如何改变应用程序域的权限?应用程序、权限
我用特殊的方法来创建沙箱中的:
I use special method to create sandobx:
internal static class Helper
{
public static AppDomain CreateSandbox()
{
Contract.Ensures(Contract.Result<AppDomain>() != null);
var platform = Assembly.GetExecutingAssembly();
var name = platform.FullName + ": Sandbox " + Guid.NewGuid();
var setup = new AppDomainSetup { ApplicationBase = platform.Location };
var permissions = new PermissionSet(PermissionState.None);
permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, platform.Location));
var sandbox = AppDomain.CreateDomain(name, null, setup, permissions);
Contract.Assume(sandbox != null);
return sandbox;
}
}
当我使用创建沙盒,我想改变它的权限:
When I use created sandbox, I want to change permissions of it:
sandbox = Security.Helper.CreateSandbox();
sandbox.SetupInformation.ApplicationBase = Path.GetDirectoryName(path);
sandbox.PermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, path));
但是,当我加载程序集吧,我收到异常:
But when I load assembly to it, I recieve exception:
的请求类型的权限'System.Security.Permissions.FileIOPermission,mscorlib程序,版本= 4.0.0.0,文化=中性公钥= b77a5c561934e089失败。的
如何改变应用程序域的权限在它创造?
How to change permissions of AppDomain AFTER it creation?
推荐答案
在一个均相的AppDomain中只允许权限集是FullTrust的和创建域时的权限集定义。一旦批准,允许集不能再被延长(据我所知)。保持沙盒插件,捆绑创建自定义应用程序域在定义的PermissionSet,并提供先进的功能(需要提升的权限)通过一种常用的,安全的安全至关重要的类库。
In a homogenuous AppDomain the only allowed permission sets are FullTrust and the permission set defined when creating the domain. Once granted, the permission set cannot be extended anymore (AFAIK). Keep the plugins sandboxed, tied to the PermissionSet you defined when creating the custom AppDomain, and provide advanced functionality (that needs elevated permissions) through a commonly used, security safe critical class library.
又见答案和提示,在这里: 的http://social.msdn.microsoft.com/Forums/en-US/clr/thread/23a9197e-3581-4a28-912d-968004488773
See also the answers and hints here: http://social.msdn.microsoft.com/Forums/en-US/clr/thread/23a9197e-3581-4a28-912d-968004488773
