如何更改 AppDomain 的权限? [英] How to change permissions of AppDomain?

问题描述

我使用特殊的方法创建了sandobx:

I use special method to create sandobx:

internal static class Helper
{
    public static AppDomain CreateSandbox()
    {
        Contract.Ensures(Contract.Result<AppDomain>() != null);

        var platform = Assembly.GetExecutingAssembly();
        var name = platform.FullName + ": Sandbox " + Guid.NewGuid();
        var setup = new AppDomainSetup { ApplicationBase = platform.Location };
        var permissions = new PermissionSet(PermissionState.None);
        permissions.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, platform.Location));
        var sandbox = AppDomain.CreateDomain(name, null, setup, permissions);

        Contract.Assume(sandbox != null);

        return sandbox;
    }
}

当我使用创建的沙箱时，我想更改它的权限:

When I use created sandbox, I want to change permissions of it:

sandbox = Security.Helper.CreateSandbox();
sandbox.SetupInformation.ApplicationBase = Path.GetDirectoryName(path);
sandbox.PermissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery, path));

但是当我将程序集加载到它时，我收到异常:

But when I load assembly to it, I recieve exception:

请求'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' 类型的权限失败."

如何更改 AppDomain 在创建后的权限?

How to change permissions of AppDomain AFTER it creation?

推荐答案

在同构 AppDomain 中，唯一允许的权限集是 FullTrust 和创建域时定义的权限集.一旦被授予，权限集就不能再扩展(AFAIK).将插件保持在沙盒中，绑定到您在创建自定义 AppDomain 时定义的 PermissionSet，并通过常用的、安全的关键类库提供高级功能(需要提升权限).

In a homogenuous AppDomain the only allowed permission sets are FullTrust and the permission set defined when creating the domain. Once granted, the permission set cannot be extended anymore (AFAIK). Keep the plugins sandboxed, tied to the PermissionSet you defined when creating the custom AppDomain, and provide advanced functionality (that needs elevated permissions) through a commonly used, security safe critical class library.

另请参阅此处的答案和提示:http://social.msdn.microsoft.com/Forums/en-US/clr/thread/23a9197e-3581-4a28-912d-968004488773

See also the answers and hints here: http://social.msdn.microsoft.com/Forums/en-US/clr/thread/23a9197e-3581-4a28-912d-968004488773

这篇关于如何更改 AppDomain 的权限?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！