通过限制AppDomain中的文件系统和网络插件访问 [英] Restrict plugin access to file system and network via appdomain

问题描述

我问前一阵子如何限制插件访问（我想prevent他们写入到磁盘或网络），我被告知要使用<一个href=\"http://stackoverflow.com/questions/1274614/plugins-to-application-can-i-control-the-namespace-$c$c-inside-the-plugins\">AppDomain.我已经搜索并尝试和失败就如何得到这个工作。

I asked a while ago how to restrict plugins access ( I want to prevent them from writing to the disk or network ) and i was told to use AppDomain. I have searched and tried and failed on how to get this working.

任何人都可以提供一些信息，这样我就可以上手，简单地说让不允许写入文件或网络的AppDomain。

Can anyone provide some information so i can get started, simply put make a AppDomain that does not allows writing to the file or network.

推荐答案

我想这是你需要什么，如果我理解正确你的观点。

I guess this is what you need, if I understand correctly your point.

System.Security.PermissionSet ps = 
    new System.Security.PermissionSet(System.Security.Permissions.PermissionState.None);
ps.AddPermission(new System.Security.Permissions.FileIOPermission(System.Security.Permissions.FileIOPermissionAccess.NoAccess, "C:\\"));
System.Security.Policy.PolicyLevel pl = System.Security.Policy.PolicyLevel.CreateAppDomainLevel();
pl.RootCodeGroup.PolicyStatement = new System.Security.Policy.PolicyStatement(ps);
AppDomain.CurrentDomain.SetAppDomainPolicy(pl);
System.Reflection.Assembly myPluginAssembly = AppDomain.CurrentDomain.Load("MyPluginAssembly");

这是更precisely你的意思？

Is this more precisely what you meant?

请注意，您所提供的字符串containg，你不希望插件来访问路径的数组。如果初始化的FileIOPermission类的新实例时，您可以提供。

Notice that you may provide an array of string containg the paths where you don't want the plugin to have access. You may provide if when initializing the new instance of FileIOPermission class.

让我知道，如果这有助于。 ： - ）

Let me know if this helps. :-)

这篇关于通过限制AppDomain中的文件系统和网络插件访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！