受限 AppDomain 中的代码访问安全异常 [英] Code Access Security exception in restricted AppDomain

问题描述

目标:我需要以非常有限的权限在 AppDomain 中运行一些代码 - 它应该无法访问任何花哨或不安全的东西，除了少数我在别处定义的辅助方法.

Goal: I need to run some code in an AppDomain with very limited permissions - it should have no access to anything at all fancy or unsafe, except for a few helper methods that I have defined elsewhere.

我所做的:我正在创建一个具有所需基本权限的沙盒 AppDomain，并创建一个代理对象，该对象运行代码:

What I've done: I'm creating a sandbox AppDomain with the required basic permissions, and creating a proxy object, which runs the code:

static AppDomain CreateSandbox()
{
    var e = new Evidence();
    e.AddHostEvidence(new Zone(SecurityZone.Internet));

    var ps = SecurityManager.GetStandardSandbox(e);
    var security = new SecurityPermission(SecurityPermissionFlag.Execution);

    ps.AddPermission(security);

    var setup = new AppDomainSetup { 
        ApplicationBase = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) 
    };
    return AppDomain.CreateDomain("Sandbox" + DateTime.Now, null, setup, ps);
}

public class Proxy : MarshalByRefObject
{
    public Proxy() { }

    public DoStuff()
    {
       // perform custom operation requiring permission
       HelperAssembly.HelperMethods.Method1();

       // do other stuff with low permission level
       ...
       ...
       ...   
    }
}

我已将辅助方法放在专用的强命名程序集中，并用 [SecuritySafeCritical] 标记它们及其容器类:

I've put the helper methods in a dedicated strong-named assembly, and marked them and their container class with [SecuritySafeCritical]:

// HelperAssembly.dll

namespace HelperAssembly
{
    [SecuritySafeCritical]
    public class HelperMethods
    {
        [SecuritySafeCritical]
        public static void Method1()
        {
            new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)
                .Assert();
            try
            {
                // logic requiring unmanaged code
                ...
            }
            finally
            {
                CodeAccessSecurity.RevertAll();
            }

        }
    }
}

然后，我在沙箱 AppDomain 中加载辅助程序集并运行 Proxy.DoStuff()，期望它执行辅助方法并继续执行:

Then, I load the helper assembly in the sandbox AppDomain and run Proxy.DoStuff(), expecting it to execute the helper method and be on its way:

var appDomain = CreateSandbox();

appDomain.Load(typeof(HelperAssembly.HelperMethods).Assembly.FullName);

var proxy = (Proxy)sandbox.CreateInstance(
    typeof(Proxy).Assembly.FullName, 
    typeof(Proxy).FullName).Unwrap();

proxy.DoStuff();

但是，运行代码会导致辅助方法中的 Assert() 行出现异常:

However, running the code causes an exception on the Assert() line in the helper method:

未处理的异常:System.InvalidOperationException:无法在安全透明方法中执行 CAS 断言

Unhandled Exception: System.InvalidOperationException: Cannot perform CAS Asserts in Security Transparent methods

这种行为的原因是什么，我怎样才能实现我想要做的事情?据我了解，不受信任的 AppDomain 中的代码是安全透明的，而辅助程序集中的代码是安全关键的，这意味着它应该能够使用 Assert() 请求权限.

What is the reason for this behavior and how can I achieve what I'm trying to do? To my understanding, the code in the untrusted AppDomain is security transparent, while the code in the helper assembly is security safe-critical, meaning it should be able to request permissions with Assert().

我显然遗漏了一个难题，因此由对代码访问安全性有更好理解的人来解释出了什么问题.任何帮助表示赞赏.

I'm obviously missing a piece of the puzzle, so it's up to someone with better understanding of Code Access Security to explain what is going wrong. Any help is appreciated.

推荐答案

您的受信任"程序集需要具有 AllowPartiallyTrustedCallers 属性，以便 SecuritySafeCritical 可跨程序集边界调用.还必须在调用 CreateDomain 时将其添加到 fullTrustAssemblies.

Your "Trusted" assembly needs to have the AllowPartiallyTrustedCallers attribute for SecuritySafeCritical to be callable across assembly boundary. It must also be added to the fullTrustAssemblies in your call to CreateDomain.

这篇关于受限 AppDomain 中的代码访问安全异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！