Free cookie consent management tool by TermsFeed Policy Generator

source: branches/GP.Grammar.Editor/HeuristicLab.PluginInfrastructure/3.3/Sandboxing/SandboxManager.cs @ 6319

Last change on this file since 6319 was 6174, checked in by ascheibe, 14 years ago

#831

  • completed SandboxManager
  • added SandboxApplicationManager for Hive
  • DefaultApplicationManager is now a subclass of the SandboxApplicationManager
  • ApplicationManager now instantiates the LightweightApplicationManager only if it is accessed to avoid calling InitializeLifetimeService(..) in a sandbox
File size: 5.0 KB
Line 
1#region License Information
2/* HeuristicLab
3 * Copyright (C) 2002-2011 Heuristic and Evolutionary Algorithms Laboratory (HEAL)
4 *
5 * This file is part of HeuristicLab.
6 *
7 * HeuristicLab is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * HeuristicLab is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with HeuristicLab. If not, see <http://www.gnu.org/licenses/>.
19 */
20#endregion
21
22using System;
23using System.Reflection;
24using System.Security;
25using System.Security.Permissions;
26using HeuristicLab.PluginInfrastructure.Manager;
27
28namespace HeuristicLab.PluginInfrastructure.Sandboxing {
29  public static class SandboxManager {
30
31    /// <summary>
32    /// Creates an privileged sandbox, meaning that the executed code is fully trusted and permissions are not restricted.
33    /// This method is a fall back for trusted users in HeuristicLab Hive.
34    /// </summary>   
35    public static AppDomain CreateAndInitPrivilegedSandbox(string appDomainName, string applicationBase, string configFilePath) {
36      PermissionSet pSet;
37      pSet = new PermissionSet(PermissionState.Unrestricted);
38
39      AppDomainSetup setup = new AppDomainSetup();
40      setup.PrivateBinPath = applicationBase;
41      setup.ApplicationBase = applicationBase;
42      setup.ConfigurationFile = configFilePath;
43
44      Type applicationManagerType = typeof(DefaultApplicationManager);
45      AppDomain applicationDomain = AppDomain.CreateDomain(appDomainName, null, setup, pSet, null);
46      DefaultApplicationManager applicationManager = (DefaultApplicationManager)applicationDomain.CreateInstanceAndUnwrap(applicationManagerType.Assembly.FullName, applicationManagerType.FullName, true, BindingFlags.NonPublic | BindingFlags.Instance, null, null, null, null);
47
48      PluginManager pm = new PluginManager(applicationBase);
49      pm.DiscoverAndCheckPlugins();
50      applicationManager.PrepareApplicationDomain(pm.Applications, pm.Plugins);
51
52      return applicationDomain;
53    }
54
55    /// <summary>
56    /// Creates a sandbox with restricted permissions.
57    /// Code that is executed in such an AppDomain is partially-trusted and is not allowed to call or override
58    /// methods that require full trust.
59    /// </summary>   
60    public static AppDomain CreateAndInitSandbox(string appDomainName, string applicationBase, string configFilePath) {
61      PermissionSet pSet;
62
63      pSet = new PermissionSet(PermissionState.None);
64      pSet.AddPermission(new SecurityPermission(PermissionState.None));
65      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
66      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Infrastructure));
67      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));
68      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter));
69      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlAppDomain));
70      //needed for HeuristicLab.Persistence, see DynamicMethod Constructor (String, Type, array<Type []()>[], Type, Boolean)
71      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence));
72
73      ReflectionPermission refPerm = new ReflectionPermission(PermissionState.Unrestricted);
74      pSet.AddPermission(refPerm);
75
76      FileIOPermission ioPerm = new FileIOPermission(PermissionState.None);
77      //allow path discovery for system drive, needed by HeuristicLab.Persistence: Serializer.BuildTypeCache() -> Assembly.CodeBase
78      ioPerm.AddPathList(FileIOPermissionAccess.PathDiscovery, Environment.SystemDirectory.Substring(0, 3));
79      //allow full access to the appdomain's base directory
80      ioPerm.AddPathList(FileIOPermissionAccess.AllAccess, applicationBase);
81      pSet.AddPermission(ioPerm);
82
83      AppDomainSetup setup = new AppDomainSetup();
84      setup.PrivateBinPath = applicationBase;
85      setup.ApplicationBase = applicationBase;
86      setup.ConfigurationFile = configFilePath;
87
88      Type applicationManagerType = typeof(SandboxApplicationManager);
89      AppDomain applicationDomain = AppDomain.CreateDomain(appDomainName, null, setup, pSet, null);
90      SandboxApplicationManager applicationManager = (SandboxApplicationManager)applicationDomain.CreateInstanceAndUnwrap(applicationManagerType.Assembly.FullName, applicationManagerType.FullName, true, BindingFlags.NonPublic | BindingFlags.Instance, null, null, null, null);
91
92      PluginManager pm = new PluginManager(applicationBase);
93      pm.DiscoverAndCheckPlugins();
94      applicationManager.PrepareApplicationDomain(pm.Applications, pm.Plugins);
95
96      return applicationDomain;
97    }
98  }
99}
Note: See TracBrowser for help on using the repository browser.