3 // Copyright (c) Microsoft Corporation. All rights reserved.
6 // <OWNER>Microsoft</OWNER>
10 // ApplicationSecurityManager.cs
13 namespace System.Security.Policy {
14 using System.Deployment.Internal.Isolation;
15 using System.Deployment.Internal.Isolation.Manifest;
17 using System.Runtime.Versioning;
18 using System.Security.Permissions;
19 using System.Security.Util;
20 using System.Diagnostics.Contracts;
21 using System.Reflection;
23 [System.Runtime.InteropServices.ComVisible(true)]
24 public static class ApplicationSecurityManager {
25 private static volatile IApplicationTrustManager m_appTrustManager = null;
28 // Public static methods.
31 [System.Security.SecuritySafeCritical] // auto-generated
32 static ApplicationSecurityManager()
36 [System.Security.SecurityCritical] // auto-generated_required
37 [SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted=true)]
38 public static bool DetermineApplicationTrust (ActivationContext activationContext, TrustManagerContext context) {
39 if (activationContext == null)
40 throw new ArgumentNullException("activationContext");
41 Contract.EndContractBlock();
43 ApplicationTrust appTrust = null;
44 AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager;
45 if (domainManager != null) {
46 HostSecurityManager securityManager = domainManager.HostSecurityManager;
47 if ((securityManager != null) && ((securityManager.Flags & HostSecurityManagerOptions.HostDetermineApplicationTrust) == HostSecurityManagerOptions.HostDetermineApplicationTrust)) {
48 appTrust = securityManager.DetermineApplicationTrust(CmsUtils.MergeApplicationEvidence(null, activationContext.Identity, activationContext, null), null, context);
51 return appTrust.IsApplicationTrustedToRun;
55 appTrust = DetermineApplicationTrustInternal(activationContext, context);
58 return appTrust.IsApplicationTrustedToRun;
62 // Public static properties.
65 public static ApplicationTrustCollection UserApplicationTrusts {
66 [System.Security.SecuritySafeCritical] // auto-generated
67 [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.ControlPolicy)]
69 return new ApplicationTrustCollection(true);
73 public static IApplicationTrustManager ApplicationTrustManager {
74 [System.Security.SecuritySafeCritical] // auto-generated
75 [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.ControlPolicy)]
77 if (m_appTrustManager == null) {
78 m_appTrustManager = DecodeAppTrustManager();
79 if (m_appTrustManager == null)
80 throw new PolicyException(Environment.GetResourceString("Policy_NoTrustManager"));
82 return m_appTrustManager;
90 [System.Security.SecurityCritical] // auto-generated
91 internal static ApplicationTrust DetermineApplicationTrustInternal (ActivationContext activationContext, TrustManagerContext context) {
92 ApplicationTrust trust = null;
93 ApplicationTrustCollection userTrusts = new ApplicationTrustCollection(true);
95 // See if there is a persisted trust decision for this application.
96 if ((context == null || !context.IgnorePersistedDecision)) {
97 trust = userTrusts[activationContext.Identity.FullName];
102 // There is no cached trust decision so invoke the trust manager.
103 trust = ApplicationTrustManager.DetermineApplicationTrust(activationContext, context);
105 trust = new ApplicationTrust(activationContext.Identity);
106 // make sure the application identity is correctly set.
107 trust.ApplicationIdentity = activationContext.Identity;
109 userTrusts.Add(trust);
118 private static string s_machineConfigFile = Config.MachineDirectory + "applicationtrust.config";
120 [System.Security.SecurityCritical] // auto-generated
121 [ResourceExposure(ResourceScope.None)]
122 [ResourceConsumption(ResourceScope.Machine, ResourceScope.Machine)]
123 private static IApplicationTrustManager DecodeAppTrustManager () {
124 if (!File.InternalExists(s_machineConfigFile))
125 goto defaultTrustManager;
127 // A config file exists. Decode the trust manager from its Xml.
128 String configFileStr;
129 using (FileStream contents = new FileStream(s_machineConfigFile, FileMode.Open, FileAccess.Read))
131 configFileStr = new StreamReader(contents).ReadToEnd();
134 SecurityElement elRoot = SecurityElement.FromString(configFileStr);
135 SecurityElement elMscorlib = elRoot.SearchForChildByTag("mscorlib");
136 if (elMscorlib == null)
137 goto defaultTrustManager;
138 SecurityElement elSecurity = elMscorlib.SearchForChildByTag("security");
139 if (elSecurity == null)
140 goto defaultTrustManager;
141 SecurityElement elPolicy = elSecurity.SearchForChildByTag("policy");
142 if (elPolicy == null)
143 goto defaultTrustManager;
144 SecurityElement elSecurityManager = elPolicy.SearchForChildByTag("ApplicationSecurityManager");
145 if (elSecurityManager == null)
146 goto defaultTrustManager;
147 SecurityElement elTrustManager = elSecurityManager.SearchForChildByTag("IApplicationTrustManager");
148 if (elTrustManager == null)
149 goto defaultTrustManager;
150 IApplicationTrustManager appTrustManager = DecodeAppTrustManagerFromElement(elTrustManager);
151 if (appTrustManager == null)
152 goto defaultTrustManager;
153 return appTrustManager;
156 return DecodeAppTrustManagerFromElement(CreateDefaultApplicationTrustManagerElement());
159 [System.Security.SecurityCritical] // auto-generated
160 private static SecurityElement CreateDefaultApplicationTrustManagerElement() {
161 SecurityElement elTrustManager = new SecurityElement("IApplicationTrustManager");
162 elTrustManager.AddAttribute("class",
163 "System.Security.Policy.TrustManager, System.Windows.Forms, Version=" + ((RuntimeAssembly)Assembly.GetExecutingAssembly()).GetVersion() + ", Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken);
164 elTrustManager.AddAttribute("version", "1");
165 return elTrustManager;
168 [System.Security.SecurityCritical] // auto-generated
169 private static IApplicationTrustManager DecodeAppTrustManagerFromElement (SecurityElement elTrustManager) {
170 new ReflectionPermission(ReflectionPermissionFlag.MemberAccess).Assert();
171 string trustManagerName = elTrustManager.Attribute("class");
172 Type tmClass = Type.GetType(trustManagerName, false, false);
176 IApplicationTrustManager appTrustManager = Activator.CreateInstance(tmClass) as IApplicationTrustManager;
177 if (appTrustManager != null)
178 appTrustManager.FromXml(elTrustManager);
179 return appTrustManager;