Free cookie consent management tool by TermsFeed Policy Generator

source: trunk/sources/HeuristicLab.PluginInfrastructure/3.3/Sandboxing/SandboxManager.cs @ 6284

Last change on this file since 6284 was 6174, checked in by ascheibe, 14 years ago

#831

  • completed SandboxManager
  • added SandboxApplicationManager for Hive
  • DefaultApplicationManager is now a subclass of the SandboxApplicationManager
  • ApplicationManager now instantiates the LightweightApplicationManager only if it is accessed to avoid calling InitializeLifetimeService(..) in a sandbox
File size: 5.0 KB
RevLine 
[2612]1#region License Information
2/* HeuristicLab
[5445]3 * Copyright (C) 2002-2011 Heuristic and Evolutionary Algorithms Laboratory (HEAL)
[2612]4 *
5 * This file is part of HeuristicLab.
6 *
7 * HeuristicLab is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * HeuristicLab is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with HeuristicLab. If not, see <http://www.gnu.org/licenses/>.
19 */
20#endregion
21
22using System;
[4068]23using System.Reflection;
[2587]24using System.Security;
25using System.Security.Permissions;
[4068]26using HeuristicLab.PluginInfrastructure.Manager;
[2587]27
28namespace HeuristicLab.PluginInfrastructure.Sandboxing {
[6174]29  public static class SandboxManager {
[2587]30
[6174]31    /// <summary>
32    /// Creates an privileged sandbox, meaning that the executed code is fully trusted and permissions are not restricted.
33    /// This method is a fall back for trusted users in HeuristicLab Hive.
34    /// </summary>   
35    public static AppDomain CreateAndInitPrivilegedSandbox(string appDomainName, string applicationBase, string configFilePath) {
36      PermissionSet pSet;
37      pSet = new PermissionSet(PermissionState.Unrestricted);
[4482]38
[6174]39      AppDomainSetup setup = new AppDomainSetup();
40      setup.PrivateBinPath = applicationBase;
41      setup.ApplicationBase = applicationBase;
42      setup.ConfigurationFile = configFilePath;
[2587]43
[6174]44      Type applicationManagerType = typeof(DefaultApplicationManager);
45      AppDomain applicationDomain = AppDomain.CreateDomain(appDomainName, null, setup, pSet, null);
46      DefaultApplicationManager applicationManager = (DefaultApplicationManager)applicationDomain.CreateInstanceAndUnwrap(applicationManagerType.Assembly.FullName, applicationManagerType.FullName, true, BindingFlags.NonPublic | BindingFlags.Instance, null, null, null, null);
[2587]47
[6174]48      PluginManager pm = new PluginManager(applicationBase);
49      pm.DiscoverAndCheckPlugins();
50      applicationManager.PrepareApplicationDomain(pm.Applications, pm.Plugins);
[2587]51
[6174]52      return applicationDomain;
[2587]53    }
54
[6174]55    /// <summary>
56    /// Creates a sandbox with restricted permissions.
57    /// Code that is executed in such an AppDomain is partially-trusted and is not allowed to call or override
58    /// methods that require full trust.
59    /// </summary>   
[5035]60    public static AppDomain CreateAndInitSandbox(string appDomainName, string applicationBase, string configFilePath) {
[6174]61      PermissionSet pSet;
[2587]62
[6174]63      pSet = new PermissionSet(PermissionState.None);
64      pSet.AddPermission(new SecurityPermission(PermissionState.None));
65      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
66      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Infrastructure));
67      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));
68      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter));
69      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlAppDomain));
70      //needed for HeuristicLab.Persistence, see DynamicMethod Constructor (String, Type, array<Type []()>[], Type, Boolean)
71      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence));
[2587]72
[6174]73      ReflectionPermission refPerm = new ReflectionPermission(PermissionState.Unrestricted);
74      pSet.AddPermission(refPerm);
[2587]75
[6174]76      FileIOPermission ioPerm = new FileIOPermission(PermissionState.None);
77      //allow path discovery for system drive, needed by HeuristicLab.Persistence: Serializer.BuildTypeCache() -> Assembly.CodeBase
78      ioPerm.AddPathList(FileIOPermissionAccess.PathDiscovery, Environment.SystemDirectory.Substring(0, 3));
79      //allow full access to the appdomain's base directory
80      ioPerm.AddPathList(FileIOPermissionAccess.AllAccess, applicationBase);
81      pSet.AddPermission(ioPerm);
[2587]82
[6174]83      AppDomainSetup setup = new AppDomainSetup();
[5035]84      setup.PrivateBinPath = applicationBase;
[4970]85      setup.ApplicationBase = applicationBase;
[5035]86      setup.ConfigurationFile = configFilePath;
87
[6174]88      Type applicationManagerType = typeof(SandboxApplicationManager);
89      AppDomain applicationDomain = AppDomain.CreateDomain(appDomainName, null, setup, pSet, null);
90      SandboxApplicationManager applicationManager = (SandboxApplicationManager)applicationDomain.CreateInstanceAndUnwrap(applicationManagerType.Assembly.FullName, applicationManagerType.FullName, true, BindingFlags.NonPublic | BindingFlags.Instance, null, null, null, null);
91
[4971]92      PluginManager pm = new PluginManager(applicationBase);
[4414]93      pm.DiscoverAndCheckPlugins();
[6174]94      applicationManager.PrepareApplicationDomain(pm.Applications, pm.Plugins);
95
[2587]96      return applicationDomain;
97    }
98  }
99}
Note: See TracBrowser for help on using the repository browser.