C＃AppDomain：从入口点执行程序集 [英] C# AppDomain: Execute assembly from entry point

问题描述

我正在尝试创建Windows沙箱应用程序，其基础是在此处找到的方法： https://msdn.microsoft.com/en-us/library/bb763046（v = vs.110）.aspx

I am trying to create a Windows sandbox application, building upon the "How to" found here: "https://msdn.microsoft.com/en-us/library/bb763046(v=vs.110).aspx"

在该示例中，它从DLL加载特定类型，而我希望能够从其入口点以受限权限执行程序集。

In the example it loads a specific type from a DLL whereas I would like to be able to execute an assembly from its entry point with restricted permissions.

我用于测试的程序是一个简单的hello world应用程序。

The program I am using for testing purposes is a simple hello world application.

using System;

namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Hello World!");
            Console.Read();
        }
    }
}

我尝试了两种不同的方法尝试实现这一目标。

I have tried two different methods to try and achieve this.

方法1。

在条目上使用 MethodInfo.Invoke方法

Use the "MethodInfo.Invoke" method on the entry point of the assembly.

MethodInfo target = Assembly.Load(assemblyName).EntryPoint;
target.Invoke(null, parameters);

由于主要方法是非公开的，因此会产生方法访问异常。解决此问题的一种简单方法是将main方法公开，但是我将无法使用此应用程序使用的程序集。

This produces a Method Access Exception due to the main method being non-public. A simple way around this would be to make the main method public but I will not have this sort of access to the assemblies that are intended to be used with this application.

方法2。

使用如下所示的 AppDomain.ExecuteAssembly方法。

Use the "AppDomain.ExecuteAssembly" method as shown below.

newDomain.ExecuteAssembly(filePath, parameters);

这要求应用程序域具有要执行的程序集的文件IO权限和UI权限，但是我希望能够限制程序集具有这些权限。

This requires that the app domain has both File IO Permission and UI Permission for the assembly to be executed but I want to be able to restrict the assembly from having these permissions.

是否有一种方法可以从权限受限的应用程序域中的入口点执行程序集？

Is there a way to execute an assembly from it's entry point within a permission restricted app domain?

编辑：程序集的位置从打开文件对话框中提供，然后传递到以下方法。

The assembly's location is provided from an Open File Dialog and is then passed to the following method.

public int RunAssembly(string filePath, string[] parameters)
{
    AppDomainSetup adSetup = new AppDomainSetup();
    adSetup.ApplicationBase = Path.GetDirectoryName(filePath);

    PermissionSet permSet = new PermissionSet(PermissionState.None);
    permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

    StrongName fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();

    newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, fullTrustAssembly);

    return newDomain.ExecuteAssembly(filePath, parameters);
}

您可以看到我想授予新应用程序域的唯一权限是运行的能力。鉴于它需要文件IO和UI权限才能使ExecuteAssembly方法正常工作。

As you can see the only permission I would like to give the new app domain is the ability to run. Whereas it required File IO and UI permissions for the ExecuteAssembly method to work correctly.

推荐答案

使用方法＃1并添加反射权限RestrictedMemberAccess是一种调用具有完全受限权限的程序集的方法，以便可以调用非公共成员。

Using Method #1 and adding the reflection permission RestrictedMemberAccess so that non-public members can be invoked is a way of invoking an assembly with fully restricted permissions.

MethodInfo target = Assembly.Load(assemblyName).EntryPoint;
(new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess)).Assert();
target.Invoke(null, parameters);

完整的加载代码：

public int RunAssembly(string filePath, Object[] parameters)
{
    AppDomainSetup adSetup = new AppDomainSetup();
    adSetup.ApplicationBase = Path.GetDirectoryName(filePath);

    PermissionSet permSet = new PermissionSet(PermissionState.None);
    permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

    StrongName fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();

    newDomain = AppDomain.CreateDomain("Sandbox", null, adSetup, permSet, fullTrustAssembly);

    ObjectHandle handle = Activator.CreateInstanceFrom(
        _newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName,
        typeof(Sandboxer).FullName
        );

    newDomainInstance = (Sandboxer)handle.Unwrap();

    string assemblyName = Path.GetFileNameWithoutExtension(filePath);

    return newDomainInstance.ExecuteAssembly(assemblyName, parameters);
}

public int ExecuteAssembly(string assemblyName, Object[] parameters)
{
    MethodInfo target = Assembly.Load(assemblyName).EntryPoint;
    (new ReflectionPermission(ReflectionPermissionFlag.RestrictedMemberAccess)).Assert();

    return target.Invoke(null, parameters);
}

对不起，方法名称不明确，如果要使用，应更改这些名称

Sorry for the ambiguous method name, these should be changed if it to be used.

这篇关于C＃AppDomain：从入口点执行程序集的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！