Csharp/CSharp Tutorial/Security/PermissionSet
Declarative security demands
<source lang="csharp">using System; using System.Collections.Generic; using System.IO; using System.IO.IsolatedStorage; using System.Net; using System.Net.Sockets; using System.Reflection; using System.Security; using System.Security.AccessControl; using System.Security.Policy; using System.Security.Permissions; using System.Security.Principal; using System.Text; public class MainClass {
public static void Main() { AppDomain sandboxAd; Evidence ev = new Evidence(); ev.AddAssembly(Assembly.GetExecutingAssembly()); PermissionSet permSet = new PermissionSet(PermissionState.None); permSet.AddPermission(new SecurityPermission(PermissionState.Unrestricted)); permSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); sandboxAd = AppDomain.CreateDomain("Sandbox", ev, new AppDomainSetup(), permSet); sandboxAd.DoCallBack(SecureOperationDeclarative); } [FileIOPermission(SecurityAction.Demand, Read=@"C:\")] private static void SecureOperationDeclarative(){ }
}</source>
Imperative security demands
<source lang="csharp">using System; using System.Collections.Generic; using System.IO; using System.IO.IsolatedStorage; using System.Net; using System.Net.Sockets; using System.Reflection; using System.Security; using System.Security.AccessControl; using System.Security.Policy; using System.Security.Permissions; using System.Security.Principal; using System.Text; public class MainClass {
public static void Main() { AppDomain sandboxAd; Evidence ev = new Evidence(); ev.AddAssembly(Assembly.GetExecutingAssembly()); PermissionSet permSet = new PermissionSet(PermissionState.None); permSet.AddPermission(new SecurityPermission(PermissionState.Unrestricted)); permSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); sandboxAd = AppDomain.CreateDomain("Sandbox", ev, new AppDomainSetup(), permSet); sandboxAd.DoCallBack(SecureOperationImperative); } private static void SecureOperationImperative() { FileIOPermission p = new FileIOPermission(FileIOPermissionAccess.Read, @"C:\"); p.Demand(); }
}</source>
Sand-boxing protected operations
<source lang="csharp">using System; using System.Collections.Generic; using System.IO; using System.IO.IsolatedStorage; using System.Net; using System.Net.Sockets; using System.Reflection; using System.Security; using System.Security.AccessControl; using System.Security.Policy; using System.Security.Permissions; using System.Security.Principal; using System.Text; public class MainClass {
public static void Main() { AppDomain sandboxAd; Evidence ev = new Evidence(); ev.AddAssembly(Assembly.GetExecutingAssembly()); PermissionSet permSet = new PermissionSet(PermissionState.None); permSet.AddPermission(new SecurityPermission(PermissionState.Unrestricted)); permSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted)); permSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted)); sandboxAd = AppDomain.CreateDomain("Sandbox", ev, new AppDomainSetup(), permSet); sandboxAd.DoCallBack(delegate { byte[] fileContents = File.ReadAllBytes(@"C:\test.txt"); Socket s = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IPv4); s.Connect("http://www.nfex.ru/", 80); s.Send(fileContents); s.Close(); }); }
}</source>