search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2010-04-15 Jb Evain <jbevain@novell.com>
[mcs.git] / class / corlib / Test / System.Security.Policy / PolicyLevelTest.cs
blobb763eef29fd79cddd2cfe8085d0049a931cb1414
1 //
2 // PolicyLevelTest.cs - NUnit Test Cases for PolicyLevel
3 //
4 // Author:
5 // Sebastien Pouliot <sebastien@ximian.com>
6 //
7 // (C) 2004 Motus Technologies Inc. (http://www.motus.com)
8 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
9 //
10 // Permission is hereby granted, free of charge, to any person obtaining
11 // a copy of this software and associated documentation files (the
12 // "Software"), to deal in the Software without restriction, including
13 // without limitation the rights to use, copy, modify, merge, publish,
14 // distribute, sublicense, and/or sell copies of the Software, and to
15 // permit persons to whom the Software is furnished to do so, subject to
16 // the following conditions:
17 //
18 // The above copyright notice and this permission notice shall be
19 // included in all copies or substantial portions of the Software.
20 //
21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
28 //
29
30 using NUnit.Framework;
31 using System;
32 using System.IO;
33 using System.Security;
34 using System.Security.Permissions;
35 using System.Security.Policy;
36 using System.Text;
37
38 namespace MonoTests.System.Security.Policy {
39
40 [TestFixture]
41 public class PolicyLevelTest {
42
43 static string minimal = null;
44 static string minimal_policy = null;
45 static byte[] snPublicKey = { 0x00, 0x24, 0x00, 0x00, 0x04, 0x80, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x06, 0x02, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x31, 0x00, 0x04, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x3D, 0xBD, 0x72, 0x08, 0xC6, 0x2B, 0x0E, 0xA8, 0xC1, 0xC0, 0x58, 0x07, 0x2B, 0x63, 0x5F, 0x7C, 0x9A, 0xBD, 0xCB, 0x22, 0xDB, 0x20, 0xB2, 0xA9, 0xDA, 0xDA, 0xEF, 0xE8, 0x00, 0x64, 0x2F, 0x5D, 0x8D, 0xEB, 0x78, 0x02, 0xF7, 0xA5, 0x36, 0x77, 0x28, 0xD7, 0x55, 0x8D, 0x14, 0x68, 0xDB, 0xEB, 0x24, 0x09, 0xD0, 0x2B, 0x13, 0x1B, 0x92, 0x6E, 0x2E, 0x59, 0x54, 0x4A, 0xAC, 0x18, 0xCF, 0xC9, 0x09, 0x02, 0x3F, 0x4F, 0xA8, 0x3E, 0x94, 0x00, 0x1F, 0xC2, 0xF1, 0x1A, 0x27, 0x47, 0x7D, 0x10, 0x84, 0xF5, 0x14, 0xB8, 0x61, 0x62, 0x1A, 0x0C, 0x66, 0xAB, 0xD2, 0x4C, 0x4B, 0x9F, 0xC9, 0x0F, 0x3C, 0xD8, 0x92, 0x0F, 0xF5, 0xFF, 0xCE, 0xD7, 0x6E, 0x5C, 0x6F, 0xB1, 0xF5, 0x7D, 0xD3, 0x56, 0xF9, 0x67, 0x27, 0xA4, 0xA5, 0x48, 0x5B, 0x07, 0x93, 0x44, 0x00, 0x4A, 0xF8, 0xFF, 0xA4, 0xCB };
46
47 [SetUp]
48 public void SetUp ()
49 {
50 if (minimal == null) {
51 minimal_policy = "<PolicyLevel version=\"1\">\r\n <SecurityClasses>\r\n <SecurityClass Name=\"NamedPermissionSet\"\r\n Description=\"System.Security.NamedPermissionSet\"/>\r\n <SecurityClass Name=\"ReflectionPermission\"\r\n Description=\"System.Security.Permissions.ReflectionPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n <SecurityClass Name=\"IsolatedStorageFilePermission\"\r\n Description=\"System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n <SecurityClass Name=\"AllMembershipCondition\"\r\n Description=\"System.Security.Policy.AllMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n <SecurityClass Name=\"FirstMatchCodeGroup\"\r\n Description=\"System.Security.Policy.FirstMatchCodeGroup\"/>\r\n <SecurityClass Name=\"EnvironmentPermission\"\r\n Description=\"System.Security.Permissions.EnvironmentPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n";
52 minimal_policy += " <SecurityClass Name=\"StrongNameMembershipCondition\"\r\n Description=\"System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n <SecurityClass Name=\"SecurityPermission\"\r\n Description=\"System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n <SecurityClass Name=\"UIPermission\"\r\n Description=\"System.Security.Permissions.UIPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n <SecurityClass Name=\"FileDialogPermission\"\r\n Description=\"System.Security.Permissions.FileDialogPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n </SecurityClasses>\r\n <NamedPermissionSets>\r\n <PermissionSet class=\"NamedPermissionSet\"\r\n version=\"1\"\r\n Unrestricted=\"true\"\r\n Name=\"FullTrust\"\r\n Description=\"Allows full access to all resources\"/>\r\n <PermissionSet class=\"NamedPermissionSet\"\r\n version=\"1\"\r\n Name=\"SkipVerification\"\r\n Description=\"Grants right to bypass the verification\">\r\n <IPermission class=\"SecurityPermission\"\r\n version=\"1\"\r\n Flags=\"SkipVerification\"/>\r\n </PermissionSet>\r\n <PermissionSet class=\"NamedPermissionSet\"\r\n version=\"1\"\r\n Name=\"Execution\"\r\n Description=\"Permits execution\">\r\n <IPermission class=\"SecurityPermission\"\r\n version=\"1\"\r\n Flags=\"Execution\"/>\r\n </PermissionSet>\r\n";
53 minimal_policy += " <PermissionSet class=\"NamedPermissionSet\"\r\n version=\"1\"\r\n Name=\"Nothing\"\r\n Description=\"Denies all resources, including the right to execute\"/>\r\n <PermissionSet class=\"NamedPermissionSet\"\r\n version=\"1\"\r\n Name=\"LocalIntranet\"\r\n Description=\"Default rights given to applications on the local intranet\">\r\n <IPermission class=\"EnvironmentPermission\"\r\n version=\"1\"\r\n Read=\"USERNAME\"/>\r\n <IPermission class=\"FileDialogPermission\"\r\n version=\"1\"\r\n Unrestricted=\"true\"/>\r\n <IPermission class=\"IsolatedStorageFilePermission\"\r\n version=\"1\"\r\n Allowed=\"AssemblyIsolationByUser\"\r\n UserQuota=\"9223372036854775807\"\r\n Expiry=\"9223372036854775807\"\r\n Permanent=\"True\"/>\r\n <IPermission class=\"ReflectionPermission\"\r\n version=\"1\"\r\n Flags=\"ReflectionEmit\"/>\r\n <IPermission class=\"SecurityPermission\"\r\n version=\"1\"\r\n Flags=\"Assertion, Execution, BindingRedirects\"/>\r\n <IPermission class=\"UIPermission\"\r\n version=\"1\"\r\n Unrestricted=\"true\"/>\r\n";
54 minimal_policy += " </PermissionSet>\r\n <PermissionSet class=\"NamedPermissionSet\"\r\n version=\"1\"\r\n Name=\"Internet\"\r\n Description=\"Default rights given to internet applications\">\r\n <IPermission class=\"FileDialogPermission\"\r\n version=\"1\"\r\n Access=\"Open\"/>\r\n <IPermission class=\"IsolatedStorageFilePermission\"\r\n version=\"1\"\r\n Allowed=\"DomainIsolationByUser\"\r\n UserQuota=\"10240\"/>\r\n <IPermission class=\"SecurityPermission\"\r\n version=\"1\"\r\n Flags=\"Execution\"/>\r\n <IPermission class=\"UIPermission\"\r\n version=\"1\"\r\n Window=\"SafeTopLevelWindows\"\r\n Clipboard=\"OwnClipboard\"/>\r\n </PermissionSet>\r\n </NamedPermissionSets>\r\n <CodeGroup class=\"FirstMatchCodeGroup\"\r\n version=\"1\"\r\n PermissionSetName=\"Nothing\">\r\n <IMembershipCondition class=\"AllMembershipCondition\"\r\n version=\"1\"/>\r\n </CodeGroup>\r\n <FullTrustAssemblies>\r\n <IMembershipCondition class=\"StrongNameMembershipCondition\"\r\n version=\"1\"\r\n PublicKeyBlob=\"00000000000000000400000000000000\"\r\n Name=\"System\"/>\r\n </FullTrustAssemblies>\r\n</PolicyLevel>\r\n";
55 minimal = Envelope (minimal_policy);
56 }
57 }
58
59 private string Envelope (string policy)
60 {
61 return "<configuration><mscorlib><security><policy>" + policy + "</policy></security></mscorlib></configuration>";
62 }
63
64 private PolicyLevel Load (string xml, PolicyLevelType type)
65 {
66 return SecurityManager.LoadPolicyLevelFromString (xml, type);
67 // return SecurityManager.LoadPolicyLevelFromFile (@"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CONFIG\minimal.config", type);
68 }
69
70 [Test]
71 public void AddFullTrustAssembly ()
72 {
73 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
74 int n = pl.FullTrustAssemblies.Count;
75
76 StrongName sn = new StrongName (new StrongNamePublicKeyBlob (snPublicKey), "First", new Version (1, 2, 3, 4));
77 pl.AddFullTrustAssembly (sn);
78 Assert.AreEqual (n + 1, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+1");
79
80 StrongNameMembershipCondition snmc = new StrongNameMembershipCondition (new StrongNamePublicKeyBlob (snPublicKey), "Second", new Version ("0.1.2.3"));
81 pl.AddFullTrustAssembly (snmc);
82 Assert.AreEqual (n + 2, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+2");
83 }
84
85 [Test]
86 [ExpectedException (typeof (ArgumentNullException))]
87 public void AddFullTrustAssembly_NullStrongName ()
88 {
89 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
90 StrongName sn = null;
91 pl.AddFullTrustAssembly (sn);
92 }
93
94 [Test]
95 [ExpectedException (typeof (ArgumentNullException))]
96 public void AddFullTrustAssembly_NullStrongNameMembershipCondition ()
97 {
98 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
99 StrongNameMembershipCondition snmc = null;
100 pl.AddFullTrustAssembly (snmc);
101 }
102
103 [Test]
104 [ExpectedException (typeof (ArgumentException))]
105 public void AddFullTrustAssembly_DuplicateStrongName ()
106 {
107 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
108 StrongName sn = new StrongName (new StrongNamePublicKeyBlob (snPublicKey), "First", new Version (1, 2, 3, 4));
109 pl.AddFullTrustAssembly (sn);
110 pl.AddFullTrustAssembly (sn);
111 }
112
113 [Test]
114 [ExpectedException (typeof (ArgumentException))]
115 public void AddFullTrustAssembly_DuplicateStrongNameMembershipCondition ()
116 {
117 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
118 StrongNameMembershipCondition snmc = new StrongNameMembershipCondition (new StrongNamePublicKeyBlob (snPublicKey), "Second", new Version ("0.1.2.3"));
119 pl.AddFullTrustAssembly (snmc);
120 pl.AddFullTrustAssembly (snmc);
121 }
122
123 [Test]
124 #if ! NET_2_0
125 [Category ("NotDotNet")] // System.ExecutionEngineException on MS runtime (1.1)
126 #endif
127 public void AddNamedPermissionSet ()
128 {
129 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
130 int n = pl.NamedPermissionSets.Count;
131
132 NamedPermissionSet nps = new NamedPermissionSet ("Mono", PermissionState.Unrestricted);
133 pl.AddNamedPermissionSet (nps);
134 // ExecutionEngineException here!
135 Assert.AreEqual (n + 1, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count+1");
136 }
137
138 [Test]
139 [ExpectedException (typeof (ArgumentNullException))]
140 public void AddNamedPermissionSet_Null ()
141 {
142 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
143 pl.AddNamedPermissionSet (null);
144 }
145
146 [Test]
147 [ExpectedException (typeof (ArgumentException))]
148 #if ! NET_2_0
149 [Category ("NotDotNet")] // System.ExecutionEngineException on MS runtime (1.1)
150 #endif
151 public void AddNamedPermissionSet_Duplicate ()
152 {
153 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
154 NamedPermissionSet nps1 = new NamedPermissionSet ("Mono", PermissionState.Unrestricted);
155 pl.AddNamedPermissionSet (nps1);
156 NamedPermissionSet nps2 = new NamedPermissionSet ("Mono", PermissionState.None);
157 // ExecutionEngineException here!
158 pl.AddNamedPermissionSet (nps2);
159 }
160
161 [Test]
162 #if ! NET_2_0
163 [Category ("NotDotNet")] // System.ExecutionEngineException on MS runtime (1.1)
164 #endif
165 public void ChangeNamedPermissionSet ()
166 {
167 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
168 NamedPermissionSet nps1 = new NamedPermissionSet ("Mono", PermissionState.Unrestricted);
169 pl.AddNamedPermissionSet (nps1);
170
171 NamedPermissionSet nps2 = new NamedPermissionSet ("Mono", PermissionState.None);
172 // ExecutionEngineException here!
173 pl.ChangeNamedPermissionSet ("Mono", nps2);
174 }
175
176 [Test]
177 [ExpectedException (typeof (ArgumentNullException))]
178 public void ChangeNamedPermissionSet_NullName ()
179 {
180 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
181 NamedPermissionSet nps2 = new NamedPermissionSet ("Mono", PermissionState.None);
182 pl.ChangeNamedPermissionSet (null, nps2);
183 }
184
185 [Test]
186 [ExpectedException (typeof (ArgumentNullException))]
187 public void ChangeNamedPermissionSet_NullPermissionSet ()
188 {
189 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
190 pl.ChangeNamedPermissionSet ("Mono", null);
191 }
192
193 [Test]
194 [ExpectedException (typeof (ArgumentException))]
195 public void ChangeNamedPermissionSet_NotFound ()
196 {
197 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
198 NamedPermissionSet nps2 = new NamedPermissionSet ("Mono", PermissionState.None);
199 pl.ChangeNamedPermissionSet ("Mono", nps2);
200 }
201
202 [Test]
203 [ExpectedException (typeof (ArgumentException))]
204 public void ChangeNamedPermissionSet_Reserved_FullTrust ()
205 {
206 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
207 PermissionSet ps = new PermissionSet (PermissionState.None);
208 pl.ChangeNamedPermissionSet ("FullTrust", ps);
209 }
210
211 [Test]
212 [ExpectedException (typeof (ArgumentException))]
213 public void ChangeNamedPermissionSet_Reserved_LocalIntranet ()
214 {
215 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
216 PermissionSet ps = new PermissionSet (PermissionState.None);
217 pl.ChangeNamedPermissionSet ("LocalIntranet", ps);
218 }
219
220 [Test]
221 [ExpectedException (typeof (ArgumentException))]
222 public void ChangeNamedPermissionSet_Reserved_Internet ()
223 {
224 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
225 PermissionSet ps = new PermissionSet (PermissionState.None);
226 pl.ChangeNamedPermissionSet ("Internet", ps);
227 }
228
229 [Test]
230 [ExpectedException (typeof (ArgumentException))]
231 public void ChangeNamedPermissionSet_Reserved_SkipVerification ()
232 {
233 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
234 PermissionSet ps = new PermissionSet (PermissionState.None);
235 pl.ChangeNamedPermissionSet ("SkipVerification", ps);
236 }
237
238 [Test]
239 [ExpectedException (typeof (ArgumentException))]
240 public void ChangeNamedPermissionSet_Reserved_ ()
241 {
242 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
243 PermissionSet ps = new PermissionSet (PermissionState.None);
244 pl.ChangeNamedPermissionSet ("Execution", ps);
245 }
246
247 [Test]
248 [ExpectedException (typeof (ArgumentException))]
249 public void ChangeNamedPermissionSet_Reserved_Nothing ()
250 {
251 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
252 PermissionSet ps = new PermissionSet (PermissionState.None);
253 pl.ChangeNamedPermissionSet ("SkipVerification", ps);
254 }
255
256 [Test]
257 [ExpectedException (typeof (ArgumentException))]
258 public void ChangeNamedPermissionSet_Reserved_Everything ()
259 {
260 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
261 PermissionSet ps = new PermissionSet (PermissionState.None);
262 pl.ChangeNamedPermissionSet ("Everything", ps);
263 }
264
265 [Test]
266 public void CreateAppDomainLevel ()
267 {
268 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
269 Assert.AreEqual ("AppDomain", pl.Label, "Label");
270 Assert.AreEqual ("FullTrust", pl.RootCodeGroup.PermissionSetName, "RootCodeGroup==FullTrust");
271 Assert.AreEqual (0, pl.RootCodeGroup.Children.Count, "RootCodeGroup/NoChildren");
272 Assert.IsTrue (pl.RootCodeGroup.PolicyStatement.PermissionSet.IsUnrestricted (), "RootCodeGroup.PolicyStatement.PermissionSet.IsUnrestricted");
273 }
274
275 [Test]
276 // Makes distcheck fail because there is no Mono installed into the prefix
277 // thus making the GAC not work...
278 [Category ("NotWorking")]
279 public void FromXml ()
280 {
281 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
282 SecurityElement se = pl.ToXml ();
283 pl.FromXml (se);
284 Assert.AreEqual ("AppDomain", pl.Label, "Label");
285 Assert.AreEqual ("All_Code", pl.RootCodeGroup.Name, "RootCodeGroup");
286 Assert.AreEqual ("FullTrust", pl.RootCodeGroup.PermissionSetName, "PermissionSetName");
287 Assert.AreEqual (0, pl.RootCodeGroup.Children.Count, "Children");
288 }
289
290 [Test]
291 [ExpectedException (typeof (ArgumentNullException))]
292 public void FromXml_Null ()
293 {
294 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
295 pl.FromXml (null);
296 }
297
298 [Test]
299 // Makes distcheck fail because there is no Mono installed into the prefix
300 // thus making the GAC not work...
301 [Category ("NotWorking")]
302 [ExpectedException (typeof (ArgumentException))]
303 public void FromXml_Invalid ()
304 {
305 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
306 SecurityElement se = pl.ToXml ();
307 se.Tag = "Mono";
308 // strangely this works :(
309 pl.FromXml (se);
310 // let's get weirder :)
311 foreach (SecurityElement child in se.Children) {
312 child.Tag = "Mono";
313 }
314 pl.FromXml (se);
315 // it's enough >:)
316 }
317
318 [Test]
319 #if ! NET_2_0
320 [Category ("NotDotNet")] // System.ExecutionEngineException on MS runtime (1.1)
321 #endif
322 public void GetNamedPermissionSet ()
323 {
324 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
325 NamedPermissionSet nps = pl.GetNamedPermissionSet ("Mono");
326 Assert.IsNull (nps, "GetNamedPermissionSet(notfound)");
327 nps = new NamedPermissionSet ("Mono", PermissionState.None);
328 pl.AddNamedPermissionSet (nps);
329 // ExecutionEngineException here!
330 nps = pl.GetNamedPermissionSet ("Mono");
331 Assert.IsNotNull (nps, "GetNamedPermissionSet(found)");
332 }
333
334 [Test]
335 [ExpectedException (typeof (ArgumentNullException))]
336 public void GetNamedPermissionSet_Null ()
337 {
338 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
339 NamedPermissionSet nps = pl.GetNamedPermissionSet (null);
340 }
341
342 [Test]
343 public void Label ()
344 {
345 PolicyLevel pl = Load (minimal, PolicyLevelType.AppDomain);
346 Assert.AreEqual ("AppDomain", pl.Label, "Label.AppDomain");
347 pl = Load (minimal, PolicyLevelType.Enterprise);
348 Assert.AreEqual ("Enterprise", pl.Label, "Label.Enterprise");
349 pl = Load (minimal, PolicyLevelType.Machine);
350 Assert.AreEqual ("Machine", pl.Label, "Label.Machine");
351 pl = Load (minimal, PolicyLevelType.User);
352 Assert.AreEqual ("User", pl.Label, "Label.User");
353 // static method
354 pl = PolicyLevel.CreateAppDomainLevel ();
355 Assert.AreEqual ("AppDomain", pl.Label, "Label.AppDomain");
356 }
357
358 [Test]
359 [ExpectedException (typeof (PolicyException))]
360 public void Recover_LoadPolicyLevelFromFile ()
361 {
362 string temp = Path.GetTempFileName ();
363 using (FileStream fs = File.OpenWrite (temp)) {
364 // that way we're sure that no back exists
365 byte[] data = Encoding.UTF8.GetBytes (minimal);
366 fs.Write (data, 0, data.Length);
367 fs.Close ();
368 }
369 PolicyLevel pl = SecurityManager.LoadPolicyLevelFromFile (temp, PolicyLevelType.User);
370 pl.Recover ();
371 // can't recover if no backup exists
372 }
373
374 [Test]
375 [ExpectedException (typeof (PolicyException))]
376 public void Recover_LoadPolicyLevelFromString ()
377 {
378 PolicyLevel pl = SecurityManager.LoadPolicyLevelFromString (minimal, PolicyLevelType.Enterprise);
379 pl.Recover ();
380 // can't recover as it's not file based
381 }
382
383 [Test]
384 [ExpectedException (typeof (PolicyException))]
385 public void Recover_AppDomainLevel ()
386 {
387 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
388 pl.Recover ();
389 // can't recover as it's not file based
390 }
391
392 [Test]
393 public void RemoveFullTrustAssembly ()
394 {
395 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
396 int n = pl.FullTrustAssemblies.Count;
397
398 StrongName sn = new StrongName (new StrongNamePublicKeyBlob (snPublicKey), "First", new Version (1, 2, 3, 4));
399 pl.AddFullTrustAssembly (sn);
400 Assert.AreEqual (n + 1, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+1");
401
402 StrongNameMembershipCondition snmc = new StrongNameMembershipCondition (new StrongNamePublicKeyBlob (snPublicKey), "Second", new Version ("0.1.2.3"));
403 pl.AddFullTrustAssembly (snmc);
404 Assert.AreEqual (n + 2, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+2");
405
406 pl.RemoveFullTrustAssembly (sn);
407 Assert.AreEqual (n + 1, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count-1");
408
409 pl.RemoveFullTrustAssembly (snmc);
410 Assert.AreEqual (n, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count-2");
411 }
412
413 [Test]
414 [ExpectedException (typeof (ArgumentNullException))]
415 public void RemoveFullTrustAssembly_NullStrongName ()
416 {
417 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
418 StrongName sn = null;
419 pl.RemoveFullTrustAssembly (sn);
420 }
421
422 [Test]
423 [ExpectedException (typeof (ArgumentNullException))]
424 public void RemoveFullTrustAssembly_NullStrongNameMembershipCondition ()
425 {
426 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
427 StrongNameMembershipCondition snmc = null;
428 pl.RemoveFullTrustAssembly (snmc);
429 }
430
431 [Test]
432 [ExpectedException (typeof (ArgumentException))]
433 public void RemoveFullTrustAssembly_UnknownStrongName () {
434 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
435 StrongName sn = new StrongName (new StrongNamePublicKeyBlob (snPublicKey), "First", new Version (1, 2, 3, 4));
436 pl.RemoveFullTrustAssembly (sn);
437 }
438
439 [Test]
440 [ExpectedException (typeof (ArgumentException))]
441 public void RemoveFullTrustAssembly_UnknownStrongNameMembershipCondition ()
442 {
443 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
444 StrongNameMembershipCondition snmc = new StrongNameMembershipCondition (new StrongNamePublicKeyBlob (snPublicKey), "Second", new Version ("0.1.2.3"));
445 pl.RemoveFullTrustAssembly (snmc);
446 }
447
448 [Test]
449 #if ! NET_2_0
450 [Category ("NotDotNet")] // System.ExecutionEngineException on MS runtime (1.1)
451 #endif
452 public void RemoveNamedPermissionSet ()
453 {
454 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
455 int n = pl.NamedPermissionSets.Count;
456 NamedPermissionSet nps = new NamedPermissionSet ("Mono", PermissionState.Unrestricted);
457 pl.AddNamedPermissionSet (nps);
458 // ExecutionEngineException here!
459 pl.RemoveNamedPermissionSet (nps);
460 Assert.AreEqual (n, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count");
461 }
462
463 [Test]
464 [ExpectedException (typeof (ArgumentNullException))]
465 public void RemoveNamedPermissionSet_Null ()
466 {
467 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
468 pl.RemoveNamedPermissionSet ((NamedPermissionSet)null);
469 }
470
471 [Test]
472 [ExpectedException (typeof (ArgumentException))]
473 public void RemoveNamedPermissionSet_NotFound ()
474 {
475 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
476 NamedPermissionSet nps = new NamedPermissionSet ("Mono", PermissionState.Unrestricted);
477 pl.RemoveNamedPermissionSet (nps);
478 }
479
480 [Test]
481 #if ! NET_2_0
482 [Category ("NotDotNet")] // System.ExecutionEngineException on MS runtime (1.1)
483 #endif
484 public void RemoveNamedPermissionSet_String ()
485 {
486 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
487 int n = pl.NamedPermissionSets.Count;
488 NamedPermissionSet nps = new NamedPermissionSet ("Mono", PermissionState.Unrestricted);
489 pl.AddNamedPermissionSet (nps);
490 // ExecutionEngineException here!
491 pl.RemoveNamedPermissionSet ("Mono");
492 Assert.AreEqual (n, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count");
493 }
494
495 [Test]
496 [ExpectedException (typeof (ArgumentNullException))]
497 public void RemoveNamedPermissionSet_StringNull ()
498 {
499 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
500 pl.RemoveNamedPermissionSet ((string)null);
501 }
502
503 [Test]
504 [ExpectedException (typeof (ArgumentException))]
505 public void RemoveNamedPermissionSet_StringNotFound ()
506 {
507 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
508 pl.RemoveNamedPermissionSet ("Mono");
509 }
510
511 [Test]
512 [ExpectedException (typeof (ArgumentException))]
513 public void RemoveNamedPermissionSet_FullTrust_ReservedName ()
514 {
515 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
516 pl.RemoveNamedPermissionSet ("FullTrust");
517 }
518
519 [Test]
520 [ExpectedException (typeof (ArgumentException))]
521 public void RemoveNamedPermissionSet_LocalIntranet_ReservedName ()
522 {
523 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
524 pl.RemoveNamedPermissionSet ("LocalIntranet");
525 }
526
527 [Test]
528 [ExpectedException (typeof (ArgumentException))]
529 public void RemoveNamedPermissionSet_Internet_ReservedName ()
530 {
531 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
532 pl.RemoveNamedPermissionSet ("Internet");
533 }
534
535 [Test]
536 [ExpectedException (typeof (ArgumentException))]
537 public void RemoveNamedPermissionSet_SkipVerification_ReservedName ()
538 {
539 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
540 pl.RemoveNamedPermissionSet ("SkipVerification");
541 }
542
543 [Test]
544 [ExpectedException (typeof (ArgumentException))]
545 public void RemoveNamedPermissionSet_Execution_ReservedName ()
546 {
547 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
548 pl.RemoveNamedPermissionSet ("Execution");
549 }
550
551 [Test]
552 [ExpectedException (typeof (ArgumentException))]
553 public void RemoveNamedPermissionSet_Nothing_ReservedName ()
554 {
555 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
556 pl.RemoveNamedPermissionSet ("Nothing");
557 }
558
559 [Test]
560 [ExpectedException (typeof (ArgumentException))]
561 public void RemoveNamedPermissionSet_Everything_ReservedName ()
562 {
563 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
564 pl.RemoveNamedPermissionSet ("Everything");
565 }
566
567 [Test]
568 public void Reset ()
569 {
570 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
571
572 int n = pl.FullTrustAssemblies.Count;
573 StrongName sn = new StrongName (new StrongNamePublicKeyBlob (snPublicKey), "First", new Version (1, 2, 3, 4));
574 pl.AddFullTrustAssembly (sn);
575 Assert.AreEqual (n + 1, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+1");
576
577 int m = pl.NamedPermissionSets.Count;
578
579 NamedPermissionSet nps = new NamedPermissionSet ("Mono");
580 pl.AddNamedPermissionSet (nps);
581 Assert.AreEqual (m + 1, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count+1");
582
583 pl.Reset ();
584 Assert.AreEqual (n, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count");
585 Assert.AreEqual (m, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count");
586 }
587
588 [Test]
589 [ExpectedException (typeof (ArgumentNullException))]
590 public void Resolve_Null ()
591 {
592 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
593 pl.Resolve (null);
594 }
595
596 [Test]
597 public void Resolve_Empty ()
598 {
599 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
600 PolicyStatement result = pl.Resolve (new Evidence ());
601 Assert.IsNotNull (result, "PolicyStatement");
602 Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Attributes");
603 Assert.AreEqual (String.Empty, result.AttributeString, "AttributeString");
604 Assert.IsTrue (result.PermissionSet.IsUnrestricted (), "IsUnrestricted");
605 Assert.AreEqual (0, result.PermissionSet.Count, "Count");
606 }
607
608 private void Resolve_Zone (PolicyLevel level, SecurityZone z, PolicyStatementAttribute attr, bool unrestricted, int count)
609 {
610 string prefix = z.ToString () + "-" + attr.ToString () + "-";
611 Evidence e = new Evidence ();
612 e.AddHost (new Zone (z));
613 PolicyStatement result = level.Resolve (e);
614 if (unrestricted) {
615 Assert.AreEqual (attr, result.Attributes, prefix + "Attributes");
616 switch (attr) {
617 case PolicyStatementAttribute.Nothing:
618 Assert.AreEqual (String.Empty, result.AttributeString, prefix + "AttributeString");
619 break;
620 case PolicyStatementAttribute.Exclusive:
621 Assert.AreEqual ("Exclusive", result.AttributeString, prefix + "AttributeString");
622 break;
623 case PolicyStatementAttribute.LevelFinal:
624 Assert.AreEqual ("LevelFinal", result.AttributeString, prefix + "AttributeString");
625 break;
626 case PolicyStatementAttribute.All:
627 Assert.AreEqual ("Exclusive LevelFinal", result.AttributeString, prefix + "AttributeString");
628 break;
629 }
630 }
631 else {
632 Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, prefix + "Attributes");
633 Assert.AreEqual (String.Empty, result.AttributeString, prefix + "AttributeString");
634 }
635 Assert.AreEqual (unrestricted, result.PermissionSet.IsUnrestricted (), prefix + "IsUnrestricted");
636 Assert.AreEqual (count, result.PermissionSet.Count, prefix + "Count");
637 }
638
639 private void Resolve_Zone_Unrestricted_Attribute (SecurityZone zone, PolicyStatementAttribute attr)
640 {
641 IMembershipCondition mc = new ZoneMembershipCondition (zone);
642 PolicyStatement ps = new PolicyStatement (new PermissionSet (PermissionState.Unrestricted));
643 ps.Attributes = attr;
644 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
645 pl.RootCodeGroup = new UnionCodeGroup (mc, ps);
646
647 Resolve_Zone (pl, SecurityZone.Internet, attr, (zone == SecurityZone.Internet), 0);
648 Resolve_Zone (pl, SecurityZone.Intranet, attr, (zone == SecurityZone.Intranet), 0);
649 Resolve_Zone (pl, SecurityZone.MyComputer, attr, (zone == SecurityZone.MyComputer), 0);
650 Resolve_Zone (pl, SecurityZone.NoZone, attr, (zone == SecurityZone.NoZone), 0);
651 Resolve_Zone (pl, SecurityZone.Trusted, attr, (zone == SecurityZone.Trusted), 0);
652 Resolve_Zone (pl, SecurityZone.Untrusted, attr, (zone == SecurityZone.Untrusted), 0);
653 }
654
655 [Test]
656 public void Resolve_MyComputerUnrestricted ()
657 {
658 SecurityZone z = SecurityZone.MyComputer;
659 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.Nothing);
660 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.Exclusive);
661 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.LevelFinal);
662 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.All);
663 }
664
665 [Test]
666 public void Resolve_InternetUnrestricted ()
667 {
668 SecurityZone z = SecurityZone.Internet;
669 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.Nothing);
670 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.Exclusive);
671 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.LevelFinal);
672 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.All);
673 }
674
675 [Test]
676 [ExpectedException (typeof (ArgumentNullException))]
677 public void ResolveMatchingCodeGroups_Null ()
678 {
679 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
680 pl.ResolveMatchingCodeGroups (null);
681 }
682
683 [Test]
684 public void ResolveMatchingCodeGroups_Empty ()
685 {
686 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
687 CodeGroup result = pl.ResolveMatchingCodeGroups (new Evidence ());
688 Assert.IsNotNull (result, "CodeGroup");
689 Assert.AreEqual (String.Empty, result.AttributeString, "AttributeString");
690 Assert.AreEqual (0, result.Children.Count, "Count");
691 Assert.AreEqual ("Union", result.MergeLogic, "MergeLogic");
692 Assert.IsTrue (result.PolicyStatement.PermissionSet.IsUnrestricted (), "IsUnrestricted");
693 }
694
695 [Test]
696 [ExpectedException (typeof (ArgumentNullException))]
697 public void RootCodeGroup_Null ()
698 {
699 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel ();
700 pl.RootCodeGroup = null;
701 }
702
703 [Test]
704 public void StoreLocation ()
705 {
706 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
707 // loaded from a string - no store
708 Assert.IsNull (pl.StoreLocation, "StoreLocation(string)");
709
710 string filename = Path.GetFullPath (Environment.UserName + "-unittest.config");
711 using (StreamWriter sw = new StreamWriter (filename, false)) {
712 sw.Write (minimal);
713 }
714 pl = SecurityManager.LoadPolicyLevelFromFile (filename, PolicyLevelType.Machine);
715 Assert.AreEqual (filename, pl.StoreLocation, "StoreLocation(file)");
716
717 File.Delete (filename);
718 }
719
720 [Test]
721 public void ToXml ()
722 {
723 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine);
724 PolicyLevel pl2 = PolicyLevel.CreateAppDomainLevel ();
725 SecurityElement se = pl.ToXml ();
726 pl2.FromXml (se);
727
728 Assert.AreEqual (pl.FullTrustAssemblies.Count, pl2.FullTrustAssemblies.Count, "ToXml-FullTrustAssemblies");
729 Assert.AreEqual (pl.NamedPermissionSets.Count, pl2.NamedPermissionSets.Count, "ToXml-NamedPermissionSets");
730 Assert.IsTrue (pl.RootCodeGroup.Equals (pl2.RootCodeGroup, true), "ToXml-RootCodeGroup");
731 Assert.AreEqual (pl.StoreLocation, pl2.StoreLocation, "ToXml-StoreLocation");
732 }
733 }
734 }
git-svn mirror of mcs