Hi,
I'm trying to create an AppDomain and use it to load an assembly with
reduced permissions (e.g. the "Internet" named permission set).
Unfortunately, the permissions seem to be reduced *too* much, and I
can't figure out which individual permissions I need to add back to make
this code work. It works fine if I use FullTrust instead of Internet,
but obviously that isn't safe.
I get these security errors from code running in the sandbox even when I
don't actually load the untrusted assembly. The Loader.Go() method below
is a very simple test case that fails - the method doesn't execute *at
all* if the call to ToInt32() is present. The interface IHoldsNum is
defined in another assembly (Snack.Runtime) which is referenced from my
program. The error doesn't occur if I replace IHoldsNum with an
interface defined inside my program.
The SecurityException has no useful information on it at all, so I can't
tell which permission is missing. As you can see in my Main method, I'm
adding just about every permission to the permission set (for testing),
but it doesn't help.
Here is the error I get:
==============================
Unhandled Exception: System.Security.SecurityException: Security error.
Server stack trace:
at SnackR.Loader.Go(Byte[] assembly)
at
System.Runtime.Remoting.Messaging.StackBuilderSink .PrivateProcessMessage(M
ethodBase mb, Object[] args, Object server, Int32 methodPtr, Boolean
fExecuteInC
ontext, Object[]& outArgs)
at
System.Runtime.Remoting.Messaging.StackBuilderSink .SyncProcessMessage(IMes
sage msg, Int32 methodPtr, Boolean fExecuteInContext)
Exception rethrown at [0]:
at
System.Runtime.Remoting.Proxies.RealProxy.HandleRe turnMessage(IMessage req
Msg, IMessage retMsg)
at
System.Runtime.Remoting.Proxies.RealProxy.PrivateI nvoke(MessageData& msgDa
ta, Int32 type)
at SnackR.Loader.Go(Byte[] assembly) in
i:\working\c#\snack\SnackR\SnackR.cs:
line 19
at SnackR.SnackR.Main(String[] args) in
i:\working\c#\snack\SnackR\SnackR.cs:
line 114
==============================
And here is my code:
==============================
internal class Loader : MarshalByRefObject
{
public void Go(byte[] assembly)
{
// IHoldsNum is defined in another assembly:
// interface IHoldsNum {
// int ToInt32();
// }
object o = new object();
IHoldsNum intf = (IHoldsNum) o;
// THIS NEXT LINE CAUSES
int s = intf.ToInt32();
}
}
class SnackR
{
[STAThread]
static void Main(string[] args)
{
string filename = System.IO.Path.GetFullPath(args[0]);
// the app runs with Internet permissions
PolicyLevel sandboxPolicy = PolicyLevel.CreateAppDomainLevel();
AllMembershipCondition allCodeMC = new AllMembershipCondition();
PermissionSet permSet = sandboxPolicy.GetNamedPermissionSet(
"Internet");
permSet.AddPermission(
new SecurityPermission(PermissionState.Unrestricted));
permSet.AddPermission(
new EnvironmentPermission(PermissionState.Unrestricted ));
permSet.AddPermission(
new FileDialogPermission(PermissionState.Unrestricted) );
permSet.AddPermission(
new FileIOPermission(PermissionState.Unrestricted));
permSet.AddPermission(
new IsolatedStorageFilePermission(PermissionState.Unre stricted));
permSet.AddPermission(
new ReflectionPermission(PermissionState.Unrestricted) );
permSet.AddPermission(
new RegistryPermission(PermissionState.Unrestricted));
permSet.AddPermission(
new UIPermission(PermissionState.Unrestricted));
PolicyStatement internetPolStmt = new PolicyStatement(permSet);
CodeGroup allCodeInternetCG =
new UnionCodeGroup(allCodeMC, internetPolStmt);
sandboxPolicy.RootCodeGroup = allCodeInternetCG;
AppDomain sandbox = AppDomain.CreateDomain("SnackSandbox");
sandbox.SetAppDomainPolicy(sandboxPolicy);
// create a loader in the sandbox
Loader ldr = (Loader) sandbox.CreateInstanceFromAndUnwrap(
Assembly.GetExecutingAssembly().Location,
typeof(Loader).FullName);
// load the assembly as an array and pass it to the loader
byte[] asm;
try {
asm = new byte[0];
ldr.Go(asm);
} catch (SecurityException se) {
throw;
}
}
}
==============================
Jesse
