MainType), typeof(IDoSomething), typeof(IDoSomethingToo)); Type generatedType = generator.GenerateType(); }); }
public static PluginHost CreateSandbox(string applicationBasePath) { var rand = Path.GetRandomFileName(); var setup = new AppDomainSetup() { ApplicationBase = applicationBasePath, ApplicationName = rand, ConfigurationFile = "", // DO not set to empty string if we want to use the conf file from this domain DisallowBindingRedirects = true, DisallowCodeDownload = true, DisallowPublisherPolicy = true }; var permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); permissions.AddPermission( new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.AllAccess, applicationBasePath)); // If we want to enable NLog (for example) to read our configuration file permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, @"C:\Dev\POC\Krang\src\Krang.App\bin\Debug\Krang.App.vshost.exe.Config")); var domain = AppDomain.CreateDomain(rand, null, setup, permissions, typeof(PluginHost).Assembly.Evidence.GetHostEvidence<StrongName>(), typeof(Plugin).Assembly.Evidence.GetHostEvidence<StrongName>()); return (PluginHost)Activator.CreateInstanceFrom(domain, typeof(PluginHost).Assembly.ManifestModule.FullyQualifiedName, typeof(PluginHost).FullName).Unwrap(); }
static XmlILModule() { AssemblyName asmName; AssemblyBuilder asmBldr; CreateModulePermissionSet = new PermissionSet(PermissionState.None); // CreateDelegate demands MemberAccess permission CreateModulePermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.MemberAccess)); // DynamicMethod constructor demands ControlEvidence permissions. // Emitting symbols in DefineDynamicModule (to allow to debug the stylesheet) requires UnmanagedCode permission. CreateModulePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.UnmanagedCode)); AssemblyId = 0; // 1. LRE assembly only needs to execute // 2. No temp files need be created // 3. Never allow assembly to Assert permissions asmName = CreateAssemblyName(); asmBldr = AppDomain.CurrentDomain.DefineDynamicAssembly(asmName, AssemblyBuilderAccess.Run); try { CreateModulePermissionSet.Assert(); // Add custom attribute to assembly marking it as security transparent so that Assert will not be allowed // and link demands will be converted to full demands. asmBldr.SetCustomAttribute(new CustomAttributeBuilder(XmlILConstructors.Transparent, new object[] {})); // Store LREModule once. If multiple threads are doing this, then some threads might get different // modules. This is OK, since it's not mandatory to share, just preferable. LREModule = asmBldr.DefineDynamicModule("System.Xml.Xsl.CompiledQuery", false); } finally { CodeAccessPermission.RevertAssert(); } }
private static AppDomain CreateSandboxDomain() { // Normally from a security perspective we'd put the sandboxed app in its own // base directory, but to make things easier (so we don't have to copy the NUnit // assembly, etc.) we'll just mirror the current test domain settings. var info = new AppDomainSetup { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory, PrivateBinPath = AppDomain.CurrentDomain.RelativeSearchPath }; // Grant set is the same set of permissions as ASP.NET medium trust EXCEPT // it excludes the FileIOPermission, IsolatedStorageFilePermission, and PrintingPermission. var grantSet = new PermissionSet(null); grantSet.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium)); grantSet.AddPermission(new DnsPermission(PermissionState.Unrestricted)); grantSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "TEMP;TMP;USERNAME;OS;COMPUTERNAME")); grantSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlThread | SecurityPermissionFlag.ControlPrincipal | SecurityPermissionFlag.RemotingConfiguration)); grantSet.AddPermission(new SmtpPermission(SmtpAccess.Connect)); grantSet.AddPermission(new SqlClientPermission(PermissionState.Unrestricted)); grantSet.AddPermission(new TypeDescriptorPermission(PermissionState.Unrestricted)); grantSet.AddPermission(new WebPermission(PermissionState.Unrestricted)); grantSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess)); return AppDomain.CreateDomain("Sandbox", null, info, grantSet); }
private static PermissionSet Create_permission_set_for_sandbox_AppDomain(string beitragspfad) { PermissionSet permissionSet = new PermissionSet(PermissionState.None); permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, beitragspfad)); return permissionSet; }
public int Fill(DataSet dataSet, object ADODBRecordSet, string srcTable) { System.Security.PermissionSet permissionSet = new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None); permissionSet.AddPermission(OleDbConnection.ExecutePermission); // MDAC 77737 permissionSet.AddPermission(new System.Security.Permissions.SecurityPermission(System.Security.Permissions.SecurityPermissionFlag.UnmanagedCode)); permissionSet.Demand(); IntPtr hscp; Bid.ScopeEnter(out hscp, "<oledb.OleDbDataAdapter.Fill|API> %d#, dataSet, ADODBRecordSet, srcTable='%ls'\n", ObjectID, srcTable); try { if (null == dataSet) { throw ADP.ArgumentNull("dataSet"); } if (null == ADODBRecordSet) { throw ADP.ArgumentNull("adodb"); } if (ADP.IsEmpty(srcTable)) { throw ADP.FillRequiresSourceTableName("srcTable"); } // user was required to have UnmanagedCode Permission just to create ADODB // (new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)).Demand(); return(FillFromADODB((object)dataSet, ADODBRecordSet, srcTable, true)); } finally { Bid.ScopeLeave(ref hscp); } }
public static PermissionSet GetDefaultScriptPermissionSet() { PermissionSet internalDefScriptPermSet = new PermissionSet(PermissionState.None); internalDefScriptPermSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); internalDefScriptPermSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.MemberAccess)); return internalDefScriptPermSet; }
public static PluginHost Create(string pluginId, IDictionary<string, object> config) { var currentDirectory = Directory.GetCurrentDirectory(); var setup = new AppDomainSetup { ApplicationBase = currentDirectory, ApplicationName = pluginId, ConfigurationFile = "", // DO not set to empty string if we want to use the conf file from this domain DisallowBindingRedirects = true, DisallowCodeDownload = true, DisallowPublisherPolicy = true }; var permissions = new PermissionSet(PermissionState.None); if (config.ContainsKey("Permissions") && config["Permissions"] != null) { var securityElement = SecurityElement.FromString(config["Permissions"].ToString()); if (securityElement != null) { permissions.FromXml(securityElement); } } permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence // To get nice exceptions with permission demands. | SecurityPermissionFlag.ControlPolicy // See ^ | SecurityPermissionFlag.Execution // To allow the plugin to execute )); // WCF hosting for JSONRPC permissions.AddPermission(new WebPermission(NetworkAccess.Connect | NetworkAccess.Accept, new Regex(@"http://localhost:31337/hadouken\.plugins.*"))); // Isolated storage permissions.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted)); var ev = new Evidence(new EvidenceBase[] {new Url(config["Url"].ToString())}, null); var fxAsm = Assembly.LoadFile(Path.Combine(currentDirectory, FxAssembly)); var domain = AppDomain.CreateDomain(pluginId, ev, setup, permissions, typeof (PluginHost).Assembly.Evidence.GetHostEvidence<StrongName>(), fxAsm.Evidence.GetHostEvidence<StrongName>()); return (PluginHost) Activator.CreateInstanceFrom( domain, typeof (PluginHost).Assembly.ManifestModule.FullyQualifiedName, typeof (PluginHost).FullName, false, BindingFlags.Default, null, new object[] {pluginId, config}, null, null).Unwrap(); }
public static AppDomain CreatePartialTrustDomain() { AppDomainSetup setup = new AppDomainSetup() { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory, PrivateBinPath = AppDomain.CurrentDomain.RelativeSearchPath }; PermissionSet permissions = new PermissionSet(null); permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); permissions.AddPermission(new DnsPermission(PermissionState.Unrestricted)); permissions.AddPermission(new SocketPermission(PermissionState.Unrestricted)); return AppDomain.CreateDomain("Partial Trust Sandbox", AppDomain.CurrentDomain.Evidence, setup, permissions); }
public static AppDomain CreateSandbox() { var setup = new AppDomainSetup { ApplicationBase = AppDomain.CurrentDomain.SetupInformation.ApplicationBase }; var permissionSet = new PermissionSet(PermissionState.None); permissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.NoFlags)); permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); permissionSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); // TODO: !!! var appDomain = AppDomain.CreateDomain("Sandbox", null, setup, permissionSet); return appDomain; }
public void SetMethod() { ReflectionPermission rp = new ReflectionPermission(ReflectionPermissionFlag.AllFlags); IsolatedStorageFilePermission isp = new IsolatedStorageFilePermission(PermissionState.Unrestricted); System.Security.PermissionSet ps = new System.Security.PermissionSet(PermissionState.None); ps.AddPermission(rp); ps.AddPermission(isp); ps.Demand(); }
private static PermissionSet CreateInternetSet() { PermissionSet permSet = new PermissionSet(PermissionState.None); permSet.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open)); #pragma warning disable 618 permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); #pragma warning restore 618 permSet.AddPermission(new UIPermission(UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard)); return permSet; }
internal static PermissionSet _UnsafeGetAssertPermSet() { PermissionSet set = new PermissionSet(PermissionState.None); RegistryPermission perm = new RegistryPermission(PermissionState.Unrestricted); set.AddPermission(perm); EnvironmentPermission permission2 = new EnvironmentPermission(PermissionState.Unrestricted); set.AddPermission(permission2); SecurityPermission permission3 = new SecurityPermission(SecurityPermissionFlag.UnmanagedCode); set.AddPermission(permission3); return set; }
public static PermissionSet CreatePermissionSet(bool includeReflectionPermission) { PermissionSet permissionsSet = new PermissionSet(null); permissionsSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); permissionsSet.AddPermission(new SocketPermission(PermissionState.Unrestricted)); permissionsSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)); permissionsSet.AddPermission(new DnsPermission(PermissionState.Unrestricted)); if (includeReflectionPermission) permissionsSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted)); return permissionsSet; }
private static string GetApplicationInstanceId(this Assembly entry) { var set = new PermissionSet(PermissionState.None); set.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); set.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)); set.Assert(); var typeLibGuidForAssembly = Marshal.GetTypeLibGuidForAssembly(entry); var strArray = entry.GetName().Version.ToString().Split(".".ToCharArray()); PermissionSet.RevertAssert(); return typeLibGuidForAssembly + strArray[0] + "." + strArray[1]; }
public void CanReflectOnSecurityExceptionWithoutPermission() { SecurityPermission denyPermission = new SecurityPermission(SecurityPermissionFlag.ControlPolicy | SecurityPermissionFlag.ControlEvidence); PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(denyPermission); permissions.Deny(); SecurityException exception = null; try { DemandException(denyPermission); } catch (SecurityException e) { exception = e; } ExceptionFormatter formatter = new ExceptionFormatter(); String message = formatter.GetMessage(exception); Match demandedMatch = DemandedEntryRegex.Match(message); Assert.IsNotNull(demandedMatch); Assert.AreEqual(Resources.PropertyAccessFailed, demandedMatch.Groups[1].Value); CodeAccessPermission.RevertDeny(); message = formatter.GetMessage(exception); demandedMatch = DemandedEntryRegex.Match(message); Assert.IsNotNull(demandedMatch); Assert.AreNotEqual(Resources.PropertyAccessFailed, demandedMatch.Groups[1].Value); }
/// <summary> /// Checks to see if DNS information is available to the caller /// /// </summary> /// /// <returns/> public bool GetIsDnsAvailable() { PermissionSet permissionSet = new PermissionSet(PermissionState.None); DnsPermission dnsPermission = new DnsPermission(PermissionState.Unrestricted); permissionSet.AddPermission((IPermission) dnsPermission); return permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet); }
private static bool CanWriteToFolder(string folder) { var permission = new FileIOPermission(FileIOPermissionAccess.Write, folder); var permissionSet = new PermissionSet(PermissionState.None); permissionSet.AddPermission(permission); return permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet); }
/// <summary> /// Checks to see if Registry access is available to the caller /// /// </summary> /// /// <returns/> public bool GetIsRegistryAvailable() { PermissionSet permissionSet = new PermissionSet(PermissionState.None); RegistryPermission registryPermission = new RegistryPermission(PermissionState.Unrestricted); permissionSet.AddPermission((IPermission) registryPermission); return permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet); }
static void Main(string[] args) { //Setting the AppDomainSetup. It is very important to set the ApplicationBase to a folder //other than the one in which the sandboxer resides. AppDomainSetup adSetup = new AppDomainSetup(); adSetup.ApplicationBase = Path.GetFullPath(pathToUntrusted); //Setting the permissions for the AppDomain. We give the permission to execute and to //read/discover the location where the untrusted code is loaded. PermissionSet permSet = new PermissionSet(PermissionState.None); permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); //We want the sandboxer assembly's strong name, so that we can add it to the full trust list. StrongName fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>(); //Now we have everything we need to create the AppDomain, so let's create it. AppDomain newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, fullTrustAssembly); //Use CreateInstanceFrom to load an instance of the Sandboxer class into the //new AppDomain. ObjectHandle handle = Activator.CreateInstanceFrom( newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName, typeof(Sandboxer).FullName ); //Unwrap the new domain instance into a reference in this domain and use it to execute the //untrusted code. Sandboxer newDomainInstance = (Sandboxer)handle.Unwrap(); newDomainInstance.ExecuteUntrustedCode(untrustedAssembly, untrustedClass, entryPoint, parameters); }
/// <summary> /// /// </summary> /// <param name="args"></param> public static void Main (string [] args) { if (args.Length < 4 || args.Length > 5) { Console.WriteLine ("Usage: GlPostProcess.exe in.dll out.dll Tao.OpenGl.snk Tao.OpenGl.Gl [Tao.OpenGl.ContextGl]"); return; } string inName = args[0]; string outName = args[1]; string typeName = args[3]; string snkFile = null; if (args[2] != "") snkFile = args[2]; string instanceTypeName = null; if (args.Length == 5) instanceTypeName = args[4]; string outDir = System.IO.Path.GetDirectoryName(outName); string outDll = System.IO.Path.GetFileName(outName); string outNameBase = System.IO.Path.GetFileNameWithoutExtension(outName); // The MS runtime doesn't support a bunch of queries on // dynamic modules, so we have to track this stuff ourselves field_hash = new Hashtable(); // load the input DLL as an Assembly Assembly inputAssembly = Assembly.LoadFrom(inName); // the calli instructions are unverifiable PermissionSet reqPermSet = new PermissionSet(PermissionState.None); reqPermSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification)); AssemblyName outAsName = new AssemblyName(); outAsName.Name = outNameBase; if (snkFile != null) outAsName.KeyPair = new StrongNameKeyPair(File.Open(snkFile, FileMode.Open, FileAccess.Read)); // create a dynamic assembly AssemblyBuilder abuilder = AppDomain.CurrentDomain.DefineDynamicAssembly (outAsName, AssemblyBuilderAccess.Save, outDir != null && outDir.Length > 0 ? outDir : null, reqPermSet, null, null); abuilder.SetCustomAttribute (GetCLSCompliantCAB (true)); // go through and copy over custom attributes //object [] assemblyAttrs = inputAssembly.GetCustomAttributes (false); // copy over references //AssemblyName [] assemblyRefs = inputAssembly.GetReferencedAssemblies (); // create a dynamic module ModuleBuilder mbuilder = abuilder.DefineDynamicModule(outAsName.Name, outDll); mbuilder.SetCustomAttribute (GetCLSCompliantCAB (true)); mbuilder.SetCustomAttribute (GetUnverifiableCodeCAB ()); ProcessType (mbuilder, inputAssembly, typeName, false); if (instanceTypeName != null) ProcessType (mbuilder, inputAssembly, instanceTypeName, false); mbuilder.CreateGlobalFunctions(); abuilder.Save(outDll); }
private static PermissionSet CreateSkipVerificationSet() { PermissionSet permSet = new PermissionSet(PermissionState.None); #pragma warning disable 618 permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification)); #pragma warning restore 618 return permSet; }
public void ReflectionFormatterReadSecurityExceptionPropertiesWithoutPermissionTest() { SecurityPermission denyPermission = new SecurityPermission(SecurityPermissionFlag.ControlPolicy | SecurityPermissionFlag.ControlEvidence); PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(denyPermission); permissions.Deny(); StringBuilder sb = new StringBuilder(); StringWriter writer = new StringWriter(sb); SecurityException exception = null; try { DemandException(denyPermission); } catch (SecurityException e) { exception = e; } MockTextExceptionFormatter formatter = new MockTextExceptionFormatter(writer, exception, Guid.Empty); formatter.Format(); CodeAccessPermission.RevertDeny(); formatter = new MockTextExceptionFormatter(writer, exception, Guid.Empty); formatter.Format(); Assert.AreEqual(exception.Demanded.ToString(), formatter.properties["Demanded"]); }
// Determine if a specific permission has been granted. public static bool IsGranted(IPermission perm) { // Bail out if the requested permission is null. if(perm == null) { return true; } // Get the current permission state. ClrPermissions current = ClrSecurity.GetPermissionsFrom(1); if(current == null) { // Null is equivalent to "unrestricted". return true; } // Build a permission set with just this permission. PermissionSet set = new PermissionSet(PermissionState.None); set.AddPermission(perm); // If "PermitOnly" is set, then only check that set. if(current.permitOnly != null) { return set.IsSubsetOf(current.permitOnly); } // The permission must be granted, but not denied. if(!set.IsSubsetOf(current.granted) || set.IsSubsetOf(current.denied)) { return false; } return true; }
public static void Socket() { var set = new PermissionSet(PermissionState.None); set.AddPermission(new DnsPermission(PermissionState.Unrestricted)); set.AddPermission(new SocketPermission(NetworkAccess.Connect, TransportType.Tcp, "173.194.32.38", 80)); set.Assert(); var client = new TcpClient(); client.Connect("173.194.32.38", 80); Console.WriteLine("Connected to google: {0}", client.Connected); client.Close(); CodeAccessPermission.RevertAssert(); }
public static bool NeedsAdministratorRights() { var permissionSet = new PermissionSet(PermissionState.None); var writePermission = new FileIOPermission(FileIOPermissionAccess.Write, HostsFileManager.Filename); permissionSet.AddPermission(writePermission); return permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet); }
protected internal override System.Security.PermissionSet CreatePermissionSet() { System.Security.PermissionSet permissionSet; if (PossiblePrompt) { permissionSet = new NamedPermissionSet("FullTrust"); } else { permissionSet = new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None); permissionSet.AddPermission(new OleDbPermission(this)); } return permissionSet; }
protected internal override System.Security.PermissionSet CreatePermissionSet() { System.Security.PermissionSet permissionSet; if (ContainsKey(KEY.SaveFile)) { permissionSet = new NamedPermissionSet("FullTrust"); } else { permissionSet = new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None); permissionSet.AddPermission(new OdbcPermission(this)); } return(permissionSet); }
public void AddPermissionSet(PEAPI.SecurityAction sec_action, SSPermissionSet perm_set) { SSPermissionSet ps = (SSPermissionSet)permissionset_table [sec_action]; if (ps == null) { permissionset_table [sec_action] = perm_set; return; } foreach (IPermission iper in perm_set) { ps.AddPermission(iper); } }
internal static void ResolveIdentityPermissions(PermissionSet ps, Evidence evidence) { // in 2.0 identity permissions can now be unrestricted if (ps.IsUnrestricted()) { return; } // Only host evidence are used for policy resolution IEnumerator ee = evidence.GetHostEnumerator(); while (ee.MoveNext()) { IIdentityPermissionFactory ipf = (ee.Current as IIdentityPermissionFactory); if (ipf != null) { IPermission p = ipf.CreateIdentityPermission(evidence); ps.AddPermission(p); } } }
// Permit only the permissions in this set. public virtual void PermitOnly() { // Demand the permission first, because we cannot permit it // for exclusive access if we are not allowed have it at all. Demand(); // Create a permission set and copy all CA objects into it. PermissionSet set = new PermissionSet(PermissionState.None); int posn; CodeAccessPermission perm; for (posn = 0; posn < permissions.Count; ++posn) { perm = (permissions[posn] as CodeAccessPermission); if (perm != null) { set.AddPermission(perm.Copy()); } } // Set the current "PermitOnly" context on the call stack. CodeAccessPermission.PermitOnly(set, 2); }
// Deny permissions to the caller. internal void Deny(int skipFrames) { // Add the permission to the denied permissions set. ClrPermissions current; current = ClrSecurity.GetPermissionsFrom(skipFrames); PermissionSet set = new PermissionSet(PermissionState.None); set.AddPermission(this.Copy()); if (current == null) { // Initialize the permissions context to "allow // everything except this permission object". current = new ClrPermissions (new PermissionSet(PermissionState.Unrestricted), set, null); } else { current = current.SetDenied(set.Union(current.denied)); } ClrSecurity.SetPermissions(current, skipFrames); }
// 2.0 metadata format internal static PermissionSet CreateFromBinaryFormat(byte[] data) { if ((data == null) || (data [0] != 0x2E) || (data.Length < 2)) { string msg = Locale.GetText("Invalid data in 2.0 metadata format."); throw new SecurityException(msg); } int pos = 1; int numattr = ReadEncodedInt(data, ref pos); PermissionSet ps = new PermissionSet(PermissionState.None); for (int i = 0; i < numattr; i++) { IPermission p = ProcessAttribute(data, ref pos); if (p == null) { string msg = Locale.GetText("Unsupported data found in 2.0 metadata format."); throw new SecurityException(msg); } ps.AddPermission(p); } return(ps); }
// Determine if a specific permission has been granted. public static bool IsGranted(IPermission perm) { // Bail out if the requested permission is null. if (perm == null) { return(true); } // Get the current permission state. ClrPermissions current = ClrSecurity.GetPermissionsFrom(1); if (current == null) { // Null is equivalent to "unrestricted". return(true); } // Build a permission set with just this permission. PermissionSet set = new PermissionSet(PermissionState.None); set.AddPermission(perm); // If "PermitOnly" is set, then only check that set. if (current.permitOnly != null) { return(set.IsSubsetOf(current.permitOnly)); } // The permission must be granted, but not denied. if (!set.IsSubsetOf(current.granted) || set.IsSubsetOf(current.denied)) { return(false); } return(true); }
public PermissionSet Resolve(Evidence evidence, PermissionSet request) { #if _DEBUG if (debug) { DEBUG_OUT("PolicyManager::Resolve"); IEnumerator evidenceEnumerator = evidence.GetEnumerator(); DEBUG_OUT("Evidence:"); while (evidenceEnumerator.MoveNext()) { Object obj = evidenceEnumerator.Current; if (obj is Site) { DEBUG_OUT(((Site)obj).ToXml().ToString()); } else if (obj is Zone) { DEBUG_OUT(((Zone)obj).ToXml().ToString()); } else if (obj is Url) { DEBUG_OUT(((Url)obj).ToXml().ToString()); } else if (obj is StrongName) { DEBUG_OUT(((StrongName)obj).ToXml().ToString()); } else if (obj is PermissionRequestEvidence) { DEBUG_OUT(((PermissionRequestEvidence)obj).ToXml().ToString()); } } } #endif // We set grant to null to represent "AllPossible" PermissionSet grant = null; PolicyStatement policy; PolicyLevel currentLevel = null; IEnumerator levelEnumerator = m_levels.GetEnumerator(); char[] serializedEvidence = MakeEvidenceArray(evidence, false); int count = evidence.Count; bool testApplicationLevels = false; while (levelEnumerator.MoveNext()) { currentLevel = (PolicyLevel)levelEnumerator.Current; policy = currentLevel.Resolve(evidence, count, serializedEvidence); // If the grant is "AllPossible", the intersection is just the other permission set. // Otherwise, do an inplace intersection (since we know we can alter the grant set since // it is a copy of the first policy statement's permission set). if (grant == null) { grant = policy.PermissionSet; } else { // An exception somewhere in here means that a permission // failed some operation. This simply means that it will be // dropped from the grant set which is safe operation that // can be ignored. try { grant.InplaceIntersect(policy.GetPermissionSetNoCopy()); } catch (Exception) { } } #if _DEBUG if (debug) { DEBUG_OUT("Level = " + currentLevel.Label); DEBUG_OUT("policy =\n" + policy.ToXml().ToString()); DEBUG_OUT("grant so far =\n" + grant.ToXml().ToString()); } #endif if (grant.IsEmpty()) { break; } else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal) { if (!currentLevel.Label.Equals("AppDomain")) { testApplicationLevels = true; } break; } } if (testApplicationLevels) { PolicyLevel appDomainLevel = null; for (int i = m_levels.Count - 1; i >= 0; --i) { currentLevel = (PolicyLevel)m_levels[i]; if (currentLevel.Label.Equals("AppDomain")) { appDomainLevel = currentLevel; break; } } if (appDomainLevel != null) { policy = appDomainLevel.Resolve(evidence, count, serializedEvidence); grant.InplaceIntersect(policy.GetPermissionSetNoCopy()); } } #if _DEBUG if (debug) { DEBUG_OUT("granted =\n" + grant.ToString()); DEBUG_OUT("request =\n" + (request != null ? request.ToString() : "<null>")); DEBUG_OUT("awarded =\n" + (request != null ? grant.Intersect(request).ToString() : grant.ToString())); } #endif try { if (request != null) { grant.InplaceIntersect(request); } } catch (Exception) { } #if _DEBUG if (debug) { DEBUG_OUT("granted after intersect w/ request =\n" + grant.ToString()); } #endif // Each piece of evidence can possibly create an identity permission that we // need to add to our grant set. Therefore, for all pieces of evidence that // implement the IIdentityPermissionFactory interface, ask it for its // adjoining identity permission and add it to the grant. IEnumerator enumerator = evidence.GetHostEnumerator(); while (enumerator.MoveNext()) { try { Object obj = enumerator.Current; IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory; if (factory != null) { IPermission perm = factory.CreateIdentityPermission(evidence); if (perm != null) { grant.AddPermission(perm); } } } catch (Exception) { } } #if _DEBUG if (debug) { DEBUG_OUT("awarded with identity =\n" + grant.ToString()); } #endif return(grant); }
[System.Security.SecurityCritical] // auto-generated static private PermissionSet ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, out PermissionSet denied, bool checkExecutionPermission) { Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled); if (executionSecurityPermission == null) { executionSecurityPermission = new SecurityPermission(SecurityPermissionFlag.Execution); } PermissionSet requested = null; PermissionSet optional; PermissionSet allowed; Exception savedException = null; // We don't want to recurse back into here as a result of a // stackwalk during resolution. So simply assert full trust (this // implies that custom permissions cannot use any permissions that // don't implement IUnrestrictedPermission. // PermissionSet.s_fullTrust.Assert(); // The requested set is the union of the minimal request and the // optional request. Minimal request defaults to empty, optional // is "AllPossible" (includes any permission that can be defined) // which is symbolized by null. optional = optPset; if (reqdPset == null) { requested = optional; } else { // If optional is null, the requested set becomes null/"AllPossible". requested = optional == null ? null : reqdPset.Union(optional); } // Make sure that the right to execute is requested (if this feature is // enabled). if (requested != null && !requested.IsUnrestricted()) { requested.AddPermission(executionSecurityPermission); } // If we aren't passed any evidence, just make an empty object if (evidence == null) { evidence = new Evidence(); } allowed = polmgr.Resolve(evidence); // Intersect the grant with the RequestOptional if (requested != null) { allowed.InplaceIntersect(requested); } // Check that we were granted the right to execute. if (checkExecutionPermission) { if (!allowed.Contains(executionSecurityPermission) || (denyPset != null && denyPset.Contains(executionSecurityPermission))) { throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"), System.__HResults.CORSEC_E_NO_EXEC_PERM, savedException); } } // Check that we were granted at least the minimal set we asked for. Do // this before pruning away any overlap with the refused set so that // users have the flexability of defining minimal permissions that are // only expressable as set differences (e.g. allow access to "C:\" but // disallow "C:\Windows"). if (reqdPset != null && !reqdPset.IsSubsetOf(allowed)) { BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "Evaluating assembly level declarative security without legacy CAS policy enabled"); throw new PolicyException(Environment.GetResourceString("Policy_NoRequiredPermission"), System.__HResults.CORSEC_E_MIN_GRANT_FAIL, savedException); } // Remove any granted permissions that are safe subsets of some denied // permission. The remaining denied permissions (if any) are returned // along with the modified grant set for use in checks. if (denyPset != null) { BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "Evaluating assembly level declarative security without legacy CAS policy enabled"); denied = denyPset.Copy(); allowed.MergeDeniedSet(denied); if (denied.IsEmpty()) { denied = null; } } else { denied = null; } allowed.IgnoreTypeLoadFailures = true; return(allowed); }
internal static QuickCacheEntryType GenerateQuickCache(PolicyLevel level) { QuickCacheEntryType[] ExecutionMap = new QuickCacheEntryType[] { QuickCacheEntryType.ExecutionZoneMyComputer, QuickCacheEntryType.ExecutionZoneIntranet, QuickCacheEntryType.ExecutionZoneInternet, QuickCacheEntryType.ExecutionZoneTrusted, QuickCacheEntryType.ExecutionZoneUntrusted }; QuickCacheEntryType[] UnmanagedMap = new QuickCacheEntryType[] { QuickCacheEntryType.UnmanagedZoneMyComputer, QuickCacheEntryType.UnmanagedZoneIntranet, QuickCacheEntryType.UnmanagedZoneInternet, QuickCacheEntryType.UnmanagedZoneTrusted, QuickCacheEntryType.UnmanagedZoneUntrusted }; QuickCacheEntryType[] RequestSkipVerificationMap = new QuickCacheEntryType[] { QuickCacheEntryType.RequestSkipVerificationZoneMyComputer, QuickCacheEntryType.RequestSkipVerificationZoneIntranet, QuickCacheEntryType.RequestSkipVerificationZoneInternet, QuickCacheEntryType.RequestSkipVerificationZoneTrusted, QuickCacheEntryType.RequestSkipVerificationZoneUntrusted }; QuickCacheEntryType[] SkipVerificationMap = new QuickCacheEntryType[] { QuickCacheEntryType.SkipVerificationZoneMyComputer, QuickCacheEntryType.SkipVerificationZoneIntranet, QuickCacheEntryType.SkipVerificationZoneInternet, QuickCacheEntryType.SkipVerificationZoneTrusted, QuickCacheEntryType.SkipVerificationZoneUntrusted }; QuickCacheEntryType[] FullTrustMap = new QuickCacheEntryType[] { QuickCacheEntryType.FullTrustZoneMyComputer, QuickCacheEntryType.FullTrustZoneIntranet, QuickCacheEntryType.FullTrustZoneInternet, QuickCacheEntryType.FullTrustZoneTrusted, QuickCacheEntryType.FullTrustZoneUntrusted }; QuickCacheEntryType accumulator = (QuickCacheEntryType)0; SecurityPermission execPerm = new SecurityPermission(SecurityPermissionFlag.Execution); SecurityPermission unmanagedPerm = new SecurityPermission(SecurityPermissionFlag.UnmanagedCode); SecurityPermission skipVerifPerm = new SecurityPermission(SecurityPermissionFlag.SkipVerification); Evidence noEvidence = new Evidence(); PermissionSet policy = null; try { policy = level.Resolve(noEvidence).PermissionSet; if (policy.Contains(execPerm)) { accumulator |= QuickCacheEntryType.ExecutionAll; } if (policy.Contains(unmanagedPerm)) { accumulator |= QuickCacheEntryType.UnmanagedAll; } if (policy.Contains(skipVerifPerm)) { accumulator |= QuickCacheEntryType.SkipVerificationAll; } if (policy.IsUnrestricted()) { accumulator |= QuickCacheEntryType.FullTrustAll; } } catch (PolicyException) { } PermissionSet permSet = new PermissionSet(PermissionState.None); permSet.AddPermission(skipVerifPerm); PermissionRequestEvidence permRequest = new PermissionRequestEvidence(permSet, null, null); try { noEvidence.AddHost(permRequest); policy = level.Resolve(noEvidence).PermissionSet; if (policy.Contains(skipVerifPerm)) { accumulator |= QuickCacheEntryType.RequestSkipVerificationAll; } } catch (PolicyException) { } Array zones = Enum.GetValues(typeof(SecurityZone)); for (int i = 0; i < zones.Length; ++i) { if (((SecurityZone)zones.GetValue(i)) == SecurityZone.NoZone) { continue; } Evidence zoneEvidence = new Evidence(); zoneEvidence.AddHost(new Zone((SecurityZone)zones.GetValue(i))); PermissionSet zonePolicy = null; try { zonePolicy = level.Resolve(zoneEvidence).PermissionSet; if (zonePolicy.Contains(execPerm)) { accumulator |= ExecutionMap[i]; } if (zonePolicy.Contains(unmanagedPerm)) { accumulator |= UnmanagedMap[i]; } if (zonePolicy.Contains(skipVerifPerm)) { accumulator |= SkipVerificationMap[i]; } if (zonePolicy.IsUnrestricted()) { accumulator |= FullTrustMap[i]; } } catch (PolicyException) { } zoneEvidence.AddHost(permRequest); try { zonePolicy = level.Resolve(zoneEvidence).PermissionSet; if (zonePolicy.Contains(skipVerifPerm)) { accumulator |= RequestSkipVerificationMap[i]; } } catch (PolicyException) { } } return(accumulator); }
public static AppDomain GetMediumTrustDomain() { if (mediumTrustDomain == null) { var setup = new AppDomainSetup { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory }; var permissions = new System.Security.PermissionSet(null); // MEDIUM TRUST PERMISSION SET: //<IPermission // class="DnsPermission" // version="1" // Unrestricted="true" // /> permissions.AddPermission(new System.Net.DnsPermission(System.Security.Permissions.PermissionState.Unrestricted)); //<IPermission // class="EnvironmentPermission" // version="1" // Read="TEMP;TMP;USERNAME;OS;COMPUTERNAME" // /> permissions.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "TEMP;TMP;USERNAME;OS;COMPUTERNAME")); //<IPermission // class="FileIOPermission" // version="1" // Read="$AppDir$" // Write="$AppDir$" // Append="$AppDir$" // PathDiscovery="$AppDir$" // /> string appDir = Directory.GetCurrentDirectory(); permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, appDir)); permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.Write, appDir)); permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.Append, appDir)); permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, appDir)); //<IPermission // class="IsolatedStorageFilePermission" // version="1" // Allowed="AssemblyIsolationByUser" // UserQuota="9223372036854775807" // /> permissions.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted) { UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser, UserQuota = 9223372036854775807 }); //<IPermission // class="PrintingPermission" // version="1" // Level="DefaultPrinting" // /> // DEVNOTE(pqian): System.Drawing.Printing.PrintingPermission - not astoria related //<IPermission // class="SecurityPermission" // version="1" // Flags="Execution, ControlThread, ControlPrincipal, RemotingConfiguration" ///> permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlThread | SecurityPermissionFlag.ControlPrincipal | SecurityPermissionFlag.RemotingConfiguration | SecurityPermissionFlag.SerializationFormatter)); //<IPermission // class="SmtpPermission" // version="1" // Access="Connect" // /> permissions.AddPermission(new System.Net.Mail.SmtpPermission(System.Net.Mail.SmtpAccess.Connect)); //<IPermission // class="SqlClientPermission" // version="1" // Unrestricted="true" ///> permissions.AddPermission(new System.Data.SqlClient.SqlClientPermission(PermissionState.Unrestricted)); //<IPermission // class="TypeDescriptorPermission" // version="1" // Unrestricted="true" // /> permissions.AddPermission(new TypeDescriptorPermission(PermissionState.Unrestricted)); //<IPermission // class="WebPermission" // version="1" // Unrestricted="true" // /> permissions.AddPermission(new System.Net.WebPermission(PermissionState.Unrestricted)); //<IPermission // class="ReflectionPermission" // version="1" // Flags="RestrictedMemberAccess"/> permissions.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess)); mediumTrustDomain = AppDomain.CreateDomain("Partial Trust AppDomain: " + DateTime.Now.Ticks, null, setup, permissions); } return(mediumTrustDomain); }
protected internal override System.Security.PermissionSet CreatePermissionSet() { System.Security.PermissionSet permissionSet = new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None); permissionSet.AddPermission(new SqlClientPermission(this)); return(permissionSet); }