mcs/class/referencesource/mscorlib/system/security/policy/applicationsecuritymanager.cs

   1 // ==++==
   2 //
   3 //   Copyright (c) Microsoft Corporation.  All rights reserved.
   4 //
   5 // ==--==
   6 // <OWNER>Microsoft</OWNER>
   7 //
   8
   9 //
  10 // ApplicationSecurityManager.cs
  11 //
  12
  13 namespace System.Security.Policy {
  14     using System.Deployment.Internal.Isolation;
  15     using System.Deployment.Internal.Isolation.Manifest;
  16     using System.IO;
  17     using System.Runtime.Versioning;
  18     using System.Security.Permissions;
  19     using System.Security.Util;
  20     using System.Diagnostics.Contracts;
  21     using System.Reflection;
  22
  23     [System.Runtime.InteropServices.ComVisible(true)]
  24     public static class ApplicationSecurityManager {
  25         private static volatile IApplicationTrustManager m_appTrustManager = null;
  26
  27         //
  28         // Public static methods.
  29         //
  30
  31         [System.Security.SecuritySafeCritical]  // auto-generated
  32         static ApplicationSecurityManager()
  33         {
  34         }
  35
  36         [System.Security.SecurityCritical]  // auto-generated_required
  37         [SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted=true)]
  38         public static bool DetermineApplicationTrust (ActivationContext activationContext, TrustManagerContext context) {
  39             if (activationContext == null)
  40                 throw new ArgumentNullException("activationContext");
  41             Contract.EndContractBlock();
  42
  43             ApplicationTrust appTrust = null;
  44             AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager;
  45             if (domainManager != null) {
  46                 HostSecurityManager securityManager = domainManager.HostSecurityManager;
  47                 if ((securityManager != null) && ((securityManager.Flags & HostSecurityManagerOptions.HostDetermineApplicationTrust) == HostSecurityManagerOptions.HostDetermineApplicationTrust)) {
  48                     appTrust = securityManager.DetermineApplicationTrust(CmsUtils.MergeApplicationEvidence(null, activationContext.Identity, activationContext, null), null, context);
  49                     if (appTrust == null)
  50                         return false;
  51                     return appTrust.IsApplicationTrustedToRun;
  52                 }
  53             }
  54
  55             appTrust = DetermineApplicationTrustInternal(activationContext, context);
  56             if (appTrust == null)
  57                 return false;
  58             return appTrust.IsApplicationTrustedToRun;
  59         }
  60
  61         //
  62         // Public static properties.
  63         //
  64
  65         public static ApplicationTrustCollection UserApplicationTrusts {
  66             [System.Security.SecuritySafeCritical]  // auto-generated
  67             [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.ControlPolicy)]
  68             get {
  69                 return new ApplicationTrustCollection(true);
  70             }
  71         }
  72
  73         public static IApplicationTrustManager ApplicationTrustManager {
  74             [System.Security.SecuritySafeCritical]  // auto-generated
  75             [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.ControlPolicy)]
  76             get {
  77                 if (m_appTrustManager == null) {
  78                     m_appTrustManager = DecodeAppTrustManager();
  79                     if (m_appTrustManager == null)
  80                         throw new PolicyException(Environment.GetResourceString("Policy_NoTrustManager"));
  81                 }
  82                 return m_appTrustManager;
  83             }
  84         }
  85
  86         //
  87         // Internal
  88         //
  89
  90         [System.Security.SecurityCritical]  // auto-generated
  91         internal static ApplicationTrust DetermineApplicationTrustInternal (ActivationContext activationContext, TrustManagerContext context) {
  92             ApplicationTrust trust = null;
  93             ApplicationTrustCollection userTrusts = new ApplicationTrustCollection(true);
  94
  95             // See if there is a persisted trust decision for this application.
  96             if ((context == null || !context.IgnorePersistedDecision)) {
  97                 trust = userTrusts[activationContext.Identity.FullName];
  98                 if (trust != null)
  99                     return trust;
 100             }
 101
 102             // There is no cached trust decision so invoke the trust manager.
 103             trust = ApplicationTrustManager.DetermineApplicationTrust(activationContext, context);
 104             if (trust == null)
 105                 trust = new ApplicationTrust(activationContext.Identity);
 106             // make sure the application identity is correctly set.
 107             trust.ApplicationIdentity = activationContext.Identity;
 108             if (trust.Persist)
 109                 userTrusts.Add(trust);
 110
 111             return trust;
 112         }
 113
 114         //
 115         // Private.
 116         //
 117
 118         private static string s_machineConfigFile = Config.MachineDirectory + "applicationtrust.config";
 119
 120         [System.Security.SecurityCritical]  // auto-generated
 121         [ResourceExposure(ResourceScope.None)]
 122         [ResourceConsumption(ResourceScope.Machine, ResourceScope.Machine)]
 123         private static IApplicationTrustManager DecodeAppTrustManager () {
 124             if (!File.InternalExists(s_machineConfigFile))
 125                 goto defaultTrustManager;
 126
 127             // A config file exists. Decode the trust manager from its Xml.
 128             String configFileStr;
 129             using (FileStream contents = new FileStream(s_machineConfigFile, FileMode.Open, FileAccess.Read))
 130             {
 131                 configFileStr = new StreamReader(contents).ReadToEnd();
 132             }
 133
 134             SecurityElement elRoot = SecurityElement.FromString(configFileStr);
 135             SecurityElement elMscorlib = elRoot.SearchForChildByTag("mscorlib");
 136             if (elMscorlib == null)
 137                 goto defaultTrustManager;
 138             SecurityElement elSecurity = elMscorlib.SearchForChildByTag("security");
 139             if (elSecurity == null)
 140                 goto defaultTrustManager;
 141             SecurityElement elPolicy = elSecurity.SearchForChildByTag("policy");
 142             if (elPolicy == null)
 143                 goto defaultTrustManager;
 144             SecurityElement elSecurityManager = elPolicy.SearchForChildByTag("ApplicationSecurityManager");
 145             if (elSecurityManager == null)
 146                 goto defaultTrustManager;
 147             SecurityElement elTrustManager = elSecurityManager.SearchForChildByTag("IApplicationTrustManager");
 148             if (elTrustManager == null)
 149                 goto defaultTrustManager;
 150             IApplicationTrustManager appTrustManager = DecodeAppTrustManagerFromElement(elTrustManager);
 151             if (appTrustManager == null)
 152                 goto defaultTrustManager;
 153             return appTrustManager;
 154
 155 defaultTrustManager:
 156             return DecodeAppTrustManagerFromElement(CreateDefaultApplicationTrustManagerElement());
 157         }
 158
 159         [System.Security.SecurityCritical]  // auto-generated
 160         private static SecurityElement CreateDefaultApplicationTrustManagerElement() {
 161             SecurityElement elTrustManager = new SecurityElement("IApplicationTrustManager");
 162             elTrustManager.AddAttribute("class",
 163                                         "System.Security.Policy.TrustManager, System.Windows.Forms, Version=" + ((RuntimeAssembly)Assembly.GetExecutingAssembly()).GetVersion() + ", Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken);
 164             elTrustManager.AddAttribute("version", "1");
 165             return elTrustManager;
 166         }
 167
 168         [System.Security.SecurityCritical]  // auto-generated
 169         private static IApplicationTrustManager DecodeAppTrustManagerFromElement (SecurityElement elTrustManager) {
 170             new ReflectionPermission(ReflectionPermissionFlag.MemberAccess).Assert();
 171             string trustManagerName = elTrustManager.Attribute("class");
 172             Type tmClass = Type.GetType(trustManagerName, false, false);
 173             if (tmClass == null)
 174                 return null;
 175
 176             IApplicationTrustManager appTrustManager = Activator.CreateInstance(tmClass) as IApplicationTrustManager;
 177             if (appTrustManager != null)
 178                 appTrustManager.FromXml(elTrustManager);
 179             return appTrustManager;
 180         }
 181     }
 182 }