在具有限制权限的AppDomain中执行非托管代码 [英] Executing unmanaged code in AppDomain with restricted permissions set
问题描述
大家好,
我的应用程序创建了一个AppDomain来加载和执行其他程序集,这些程序集可以访问非托管代码.
My application creates an AppDomain to load and execute other assemblies, these assemblies access to unmanaged code.
如果我创建了具有不受限制的权限集的AppDomain,则一切正常,但是,尽管我向我的AppDomain权限集添加了不受限制的SecurityPermission实例,但访问非托管代码时不会抛出异常.下一个 代码显示了我如何创建AppDomain.
If I create my AppDomain with and unrestricted permissions set, all works fine, but if not an exception is thrown when accessing to unmanaged code although I have added an unrestricted SecurityPermission instance to my AppDomain permissions set. The next code shows how I create AppDomain.
// Create a new sandboxed AppDomain
Evidence evidence = new System.Security.Policy.Evidence();
evidence.AddHostEvidence(new System.Security.Policy.Zone(SecurityZone.MyComputer));
PermissionSet permissionSet = SecurityManager.GetStandardSandbox(evidence);
permissionSet.SetPermission(new DataProtectionPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new EnvironmentPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new FileDialogPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new FileIOPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new GacIdentityPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new KeyContainerPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new MediaPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new PrincipalPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new PublisherIdentityPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new ReflectionPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new RegistryPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new SecurityPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new SiteIdentityPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new StorePermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new StrongNameIdentityPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new TypeDescriptorPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new UIPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new UrlIdentityPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new WebBrowserPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new ZoneIdentityPermission(PermissionState.Unrestricted));
permissionSet.SetPermission(new SocketPermission(PermissionState.None));
AppDomainSetup appDomainSetup = new AppDomainSetup();
appDomainSetup.ApplicationBase = Path.GetDirectoryName(applicationPath);
appDomainSetup.ApplicationName = Path.GetFileName(applicationPath);
appDomainSetup.PrivateBinPath = Path.Combine(appDomainSetup.ApplicationBase, "VCReferences");
this.sandboxedAppDomain = AppDomain.CreateDomain("Testing Sandbox", evidence, appDomainSetup, permissionSet, null);当我的AppDomain中的代码尝试访问非托管代码时,将引发TypeInitializationException. innerException是SecurityException(请求失败").调试中,我意识到CodeAccessSecurityEngine抛出SsecurityException,是因为它不受干扰 需要设置权限.
When code in my AppDomain try to access unmanaged code a TypeInitializationException is thrown. The innerException is a SecurityException ("Request failed"). Debugging I realize that CodeAccessSecurityEngine throws the SsecurityException because an unrestridted permissions set is demanded.
因此,尽管我添加了设置了UnmanagedCode标志的不受限制的SecurityPermission实例,但我无权访问非托管代码.
So although I have added an unrestrited SecurityPermission instance that have UnmanagedCode Flag set I have no access to unmanaged code.
在SecurityPermission中正确使用UnmanagedCode标志是什么?我想念什么吗?
What is the correct use of UnmanagedCode flag in SecurityPermission? Am I missing something?
P.D .:我已经成功创建了一个已加载程序集的对象实例(使用CreateInstanceAndUnwrap),并且我也可以执行其方法.唯一的问题是访问非托管代码,其余工作正常.
P.D.: I Have successfully cretaed an instance of object of loaded assembly (using CreateInstanceAndUnwrap), and I can execute its methods also. The only problem is accesing to unmanaged code, the rest work fine.
先谢谢您.最好的问候,
Thank you in advance. Best regards,
亚历克斯
推荐答案
Alex,
欢迎来到MSDN论坛.
Welcome to the MSDN Forum.
Appdomain: http://msdn.microsoft. com/en-us/library/system.appdomain(v = vs.110).aspx
Appdomain: http://msdn.microsoft.com/en-us/library/system.appdomain(v=vs.110).aspx
应用程序域,由表示 AppDomain , 帮助提供隔离,卸载和安全性边界 用于执行托管代码 .
Application domains, which are represented by AppDomain objects, help provide isolation, unloading, and security boundaries for executing managed code.
这是一个类似的线程: http://stackoverflow. com/questions/3369009/如何在应用程序域中执行非托管程序集
And here is a similar thread: http://stackoverflow.com/questions/3369009/how-to-execute-unmanaged-assembly-in-appdomain
它也解释:
-
AppDomains是纯托管结构.流程中运行的任何非托管代码不受AppDomain边界的影响,并具有对所有流程内存,数据和代码的完全访问权限.
-
AppDomains are pure managed construct. Any unmanaged code running in the process is unaffected by the AppDomain boundaries and has full access to all process memory, data and code.
非托管程序集的执行方式与托管程序集的执行方式不同.加载程序集以及查找和执行非托管程序集的入口点的过程与托管程序集的过程不同.因此,特殊的失败 你明白了.
Unmanaged assemblies are not executed the same way managed assemblies are. The process of loading the assembly, and finding and executing the entry point for the unmanaged assembly is different than the one for managed assemblies. Hence the particular failure you get.
如果要执行由非托管dll导出的功能,则应使用P/Invoke,这将确保使用正确的机制加载程序集并调用正确的入口点.
If you want to execute functions exported by an unmanaged dll, you should use P/Invoke, which will ensure that the assembly is loaded using the right mechanism and the proper entry point is invoked.
您不能像上面的方案一样,在同一过程中从可执行文件运行代码;您只能开始一个新过程.
You can't run code from an executable in the same process, as in your scenario above; you can only start a new process.
一种解决方法是:
您是正确的,无法将非托管DLL加载到AppDomain.您需要使用 至 DLL中的调用方法.
You're correct, an un-managed DLL cannot be loaded into an AppDomain. You need to use P/Invoke to call methods in the DLL.
我希望这会有所帮助.
最好的问候
这篇关于在具有限制权限的AppDomain中执行非托管代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
