source: trunk/sources/HeuristicLab.PluginInfrastructure/3.3/Sandboxing/SandboxManager.cs @ 12012

Last change on this file since 12012 was 12012, checked in by ascheibe, 8 years ago

#2212 merged r12008, r12009, r12010 back into trunk

File size: 4.9 KB
Line 
1#region License Information
2/* HeuristicLab
3 * Copyright (C) 2002-2015 Heuristic and Evolutionary Algorithms Laboratory (HEAL)
4 *
5 * This file is part of HeuristicLab.
6 *
7 * HeuristicLab is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * HeuristicLab is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with HeuristicLab. If not, see <http://www.gnu.org/licenses/>.
19 */
20#endregion
21
22using System;
23using System.Reflection;
24using System.Security;
25using System.Security.Permissions;
26using HeuristicLab.PluginInfrastructure.Manager;
27using System.IO;
28
29namespace HeuristicLab.PluginInfrastructure.Sandboxing {
30  public static class SandboxManager {
31
32    /// <summary>
33    /// Creates an privileged sandbox, meaning that the executed code is fully trusted and permissions are not restricted.
34    /// This method is a fall back for trusted users in HeuristicLab Hive.
35    /// </summary>   
36    public static AppDomain CreateAndInitPrivilegedSandbox(string appDomainName, string applicationBase, string configFilePath) {
37      PermissionSet pSet;
38      pSet = new PermissionSet(PermissionState.Unrestricted);
39
40      AppDomainSetup setup = new AppDomainSetup();
41      setup.PrivateBinPath = applicationBase;
42      setup.ApplicationBase = applicationBase;
43      setup.ConfigurationFile = configFilePath;
44
45      Type applicationManagerType = typeof(DefaultApplicationManager);
46      AppDomain applicationDomain = AppDomain.CreateDomain(appDomainName, null, setup, pSet, null);
47      DefaultApplicationManager applicationManager = (DefaultApplicationManager)applicationDomain.CreateInstanceAndUnwrap(applicationManagerType.Assembly.FullName, applicationManagerType.FullName, true, BindingFlags.NonPublic | BindingFlags.Instance, null, null, null, null);
48
49      PluginManager pm = new PluginManager(applicationBase);
50      pm.DiscoverAndCheckPlugins();
51      applicationManager.PrepareApplicationDomain(pm.Applications, pm.Plugins);
52
53      return applicationDomain;
54    }
55
56    /// <summary>
57    /// Creates a sandbox with restricted permissions.
58    /// Code that is executed in such an AppDomain is partially-trusted and is not allowed to call or override
59    /// methods that require full trust.
60    /// </summary>   
61    public static AppDomain CreateAndInitSandbox(string appDomainName, string applicationBase, string configFilePath) {
62      PermissionSet pSet;
63
64      pSet = new PermissionSet(PermissionState.None);
65      pSet.AddPermission(new SecurityPermission(PermissionState.None));
66      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
67      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Infrastructure));
68      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));
69      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter));
70      //needed for HeuristicLab.Persistence, see DynamicMethod Constructor (String, Type, array<Type []()>[], Type, Boolean)
71      pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence));
72      pSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
73
74      FileIOPermission ioPerm = new FileIOPermission(PermissionState.None);
75      //allow path discovery for system drive, needed by HeuristicLab.Persistence: Serializer.BuildTypeCache() -> Assembly.CodeBase
76      ioPerm.AddPathList(FileIOPermissionAccess.PathDiscovery, Path.GetPathRoot(Path.GetFullPath(Environment.SystemDirectory)));
77      //allow full access to the appdomain's base directory
78      ioPerm.AddPathList(FileIOPermissionAccess.AllAccess, applicationBase);
79      pSet.AddPermission(ioPerm);
80
81      AppDomainSetup setup = new AppDomainSetup();
82      setup.PrivateBinPath = applicationBase;
83      setup.ApplicationBase = applicationBase;
84      setup.ConfigurationFile = configFilePath;
85
86      Type applicationManagerType = typeof(SandboxApplicationManager);
87      AppDomain applicationDomain = AppDomain.CreateDomain(appDomainName, null, setup, pSet, null);
88      SandboxApplicationManager applicationManager = (SandboxApplicationManager)applicationDomain.CreateInstanceAndUnwrap(applicationManagerType.Assembly.FullName, applicationManagerType.FullName, true, BindingFlags.NonPublic | BindingFlags.Instance, null, null, null, null);
89
90      PluginManager pm = new PluginManager(applicationBase);
91      pm.DiscoverAndCheckPlugins();
92      applicationManager.PrepareApplicationDomain(pm.Applications, pm.Plugins);
93
94      return applicationDomain;
95    }
96  }
97}
Note: See TracBrowser for help on using the repository browser.