Code:
/ DotNET / DotNET / 8.0 / untmp / WIN_WINDOWS / lh_tools_devdiv_wpf / Windows / wcp / Framework / MS / Internal / AppModel / PresentationAppDomainManager.cs / 2 / PresentationAppDomainManager.cs
//---------------------------------------------------------------------------- // //// Copyright (C) Microsoft Corporation. All rights reserved. // // // Description: // Implements a custom AppDomainManager. // //--------------------------------------------------------------------------- using System; using System.Net; using System.Reflection; using System.Runtime.Remoting; using System.Security; using System.Security.Permissions; using System.Security.Policy; using System.Runtime.Hosting; using System.Text; using MS.Win32; using MS.Internal; using MS.Internal.AppModel; using MS.Internal.Utility; using MS.Utility; namespace System.Windows.Interop { internal class PresentationHostSecurityManager : HostSecurityManager { ////// Critical - HostSecurityManager..ctor LinkDemand's. This class should not be called directly by PT'ed callers, since it can interfere with /// the privileges an AppDomain gets. /// [SecurityCritical] internal PresentationHostSecurityManager() { } ////// Critical - because this accesses critical data AppDomain.CurrentDomain.SetupInformation.ActivationArguments /// and sets BrowserInteropHelper.IsViewer and .IsBrowserHosted. /// Safe - because this does not expose that string. /// [SecurityCritical, SecurityTreatAsSafe] public override ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context) { if (EventTrace.IsEnabled(EventTrace.Flags.performance, EventTrace.Level.verbose)) { EventTrace.EventProvider.TraceEvent( EventTrace.Level.verbose, EventTrace.GuidFromId(EventTraceGuidId.HOSTINGGUID), (byte)EventTrace.HostingEvent.DetermineApplicationTrustStart); } ApplicationTrust trust; Uri activationUri = GetUriFromActivationData(0); bool isDebug = PresentationAppDomainManager.IsDebug ? true : GetBoolFromActivationData(1); bool isViewer = GetBoolFromActivationData(2); BrowserInteropHelper.SetBrowserHosted(true); BrowserInteropHelper.IsViewer = isViewer; if (isDebug) { context.IgnorePersistedDecision = true; context.Persist = false; context.KeepAlive = false; context.NoPrompt = true; trust = base.DetermineApplicationTrust(applicationEvidence, activatorEvidence, context); Uri debugSecurityZoneURL = GetUriFromActivationData(3); if (debugSecurityZoneURL != null) { PermissionSet permissions = trust.DefaultGrantSet.PermissionSet; trust.DefaultGrantSet.PermissionSet = AddPermissionForUri(permissions, debugSecurityZoneURL); } } else { // Defense in depth. Should never get to this point and require this to be // set, but just in case, we do this so that we will never get a trust // prompt even if something goes wrong somewhere else. context.NoPrompt = true; trust = base.DetermineApplicationTrust(applicationEvidence, activatorEvidence, context); if (isViewer) { PermissionSet permissions = trust.DefaultGrantSet.PermissionSet; // Remove permissions to the site of origin of the viewer app permissions.RemovePermission(typeof(WebPermission)); permissions.RemovePermission(typeof(FileIOPermission)); // Remove IsolatedStorageFilePermission; it is not needed. permissions.RemovePermission(typeof(IsolatedStorageFilePermission)); // If this is a viewer app, the ApplicationTrust returned by base.DetermineApplicationTrust will // have the permissions appropriate to the viewer app, which is necessary for non-trivial viewer // apps to function properly. However, in order to access the viewed document, we will need to // add permission to access the path/URI where the viewed document comes from. trust.DefaultGrantSet.PermissionSet = AddPermissionForUri(permissions, activationUri); } } if (EventTrace.IsEnabled(EventTrace.Flags.performance, EventTrace.Level.verbose)) { EventTrace.EventProvider.TraceEvent( EventTrace.Level.verbose, EventTrace.GuidFromId(EventTraceGuidId.HOSTINGGUID), (byte)EventTrace.HostingEvent.DetermineApplicationTrustEnd); } return trust; } ////// Critical - because adds permission to default permissionset granted by trustmanager. /// Safe - Only gets called in debug and for loose xaml scenario permissions are removed too. /// [SecurityCritical, SecurityTreatAsSafe] private PermissionSet AddPermissionForUri(PermissionSet originalPermSet, Uri srcUri) { PermissionSet newPermSet = originalPermSet; if (srcUri != null) { Evidence evidence = new Evidence(); evidence.AddHost(new Url(BindUriHelper.UriToString(srcUri))); // important: the parameter must be a UrL object not a UrI object IMembershipCondition membership = new UrlMembershipCondition(BindUriHelper.UriToString(srcUri)); CodeGroup group = (srcUri.IsFile) ? (CodeGroup)new FileCodeGroup(membership, FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery) :(CodeGroup)new NetCodeGroup(membership); PolicyStatement policy = group.Resolve(evidence); if (!policy.PermissionSet.IsEmpty()) { newPermSet = originalPermSet.Union(policy.PermissionSet); } } return newPermSet; } ////// Critical - because this accesses critical data AppDomain.CurrentDomain.SetupInformation.ActivationArguments. /// Safe - because this does not expose that string. /// [SecurityCritical, SecurityTreatAsSafe] private bool GetBoolFromActivationData(int index) { bool flag = false; // default if (AppDomain.CurrentDomain.SetupInformation.ActivationArguments != null && AppDomain.CurrentDomain.SetupInformation.ActivationArguments.ActivationData.Length > index) { if (AppDomain.CurrentDomain.SetupInformation.ActivationArguments.ActivationData[index] == true.ToString()) { flag = true; } } return flag; } ////// Critical - because this accesses critical data AppDomain.CurrentDomain.SetupInformation.ActivationArguments. /// Safe - because this does not expose that string. /// [SecurityCritical, SecurityTreatAsSafe] private Uri GetUriFromActivationData(int index) { Uri uri = null; if (AppDomain.CurrentDomain.SetupInformation.ActivationArguments != null && AppDomain.CurrentDomain.SetupInformation.ActivationArguments.ActivationData.Length > index) { if (!string.IsNullOrEmpty(AppDomain.CurrentDomain.SetupInformation.ActivationArguments.ActivationData[index])) { uri = new UriBuilder(AppDomain.CurrentDomain.SetupInformation.ActivationArguments.ActivationData[index]).Uri; } } return uri; } } // This is the custom ApplicationActivator that will be returned by // the PresentationAppDomainManager.ApplicationActivator property. // CreateInstance will be called twice: the first time to create // the new AppDomain, and the second time to create the app inside // of the new AppDomain. internal class PresentationApplicationActivator : System.Runtime.Hosting.ApplicationActivator { ////// Critical - because this does an elevation to get the ID string. /// Safe - because this does not expose that string. /// [SecurityCritical, SecurityTreatAsSafe] public override ObjectHandle CreateInstance(ActivationContext actCtx) { if (EventTrace.IsEnabled(EventTrace.Flags.performance, EventTrace.Level.verbose)) { EventTrace.EventProvider.TraceEvent( EventTrace.Level.verbose, EventTrace.GuidFromId(EventTraceGuidId.HOSTINGGUID), (byte)EventTrace.HostingEvent.ApplicationActivatorCreateInstanceStart, PresentationAppDomainManager.ActivationUri != null ? PresentationAppDomainManager.ActivationUri.ToString() : string.Empty); } ObjectHandle oh; if (PresentationAppDomainManager.ActivationUri != null) { oh = base.CreateInstance( actCtx, new string[] { BindUriHelper.UriToString(PresentationAppDomainManager.ActivationUri), PresentationAppDomainManager.IsDebug.ToString(), PresentationAppDomainManager.IsViewer.ToString(), (PresentationAppDomainManager.DebugSecurityZoneURL == null? string.Empty : PresentationAppDomainManager.DebugSecurityZoneURL.ToString())}); } else { oh = base.CreateInstance(actCtx); } bool returnAppDomain = false; try { new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert(); // BlessedAssert: if (AppDomain.CurrentDomain.ActivationContext != null && AppDomain.CurrentDomain.ActivationContext.Identity.ToString().Equals(actCtx.Identity.ToString())) { returnAppDomain = true; } } finally { CodeAccessPermission.RevertAssert(); } if (EventTrace.IsEnabled(EventTrace.Flags.performance, EventTrace.Level.verbose)) { EventTrace.EventProvider.TraceEvent(EventTrace.Level.verbose, EventTrace.GuidFromId(EventTraceGuidId.HOSTINGGUID), (byte)EventTrace.HostingEvent.ApplicationActivatorCreateInstanceEnd); } if (returnAppDomain) { // this is the server domain return new ObjectHandle(AppDomain.CurrentDomain); } else { return oh; } } } // This is a custom AppDomainManager class we're using. We need to set the // assembly name and class name in the environment for CLR to use it. We // need to use this to detect new AppDomain creation. internal class PresentationAppDomainManager : AppDomainManager { ////// Critical: Initializes Critical data /// [SecurityCritical, SecurityTreatAsSafe] static PresentationAppDomainManager() { if (EventTrace.IsEnabled(EventTrace.Flags.performance, EventTrace.Level.verbose)) { EventTrace.EventProvider.TraceEvent(EventTrace.Level.verbose, EventTrace.GuidFromId(EventTraceGuidId.HOSTINGGUID), (byte)EventTrace.HostingEvent.AppDomainManagerCctor); } _isViewer = new SecurityCriticalDataForSet(false); } /// /// Critical: Base class has link demnd and inheritance demand /// [SecurityCritical] public PresentationAppDomainManager() { } public override ApplicationActivator ApplicationActivator { get { if (_appActivator == null) _appActivator = new PresentationApplicationActivator(); return _appActivator; } } ////// Critical: This hooks up the assembly filter which we want to prevent arbitrary code from doing. /// [SecurityCritical] public override void InitializeNewDomain(AppDomainSetup appDomainInfo) { //Hookup the assembly load event _assemblyFilter = new AssemblyFilter(); AppDomain.CurrentDomain.AssemblyLoad += new AssemblyLoadEventHandler(_assemblyFilter.FilterCallback); } ////// Critical - get: Discloses a HostSecurityManager object /// public override HostSecurityManager HostSecurityManager { [SecurityCritical] get { if (_hostsecuritymanager == null) { _hostsecuritymanager = new PresentationHostSecurityManager(); } return _hostsecuritymanager; } } // Creates ApplicationProxyInternal. Creating it from Default domain will // cause a stack walk for ReflectionPermission which will fail for partial // trust apps. ////// Critical: This calls the critical ApplicationProxyInternal ctor /// [SecurityCritical] internal ApplicationProxyInternal CreateApplicationProxyInternal() { return new ApplicationProxyInternal(); } internal static AppDomain NewAppDomain { get { return _newAppDomain; } set { _newAppDomain = value; } } internal static bool SaveAppDomain { get { return _saveAppDomain; } set { _saveAppDomain = value; // Allow garbage collection to happen. _newAppDomain = null; } } internal static Uri ActivationUri { get { return _activationUri; } set { _activationUri = value; } } internal static Uri DebugSecurityZoneURL { get { return _debugSecurityZoneURL; } set { _debugSecurityZoneURL = value; } } internal static bool IsDebug { get { return _isdebug; } set { _isdebug = value; } } ////// Returns true if the app is a viewer app. /// ////// This is critical because setting the viewer status is a critical resource. /// internal static bool IsViewer { get { return _isViewer.Value; } [SecurityCritical] set { _isViewer.Value = value; } } private static bool _isdebug = false; private static SecurityCriticalDataForSet_isViewer; private ApplicationActivator _appActivator = null; /// /// It holds a HostSecurityManager object, which is critical and can interfere with the permissions that are assigned to an AppDomain. /// [SecurityCritical] private HostSecurityManager _hostsecuritymanager = null; private static AppDomain _newAppDomain; private static bool _saveAppDomain; private static Uri _activationUri; private static Uri _debugSecurityZoneURL; ////// Critical: This should not be exposed since it can be used to bring down process /// [SecurityCritical] private AssemblyFilter _assemblyFilter; } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- DataGridViewElement.cs
- SymbolMethod.cs
- PerfService.cs
- ExpandableObjectConverter.cs
- AuthorizationSection.cs
- ReferenceSchema.cs
- ProfileProvider.cs
- CompositeDataBoundControl.cs
- XsdBuildProvider.cs
- HttpRuntime.cs
- TransportContext.cs
- PathFigure.cs
- Literal.cs
- EtwProvider.cs
- ChannelDispatcherBase.cs
- SqlFunctions.cs
- Item.cs
- ImageBrush.cs
- FileSystemInfo.cs
- FileChangesMonitor.cs
- HitTestDrawingContextWalker.cs
- InstanceCreationEditor.cs
- AlgoModule.cs
- XmlSchemaParticle.cs
- FileDetails.cs
- MetadataItemEmitter.cs
- UnSafeCharBuffer.cs
- WMIGenerator.cs
- SafeSecurityHelper.cs
- FrameDimension.cs
- VectorConverter.cs
- Number.cs
- Guid.cs
- DataControlCommands.cs
- WindowClosedEventArgs.cs
- KeyConstraint.cs
- CacheMode.cs
- ToolStripContainer.cs
- PKCS1MaskGenerationMethod.cs
- PathParser.cs
- ClientSponsor.cs
- RequestQueryParser.cs
- OrthographicCamera.cs
- ButtonBaseAutomationPeer.cs
- DiagnosticTraceSchemas.cs
- HwndProxyElementProvider.cs
- SmtpException.cs
- ObjectTag.cs
- SqlProviderUtilities.cs
- BasicHttpBindingElement.cs
- MetadataCache.cs
- WebControlToolBoxItem.cs
- TracedNativeMethods.cs
- _SecureChannel.cs
- MULTI_QI.cs
- AlternateView.cs
- UidManager.cs
- AudienceUriMode.cs
- WebPartVerbsEventArgs.cs
- ListChangedEventArgs.cs
- OrthographicCamera.cs
- XsltException.cs
- ColumnCollection.cs
- LocalizationComments.cs
- WorkflowViewElement.cs
- SendSecurityHeaderElement.cs
- DesignerDataColumn.cs
- SettingsPropertyValue.cs
- AdRotator.cs
- handlecollector.cs
- TaskFormBase.cs
- AcceleratedTokenProvider.cs
- OneOfTypeConst.cs
- QueryCacheEntry.cs
- PageSetupDialog.cs
- PropertyDescriptor.cs
- NetworkStream.cs
- Setter.cs
- GPPOINT.cs
- PlatformCulture.cs
- CodeAccessSecurityEngine.cs
- ContentFilePart.cs
- PublisherIdentityPermission.cs
- Rect3D.cs
- UIElementIsland.cs
- DeviceContext2.cs
- UnsafeNativeMethods.cs
- Compress.cs
- AssemblyAttributes.cs
- AttributeData.cs
- DecoderFallback.cs
- SmiEventSink_DeferedProcessing.cs
- RSAOAEPKeyExchangeDeformatter.cs
- NamespaceCollection.cs
- ComboBox.cs
- WorkflowServiceOperationListItem.cs
- WebBrowserProgressChangedEventHandler.cs
- ConsumerConnectionPoint.cs
- OdbcParameter.cs
- HashFinalRequest.cs