本文整理汇总了C#中PermissionSet.AddPermission方法的典型用法代码示例。如果您正苦于以下问题:C# PermissionSet.AddPermission方法的具体用法?C# PermissionSet.AddPermission怎么用?C# PermissionSet.AddPermission使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类PermissionSet
的用法示例。
在下文中一共展示了PermissionSet.AddPermission方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: Main
static void Main(String[] args) {
if (args.Length < 2) {
Console.WriteLine("Usage: sandbox <directory> <assembly> [allowed_files ...]");
return;
}
AppDomainSetup adSetup = new AppDomainSetup();
adSetup.ApplicationBase = Path.GetFullPath(args[0]);
PermissionSet permSet = new PermissionSet(PermissionState.None);
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
permSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess));
permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, Path.GetFullPath(args[1])));
for (int i = 2; i < args.Length; ++i)
permSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, args[i]));
StrongName fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();
AppDomain newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, fullTrustAssembly);
ObjectHandle handle = Activator.CreateInstanceFrom(
newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName,
typeof(Sandboxer).FullName
);
Sandboxer newDomainInstance = (Sandboxer) handle.Unwrap();
Environment.Exit(newDomainInstance.ExecuteUntrustedCode(Path.GetFullPath(args[1])));
}
示例2: Main
public static void Main()
{
var CreateSomeFile = CSScript.LoadMethod(
@"using System.IO;
public static void Test()
{
try
{
using (var f = File.Open(""somefile.txt"", FileMode.OpenOrCreate))
Console.WriteLine(""File.Open: success"");
}
catch (Exception e)
{
Console.WriteLine(e.GetType().ToString() + "": "" + e.Message);
}
}")
.GetStaticMethod();
var permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
CreateSomeFile(); //call will secceed as as the set of permisions is a default permissions set for this assembly
Sandbox.With(SecurityPermissionFlag.Execution) //call will fail as the set of permissions is insufficient
.Execute(()=>CreateSomeFile());
CreateSomeFile(); //call will secceed as as the set of permisions set back to default
//this is a logical equivalent of Sandbox.With.Execute syntactic sugar
ExecuteInSandbox(permissionSet, //call will fail as the set of permissions is insufficient
()=>CreateSomeFile());
CreateSomeFile(); //call will secceed as as the set of permisions set back to default
}
示例3: Main
public static void Main()
{
//创建文件 IO 读取权限
FileIOPermission FileIOReadPermission = new FileIOPermission(PermissionState.None);
FileIOReadPermission.AllLocalFiles = FileIOPermissionAccess.Read;
//创建基本权限集
PermissionSet BasePermissionSet = new PermissionSet(PermissionState.None); // PermissionState.Unrestricted 用于完全信任
BasePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
PermissionSet grantset = BasePermissionSet.Copy();
grantset.AddPermission(FileIOReadPermission);
//编写示例源文件以读取
System.IO.File.WriteAllText("TEST.TXT", "File Content");
//-------- 完全信任地调用方法 --------
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
ReadFileMethod();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
//-------- 创建具有文件 IO 读取权限的 AppDomain --------
AppDomain sandbox = AppDomain.CreateDomain("Sandboxed AppDomain With FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset, null);
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
sandbox.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
//-------- 创建没有文件 IO 读取权限的 AppDomain --------
//应当引发安全异常
PermissionSet grantset2 = BasePermissionSet.Copy();
AppDomain sandbox2 = AppDomain.CreateDomain("Sandboxed AppDomain Without FileIO.Read permission", AppDomain.CurrentDomain.Evidence, AppDomain.CurrentDomain.SetupInformation, grantset2, null);
try
{
Console.WriteLine("App Domain Name: " + AppDomain.CurrentDomain.FriendlyName);
sandbox2.DoCallBack(new CrossAppDomainDelegate(ReadFileMethod));
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.WriteLine("");
Console.WriteLine("Press any key to end.");
Console.ReadKey();
}
示例4: SecurityExample
private static void SecurityExample() {
ProxyType highSecurityObject = new ProxyType();
highSecurityObject.AttemptAccess("High"); // Works OK
PermissionSet grantSet = new PermissionSet(PermissionState.None);
grantSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
AppDomain lowSecurityAppDomain = AppDomain.CreateDomain("LowSecurity", null, new AppDomainSetup() { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory }, grantSet, null);
ProxyType lowSecurityObject = (ProxyType)lowSecurityAppDomain.CreateInstanceAndUnwrap(typeof(ProxyType).Assembly.ToString(), typeof(ProxyType).FullName);
lowSecurityObject.DoSomething(highSecurityObject);
Console.ReadLine();
}
示例5: Main
public static void Main(string[] args)
{
try
{
// Create a new, empty permission set so we don't mistakenly grant some permission we don't want
PermissionSet permissionSet = new PermissionSet(PermissionState.None);
// Set the permissions that you will allow, in this case we only want to allow execution of code
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
// Make sure we have the permissions currently
permissionSet.Demand();
// Create the security policy level for this application domain
PolicyLevel policyLevel = PolicyLevel.CreateAppDomainLevel();
// Give the policy level's root code group a new policy statement based on the new permission set.
policyLevel.RootCodeGroup.PolicyStatement = new PolicyStatement(permissionSet);
CSScript.GlobalSettings.AddSearchDir(Environment.CurrentDirectory);
File.Copy("Danger.cs", "Danger1.cs", true);
var script = new AsmHelper(CSScript.Load("Danger.cs"));
// Update the application domain's policy now
AppDomain.CurrentDomain.SetAppDomainPolicy(policyLevel);
var script1 = new AsmHelper(CSScript.Load("Danger1.cs"));
Console.WriteLine();
Console.WriteLine("Access local file from host application assembly...");
using (FileStream f = File.Open("somefile.txt", FileMode.OpenOrCreate)) //OK because executing assembly was loaded before the new policy set
Console.WriteLine(" Ok");
Console.WriteLine();
Console.WriteLine("Access local file from Script assembly (before security policy set)...");
script.Invoke("*.SayHello"); //OK because executing assembly was loaded before the new policy set
Console.WriteLine();
Console.WriteLine("Access local file from Script assembly (after security policy set)...\n");
script1.Invoke("*.SayHello"); //ERROR because executing assembly was loaded after the new policy set
Console.WriteLine("The end...");
}
catch (Exception e)
{
Console.WriteLine();
Console.WriteLine(e.Message);
Console.WriteLine();
}
}
示例6: Main
static public int Main (string[] args)
{
object[] attrs = Assembly.GetExecutingAssembly ().GetCustomAttributes (false);
for (int i = 0; i < attrs.Length; i++) {
if (attrs [i] is PermissionSetAttribute) {
PermissionSetAttribute psa = (attrs [i] as PermissionSetAttribute);
Console.WriteLine ("{0} - {1}", psa.Action, psa.CreatePermissionSet ());
} else if (attrs [i] is SecurityAttribute) {
SecurityAttribute sa = (attrs [i] as SecurityAttribute);
IPermission p = sa.CreatePermission ();
PermissionSet ps = new PermissionSet (PermissionState.None);
ps.AddPermission (p);
Console.WriteLine ("{0} - {1}", sa.Action, ps);
} else {
Console.WriteLine (attrs [i]);
}
}
return 0;
}
示例7: hasWriteAccessToFolder
private bool hasWriteAccessToFolder(string folderPath)
{
try
{
var permission = new FileIOPermission(FileIOPermissionAccess.Write, folderPath);
var permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(permission);
if (permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet))
{
return true;
}
else
{
return false;
}
}
catch (UnauthorizedAccessException)
{
return false;
}
}
示例8: CheckEvidence
// Demonstrate the use of ResolvePolicy.
private static void CheckEvidence(Evidence evidence)
{
// Display the code groups to which the evidence belongs.
Console.WriteLine("ResolvePolicy for the given evidence.");
Console.WriteLine("Current evidence belongs to the following code groups:");
IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();
while(policyEnumerator.MoveNext())
{
PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current;
CodeGroup cg1 = currentLevel.ResolveMatchingCodeGroups(evidence);
Console.WriteLine(currentLevel.Label + " Level" );
Console.WriteLine("\tCodeGroup = " + cg1.Name);
Console.WriteLine("StoreLocation = " + currentLevel.StoreLocation);
IEnumerator cgE1 = cg1.Children.GetEnumerator();
while(cgE1.MoveNext())
{
Console.WriteLine("\t\tGroup = " + ((CodeGroup)cgE1.Current).Name);
}
}
// Show how ResolvePolicy is used to determine the set of permissions that would be granted
// by the security system to code, based on the evidence and the permission sets requested.
// The permission sets require Execute permission; allow optional Read access permission
// to C:\temp; and deny the code permission to control security policy.
Console.WriteLine("\nCreate permission sets requiring Execute permission, requesting optional " +
"\nRead permission for 'C:\\temp', and dening permission to control policy.");
PermissionSet requiredSet = new PermissionSet(PermissionState.None);
requiredSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
PermissionSet optionalSet = new PermissionSet(PermissionState.None);
optionalSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, new string[] { @"c:\temp" }));
PermissionSet deniedSet = new PermissionSet(PermissionState.None);
deniedSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlPolicy));
// Show the granted permissions.
Console.WriteLine("\nCurrent permissions granted:");
PermissionSet permsDenied = null;
foreach(IPermission perm in SecurityManager.ResolvePolicy(evidence, requiredSet, optionalSet, deniedSet, out permsDenied))
Console.WriteLine(perm.ToXml().ToString());
// Show the denied permissions.
Console.WriteLine("Current permissions denied:");
foreach(IPermission perm in permsDenied)
Console.WriteLine(perm.ToXml().ToString());
return;
}
示例9: Build
public bool Build (X509Certificate2 certificate) {
lock (m_syncRoot) {
if (certificate == null || certificate.CertContext.IsInvalid)
throw new ArgumentException(SR.GetString(SR.Cryptography_InvalidContextHandle), "certificate");
// Chain building opens and enumerates the root store to see if the root of the chain is trusted.
StorePermission sp = new StorePermission(StorePermissionFlags.OpenStore | StorePermissionFlags.EnumerateCertificates);
sp.Demand();
X509ChainPolicy chainPolicy = this.ChainPolicy;
if (chainPolicy.RevocationMode == X509RevocationMode.Online) {
if (certificate.Extensions[CAPI.szOID_CRL_DIST_POINTS] != null ||
certificate.Extensions[CAPI.szOID_AUTHORITY_INFO_ACCESS] != null) {
// If there is a CDP or AIA extension, we demand unrestricted network access and store add permission
// since CAPI can download certificates into the CA store from the network.
PermissionSet ps = new PermissionSet(PermissionState.None);
ps.AddPermission(new WebPermission(PermissionState.Unrestricted));
ps.AddPermission(new StorePermission(StorePermissionFlags.AddToStore));
ps.Demand();
}
}
Reset();
int hr = BuildChain(m_useMachineContext ? new IntPtr(CAPI.HCCE_LOCAL_MACHINE) : new IntPtr(CAPI.HCCE_CURRENT_USER),
certificate.CertContext,
chainPolicy.ExtraStore,
chainPolicy.ApplicationPolicy,
chainPolicy.CertificatePolicy,
chainPolicy.RevocationMode,
chainPolicy.RevocationFlag,
chainPolicy.VerificationTime,
chainPolicy.UrlRetrievalTimeout,
ref m_safeCertChainHandle);
if (hr != CAPI.S_OK)
return false;
// Init.
Init();
// Verify the chain using the specified policy.
CAPI.CERT_CHAIN_POLICY_PARA PolicyPara = new CAPI.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_PARA)));
CAPI.CERT_CHAIN_POLICY_STATUS PolicyStatus = new CAPI.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPI.CERT_CHAIN_POLICY_STATUS)));
PolicyPara.dwFlags = (uint) chainPolicy.VerificationFlags;
if (!CAPI.CertVerifyCertificateChainPolicy(new IntPtr(CAPI.CERT_CHAIN_POLICY_BASE),
m_safeCertChainHandle,
ref PolicyPara,
ref PolicyStatus))
// The API failed.
throw new CryptographicException(Marshal.GetLastWin32Error());
CAPI.SetLastError(PolicyStatus.dwError);
return (PolicyStatus.dwError == 0);
}
}
示例10: MakePolicy
// Make a policy from host and scheme information.
private static PolicyStatement MakePolicy(String scheme, String host)
{
#if CONFIG_REFLECTION
// Create the uri corresponding to the parameters.
if(host != null)
{
host = host.Replace(".", "\\.");
}
else
{
host = ".*";
}
String uri;
if(scheme != null && String.Compare(scheme, "http", true) == 0)
{
uri = "(http|https)://" + host + "/.*";
}
else if(scheme != null)
{
uri = scheme + "://" + host + "/.*";
}
else
{
uri = ".*://" + host + "/.*";
}
// We need to create an instance of "System.Net.WebPermission",
// but that class does not exist in this assembly. So, we
// have to create it in a somewhat round-about fashion.
Assembly system = Assembly.Load("System");
Type webPermType = system.GetType
("System.Net.WebPermission", true, false);
Object webPerm = Activator.CreateInstance(webPermType);
Type networkAccessType = system.GetType
("System.Net.NetworkAccess", true, false);
Object networkAccess = Enum.ToObject
(networkAccessType, 0x0040 /* Connect */);
Type regexType = system.GetType
("System.Text.RegularExpressions.Regex", true, false);
Object regex = Activator.CreateInstance
(regexType, new Object[] {uri});
webPermType.InvokeMember("AddPermission",
BindingFlags.InvokeMethod |
BindingFlags.Public |
BindingFlags.Instance, null,
webPerm,
new Object[] {networkAccess, regex});
// Create a permission set holding the web permission.
PermissionSet permSet = new PermissionSet
(PermissionState.None);
permSet.AddPermission(webPerm as IPermission);
// Return the final policy statement, from the permission set.
return new PolicyStatement(permSet);
#else
return null;
#endif
}
示例11: MakePolicy
// Make a policy from url information.
private PolicyStatement MakePolicy(UrlParser url)
{
if(String.Compare(url.Scheme, "file", true) != 0)
{
return null;
}
PermissionSet permSet = new PermissionSet
(PermissionState.None);
permSet.AddPermission(new FileIOPermission(access, url.Rest));
return new PolicyStatement
(permSet, PolicyStatementAttribute.Nothing);
}