c# - Assembly fails to load in restricted AppDomain -
i trying load assembly restricted appdomain. if not specify restrictions, assembly load correctly:
var permissionset = new permissionset(system.security.permissions.permissionstate.unrestricted); appdomain targetappdomain = appdomain.createdomain("lockeddomain" + guid.newguid().tostring("n"),null,domainsetup,permissionset,null); var instance = (iremotefilterclass) targetappdomain.createinstancefromandunwrap(tempassemblypath, "compiledcode.compiledclass");
howevere want lock down created appdomain possible, i.e. give permissions absolutely necessary. if specify permissionset restrict permissions, assembly fails load:
var permissionset = new permissionset(system.security.permissions.permissionstate.none); permissionset.addpermission(new fileiopermission(fileiopermissionaccess.read, tempassemblypath)); permissionset.addpermission(new fileiopermission(fileiopermissionaccess.pathdiscovery, tempassemblypath)); permissionset.addpermission(new fileiopermission(fileiopermissionaccess.read, assembly.getexecutingassembly().location)); permissionset.addpermission(new fileiopermission(fileiopermissionaccess.pathdiscovery, assembly.getexecutingassembly().location)); permissionset.addpermission(new reflectionpermission(permissionstate.unrestricted)); //not sure if necessary, not work anyway appdomain targetappdomain = appdomain.createdomain("lockeddomain" + guid.newguid().tostring("n"),null,domainsetup,permissionset,null); var instance = (iremotefilterclass) targetappdomain.createinstancefromandunwrap(tempassemblypath, "compiledcode.compiledclass");
the following exception thrown:
system.io.fileloadexception: not load file or assembly '5e1a72b7c5584f7c92c18ea9b221222f, version=0.0.0.0, culture=neutral, publickeytoken=null' or 1 of dependencies. failed grant permission execute. (exception hresult: 0x80131418) ---> system.security.policy.policyexception: execution permission cannot acquired. @ system.security.codeaccesssecurityengine.resolvegrantset(evidence evidence, int32& specialflags, boolean checkexecutionpermission) --- end of inner exception stack trace --- @ system.reflection.runtimeassembly._nload(assemblyname filename, string codebase, evidence assemblysecurity, runtimeassembly locationhint, stackcrawlmark& stackmark, intptr pprivhostbinder, boolean throwonfilenotfound, boolean forintrospection, boolean suppresssecuritychecks) @ system.reflection.runtimeassembly.nload(assemblyname filename, string codebase, evidence assemblysecurity, runtimeassembly locationhint, stackcrawlmark& stackmark, intptr pprivhostbinder, boolean throwonfilenotfound, boolean forintrospection, boolean suppresssecuritychecks) @ system.reflection.runtimeassembly.internalloadassemblyname(assemblyname assemblyref, evidence assemblysecurity, runtimeassembly reqassembly, stackcrawlmark& stackmark, intptr pprivhostbinder, boolean throwonfilenotfound, boolean forintrospection, boolean suppresssecuritychecks) @ system.reflection.runtimeassembly.internalloadfrom(string assemblyfile, evidence securityevidence, byte[] hashvalue, assemblyhashalgorithm hashalgorithm, boolean forintrospection, boolean suppresssecuritychecks, stackcrawlmark& stackmark) @ system.reflection.assembly.loadfrom(string assemblyfile, evidence securityevidence) @ system.activator.createinstancefrominternal(string assemblyfile, string typename, boolean ignorecase, bindingflags bindingattr, binder binder, object[] args, cultureinfo culture, object[] activationattributes, evidence securityinfo) @ system.appdomain.createinstancefrom(string assemblyfile, string typename) @ system.appdomain.createinstancefromandunwrap(string assemblyname, string typename) @ system.appdomain.createinstancefromandunwrap(string assemblyname, string typename)
it seems if there still permissions missing, have no idea ones missing.
it necessary add securitypermission
securitypermissionflag.execution
set.
here working code:
var permissionset = new permissionset(system.security.permissions.permissionstate.none); permissionset.addpermission(new fileiopermission(fileiopermissionaccess.read, tempassemblypath)); permissionset.addpermission(new fileiopermission(fileiopermissionaccess.pathdiscovery, tempassemblypath)); //the following line fixed code permissionset.addpermission(new securitypermission(securitypermissionflag.execution)); appdomain targetappdomain = appdomain.createdomain("lockeddomain" + guid.newguid().tostring("n"),null,domainsetup,permissionset,null); var instance = (iremotefilterclass) targetappdomain.createinstancefromandunwrap(tempassemblypath, "compiledcode.compiledclass");
Comments
Post a Comment