Re: Sandboxing AppDomain
From: Nicole Calinoiu (calinoiu)
Date: 08/18/05
- Next message: Nicole Calinoiu: "Re: Does preJIT protect the assemblies?"
- Previous message: Nikolai Evseev: "Re: Can't determine if a file exists"
- In reply to: krsgoss_at_gmail.com: "Sandboxing AppDomain"
- Next in thread: kris: "Re: Sandboxing AppDomain"
- Reply: kris: "Re: Sandboxing AppDomain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Aug 2005 09:28:45 -0400
Unfortunately, I can't seem to reproduce the problem. Might you be able to
provide sample code for both the target method and its invocation?
<krsgoss@gmail.com> wrote in message
news:1124312040.984766.142870@g44g2000cwa.googlegroups.com...
>I am trying to load an untrusted assembly within a separate AppDomain
> so that I can restrict it's permissions. I based my AppDomain setup
> off some blog entries here:
>
> http://blogs.msdn.com/shawnfa/archive/2004/11/02/251239.aspx
> http://blogs.msdn.com/shawnfa/archive/2004/11/08/253971.aspx
>
> The code to create the AppDomain is below. I'm mimicing the internet
> zone permission set in my test application for now. I would like to
> use a custom permission set so that I have fine-grained control over
> the sandbox security. If I call a method on the plugin implementation
> which displays a message box, I get the following error:
>
> System.Security.Policy.PolicyException: Required permissions cannot be
> acquired.
>
> If change the implementation below to instead initialize and use a
> NamedPermissionSet with the "Internet" zone specified in the
> constructor, the plugin works as expected. I do not understand why the
> same permissions being created manually fails vs. the named permission
> set.
>
> Any help is appreciated.
>
> Thanks,
>
> Kris
>
>
> public AppDomain CreateAppDomain()
> {
> PolicyStatement emptyPolicy = new PolicyStatement(new
> PermissionSet(PermissionState.None));
> UnionCodeGroup policyRoot = new UnionCodeGroup(new
> AllMembershipCondition(), emptyPolicy);
>
> // now grant permissions explicitly for the sandbox
> PermissionSet permissionSet = new
> PermissionSet(PermissionState.None);
> permissionSet.AddPermission(new
> SecurityPermission(SecurityPermissionFlag.Execution));
> permissionSet.AddPermission(new
> UIPermission(UIPermissionWindow.SafeTopLevelWindows,
> UIPermissionClipboard.OwnClipboard));
> permissionSet.AddPermission(new
> PrintingPermission(PrintingPermissionLevel.SafePrinting));
> permissionSet.AddPermission(new
> FileDialogPermission(FileDialogPermissionAccess.Open));
>
> PolicyStatement permissions = new PolicyStatement(permissionSet);
> policyRoot.AddChild(new UnionCodeGroup(new AllMembershipCondition(),
> permissions));
>
> // create a policy level for the policy tree
> PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel();
> appDomainLevel.RootCodeGroup = policyRoot;
>
> // create the AppDomain which lives under this policy
> AppDomain result = AppDomain.CreateDomain("Plugin-Sandbox");
> result.SetAppDomainPolicy(appDomainLevel);
> return result;
> }
>
- Next message: Nicole Calinoiu: "Re: Does preJIT protect the assemblies?"
- Previous message: Nikolai Evseev: "Re: Can't determine if a file exists"
- In reply to: krsgoss_at_gmail.com: "Sandboxing AppDomain"
- Next in thread: kris: "Re: Sandboxing AppDomain"
- Reply: kris: "Re: Sandboxing AppDomain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
