2 // System.Security.Policy.DefaultPolicies.cs
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // Copyright (C) 2005 Novell, Inc (http://www.novell.com)
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 using System
.Security
.Permissions
;
31 namespace System
.Security
.Policy
{
35 * [1] Some permissions classes are defined _outside_ mscorlib.dll.
36 * In this case we're using SecurityElement to construct the
37 * permissions manually.
41 internal static class DefaultPolicies
{
43 public static class ReservedNames
{
44 public const string FullTrust
= "FullTrust";
45 public const string LocalIntranet
= "LocalIntranet";
46 public const string Internet
= "Internet";
47 public const string SkipVerification
= "SkipVerification";
48 public const string Execution
= "Execution";
49 public const string Nothing
= "Nothing";
50 public const string Everything
= "Everything";
52 static public bool IsReserved (string name
)
58 case SkipVerification
:
74 private const string DnsPermissionClass
= "System.Net.DnsPermission, " + Consts
.AssemblySystem
;
75 private const string EventLogPermissionClass
= "System.Diagnostics.EventLogPermission, " + Consts
.AssemblySystem
;
76 private const string PrintingPermissionClass
= "System.Drawing.Printing.PrintingPermission, " + Consts
.AssemblySystem_Drawing
;
77 private const string SocketPermissionClass
= "System.Net.SocketPermission, " + Consts
.AssemblySystem
;
78 private const string WebPermissionClass
= "System.Net.WebPermission, " + Consts
.AssemblySystem
;
79 private const string PerformanceCounterPermissionClass
= "System.Diagnostics.PerformanceCounterPermission, " + Consts
.AssemblySystem
;
80 private const string DirectoryServicesPermissionClass
= "System.DirectoryServices.DirectoryServicesPermission, " + Consts
.AssemblySystem_DirectoryServices
;
81 private const string MessageQueuePermissionClass
= "System.Messaging.MessageQueuePermission, " + Consts
.AssemblySystem_Messaging
;
82 private const string ServiceControllerPermissionClass
= "System.ServiceProcess.ServiceControllerPermission, " + Consts
.AssemblySystem_ServiceProcess
;
83 private const string OleDbPermissionClass
= "System.Data.OleDb.OleDbPermission, " + Consts
.AssemblySystem_Data
;
84 private const string SqlClientPermissionClass
= "System.Data.SqlClient.SqlClientPermission, " + Consts
.AssemblySystem_Data
;
85 // private const string DataProtectionPermissionClass = "System.Security.Permissions.DataProtectionPermission, " + Consts.AssemblySystem_Security;
86 // private const string StorePermissionClass = "System.Security.Permissions.StorePermission, " + Consts.AssemblySystem_Security;
88 private static Version _fxVersion
;
89 private static byte[] _ecmaKey
= new byte [16] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
;
90 private static StrongNamePublicKeyBlob _ecma
;
91 private static byte[] _msFinalKey
= new byte [160] {
92 0x00, 0x24, 0x00, 0x00, 0x04, 0x80, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x06, 0x02, 0x00, 0x00,
93 0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x31, 0x00, 0x04, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
94 0x07, 0xD1, 0xFA, 0x57, 0xC4, 0xAE, 0xD9, 0xF0, 0xA3, 0x2E, 0x84, 0xAA, 0x0F, 0xAE, 0xFD, 0x0D,
95 0xE9, 0xE8, 0xFD, 0x6A, 0xEC, 0x8F, 0x87, 0xFB, 0x03, 0x76, 0x6C, 0x83, 0x4C, 0x99, 0x92, 0x1E,
96 0xB2, 0x3B, 0xE7, 0x9A, 0xD9, 0xD5, 0xDC, 0xC1, 0xDD, 0x9A, 0xD2, 0x36, 0x13, 0x21, 0x02, 0x90,
97 0x0B, 0x72, 0x3C, 0xF9, 0x80, 0x95, 0x7F, 0xC4, 0xE1, 0x77, 0x10, 0x8F, 0xC6, 0x07, 0x77, 0x4F,
98 0x29, 0xE8, 0x32, 0x0E, 0x92, 0xEA, 0x05, 0xEC, 0xE4, 0xE8, 0x21, 0xC0, 0xA5, 0xEF, 0xE8, 0xF1,
99 0x64, 0x5C, 0x4C, 0x0C, 0x93, 0xC1, 0xAB, 0x99, 0x28, 0x5D, 0x62, 0x2C, 0xAA, 0x65, 0x2C, 0x1D,
100 0xFA, 0xD6, 0x3D, 0x74, 0x5D, 0x6F, 0x2D, 0xE5, 0xF1, 0x7E, 0x5E, 0xAF, 0x0F, 0xC4, 0x96, 0x3D,
101 0x26, 0x1C, 0x8A, 0x12, 0x43, 0x65, 0x18, 0x20, 0x6D, 0xC0, 0x93, 0x34, 0x4D, 0x5A, 0xD2, 0x93 };
102 private static StrongNamePublicKeyBlob _msFinal
;
104 private static NamedPermissionSet _fullTrust
;
105 private static NamedPermissionSet _localIntranet
;
106 private static NamedPermissionSet _internet
;
107 private static NamedPermissionSet _skipVerification
;
108 private static NamedPermissionSet _execution
;
109 private static NamedPermissionSet _nothing
;
110 private static NamedPermissionSet _everything
;
112 public static PermissionSet
GetSpecialPermissionSet (string name
)
115 throw new ArgumentNullException ("name");
118 case ReservedNames
.FullTrust
:
120 case ReservedNames
.LocalIntranet
:
121 return LocalIntranet
;
122 case ReservedNames
.Internet
:
124 case ReservedNames
.SkipVerification
:
125 return SkipVerification
;
126 case ReservedNames
.Execution
:
128 case ReservedNames
.Nothing
:
130 case ReservedNames
.Everything
:
137 public static PermissionSet FullTrust
{
139 if (_fullTrust
== null)
140 _fullTrust
= BuildFullTrust ();
145 public static PermissionSet LocalIntranet
{
147 if (_localIntranet
== null)
148 _localIntranet
= BuildLocalIntranet ();
149 return _localIntranet
;
153 public static PermissionSet Internet
{
155 if (_internet
== null)
156 _internet
= BuildInternet ();
161 public static PermissionSet SkipVerification
{
163 if (_skipVerification
== null)
164 _skipVerification
= BuildSkipVerification ();
165 return _skipVerification
;
169 public static PermissionSet Execution
{
171 if (_execution
== null)
172 _execution
= BuildExecution ();
178 public static PermissionSet Nothing
{
180 if (_nothing
== null)
181 _nothing
= BuildNothing ();
186 public static PermissionSet Everything
{
188 if (_everything
== null)
189 _everything
= BuildEverything ();
194 public static StrongNameMembershipCondition
FullTrustMembership (string name
, Key key
)
196 StrongNamePublicKeyBlob snkb
= null;
201 _ecma
= new StrongNamePublicKeyBlob (_ecmaKey
);
206 if (_msFinal
== null) {
207 _msFinal
= new StrongNamePublicKeyBlob (_msFinalKey
);
213 if (_fxVersion
== null)
215 _fxVersion
= new Version (Consts
.FxVersion
);
218 return new StrongNameMembershipCondition (snkb
, name
, _fxVersion
);
223 private static NamedPermissionSet
BuildFullTrust ()
225 return new NamedPermissionSet (ReservedNames
.FullTrust
, PermissionState
.Unrestricted
);
228 private static NamedPermissionSet
BuildLocalIntranet ()
230 NamedPermissionSet nps
= new NamedPermissionSet (ReservedNames
.LocalIntranet
, PermissionState
.None
);
232 nps
.AddPermission (new EnvironmentPermission (EnvironmentPermissionAccess
.Read
, "USERNAME;USER"));
234 nps
.AddPermission (new FileDialogPermission (PermissionState
.Unrestricted
));
236 IsolatedStorageFilePermission isfp
= new IsolatedStorageFilePermission (PermissionState
.None
);
237 isfp
.UsageAllowed
= IsolatedStorageContainment
.AssemblyIsolationByUser
;
238 isfp
.UserQuota
= Int64
.MaxValue
;
239 nps
.AddPermission (isfp
);
241 nps
.AddPermission (new ReflectionPermission (ReflectionPermissionFlag
.ReflectionEmit
));
243 SecurityPermissionFlag spf
= SecurityPermissionFlag
.Execution
| SecurityPermissionFlag
.Assertion
;
244 nps
.AddPermission (new SecurityPermission (spf
));
246 nps
.AddPermission (new UIPermission (PermissionState
.Unrestricted
));
248 // DnsPermission requires stuff outside corlib (System)
249 nps
.AddPermission (PermissionBuilder
.Create (DnsPermissionClass
, PermissionState
.Unrestricted
));
251 // PrintingPermission requires stuff outside corlib (System.Drawing)
252 nps
.AddPermission (PermissionBuilder
.Create (PrintingPermission ("SafePrinting")));
256 private static NamedPermissionSet
BuildInternet ()
258 NamedPermissionSet nps
= new NamedPermissionSet (ReservedNames
.Internet
, PermissionState
.None
);
259 nps
.AddPermission (new FileDialogPermission (FileDialogPermissionAccess
.Open
));
261 IsolatedStorageFilePermission isfp
= new IsolatedStorageFilePermission (PermissionState
.None
);
262 isfp
.UsageAllowed
= IsolatedStorageContainment
.DomainIsolationByUser
;
263 isfp
.UserQuota
= 512000;
264 nps
.AddPermission (isfp
);
266 nps
.AddPermission (new SecurityPermission (SecurityPermissionFlag
.Execution
));
268 nps
.AddPermission (new UIPermission (UIPermissionWindow
.SafeTopLevelWindows
, UIPermissionClipboard
.OwnClipboard
));
270 // PrintingPermission requires stuff outside corlib (System.Drawing)
271 nps
.AddPermission (PermissionBuilder
.Create (PrintingPermission ("SafePrinting")));
275 private static NamedPermissionSet
BuildSkipVerification ()
277 NamedPermissionSet nps
= new NamedPermissionSet (ReservedNames
.SkipVerification
, PermissionState
.None
);
278 nps
.AddPermission (new SecurityPermission (SecurityPermissionFlag
.SkipVerification
));
282 private static NamedPermissionSet
BuildExecution ()
284 NamedPermissionSet nps
= new NamedPermissionSet (ReservedNames
.Execution
, PermissionState
.None
);
285 nps
.AddPermission (new SecurityPermission (SecurityPermissionFlag
.Execution
));
289 private static NamedPermissionSet
BuildNothing ()
291 return new NamedPermissionSet (ReservedNames
.Nothing
, PermissionState
.None
);
294 private static NamedPermissionSet
BuildEverything ()
296 NamedPermissionSet nps
= new NamedPermissionSet (ReservedNames
.Everything
, PermissionState
.None
);
298 nps
.AddPermission (new EnvironmentPermission (PermissionState
.Unrestricted
));
299 nps
.AddPermission (new FileDialogPermission (PermissionState
.Unrestricted
));
300 nps
.AddPermission (new FileIOPermission (PermissionState
.Unrestricted
));
301 nps
.AddPermission (new IsolatedStorageFilePermission (PermissionState
.Unrestricted
));
302 nps
.AddPermission (new ReflectionPermission (PermissionState
.Unrestricted
));
303 nps
.AddPermission (new RegistryPermission (PermissionState
.Unrestricted
));
304 nps
.AddPermission (new KeyContainerPermission (PermissionState
.Unrestricted
));
306 // not quite all in this case
307 SecurityPermissionFlag spf
= SecurityPermissionFlag
.AllFlags
;
308 spf
&= ~SecurityPermissionFlag
.SkipVerification
;
309 nps
.AddPermission (new SecurityPermission (spf
));
311 nps
.AddPermission (new UIPermission (PermissionState
.Unrestricted
));
313 // others requires stuff outside corlib
314 nps
.AddPermission (PermissionBuilder
.Create (DnsPermissionClass
, PermissionState
.Unrestricted
));
315 nps
.AddPermission (PermissionBuilder
.Create (PrintingPermissionClass
, PermissionState
.Unrestricted
));
316 nps
.AddPermission (PermissionBuilder
.Create (EventLogPermissionClass
, PermissionState
.Unrestricted
));
318 nps
.AddPermission (PermissionBuilder
.Create (SocketPermissionClass
, PermissionState
.Unrestricted
));
319 nps
.AddPermission (PermissionBuilder
.Create (WebPermissionClass
, PermissionState
.Unrestricted
));
320 nps
.AddPermission (PermissionBuilder
.Create (PerformanceCounterPermissionClass
, PermissionState
.Unrestricted
));
321 nps
.AddPermission (PermissionBuilder
.Create (DirectoryServicesPermissionClass
, PermissionState
.Unrestricted
));
322 nps
.AddPermission (PermissionBuilder
.Create (MessageQueuePermissionClass
, PermissionState
.Unrestricted
));
323 nps
.AddPermission (PermissionBuilder
.Create (ServiceControllerPermissionClass
, PermissionState
.Unrestricted
));
324 nps
.AddPermission (PermissionBuilder
.Create (OleDbPermissionClass
, PermissionState
.Unrestricted
));
325 nps
.AddPermission (PermissionBuilder
.Create (SqlClientPermissionClass
, PermissionState
.Unrestricted
));
326 // nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted));
327 // nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted));
331 private static SecurityElement
PrintingPermission (string level
)
333 SecurityElement se
= new SecurityElement ("IPermission");
334 se
.AddAttribute ("class", PrintingPermissionClass
);
335 se
.AddAttribute ("version", "1");
336 se
.AddAttribute ("Level", level
);