C# 完全受信任程序集中的代码权限评估失败
我想用我的“沙盒”班主任的反思来捕捉我无法恰当解释的行为C# 完全受信任程序集中的代码权限评估失败,c#,.net,sandbox,code-access-security,C#,.net,Sandbox,Code Access Security,我想用我的“沙盒”班主任的反思来捕捉我无法恰当解释的行为 如果在创建时未将当前程序集添加到FullTrustList中 appdomain,则代码运行正常 如果在FullTrustList中添加当前程序集,则 PropertyInfo.GetValue引发SecurityException。这需要充分的准备 信任,但在appdomain中,我的任务集有限 这个问题可以用PermissionSet.Assert()解决,但在我看来,它像是一个肮脏的黑客 有人知道为什么在这两种情况下代码权限评估
- 如果在创建时未将当前程序集添加到FullTrustList中 appdomain,则代码运行正常
- 如果在FullTrustList中添加当前程序集,则 PropertyInfo.GetValue引发SecurityException。这需要充分的准备 信任,但在appdomain中,我的任务集有限
public static class Security
{
public static void Fail()
{
var name = Guid.NewGuid().ToString();
var appSetup = new AppDomainSetup
{
ApplicationName = name,
ApplicationBase = AppDomain.CurrentDomain.SetupInformation.ApplicationBase
};
// add permissions
var permissions = new PermissionSet(PermissionState.None);
permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
permissions.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.MemberAccess));
permissions.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
var type = typeof(Worker);
// get strong name to add assembly in full-trusted
var sn1 = type.Assembly.Evidence.GetHostEvidence<StrongName>();
var domain = AppDomain.CreateDomain(name, null, appSetup, permissions, sn1);
var worker = (Worker) Activator.CreateInstanceFrom(domain,
type.Assembly.ManifestModule
.FullyQualifiedName,
type.FullName).Unwrap();
try
{
worker.TryReflect();
}
catch (SecurityException ex)
{
Console.WriteLine(ex.ToString());
}
}
private class Worker : MarshalByRefObject
{
public static int Prop1 { get; private set; }
public void TryReflect()
{
var prop = typeof (Worker).GetProperty("Prop1");
// exception is thrown here:
var val = prop.GetValue(null);
}
}
}
公共静态类安全性
{
公共静态无效失败()
{
var name=Guid.NewGuid().ToString();
var appSetup=新的AppDomainSetup
{
ApplicationName=name,
ApplicationBase=AppDomain.CurrentDomain.SetupInformation.ApplicationBase
};
//添加权限
var permissions=新的PermissionSet(PermissionState.None);
permissions.AddPermission(新的SecurityPermission(SecurityPermissionFlag.Execution));
permissions.AddPermission(新的ReflectionPermission(ReflectionPermissionFlag.MemberAccess));
permissions.AddPermission(新文件IOPermission(PermissionState.Unrestricted));
变量类型=类型(工人);
//获取强名称以将程序集添加到完全受信任的
var sn1=type.Assembly.Evidence.GetHostEvidence();
var domain=AppDomain.CreateDomain(名称,null,appSetup,权限,sn1);
var worker=(worker)Activator.CreateInstanceFrom(域,
type.Assembly.ManifestModule
.完全合格名称,
type.FullName).Unwrap();
尝试
{
worker.TryReflect();
}
catch(SecurityException-ex)
{
Console.WriteLine(例如ToString());
}
}
私有类辅助对象:MarshallByRefObject
{
公共静态int-Prop1{get;私有集;}
公共无效TryReflect()
{
var prop=typeof(Worker).GetProperty(“Prop1”);
//在此处引发异常:
var val=prop.GetValue(null);
}
}
}
样品在这里