3 // Copyright (c) Microsoft Corporation. All rights reserved.
6 // <OWNER>Microsoft</OWNER>
10 // A HostSecurityManager gives a hosting application the chance to
11 // participate in the security decisions in the AppDomain.
14 namespace System.Security {
15 using System.Collections;
17 using System.Deployment.Internal.Isolation;
18 using System.Deployment.Internal.Isolation.Manifest;
19 using System.Runtime.Hosting;
21 using System.Reflection;
22 using System.Security;
23 using System.Security.Permissions;
24 using System.Security.Policy;
25 using System.Runtime.Versioning;
26 using System.Diagnostics.Contracts;
31 [System.Runtime.InteropServices.ComVisible(true)]
32 public enum HostSecurityManagerOptions {
34 HostAppDomainEvidence = 0x0001,
35 [Obsolete("AppDomain policy levels are obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
36 HostPolicyLevel = 0x0002,
37 HostAssemblyEvidence = 0x0004,
38 HostDetermineApplicationTrust = 0x0008,
39 HostResolvePolicy = 0x0010,
43 [System.Security.SecurityCritical] // auto-generated_required
46 [SecurityPermissionAttribute(SecurityAction.InheritanceDemand, Flags=SecurityPermissionFlag.Infrastructure)]
48 [System.Runtime.InteropServices.ComVisible(true)]
49 public class HostSecurityManager {
50 public HostSecurityManager () {}
52 // The host can choose which events he wants to participate in. This property can be set when
53 // the host only cares about a subset of the capabilities exposed through the HostSecurityManager.
54 public virtual HostSecurityManagerOptions Flags {
56 // We use AllFlags as the default.
57 return HostSecurityManagerOptions.AllFlags;
61 #if FEATURE_CAS_POLICY
62 // provide policy for the AppDomain.
63 [Obsolete("AppDomain policy levels are obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
64 public virtual PolicyLevel DomainPolicy {
66 if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
68 throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
75 public virtual Evidence ProvideAppDomainEvidence (Evidence inputEvidence) {
76 // The default implementation does not modify the input evidence.
80 public virtual Evidence ProvideAssemblyEvidence (Assembly loadedAssembly, Evidence inputEvidence) {
81 // The default implementation does not modify the input evidence.
86 [System.Security.SecurityCritical] // auto-generated
87 [SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted=true)]
88 [ResourceExposure(ResourceScope.None)]
89 [ResourceConsumption(ResourceScope.Machine, ResourceScope.Machine)]
90 public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
92 if (applicationEvidence == null)
93 throw new ArgumentNullException("applicationEvidence");
94 Contract.EndContractBlock();
96 // This method looks for a trust decision for the ActivationContext in three locations, in order
99 // 1. Supplied by the host in the AppDomainSetup. If the host supplied a decision this way, it
100 // will be in the applicationEvidence.
101 // 2. Reuse the ApplicationTrust from the current AppDomain
102 // 3. Ask the TrustManager for a trust decision
104 // get the activation context from the application evidence.
105 // The default HostSecurityManager does not examine the activatorEvidence
106 // but other security managers could use it to figure out the
107 // evidence of the domain attempting to activate the application.
109 ActivationArguments activationArgs = applicationEvidence.GetHostEvidence<ActivationArguments>();
110 if (activationArgs == null)
111 throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
113 ActivationContext actCtx = activationArgs.ActivationContext;
115 throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
117 // Make sure that any ApplicationTrust we find applies to the ActivationContext we're
118 // creating the new AppDomain for.
119 ApplicationTrust appTrust = applicationEvidence.GetHostEvidence<ApplicationTrust>();
120 if (appTrust != null &&
121 !CmsUtils.CompareIdentities(appTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
126 // If there was not a trust decision supplied in the Evidence, we can reuse the existing trust
127 // decision from this domain if its identity matches the ActivationContext of the new domain.
128 // Otherwise consult the TrustManager for a trust decision
129 if (appTrust == null)
131 if (AppDomain.CurrentDomain.ApplicationTrust != null &&
132 CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
134 appTrust = AppDomain.CurrentDomain.ApplicationTrust;
138 appTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(actCtx, context);
142 // If the trust decision allows the application to run, then it should also have a permission set
143 // which is at least the permission set the application requested.
144 ApplicationSecurityInfo appRequest = new ApplicationSecurityInfo(actCtx);
145 if (appTrust != null &&
146 appTrust.IsApplicationTrustedToRun &&
147 !appRequest.DefaultRequestSet.IsSubsetOf(appTrust.DefaultGrantSet.PermissionSet))
149 throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
154 #endif // FEATURE_CLICKONCE
156 #if FEATURE_CAS_POLICY
157 // Query the CLR to see what it would have granted a specific set of evidence
158 public virtual PermissionSet ResolvePolicy(Evidence evidence)
160 if (evidence == null)
161 throw new ArgumentNullException("evidence");
162 Contract.EndContractBlock();
165 // If the evidence is from the GAC then the result is full trust.
166 // In a homogenous domain, then the application trust object provides the grant set.
167 // When CAS policy is disabled, the result is full trust.
168 // Otherwise, the result comes from evaluating CAS policy.
171 if (evidence.GetHostEvidence<GacInstalled>() != null)
173 return new PermissionSet(PermissionState.Unrestricted);
175 else if (AppDomain.CurrentDomain.IsHomogenous)
177 return AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
179 else if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
181 return new PermissionSet(PermissionState.Unrestricted);
185 return SecurityManager.PolicyManager.CodeGroupResolve(evidence, false);
191 /// Determine what types of evidence the host might be able to supply for the AppDomain if requested
193 /// <returns></returns>
194 public virtual Type[] GetHostSuppliedAppDomainEvidenceTypes() {
199 /// Determine what types of evidence the host might be able to supply for an assembly if requested
201 public virtual Type[] GetHostSuppliedAssemblyEvidenceTypes(Assembly assembly) {
206 /// Ask the host to supply a specific type of evidence for the AppDomain
208 public virtual EvidenceBase GenerateAppDomainEvidence(Type evidenceType) {
213 /// Ask the host to supply a specific type of evidence for an assembly
215 public virtual EvidenceBase GenerateAssemblyEvidence(Type evidenceType, Assembly assembly) {