Sandboxed AppDomain中的SecurityException

时间:2011-11-22 17:46:48

标签: c# security scripting appdomain

我正在尝试使用 CSharpCodeProvider (使用VS2010和.NET 4.0)将C#用作脚本语言。我希望脚本在具有最小权限的受限AppDomain中运行。目前,我在尝试在AppDomain中实例化一个类时遇到异常(对 CreateInstanceAndUnwrap()的调用)。以下是一些重现异常的简化代码:

using System;
using System.Collections.Generic;
using Microsoft.CSharp;
using System.CodeDom;
using System.CodeDom.Compiler;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Reflection;
using System.Runtime.Remoting;

namespace ConsoleApp
{
    class Program
    {
        static void Main(string[] args)
        {
            // set permissions
            PermissionSet permissions = new PermissionSet(PermissionState.None);
            permissions.AddPermission(new SecurityPermission( SecurityPermissionFlag.Execution));

            AppDomainSetup adSetup = new AppDomainSetup();
            adSetup.ApplicationBase = AppDomain.CurrentDomain.BaseDirectory;

            //Create a list of fully trusted assemblies
            Assembly[] asms = AppDomain.CurrentDomain.GetAssemblies();
            List<StrongName> sns = new List<StrongName>();
            for (int x = 0; x < asms.Length; x++)
            {
                StrongName sn = asms[x].Evidence.GetHostEvidence<StrongName>();
                if (sn != null && sns.Contains(sn) == false)
                    sns.Add(sn);
            }
            //this includes: "mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"            

            AppDomain domain = AppDomain.CreateDomain("NewAppDomain", AppDomain.CurrentDomain.Evidence, adSetup, permissions);//, sns);//, sn4, sn, sn2, sn3);
            try
            {
                String asmName = Assembly.GetExecutingAssembly().FullName;
                String typeName = typeof(ConsoleApp.ScriptRunner).FullName;
                //Throws exception here
                ScriptRunner scriptRunner = domain.CreateInstanceAndUnwrap(asmName, typeName) as ScriptRunner;
            }
            catch (SecurityException se)
            {
                System.Diagnostics.Debug.WriteLine(se.Message);
            }
            catch (Exception ex)
            {
                System.Diagnostics.Debug.WriteLine(ex.Message);
            }
        }
    }

    public class ScriptRunner : MarshalByRefObject
    {      
        public ScriptRunner()
        {
            //A breakpoint placed here is never reached.
            CompilerParameters param;
            param = new CompilerParameters();
            param.CompilerOptions = "";
            param.GenerateExecutable = false;
            param.GenerateInMemory = true;
            param.IncludeDebugInformation = false;

            // C# compiler
            CSharpCodeProvider codeProvider = new CSharpCodeProvider();  

            CompilerResults results = codeProvider.CompileAssemblyFromFile(param, "Danger.cs");           
        }
    }
}

从mscorlib抛出异常,它是一个内部 System.Security.SecurityException System.Reflection.TargetInvocationException 。这是一个例外:

System.Reflection.TargetInvocationException was unhandled
  Message=Exception has been thrown by the target of an invocation.
  Source=mscorlib
  StackTrace:
       at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
       at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache)
       at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache)
       at System.Activator.CreateInstance(Type type, Boolean nonPublic)
       at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
       at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
       at System.Activator.CreateInstance(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo, StackCrawlMark& stackMark)
       at System.Activator.CreateInstance(String assemblyName, String typeName)
       at System.AppDomain.CreateInstance(String assemblyName, String typeName)
       at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName, String typeName)
       at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName, String typeName)
       at ConsoleApp.Program.Main(String[] args) in C:\Documents and Settings\NaultyCS\my documents\visual studio 2010\Projects\ConsoleApplication4\ConsoleApplication4\Program.cs:line 46
       at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
       at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
       at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
       at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
       at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
       at System.Threading.ThreadHelper.ThreadStart()
  InnerException: System.Security.SecurityException
       Message=Request failed.
       Source=ConsoleApplication4
       GrantedSet=<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Execution"/>
</PermissionSet>

       PermissionState=<PermissionSet class="System.Security.PermissionSet"
version="1"
Unrestricted="true"/>

       RefusedSet=""
       Url=file:///C:/Documents and Settings/NaultyCS/my documents/visual studio 2010/Projects/ConsoleApplication4/ConsoleApplication4/bin/Debug/ConsoleApplication4.EXE
       StackTrace:
            at ConsoleApp.ScriptRunner..ctor()
       InnerException:

所以在我看来,mscorlib要求完全信任。我已将其添加为完全受信任的程序集,但它没有任何效果。如果我将权限设置为不受限制,则上述代码有效:

PermissionSet permissions = new PermissionSet(PermissionState.Unrestricted);

但我想限制AppDomain。我在这里做错了什么?

1 个答案:

答案 0 :(得分:2)

对于迟到的编辑感到抱歉。请尝试以下方法。我在Visual Studio中使用测试应用程序启动并运行。在旁注中,我个人不喜欢构造函数中的“逻辑”,因为真正的错误往往会隐藏一些。以下步骤将编译逻辑从构造函数移动到新方法。

  1. 确保您的控制台应用具有StrongName / Signed。

  2. 包含sns变量作为调用AppDomain.CreateDomain的最后一个参数。 LinkDemand权限要求您的ConsoleApp完全受信任。

    AppDomain domain = AppDomain.CreateDomain("NewAppDomain", AppDomain.CurrentDomain.Evidence, adSetup, permissions, sns.ToArray());

  3. 更改asmName以使用程序集的完整文件路径。 

    String asmName = Assembly.GetExecutingAssembly().ManifestModule.FullyQualifiedName;

  4. 删除对以下2行代码

    的CreateInstanceAndUnwrap调用 
    var handle = Activator.CreateInstanceFrom(domain, asmName, typeName);
var scriptRunner = (ScriptRunner)handle.Unwrap();

  5. 将所有代码从构造函数移动到新方法,例如“开始”。

  6. 添加该行以调用Start方法。

    scriptRunner.Start();

  7. 添加FileIOPermission以读取Danger.cs文件。

    permissions.AddPermission(new FileIOPermission(PermissionState.None) { AllFiles = FileIOPermissionAccess.Read });
相关问题
最新问题