限制插件程序集代码访问 [英] Restrict plug-in assembly code access
问题描述
我想创建一个插件架构,在其中我可以将程序集 API 限制为非常受限的内容,即只允许功能白名单.是否可以限制插件程序集可以调用的功能/方法?我可以使用 AppDomains 吗?
I'd like to create a plug-in architecture where I can limit an assemblies API to something very restricted, i.e. only allow a whitelist of functions. Is it possible to restrict what functions/methods a plug in assembly can call? Can I do it using AppDomains?
谁有简单的例子?
推荐答案
.NET 添加了可能符合要求的托管插件框架".它具有以下特点:
.NET has added the "Managed Addin Framework" that might fit the bill. It has the following features:
- 隔离.如果需要,插件在它们自己的 AppDomain 中运行,或者如果您需要该级别的隔离,甚至可以在它们的自己的进程中运行.
- 合同沟通.您设置合同,这是您分发给插件作者的唯一内容.他们不需要了解您的应用程序的任何其他方面.
- 发现.具有用于从充满程序集的文件夹中嗅探插件的内置机制.
- 安全.加载插件时会自动应用 CASPOL 集.有一些内置选项可以简化此操作(请参阅 AddInSecurityLevel Enum).
- Isolation. Plugins run in their own AppDomain if desired, or even their own process if you need that level of isolation.
- Contractual communication. You setup contracts and this is the only thing you distribute to plugin authors. They need not know about any other aspect of your application.
- Discovery. Has a builtin mechanism for sniffing out plugins from a folder full of assemblies.
- Security. Sets of CASPOLs are automatically applied when you load a plugin. There are a few options builtin to make this easy (see AddInSecurityLevel Enum).
大多数隔离方法也会限制通信和 UI 集成.MAF 试图绕过这些限制.它要求您设置合同通信管道,但将执行您通常需要自己完成的大部分工作.
Most approaches to isolation also limit communication and UI integration. MAF attempts to get around those limitations. It requires that you setup contractual communication pipelines, but will perform most of the work you would normally have to do yourself.
一个例子是将在两个单独进程中运行的 UI 片段拼接在一起(这很神奇),或者能够在 AppDomain 或进程中引发事件.这些事情很重要,但 MAF 在这方面有很大帮助.
An example would be stitching together UI pieces running in two seperate processes (this is magic) or being able to raise events across an AppDomain or process. These things are non-trivial, but MAF helps a lot in this regard.
这是一个简单的例子.作为Shell"作者,您将向插件作者提供合同.这是一个典型的合约(它只是一个抽象类):
Here's a simple example. As the "Shell" author, you'll be supplying a contract to your plugin authors. Here's a typical contract (it's just an abstract class):
public abstract class Calculator
{
public abstract double Add(double a, double b);
public abstract double Subtract(double a, double b);
public abstract double Multiply(double a, double b);
public abstract double Divide(double a, double b);
}
如果插件作者想编写一个插件,他们只需将这个合约子类化并添加Addin"属性:
If a plugin author wanted to write a plugin, they would simply subclass this contract and add the "Addin" attribute:
[AddIn("Sample Calculator AddIn", Version="1.0.0.0")]
public class SampleCalculatorAddIn : Calculator
{
public override double Add(double a, double b)
{
return a + b;
}
public override double Subtract(double a, double b)
{
return a-b;
}
public override double Multiply(double a, double b)
{
return a * b;
}
public override double Divide(double a, double b)
{
return a / b;
}
}
以下是加载这些插件并与它们交互的方法:
And here's how you would load these addins and interact with them:
// In this sample we expect the AddIns and components to
// be installed in the current directory
String addInRoot = Environment.CurrentDirectory;
// Check to see if new AddIns have been installed
AddInStore.Rebuild(addInRoot);
// Look for Calculator AddIns in our root directory and
// store the results
Collection<AddInToken> tokens =
AddInStore.FindAddIns(typeof(Calculator), addInRoot);
// Ask the user which AddIn they would like to use
AddInToken calcToken = ChooseCalculator(tokens);
// Activate the selected AddInToken in a new AppDomain set sandboxed
// in the internet zone. You can find out what this gives access
// to by running "mscorcfg.msc", but essentially this will limit
// any access to the filesystem and other obvious OS services.
// Use of reflection is also very limited in this zone.
Calculator calculator =
calcToken.Activate<Calculator>(AddInSecurityLevel.Internet);
// Run the read-eval-print loop
RunCalculator(calculator);
大概就是这个意思了.显然有更多的东西,但你明白了.
That's pretty much the gist. There's obviously more to it than that, but you get the idea.
MSDN 概述
http://msdn.microsoft.com/en-us/library/bb384200.aspx
Codeplex 上的 System.Addin(大量示例)
http://www.codeplex.com/clraddins
Pipeline Builder(有助于在 shell 和插件之间生成通信管道)
http://clraddins.codeplex.com/wikipage?title=Pipeline%20Builder&referringTitle=首页
Pipeline Builder (helps to generate communication pipeline between shell and addins)
http://clraddins.codeplex.com/wikipage?title=Pipeline%20Builder&referringTitle=Home
System.Addin 的 Fx-Cop 规则
http://clraddins.codeplex.com/wikipage?title=加载项%20FxCop%20Rules&referringTitle=首页
这篇关于限制插件程序集代码访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
