本文整理汇总了C#中System.Security.PermissionSet.AddPermission方法的典型用法代码示例。如果您正苦于以下问题:C# PermissionSet.AddPermission方法的具体用法?C# PermissionSet.AddPermission怎么用?C# PermissionSet.AddPermission使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类System.Security.PermissionSet的用法示例。
在下文中一共展示了PermissionSet.AddPermission方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: Main
static void Main(string[] args)
{
// Pfad, muss absolut sein für FileIOPermission
string path = @"C:\Users\philipp\Dropbox\Dokumente\Schule\PR\src\dot-net-security-and-encryption\AppDomainTest\Evil\bin\Debug";
// PermissionSet ohne Berechtigungen Erstellen
PermissionSet set = new PermissionSet(PermissionState.None);
// Berechtigen zum Ausführen des Programmes hinzufügen
set.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
// Berechtigungen zum Lesen des Pfades hinzufügen
set.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read |
FileIOPermissionAccess.PathDiscovery,
path));
// Info, wird benötigt um Domain zu erstellen
var info = new AppDomainSetup { ApplicationBase = path };
// Erstellen der Domain
AppDomain domain = AppDomain.CreateDomain("Sandbox", null, info, set, null);
// Laden der Instance
Example evil = (Example) domain.CreateInstanceFromAndUnwrap(path + @"\Evil.dll", "Evil.Example");
// Ausführen der (bösen) Methode
evil.DoSomethingEvil();
Console.ReadKey();
}示例2: CreateAnalyzerDomain
private AppDomain CreateAnalyzerDomain()
{
AppDomainSetup ads = new AppDomainSetup();
AppDomain result;
PermissionSet perms;
ads.ApplicationBase = Environment.CurrentDirectory;
ads.ShadowCopyDirectories = "shadow";
ads.ShadowCopyFiles = "shadow";
ads.DisallowCodeDownload = true;
perms = new PermissionSet(PermissionState.None);
FileIOPermission fiop = new FileIOPermission(PermissionState.Unrestricted);
perms.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
perms.AddPermission(new SecurityPermission(SecurityPermissionFlag.AllFlags));
fiop.AddPathList(FileIOPermissionAccess.PathDiscovery, Environment.CurrentDirectory);
fiop.AddPathList(FileIOPermissionAccess.Read, Environment.CurrentDirectory);
fiop.AddPathList(FileIOPermissionAccess.PathDiscovery, Environment.CurrentDirectory + "Extensions\\");
fiop.AddPathList(FileIOPermissionAccess.Read, Environment.CurrentDirectory + "Extensions\\");
//fiop.AllLocalFiles = FileIOPermissionAccess.AllAccess
//fiop.AllFiles = FileIOPermissionAccess.AllAccess
perms.AddPermission(fiop);
perms.AddPermission(new UIPermission(UIPermissionWindow.AllWindows, UIPermissionClipboard.OwnClipboard));
perms.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
PolicyLevel policy = PolicyLevel.CreateAppDomainLevel();
policy.RootCodeGroup.PolicyStatement = new PolicyStatement(perms);
// create the Domain
result = AppDomain.CreateDomain("analyzer", null, ads);
result.SetAppDomainPolicy(policy);
return result;
}示例3: Open
public void Open()
{
if(State != CommunicationState.Created)
{
return;
}
try
{
Opening(this,EventArgs.Empty);
//Permission required to read the providers application name and access config
PermissionSet permissions = new PermissionSet(PermissionState.None);
permissions.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Minimal));
permissions.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
permissions.Assert();
m_ServiceHostActivator.MembershipApplicationName = Membership.ApplicationName;
if(Roles.Enabled)
{
m_ServiceHostActivator.RolesApplicationName = Roles.ApplicationName;
}
PermissionSet.RevertAssert();
m_ServiceHostActivator.Open();
State = CommunicationState.Opened;
Opened(this,EventArgs.Empty);
}
catch
{
State = CommunicationState.Faulted;
}
}示例4: CreateRestrictedDomain
private static AppDomain CreateRestrictedDomain(string domainName)
{
// Default to all code getting nothing
PolicyStatement emptyPolicy = new PolicyStatement(new PermissionSet(PermissionState.None));
UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), emptyPolicy);
// Grant all code the named permission set for the test
PermissionSet partialTrustPermissionSet = new PermissionSet(PermissionState.None);
partialTrustPermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.AllFlags));
partialTrustPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy));
PolicyStatement permissions = new PolicyStatement(partialTrustPermissionSet);
policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(), permissions));
// Create an AppDomain policy level for the policy tree
PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel();
appDomainLevel.RootCodeGroup = policyRoot;
// Set the Application Base correctly in order to find the test assembly
AppDomainSetup ads = new AppDomainSetup();
ads.ApplicationBase = Environment.CurrentDirectory;
AppDomain restrictedDomain = AppDomain.CreateDomain(domainName, null, ads);
restrictedDomain.SetAppDomainPolicy(appDomainLevel);
return restrictedDomain;
}示例5: CreateSandbox
public static PluginHost CreateSandbox(string applicationBasePath)
{
var rand = Path.GetRandomFileName();
var setup = new AppDomainSetup()
{
ApplicationBase = applicationBasePath,
ApplicationName = rand,
ConfigurationFile = "", // DO not set to empty string if we want to use the conf file from this domain
DisallowBindingRedirects = true,
DisallowCodeDownload = true,
DisallowPublisherPolicy = true
};
var permissions = new PermissionSet(PermissionState.None);
permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
permissions.AddPermission(
new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.AllAccess,
applicationBasePath));
// If we want to enable NLog (for example) to read our configuration file
permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery,
@"C:\Dev\POC\Krang\src\Krang.App\bin\Debug\Krang.App.vshost.exe.Config"));
var domain = AppDomain.CreateDomain(rand, null, setup, permissions,
typeof(PluginHost).Assembly.Evidence.GetHostEvidence<StrongName>(),
typeof(Plugin).Assembly.Evidence.GetHostEvidence<StrongName>());
return (PluginHost)Activator.CreateInstanceFrom(domain, typeof(PluginHost).Assembly.ManifestModule.FullyQualifiedName, typeof(PluginHost).FullName).Unwrap();
}示例6: Build
public bool Build(X509Certificate2 certificate)
{
lock (this.m_syncRoot)
{
if ((certificate == null) || certificate.CertContext.IsInvalid)
{
throw new ArgumentException(SR.GetString("Cryptography_InvalidContextHandle"), "certificate");
}
new StorePermission(StorePermissionFlags.EnumerateCertificates | StorePermissionFlags.OpenStore).Demand();
X509ChainPolicy chainPolicy = this.ChainPolicy;
if ((chainPolicy.RevocationMode == X509RevocationMode.Online) && ((certificate.Extensions["2.5.29.31"] != null) || (certificate.Extensions["1.3.6.1.5.5.7.1.1"] != null)))
{
PermissionSet set = new PermissionSet(PermissionState.None);
set.AddPermission(new WebPermission(PermissionState.Unrestricted));
set.AddPermission(new StorePermission(StorePermissionFlags.AddToStore));
set.Demand();
}
this.Reset();
if (BuildChain(this.m_useMachineContext ? new IntPtr(1L) : new IntPtr(0L), certificate.CertContext, chainPolicy.ExtraStore, chainPolicy.ApplicationPolicy, chainPolicy.CertificatePolicy, chainPolicy.RevocationMode, chainPolicy.RevocationFlag, chainPolicy.VerificationTime, chainPolicy.UrlRetrievalTimeout, ref this.m_safeCertChainHandle) != 0)
{
return false;
}
this.Init();
CAPIBase.CERT_CHAIN_POLICY_PARA pPolicyPara = new CAPIBase.CERT_CHAIN_POLICY_PARA(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_PARA)));
CAPIBase.CERT_CHAIN_POLICY_STATUS pPolicyStatus = new CAPIBase.CERT_CHAIN_POLICY_STATUS(Marshal.SizeOf(typeof(CAPIBase.CERT_CHAIN_POLICY_STATUS)));
pPolicyPara.dwFlags = (uint) chainPolicy.VerificationFlags;
if (!CAPISafe.CertVerifyCertificateChainPolicy(new IntPtr(1L), this.m_safeCertChainHandle, ref pPolicyPara, ref pPolicyStatus))
{
throw new CryptographicException(Marshal.GetLastWin32Error());
}
CAPISafe.SetLastError(pPolicyStatus.dwError);
return (pPolicyStatus.dwError == 0);
}
}示例7: CreateSandboxDomain
private static AppDomain CreateSandboxDomain()
{
// Normally from a security perspective we'd put the sandboxed app in its own
// base directory, but to make things easier (so we don't have to copy the NUnit
// assembly, etc.) we'll just mirror the current test domain settings.
var info = new AppDomainSetup
{
ApplicationBase = AppDomain.CurrentDomain.BaseDirectory,
PrivateBinPath = AppDomain.CurrentDomain.RelativeSearchPath
};
// Grant set is the same set of permissions as ASP.NET medium trust EXCEPT
// it excludes the FileIOPermission, IsolatedStorageFilePermission, and PrintingPermission.
var grantSet = new PermissionSet(null);
grantSet.AddPermission(new AspNetHostingPermission(AspNetHostingPermissionLevel.Medium));
grantSet.AddPermission(new DnsPermission(PermissionState.Unrestricted));
grantSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "TEMP;TMP;USERNAME;OS;COMPUTERNAME"));
grantSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlThread | SecurityPermissionFlag.ControlPrincipal | SecurityPermissionFlag.RemotingConfiguration));
grantSet.AddPermission(new SmtpPermission(SmtpAccess.Connect));
grantSet.AddPermission(new SqlClientPermission(PermissionState.Unrestricted));
grantSet.AddPermission(new TypeDescriptorPermission(PermissionState.Unrestricted));
grantSet.AddPermission(new WebPermission(PermissionState.Unrestricted));
grantSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess));
return AppDomain.CreateDomain("Sandbox", null, info, grantSet);
}示例8: Init
/// <summary>
/// Initializes the permissions manager with the permissions required by an install script.
/// </summary>
internal static void Init()
{
permissions = new PermissionSet(PermissionState.None);
//do the following paths need to add to this?
// savesPath - fallout 3
var fipFilePermission = new FileIOPermission(FileIOPermissionAccess.AllAccess, new[]
{
Program.tmpPath,
Path.GetTempPath(),
Program.GameMode.InstallInfoDirectory,
Program.GameMode.PluginsPath
});
var lstPaths = new List<string>(Program.GameMode.SettingsFiles.Values);
lstPaths.AddRange(Program.GameMode.AdditionalPaths.Values);
fipFilePermission.AddPathList(FileIOPermissionAccess.AllAccess, lstPaths.ToArray());
fipFilePermission.AddPathList(FileIOPermissionAccess.Read, Environment.CurrentDirectory);
permissions.AddPermission(fipFilePermission);
permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));
permissions.AddPermission(new UIPermission(UIPermissionWindow.AllWindows));
// Not sure what permissions are needed for GetTempFileName() to work, so we add them all.
permissions.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted));
}示例9: XmlILModule
static XmlILModule() {
AssemblyName asmName;
AssemblyBuilder asmBldr;
CreateModulePermissionSet = new PermissionSet(PermissionState.None);
// CreateDelegate demands MemberAccess permission
CreateModulePermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.MemberAccess));
// DynamicMethod constructor demands ControlEvidence permissions.
// Emitting symbols in DefineDynamicModule (to allow to debug the stylesheet) requires UnmanagedCode permission.
CreateModulePermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.UnmanagedCode));
AssemblyId = 0;
// 1. LRE assembly only needs to execute
// 2. No temp files need be created
// 3. Never allow assembly to Assert permissions
asmName = CreateAssemblyName();
asmBldr = AppDomain.CurrentDomain.DefineDynamicAssembly(asmName, AssemblyBuilderAccess.Run);
try {
CreateModulePermissionSet.Assert();
// Add custom attribute to assembly marking it as security transparent so that Assert will not be allowed
// and link demands will be converted to full demands.
asmBldr.SetCustomAttribute(new CustomAttributeBuilder(XmlILConstructors.Transparent, new object[] {}));
// Store LREModule once. If multiple threads are doing this, then some threads might get different
// modules. This is OK, since it's not mandatory to share, just preferable.
LREModule = asmBldr.DefineDynamicModule("System.Xml.Xsl.CompiledQuery", false);
}
finally {
CodeAccessPermission.RevertAssert();
}
}示例10: Create_permission_set_for_sandbox_AppDomain
private static PermissionSet Create_permission_set_for_sandbox_AppDomain(string beitragspfad)
{
PermissionSet permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, beitragspfad));
return permissionSet;
}示例11: PermissionSet
public void GeneratedTypeForAdditionalInterfaceWithMethodsHavingSignaturesMatchingMethodsInTheBaseClassIsVerifiable()
{
PermissionSet grantSet = new PermissionSet(PermissionState.None);
grantSet.AddPermission(
new SecurityPermission(
SecurityPermissionFlag.Execution
| SecurityPermissionFlag.ControlEvidence
| SecurityPermissionFlag.ControlPolicy));
grantSet.AddPermission(
new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess
| ReflectionPermissionFlag.MemberAccess));
grantSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
AppDomain sandbox =
AppDomain.CreateDomain(
"sandbox",
AppDomain.CurrentDomain.Evidence,
new AppDomainSetup { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory },
grantSet);
sandbox.DoCallBack(() =>
{
InterceptingClassGenerator generator =
new InterceptingClassGenerator(typeof(MainType), typeof(IDoSomething), typeof(IDoSomethingToo));
Type generatedType = generator.GenerateType();
});
}示例12: GetDefaultScriptPermissionSet
public static PermissionSet GetDefaultScriptPermissionSet()
{
PermissionSet internalDefScriptPermSet = new PermissionSet(PermissionState.None);
internalDefScriptPermSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
internalDefScriptPermSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.MemberAccess));
return internalDefScriptPermSet;
}示例13: Create
public static PluginHost Create(string pluginId, IDictionary<string, object> config)
{
var currentDirectory = Directory.GetCurrentDirectory();
var setup = new AppDomainSetup
{
ApplicationBase = currentDirectory,
ApplicationName = pluginId,
ConfigurationFile = "", // DO not set to empty string if we want to use the conf file from this domain
DisallowBindingRedirects = true,
DisallowCodeDownload = true,
DisallowPublisherPolicy = true
};
var permissions = new PermissionSet(PermissionState.None);
if (config.ContainsKey("Permissions") && config["Permissions"] != null)
{
var securityElement = SecurityElement.FromString(config["Permissions"].ToString());
if (securityElement != null)
{
permissions.FromXml(securityElement);
}
}
permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence // To get nice exceptions with permission demands.
| SecurityPermissionFlag.ControlPolicy // See ^
| SecurityPermissionFlag.Execution // To allow the plugin to execute
));
// WCF hosting for JSONRPC
permissions.AddPermission(new WebPermission(NetworkAccess.Connect | NetworkAccess.Accept,
new Regex(@"http://localhost:31337/hadouken\.plugins.*")));
// Isolated storage
permissions.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
var ev = new Evidence(new EvidenceBase[] {new Url(config["Url"].ToString())}, null);
var fxAsm = Assembly.LoadFile(Path.Combine(currentDirectory, FxAssembly));
var domain = AppDomain.CreateDomain(pluginId, ev, setup, permissions,
typeof (PluginHost).Assembly.Evidence.GetHostEvidence<StrongName>(),
fxAsm.Evidence.GetHostEvidence<StrongName>());
return (PluginHost) Activator.CreateInstanceFrom(
domain,
typeof (PluginHost).Assembly.ManifestModule.FullyQualifiedName,
typeof (PluginHost).FullName,
false,
BindingFlags.Default,
null,
new object[] {pluginId, config},
null,
null).Unwrap();
}示例14: CreatePartialTrustDomain
public static AppDomain CreatePartialTrustDomain()
{
AppDomainSetup setup = new AppDomainSetup() { ApplicationBase = AppDomain.CurrentDomain.BaseDirectory, PrivateBinPath = AppDomain.CurrentDomain.RelativeSearchPath };
PermissionSet permissions = new PermissionSet(null);
permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
permissions.AddPermission(new DnsPermission(PermissionState.Unrestricted));
permissions.AddPermission(new SocketPermission(PermissionState.Unrestricted));
return AppDomain.CreateDomain("Partial Trust Sandbox", AppDomain.CurrentDomain.Evidence, setup, permissions);
}示例15: CreateSandbox
public static AppDomain CreateSandbox()
{
var setup = new AppDomainSetup { ApplicationBase = AppDomain.CurrentDomain.SetupInformation.ApplicationBase };
var permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.NoFlags));
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
permissionSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); // TODO: !!!
var appDomain = AppDomain.CreateDomain("Sandbox", null, setup, permissionSet);
return appDomain;
}