The Labs \ Source Viewer \ SSCLI \ System.Security.Policy \ ApplicationSecurityManager

  1. // ==++==
  2. //
  3. //
  4. // Copyright (c) 2006 Microsoft Corporation. All rights reserved.
  5. //
  6. // The use and distribution terms for this software are contained in the file
  7. // named license.txt, which can be found in the root of this distribution.
  8. // By using this software in any fashion, you are agreeing to be bound by the
  9. // terms of this license.
  10. //
  11. // You must not remove this notice, or any other, from this software.
  12. //
  13. //
  14. // ==--==
  15. //
  16. // ApplicationSecurityManager.cs
  17. //
  18. namespace System.Security.Policy
  19. {
  20.     using System.Deployment.Internal.Isolation;
  21.     using System.Deployment.Internal.Isolation.Manifest;
  22.     using System.IO;
  23.     using System.Runtime.Versioning;
  24.     using System.Security.Permissions;
  25.     using System.Security.Util;
  26.    
  27.     [System.Runtime.InteropServices.ComVisible(true)]
  28.     public static class ApplicationSecurityManager
  29.     {
  30.         private static IApplicationTrustManager m_appTrustManager = null;
  31.        
  32.         //
  33.         // Public static methods.
  34.         //
  35.        
  36.         [SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.ControlPolicy | SecurityPermissionFlag.ControlEvidence)]
  37.         [SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted = true)]
  38.         public static bool DetermineApplicationTrust(ActivationContext activationContext, TrustManagerContext context)
  39.         {
  40.             if (activationContext == null)
  41.                 throw new ArgumentNullException("activationContext");
  42.            
  43.             ApplicationTrust appTrust = null;
  44.             AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager;
  45.             if (domainManager != null) {
  46.                 HostSecurityManager securityManager = domainManager.HostSecurityManager;
  47.                 if ((securityManager != null) && ((securityManager.Flags & HostSecurityManagerOptions.HostDetermineApplicationTrust) == HostSecurityManagerOptions.HostDetermineApplicationTrust)) {
  48.                     appTrust = securityManager.DetermineApplicationTrust(CmsUtils.MergeApplicationEvidence(null, activationContext.Identity, activationContext, null), null, context);
  49.                     if (appTrust == null)
  50.                         return false;
  51.                     return appTrust.IsApplicationTrustedToRun;
  52.                 }
  53.             }
  54.            
  55.             appTrust = DetermineApplicationTrustInternal(activationContext, context);
  56.             if (appTrust == null)
  57.                 return false;
  58.             return appTrust.IsApplicationTrustedToRun;
  59.         }
  60.        
  61.         //
  62.         // Public static properties.
  63.         //
  64.        
  65.         public static ApplicationTrustCollection UserApplicationTrusts {
  66.             [SecurityPermissionAttribute(SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy)]
  67.             get { return new ApplicationTrustCollection(true); }
  68.         }
  69.        
  70.         public static IApplicationTrustManager ApplicationTrustManager {
  71.             [SecurityPermissionAttribute(SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy)]
  72.             get {
  73.                 if (m_appTrustManager == null) {
  74.                     m_appTrustManager = DecodeAppTrustManager();
  75.                     if (m_appTrustManager == null)
  76.                         throw new PolicyException(Environment.GetResourceString("Policy_NoTrustManager"));
  77.                 }
  78.                 return m_appTrustManager;
  79.             }
  80.         }
  81.        
  82.         //
  83.         // Internal
  84.         //
  85.        
  86.         static internal ApplicationTrust DetermineApplicationTrustInternal(ActivationContext activationContext, TrustManagerContext context)
  87.         {
  88.             ApplicationTrust trust = null;
  89.             ApplicationTrustCollection userTrusts = new ApplicationTrustCollection(true);
  90.            
  91.             // See if there is a persisted trust decision for this application.
  92.             if ((context == null || !context.IgnorePersistedDecision)) {
  93.                 trust = userTrusts[activationContext.Identity.FullName];
  94.                 if (trust != null)
  95.                     return trust;
  96.             }
  97.            
  98.             // There is no cached trust decision so invoke the trust manager.
  99.             trust = ApplicationTrustManager.DetermineApplicationTrust(activationContext, context);
  100.             if (trust == null)
  101.                 trust = new ApplicationTrust(activationContext.Identity);
  102.             // make sure the application identity is correctly set.
  103.             trust.ApplicationIdentity = activationContext.Identity;
  104.             if (trust.Persist)
  105.                 userTrusts.Add(trust);
  106.            
  107.             return trust;
  108.         }
  109.        
  110.         //
  111.         // Private.
  112.         //
  113.        
  114.         private static string s_machineConfigFile = Config.MachineDirectory + "applicationtrust.config";
  115.        
  116.         [ResourceExposure(ResourceScope.None)]
  117.         [ResourceConsumption(ResourceScope.Machine, ResourceScope.Machine)]
  118.         private static IApplicationTrustManager DecodeAppTrustManager()
  119.         {
  120.             if (!File.InternalExists(s_machineConfigFile))
  121.                 goto defaultTrustManager;
  122.            
  123.             // A config file exists. Decode the trust manager from its Xml.
  124.             FileStream contents = new FileStream(s_machineConfigFile, FileMode.Open, FileAccess.Read);
  125.            
  126.             SecurityElement elRoot = SecurityElement.FromString(new StreamReader(contents).ReadToEnd());
  127.             SecurityElement elMscorlib = elRoot.SearchForChildByTag("mscorlib");
  128.             if (elMscorlib == null)
  129.                 goto defaultTrustManager;
  130.             SecurityElement elSecurity = elMscorlib.SearchForChildByTag("security");
  131.             if (elSecurity == null)
  132.                 goto defaultTrustManager;
  133.             SecurityElement elPolicy = elSecurity.SearchForChildByTag("policy");
  134.             if (elPolicy == null)
  135.                 goto defaultTrustManager;
  136.             SecurityElement elSecurityManager = elPolicy.SearchForChildByTag("ApplicationSecurityManager");
  137.             if (elSecurityManager == null)
  138.                 goto defaultTrustManager;
  139.             SecurityElement elTrustManager = elSecurityManager.SearchForChildByTag("IApplicationTrustManager");
  140.             if (elTrustManager == null)
  141.                 goto defaultTrustManager;
  142.             IApplicationTrustManager appTrustManager = DecodeAppTrustManagerFromElement(elTrustManager);
  143.             if (appTrustManager == null)
  144.                 goto defaultTrustManager;
  145.             return appTrustManager;
  146.             defaultTrustManager:
  147.            
  148.             return DecodeAppTrustManagerFromElement(CreateDefaultApplicationTrustManagerElement());
  149.         }
  150.        
  151.         private static SecurityElement CreateDefaultApplicationTrustManagerElement()
  152.         {
  153.             SecurityElement elTrustManager = new SecurityElement("IApplicationTrustManager");
  154.             elTrustManager.AddAttribute("class", "System.Security.Policy.TrustManager, System.Windows.Forms, Version=" + System.Reflection.Assembly.GetExecutingAssembly().GetVersion() + ", Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken);
  155.             elTrustManager.AddAttribute("version", "1");
  156.             return elTrustManager;
  157.         }
  158.        
  159.         private static IApplicationTrustManager DecodeAppTrustManagerFromElement(SecurityElement elTrustManager)
  160.         {
  161.             new ReflectionPermission(ReflectionPermissionFlag.MemberAccess).Assert();
  162.             string trustManagerName = elTrustManager.Attribute("class");
  163.             Type tmClass = Type.GetType(trustManagerName, false, false);
  164.             if (tmClass == null)
  165.                 return null;
  166.            
  167.             IApplicationTrustManager appTrustManager = Activator.CreateInstance(tmClass) as IApplicationTrustManager;
  168.             if (appTrustManager != null)
  169.                 appTrustManager.FromXml(elTrustManager);
  170.             return appTrustManager;
  171.         }
  172.     }
  173. }

Developer Fusion