mscorlib(4.0.0.0) API with additions
HostSecurityManager.cs
1 using System.Deployment.Internal.Isolation.Manifest;
2 using System.Reflection;
3 using System.Runtime.Hosting;
4 using System.Runtime.InteropServices;
5 using System.Security.Permissions;
6 using System.Security.Policy;
7 
8 namespace System.Security
9 {
11  [Serializable]
12  [SecurityCritical]
13  [ComVisible(true)]
14  [SecurityPermission(SecurityAction.InheritanceDemand, Flags = SecurityPermissionFlag.Infrastructure)]
15  public class HostSecurityManager
16  {
19  public virtual HostSecurityManagerOptions Flags => HostSecurityManagerOptions.AllFlags;
20 
24  [Obsolete("AppDomain policy levels are obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
25  public virtual PolicyLevel DomainPolicy
26  {
27  get
28  {
29  if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
30  {
31  throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
32  }
33  return null;
34  }
35  }
36 
40  public virtual Evidence ProvideAppDomainEvidence(Evidence inputEvidence)
41  {
42  return inputEvidence;
43  }
44 
49  public virtual Evidence ProvideAssemblyEvidence(Assembly loadedAssembly, Evidence inputEvidence)
50  {
51  return inputEvidence;
52  }
53 
63  [SecurityCritical]
64  [SecurityPermission(SecurityAction.Assert, Unrestricted = true)]
65  public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
66  {
67  if (applicationEvidence == null)
68  {
69  throw new ArgumentNullException("applicationEvidence");
70  }
71  ActivationArguments hostEvidence = applicationEvidence.GetHostEvidence<ActivationArguments>();
72  if (hostEvidence == null)
73  {
74  throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
75  }
76  ActivationContext activationContext = hostEvidence.ActivationContext;
77  if (activationContext == null)
78  {
79  throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
80  }
81  ApplicationTrust applicationTrust = applicationEvidence.GetHostEvidence<ApplicationTrust>();
82  if (applicationTrust != null && !CmsUtils.CompareIdentities(applicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
83  {
84  applicationTrust = null;
85  }
86  if (applicationTrust == null)
87  {
88  applicationTrust = ((AppDomain.CurrentDomain.ApplicationTrust == null || !CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, hostEvidence.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion)) ? ApplicationSecurityManager.DetermineApplicationTrustInternal(activationContext, context) : AppDomain.CurrentDomain.ApplicationTrust);
89  }
90  ApplicationSecurityInfo applicationSecurityInfo = new ApplicationSecurityInfo(activationContext);
91  if (applicationTrust != null && applicationTrust.IsApplicationTrustedToRun && !applicationSecurityInfo.DefaultRequestSet.IsSubsetOf(applicationTrust.DefaultGrantSet.PermissionSet))
92  {
93  throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
94  }
95  return applicationTrust;
96  }
97 
103  public virtual PermissionSet ResolvePolicy(Evidence evidence)
104  {
105  if (evidence == null)
106  {
107  throw new ArgumentNullException("evidence");
108  }
109  if (evidence.GetHostEvidence<GacInstalled>() != null)
110  {
111  return new PermissionSet(PermissionState.Unrestricted);
112  }
113  if (AppDomain.CurrentDomain.IsHomogenous)
114  {
115  return AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
116  }
117  if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
118  {
119  return new PermissionSet(PermissionState.Unrestricted);
120  }
121  return SecurityManager.PolicyManager.CodeGroupResolve(evidence, systemPolicy: false);
122  }
123 
126  public virtual Type[] GetHostSuppliedAppDomainEvidenceTypes()
127  {
128  return null;
129  }
130 
134  public virtual Type[] GetHostSuppliedAssemblyEvidenceTypes(Assembly assembly)
135  {
136  return null;
137  }
138 
142  public virtual EvidenceBase GenerateAppDomainEvidence(Type evidenceType)
143  {
144  return null;
145  }
146 
151  public virtual EvidenceBase GenerateAssemblyEvidence(Type evidenceType, Assembly assembly)
152  {
153  return null;
154  }
155  }
156 }
System.ArgumentNullException
The exception that is thrown when a null reference (Nothing in Visual Basic) is passed to a method th...
Definition: ArgumentNullException.cs:11
System.Security.Policy.ApplicationTrust
Encapsulates security decisions about an application. This class cannot be inherited.
Definition: ApplicationTrust.cs:14
System.Security.Permissions.SecurityPermission
Describes a set of security permissions applied to code. This class cannot be inherited.
Definition: SecurityPermission.cs:9
System.Security.HostSecurityManager.DetermineApplicationTrust
virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
Determines whether an application should be executed.
Definition: HostSecurityManager.cs:65
System.Security.HostSecurityManager.GetHostSuppliedAppDomainEvidenceTypes
virtual Type [] GetHostSuppliedAppDomainEvidenceTypes()
Determines which evidence types the host can supply for the application domain, if requested.
Definition: HostSecurityManager.cs:126
System.Security.Policy.ApplicationSecurityInfo.DefaultRequestSet
PermissionSet DefaultRequestSet
Gets or sets the default permission set.
Definition: ApplicationSecurityInfo.cs:84
System.Security.Policy.PolicyStatement.PermissionSet
PermissionSet PermissionSet
Gets or sets the T:System.Security.PermissionSet of the policy statement.
Definition: PolicyStatement.cs:26
System.ActivationContext
Identifies the activation context for the current application. This class cannot be inherited.
Definition: ActivationContext.cs:14
System.Security.Policy.PolicyLevel
Represents the security policy levels for the common language runtime. This class cannot be inherited...
Definition: PolicyLevel.cs:15
System
Definition: __Canon.cs:3
System.Security.HostSecurityManagerOptions
HostSecurityManagerOptions
Specifies the security policy components to be used by the host security manager.
Definition: HostSecurityManagerOptions.cs:9
System.Security.Policy.ApplicationSecurityManager
Manages trust decisions for manifest-activated applications.
Definition: ApplicationSecurityManager.cs:12
System.Security.PermissionSet.IsSubsetOf
bool IsSubsetOf(PermissionSet target)
Determines whether the current T:System.Security.PermissionSet is a subset of the specified T:System....
Definition: PermissionSet.cs:604
System.Security.Policy.EvidenceBase
Provides a base class from which all objects to be used as evidence must derive.
Definition: EvidenceBase.cs:12
System.AppDomain.CurrentDomain
static AppDomain CurrentDomain
Gets the current application domain for the current T:System.Threading.Thread.
Definition: AppDomain.cs:274
System.AppDomain.IsHomogenous
bool IsHomogenous
Gets a value that indicates whether the current application domain has a set of permissions that is g...
Definition: AppDomain.cs:468
System.AppDomain
Represents an application domain, which is an isolated environment where applications execute....
Definition: AppDomain.cs:33
System.Security.Policy.TrustManagerContext
Represents the context for the trust manager to consider when making the decision to run an applicati...
Definition: TrustManagerContext.cs:7
System.Security.Permissions.SecurityAction
SecurityAction
Specifies the security actions that can be performed using declarative security.
Definition: SecurityAction.cs:8
System.Environment
Provides information about, and means to manipulate, the current environment and platform....
Definition: Environment.cs:21
System.Security.HostSecurityManager.DomainPolicy
virtual PolicyLevel DomainPolicy
When overridden in a derived class, gets the security policy for the current application domain.
Definition: HostSecurityManager.cs:26
System.Security.PermissionSet
Represents a collection that can contain many different types of permissions.
Definition: PermissionSet.cs:20
System.Security.HostSecurityManager.ProvideAppDomainEvidence
virtual Evidence ProvideAppDomainEvidence(Evidence inputEvidence)
Provides the application domain evidence for an assembly being loaded.
Definition: HostSecurityManager.cs:40
System.Runtime.Hosting.ActivationArguments.ApplicationIdentity
ApplicationIdentity ApplicationIdentity
Gets the application identity for a manifest-activated application.
Definition: ActivationArguments.cs:41
System.Reflection.Assembly
Represents an assembly, which is a reusable, versionable, and self-describing building block of a com...
Definition: Assembly.cs:22
System.Type
Represents type declarations: class types, interface types, array types, value types,...
Definition: Type.cs:18
System.AppDomain.ApplicationTrust
ApplicationTrust ApplicationTrust
Gets information describing permissions granted to an application and whether the application has a t...
Definition: AppDomain.cs:372
System.Security.Policy.ApplicationVersionMatch
ApplicationVersionMatch
Specifies how to match versions when locating application trusts in a collection.
Definition: ApplicationVersionMatch.cs:7
System.Security.Policy.ApplicationTrust.IsApplicationTrustedToRun
bool IsApplicationTrustedToRun
Gets or sets a value indicating whether the application has the required permission grants and is tru...
Definition: ApplicationTrust.cs:88
System.Security.Policy.ApplicationTrust.ApplicationIdentity
ApplicationIdentity ApplicationIdentity
Gets or sets the application identity for the application trust object.
Definition: ApplicationTrust.cs:38
System.Runtime.Hosting.ActivationArguments
Provides data for manifest-based activation of an application. This class cannot be inherited.
Definition: ActivationArguments.cs:9
System.ArgumentException
The exception that is thrown when one of the arguments provided to a method is not valid.
Definition: ArgumentException.cs:11
System.Security.HostSecurityManager.GenerateAssemblyEvidence
virtual EvidenceBase GenerateAssemblyEvidence(Type evidenceType, Assembly assembly)
Requests a specific evidence type for the assembly.
Definition: HostSecurityManager.cs:151
System.Security.HostSecurityManager.GetHostSuppliedAssemblyEvidenceTypes
virtual Type [] GetHostSuppliedAssemblyEvidenceTypes(Assembly assembly)
Determines which evidence types the host can supply for the assembly, if requested.
Definition: HostSecurityManager.cs:134
System.Security.HostSecurityManager.GenerateAppDomainEvidence
virtual EvidenceBase GenerateAppDomainEvidence(Type evidenceType)
Requests a specific evidence type for the application domain.
Definition: HostSecurityManager.cs:142
System.Security.Permissions.PermissionState
PermissionState
Specifies whether a permission should have all or no access to resources at creation.
Definition: PermissionState.cs:8
System.Security.Policy.Evidence
Defines the set of information that constitutes input to security policy decisions....
Definition: Evidence.cs:17
System.Security.Policy.GacInstalled
Confirms that a code assembly originates in the global assembly cache (GAC) as evidence for policy ev...
Definition: GacInstalled.cs:9
System.Security.HostSecurityManager.Flags
virtual HostSecurityManagerOptions Flags
Gets the flag representing the security policy components of concern to the host.
Definition: HostSecurityManager.cs:19
System.Runtime.Hosting.ActivationArguments.ActivationContext
ActivationContext ActivationContext
Gets the activation context for manifest-based activation of an application.
Definition: ActivationArguments.cs:46
System.Reflection.TypeAttributes.Serializable
Specifies that the class can be serialized.
System.Security.HostSecurityManager.ProvideAssemblyEvidence
virtual Evidence ProvideAssemblyEvidence(Assembly loadedAssembly, Evidence inputEvidence)
Provides the assembly evidence for an assembly being loaded.
Definition: HostSecurityManager.cs:49
System.InvalidOperationException
The exception that is thrown when a method call is invalid for the object's current state.
Definition: InvalidOperationException.cs:10
System.Security.SecurityManager
Provides the main access point for classes interacting with the security system. This class cannot be...
Definition: SecurityManager.cs:15
System.Security.HostSecurityManager.ResolvePolicy
virtual PermissionSet ResolvePolicy(Evidence evidence)
Determines what permissions to grant to code based on the specified evidence.
Definition: HostSecurityManager.cs:103
System.NotSupportedException
The exception that is thrown when an invoked method is not supported, or when there is an attempt to ...
Definition: NotSupportedException.cs:10
System.Security.Permissions.SecurityPermissionFlag
SecurityPermissionFlag
Specifies access flags for the security permission object.
Definition: SecurityPermissionFlag.cs:9
System.Security.Policy.ApplicationSecurityInfo
Holds the security evidence for an application. This class cannot be inherited.
Definition: ApplicationSecurityInfo.cs:15
System.Security.HostSecurityManager
Allows the control and customization of security behavior for application domains.
Definition: HostSecurityManager.cs:15
System.Security.Policy.ApplicationTrust.DefaultGrantSet
PolicyStatement DefaultGrantSet
Gets or sets the policy statement defining the default grant set.
Definition: ApplicationTrust.cs:56