问题
I use special method to create sandobx:
internal static class Helper
{
public static AppDomain CreateSandbox()
{
Contract.Ensures(Contract.Result<AppDomain>() != null);
var platform = Assembly.GetExecutingAssembly();
var name = platform.FullName + ": Sandbox " + Guid.NewGuid();
var setup = new AppDomainSetup { ApplicationBase = platform.Location };
var permissions = new PermissionSet(PermissionState.None);
permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, platform.Location));
var sandbox = AppDomain.CreateDomain(name, null, setup, permissions);
Contract.Assume(sandbox != null);
return sandbox;
}
}
When I use created sandbox, I want to change permissions of it:
sandbox = Security.Helper.CreateSandbox();
sandbox.SetupInformation.ApplicationBase = Path.GetDirectoryName(path);
sandbox.PermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, path));
But when I load assembly to it, I recieve exception:
"Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed."
How to change permissions of AppDomain AFTER it creation?
回答1:
In a homogenuous AppDomain the only allowed permission sets are FullTrust and the permission set defined when creating the domain. Once granted, the permission set cannot be extended anymore (AFAIK). Keep the plugins sandboxed, tied to the PermissionSet you defined when creating the custom AppDomain, and provide advanced functionality (that needs elevated permissions) through a commonly used, security safe critical class library.
See also the answers and hints here: http://social.msdn.microsoft.com/Forums/en-US/clr/thread/23a9197e-3581-4a28-912d-968004488773
来源:https://stackoverflow.com/questions/8107162/how-to-change-permissions-of-appdomain