Free cookie consent management tool by TermsFeed Policy Generator

source: trunk/sources/HeuristicLab.PluginInfrastructure/3.3/Sandboxing/SandboxManager.cs @ 12897

Last change on this file since 12897 was 12012, checked in by ascheibe, 10 years ago

#2212 merged r12008, r12009, r12010 back into trunk

File size: 4.9 KB
RevLine 
[2612]1#region License Information
2/* HeuristicLab
[12012]3 * Copyright (C) 2002-2015 Heuristic and Evolutionary Algorithms Laboratory (HEAL)
[2612]4 *
5 * This file is part of HeuristicLab.
6 *
7 * HeuristicLab is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * HeuristicLab is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with HeuristicLab. If not, see <http://www.gnu.org/licenses/>.
19 */
20#endregion
21
22using System;
[4068]23using System.Reflection;
[2587]24using System.Security;
25using System.Security.Permissions;
[4068]26using HeuristicLab.PluginInfrastructure.Manager;
[6538]27using System.IO;
[2587]28
29namespace HeuristicLab.PluginInfrastructure.Sandboxing {
[6174]30  public static class SandboxManager {
[2587]31
[6174]32    /// <summary>
33    /// Creates an privileged sandbox, meaning that the executed code is fully trusted and permissions are not restricted.
34    /// This method is a fall back for trusted users in HeuristicLab Hive.
35    /// </summary>   
36    public static AppDomain CreateAndInitPrivilegedSandbox(string appDomainName, string applicationBase, string configFilePath) {
37      PermissionSet pSet;
38      pSet = new PermissionSet(PermissionState.Unrestricted);
[4482]39
[6174]40      AppDomainSetup setup = new AppDomainSetup();
41      setup.PrivateBinPath = applicationBase;
42      setup.ApplicationBase = applicationBase;
43      setup.ConfigurationFile = configFilePath;
[2587]44
[6174]45      Type applicationManagerType = typeof(DefaultApplicationManager);
46      AppDomain applicationDomain = AppDomain.CreateDomain(appDomainName, null, setup, pSet, null);
47      DefaultApplicationManager applicationManager = (DefaultApplicationManager)applicationDomain.CreateInstanceAndUnwrap(applicationManagerType.Assembly.FullName, applicationManagerType.FullName, true, BindingFlags.NonPublic | BindingFlags.Instance, null, null, null, null);
[2587]48
[6174]49      PluginManager pm = new PluginManager(applicationBase);
50      pm.DiscoverAndCheckPlugins();
51      applicationManager.PrepareApplicationDomain(pm.Applications, pm.Plugins);
[2587]52
[6174]53      return applicationDomain;
[2587]54    }
55
[6174]56    /// <summary>
57    /// Creates a sandbox with restricted permissions.
58    /// Code that is executed in such an AppDomain is partially-trusted and is not allowed to call or override
59    /// methods that require full trust.
60    /// </summary>   
[5035]61    public static AppDomain CreateAndInitSandbox(string appDomainName, string applicationBase, string configFilePath) {
[6174]62      PermissionSet pSet;
[2587]63
[6174]64      pSet = new PermissionSet(PermissionState.None);
65      pSet.AddPermission(new SecurityPermission(PermissionState.None));
66      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
67      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Infrastructure));
68      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));
69      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter));
70      //needed for HeuristicLab.Persistence, see DynamicMethod Constructor (String, Type, array<Type []()>[], Type, Boolean)
71      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence));
[6538]72      pSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
[2587]73
[6174]74      FileIOPermission ioPerm = new FileIOPermission(PermissionState.None);
75      //allow path discovery for system drive, needed by HeuristicLab.Persistence: Serializer.BuildTypeCache() -> Assembly.CodeBase
[6538]76      ioPerm.AddPathList(FileIOPermissionAccess.PathDiscovery, Path.GetPathRoot(Path.GetFullPath(Environment.SystemDirectory)));
[6174]77      //allow full access to the appdomain's base directory
78      ioPerm.AddPathList(FileIOPermissionAccess.AllAccess, applicationBase);
79      pSet.AddPermission(ioPerm);
[2587]80
[6174]81      AppDomainSetup setup = new AppDomainSetup();
[5035]82      setup.PrivateBinPath = applicationBase;
[4970]83      setup.ApplicationBase = applicationBase;
[5035]84      setup.ConfigurationFile = configFilePath;
85
[6174]86      Type applicationManagerType = typeof(SandboxApplicationManager);
87      AppDomain applicationDomain = AppDomain.CreateDomain(appDomainName, null, setup, pSet, null);
88      SandboxApplicationManager applicationManager = (SandboxApplicationManager)applicationDomain.CreateInstanceAndUnwrap(applicationManagerType.Assembly.FullName, applicationManagerType.FullName, true, BindingFlags.NonPublic | BindingFlags.Instance, null, null, null, null);
89
[4971]90      PluginManager pm = new PluginManager(applicationBase);
[4414]91      pm.DiscoverAndCheckPlugins();
[6174]92      applicationManager.PrepareApplicationDomain(pm.Applications, pm.Plugins);
93
[2587]94      return applicationDomain;
95    }
96  }
97}
Note: See TracBrowser for help on using the repository browser.