2 // System.Security.Policy.DefaultPolicies.cs
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // Copyright (C) 2005 Novell, Inc (http://www.novell.com)
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System.Security.Permissions;
31 namespace System.Security.Policy {
35 * [1] Some permissions classes are defined _outside_ mscorlib.dll.
36 * In this case we're using SecurityElement to construct the
37 * permissions manually.
42 internal static class DefaultPolicies {
44 public static class ReservedNames {
46 internal sealed class DefaultPolicies {
48 public sealed class ReservedNames {
50 internal ReservedNames ()
54 public const string FullTrust = "FullTrust";
55 public const string LocalIntranet = "LocalIntranet";
56 public const string Internet = "Internet";
57 public const string SkipVerification = "SkipVerification";
58 public const string Execution = "Execution";
59 public const string Nothing = "Nothing";
60 public const string Everything = "Everything";
62 static public bool IsReserved (string name)
68 case SkipVerification:
85 private const string DnsPermissionClass = "System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
86 private const string EventLogPermissionClass = "System.Diagnostics.EventLogPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
87 private const string PrintingPermissionClass = "System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
88 private const string SocketPermissionClass = "System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
89 private const string WebPermissionClass = "System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
90 private const string PerformanceCounterPermissionClass = "System.Diagnostics.PerformanceCounterPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
91 private const string DirectoryServicesPermissionClass = "System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
92 private const string MessageQueuePermissionClass = "System.Messaging.MessageQueuePermission, System.Messaging, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
93 private const string ServiceControllerPermissionClass = "System.ServiceProcess.ServiceControllerPermission, System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
94 private const string OleDbPermissionClass = "System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
95 private const string SqlClientPermissionClass = "System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
97 private const string DataProtectionPermissionClass = "System.Security.Permissions.DataProtectionPermission, System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
98 private const string StorePermissionClass = "System.Security.Permissions.StorePermission, System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
100 private static Version Runtime = new Version (2, 0, 0, 0);
102 private const string DnsPermissionClass = "System.Net.DnsPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
103 private const string EventLogPermissionClass = "System.Diagnostics.EventLogPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
104 private const string PrintingPermissionClass = "System.Drawing.Printing.PrintingPermission, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
105 private const string SocketPermissionClass = "System.Net.SocketPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
106 private const string WebPermissionClass = "System.Net.WebPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
107 private const string PerformanceCounterPermissionClass = "System.Diagnostics.PerformanceCounterPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
108 private const string DirectoryServicesPermissionClass = "System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
109 private const string MessageQueuePermissionClass = "System.Messaging.MessageQueuePermission, System.Messaging, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
110 private const string ServiceControllerPermissionClass = "System.ServiceProcess.ServiceControllerPermission, System.ServiceProcess, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
111 private const string OleDbPermissionClass = "System.Data.OleDb.OleDbPermission, System.Data, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
112 private const string SqlClientPermissionClass = "System.Data.SqlClient.SqlClientPermission, System.Data, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
114 private static Version Runtime = new Version (1, 0, 5000, 0);
116 private static byte[] _ecmaKey = new byte [16] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
117 private static StrongNamePublicKeyBlob _ecma;
118 private static byte[] _msFinalKey = new byte [160] {
119 0x00, 0x24, 0x00, 0x00, 0x04, 0x80, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x06, 0x02, 0x00, 0x00,
120 0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x31, 0x00, 0x04, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
121 0x07, 0xD1, 0xFA, 0x57, 0xC4, 0xAE, 0xD9, 0xF0, 0xA3, 0x2E, 0x84, 0xAA, 0x0F, 0xAE, 0xFD, 0x0D,
122 0xE9, 0xE8, 0xFD, 0x6A, 0xEC, 0x8F, 0x87, 0xFB, 0x03, 0x76, 0x6C, 0x83, 0x4C, 0x99, 0x92, 0x1E,
123 0xB2, 0x3B, 0xE7, 0x9A, 0xD9, 0xD5, 0xDC, 0xC1, 0xDD, 0x9A, 0xD2, 0x36, 0x13, 0x21, 0x02, 0x90,
124 0x0B, 0x72, 0x3C, 0xF9, 0x80, 0x95, 0x7F, 0xC4, 0xE1, 0x77, 0x10, 0x8F, 0xC6, 0x07, 0x77, 0x4F,
125 0x29, 0xE8, 0x32, 0x0E, 0x92, 0xEA, 0x05, 0xEC, 0xE4, 0xE8, 0x21, 0xC0, 0xA5, 0xEF, 0xE8, 0xF1,
126 0x64, 0x5C, 0x4C, 0x0C, 0x93, 0xC1, 0xAB, 0x99, 0x28, 0x5D, 0x62, 0x2C, 0xAA, 0x65, 0x2C, 0x1D,
127 0xFA, 0xD6, 0x3D, 0x74, 0x5D, 0x6F, 0x2D, 0xE5, 0xF1, 0x7E, 0x5E, 0xAF, 0x0F, 0xC4, 0x96, 0x3D,
128 0x26, 0x1C, 0x8A, 0x12, 0x43, 0x65, 0x18, 0x20, 0x6D, 0xC0, 0x93, 0x34, 0x4D, 0x5A, 0xD2, 0x93 };
129 private static StrongNamePublicKeyBlob _msFinal;
131 private static NamedPermissionSet _fullTrust;
132 private static NamedPermissionSet _localIntranet;
133 private static NamedPermissionSet _internet;
134 private static NamedPermissionSet _skipVerification;
135 private static NamedPermissionSet _execution;
136 private static NamedPermissionSet _nothing;
137 private static NamedPermissionSet _everything;
139 public static PermissionSet GetSpecialPermissionSet (string name)
142 throw new ArgumentNullException ("name");
145 case ReservedNames.FullTrust:
147 case ReservedNames.LocalIntranet:
148 return LocalIntranet;
149 case ReservedNames.Internet:
151 case ReservedNames.SkipVerification:
152 return SkipVerification;
153 case ReservedNames.Execution:
155 case ReservedNames.Nothing:
157 case ReservedNames.Everything:
164 public static PermissionSet FullTrust {
166 if (_fullTrust == null)
167 _fullTrust = BuildFullTrust ();
172 public static PermissionSet LocalIntranet {
174 if (_localIntranet == null)
175 _localIntranet = BuildLocalIntranet ();
176 return _localIntranet;
180 public static PermissionSet Internet {
182 if (_internet == null)
183 _internet = BuildInternet ();
188 public static PermissionSet SkipVerification {
190 if (_skipVerification == null)
191 _skipVerification = BuildSkipVerification ();
192 return _skipVerification;
196 public static PermissionSet Execution {
198 if (_execution == null)
199 _execution = BuildExecution ();
205 public static PermissionSet Nothing {
207 if (_nothing == null)
208 _nothing = BuildNothing ();
213 public static PermissionSet Everything {
215 if (_everything == null)
216 _everything = BuildEverything ();
221 public static StrongNameMembershipCondition FullTrustMembership (string name, Key key)
223 StrongNamePublicKeyBlob snkb = null;
227 _ecma = new StrongNamePublicKeyBlob (_ecmaKey);
232 if (_msFinal == null) {
233 _msFinal = new StrongNamePublicKeyBlob (_msFinalKey);
239 return new StrongNameMembershipCondition (snkb, name, Runtime);
244 private static NamedPermissionSet BuildFullTrust ()
246 return new NamedPermissionSet (ReservedNames.FullTrust, PermissionState.Unrestricted);
249 private static NamedPermissionSet BuildLocalIntranet ()
251 NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.LocalIntranet, PermissionState.None);
253 nps.AddPermission (new EnvironmentPermission (EnvironmentPermissionAccess.Read, "USERNAME;USER"));
255 nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
257 IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
258 isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
259 isfp.UserQuota = Int64.MaxValue;
260 nps.AddPermission (isfp);
262 nps.AddPermission (new ReflectionPermission (ReflectionPermissionFlag.ReflectionEmit));
264 SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
265 nps.AddPermission (new SecurityPermission (spf));
267 nps.AddPermission (new UIPermission (PermissionState.Unrestricted));
269 // DnsPermission requires stuff outside corlib (System)
270 nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
272 // PrintingPermission requires stuff outside corlib (System.Drawing)
273 nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
275 // EventLogPermission requires stuff outside corlib (System)
276 nps.AddPermission (PermissionBuilder.Create (EventLogPermission (".", "Instrument")));
281 private static NamedPermissionSet BuildInternet ()
283 NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Internet, PermissionState.None);
284 nps.AddPermission (new FileDialogPermission (FileDialogPermissionAccess.Open));
286 IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
287 isfp.UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser;
288 isfp.UserQuota = 10240;
289 nps.AddPermission (isfp);
291 nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
293 nps.AddPermission (new UIPermission (UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));
295 // PrintingPermission requires stuff outside corlib (System.Drawing)
296 nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
300 private static NamedPermissionSet BuildSkipVerification ()
302 NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.SkipVerification, PermissionState.None);
303 nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.SkipVerification));
307 private static NamedPermissionSet BuildExecution ()
309 NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Execution, PermissionState.None);
310 nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
314 private static NamedPermissionSet BuildNothing ()
316 return new NamedPermissionSet (ReservedNames.Nothing, PermissionState.None);
319 private static NamedPermissionSet BuildEverything ()
321 NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Everything, PermissionState.None);
323 nps.AddPermission (new EnvironmentPermission (PermissionState.Unrestricted));
324 nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
325 nps.AddPermission (new FileIOPermission (PermissionState.Unrestricted));
326 nps.AddPermission (new IsolatedStorageFilePermission (PermissionState.Unrestricted));
327 nps.AddPermission (new ReflectionPermission (PermissionState.Unrestricted));
328 nps.AddPermission (new RegistryPermission (PermissionState.Unrestricted));
330 nps.AddPermission (new KeyContainerPermission (PermissionState.Unrestricted));
333 // not quite all in this case
334 SecurityPermissionFlag spf = SecurityPermissionFlag.AllFlags;
335 spf &= ~SecurityPermissionFlag.SkipVerification;
336 nps.AddPermission (new SecurityPermission (spf));
338 nps.AddPermission (new UIPermission (PermissionState.Unrestricted));
340 // others requires stuff outside corlib
341 nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
342 nps.AddPermission (PermissionBuilder.Create (PrintingPermissionClass, PermissionState.Unrestricted));
343 nps.AddPermission (PermissionBuilder.Create (EventLogPermissionClass, PermissionState.Unrestricted));
345 nps.AddPermission (PermissionBuilder.Create (SocketPermissionClass, PermissionState.Unrestricted));
346 nps.AddPermission (PermissionBuilder.Create (WebPermissionClass, PermissionState.Unrestricted));
347 nps.AddPermission (PermissionBuilder.Create (PerformanceCounterPermissionClass, PermissionState.Unrestricted));
348 nps.AddPermission (PermissionBuilder.Create (DirectoryServicesPermissionClass, PermissionState.Unrestricted));
349 nps.AddPermission (PermissionBuilder.Create (MessageQueuePermissionClass, PermissionState.Unrestricted));
350 nps.AddPermission (PermissionBuilder.Create (ServiceControllerPermissionClass, PermissionState.Unrestricted));
351 nps.AddPermission (PermissionBuilder.Create (OleDbPermissionClass, PermissionState.Unrestricted));
352 nps.AddPermission (PermissionBuilder.Create (SqlClientPermissionClass, PermissionState.Unrestricted));
354 // nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted));
355 // nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted));
360 private static SecurityElement PrintingPermission (string level)
362 SecurityElement se = new SecurityElement ("IPermission");
363 se.AddAttribute ("class", PrintingPermissionClass);
364 se.AddAttribute ("version", "1");
365 se.AddAttribute ("Level", level);
369 private static SecurityElement EventLogPermission (string name, string access)
371 SecurityElement se = new SecurityElement ("IPermission");
372 se.AddAttribute ("class", EventLogPermissionClass);
373 se.AddAttribute ("version", "1");
375 SecurityElement child = new SecurityElement ("Machine");
376 child.AddAttribute ("name", name);
377 child.AddAttribute ("access", access);