通过 appdomain 限制插件对文件系统和网络的访问 [英] Restrict plugin access to file system and network via appdomain

问题描述

不久前我问过如何限制插件访问(我想阻止它们写入磁盘或网络)，我被告知使用 AppDomain.我已经搜索并尝试过如何使其工作失败.

I asked a while ago how to restrict plugins access ( I want to prevent them from writing to the disk or network ) and i was told to use AppDomain. I have searched and tried and failed on how to get this working.

谁能提供一些信息以便我开始使用，只需创建一个不允许写入文件或网络的 AppDomain.

Can anyone provide some information so i can get started, simply put make a AppDomain that does not allows writing to the file or network.

推荐答案

如果我理解正确的话，我想这就是您所需要的.

I guess this is what you need, if I understand correctly your point.

System.Security.PermissionSet ps = 
    new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None);
ps.AddPermission(new System.Security.Permissions.FileIOPermission(System.Security.Permissions.FileIOPermissionAccess.NoAccess, "C:\\"));
System.Security.Policy.PolicyLevel pl = System.Security.Policy.PolicyLevel.CreateAppDomainLevel();
pl.RootCodeGroup.PolicyStatement = new System.Security.Policy.PolicyStatement(ps);
AppDomain.CurrentDomain.SetAppDomainPolicy(pl);
System.Reflection.Assembly myPluginAssembly = AppDomain.CurrentDomain.Load("MyPluginAssembly");

这是否更准确?

请注意，您可以提供一个包含不希望插件访问的路径的字符串数组.您可以在初始化 FileIOPermission 类的新实例时提供 if.

Notice that you may provide an array of string containg the paths where you don't want the plugin to have access. You may provide if when initializing the new instance of FileIOPermission class.

如果这有帮助，请告诉我.:-)

Let me know if this helps. :-)

这篇关于通过 appdomain 限制插件对文件系统和网络的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！