Free cookie consent management tool by TermsFeed Policy Generator

Ignore:
Timestamp:
09/21/15 16:35:55 (9 years ago)
Author:
ascheibe
Message:

#2355 merged r12926, r12927 and r12959 into stable

Location:
stable
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • stable

  • stable/HeuristicLab.PluginInfrastructure/3.3/Sandboxing/SandboxManager.cs

    r12009 r12963  
    2525using System.Security.Permissions;
    2626using HeuristicLab.PluginInfrastructure.Manager;
    27 using System.IO;
    2827
    2928namespace HeuristicLab.PluginInfrastructure.Sandboxing {
    3029  public static class SandboxManager {
    31 
    3230    /// <summary>
    33     /// Creates an privileged sandbox, meaning that the executed code is fully trusted and permissions are not restricted.
    34     /// This method is a fall back for trusted users in HeuristicLab Hive.
     31    /// Returns a new AppDomain with loaded assemblies/plugins from applicationBase
    3532    /// </summary>   
    36     public static AppDomain CreateAndInitPrivilegedSandbox(string appDomainName, string applicationBase, string configFilePath) {
     33    public static AppDomain CreateAndInitSandbox(string appDomainName, string applicationBase, string configFilePath) {
    3734      PermissionSet pSet;
    3835      pSet = new PermissionSet(PermissionState.Unrestricted);
     
    5350      return applicationDomain;
    5451    }
    55 
    56     /// <summary>
    57     /// Creates a sandbox with restricted permissions.
    58     /// Code that is executed in such an AppDomain is partially-trusted and is not allowed to call or override
    59     /// methods that require full trust.
    60     /// </summary>   
    61     public static AppDomain CreateAndInitSandbox(string appDomainName, string applicationBase, string configFilePath) {
    62       PermissionSet pSet;
    63 
    64       pSet = new PermissionSet(PermissionState.None);
    65       pSet.AddPermission(new SecurityPermission(PermissionState.None));
    66       pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
    67       pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Infrastructure));
    68       pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode));
    69       pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SerializationFormatter));
    70       //needed for HeuristicLab.Persistence, see DynamicMethod Constructor (String, Type, array<Type []()>[], Type, Boolean)
    71       pSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.ControlEvidence));
    72       pSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
    73 
    74       FileIOPermission ioPerm = new FileIOPermission(PermissionState.None);
    75       //allow path discovery for system drive, needed by HeuristicLab.Persistence: Serializer.BuildTypeCache() -> Assembly.CodeBase
    76       ioPerm.AddPathList(FileIOPermissionAccess.PathDiscovery, Path.GetPathRoot(Path.GetFullPath(Environment.SystemDirectory)));
    77       //allow full access to the appdomain's base directory
    78       ioPerm.AddPathList(FileIOPermissionAccess.AllAccess, applicationBase);
    79       pSet.AddPermission(ioPerm);
    80 
    81       AppDomainSetup setup = new AppDomainSetup();
    82       setup.PrivateBinPath = applicationBase;
    83       setup.ApplicationBase = applicationBase;
    84       setup.ConfigurationFile = configFilePath;
    85 
    86       Type applicationManagerType = typeof(SandboxApplicationManager);
    87       AppDomain applicationDomain = AppDomain.CreateDomain(appDomainName, null, setup, pSet, null);
    88       SandboxApplicationManager applicationManager = (SandboxApplicationManager)applicationDomain.CreateInstanceAndUnwrap(applicationManagerType.Assembly.FullName, applicationManagerType.FullName, true, BindingFlags.NonPublic | BindingFlags.Instance, null, null, null, null);
    89 
    90       PluginManager pm = new PluginManager(applicationBase);
    91       pm.DiscoverAndCheckPlugins();
    92       applicationManager.PrepareApplicationDomain(pm.Applications, pm.Plugins);
    93 
    94       return applicationDomain;
    95     }
    9652  }
    9753}
Note: See TracChangeset for help on using the changeset viewer.