stackoom
  简体   繁体   中英

Load Assembly in new Appdomain, needs parent assembly to be fully trusted

 原文  2017-09-24 17:36:19       c#/ .net/ security/ .net-assembly

Question

I run a macro assembly inside my main application. Macro does not need to access parent assembly. This is the snippet: 

Assembly ParentAssembly
{
    class c1
    { 
        void RunMacro()  
        {
            System.Security.PermissionSet PS = new System.Security.PermissionSet(PermissionState.None);
            PS.AddPermission(new SOME_PERMISSIONS....);
            AppDomainSetup ADS = new AppDomainSetup();
            ADS.ApplicationBase = "c:";
            AppDomain domain = AppDomain.CreateDomain(SomeName, null, ADS, PS);

            System.Runtime.Remoting.ObjectHandle handle = Activator.CreateInstanceFrom(domain, typeof(Sandboxer2).Assembly.ManifestModule.FullyQualifiedName, typeof(Sandboxer2).FullName);
            Sandboxer2 m = (Sandboxer2)handle.Unwrap();
            m.Execute();
        }
    }
}

I receive this exception:

Attempt by security transparent method 'SandBoxer.Sandboxer2.Execute()' to access security critical method 'System.AppDomain.add_AssemblyResolve(System.ResolveEventHandler)' failed.

Assembly 'Parent Assembly full name...' is partially trusted, which causes the CLR to make it entirely security transparent regardless of any transparency annotations in the assembly itself. In order to access security critical code, this assembly must be fully trusted.

My question:

  1. Is there any way to avoid loading parent assembly in child assembly?

  2. In second line of my code, what permissions can solve the problem?

  3. There are some assemblies that will be loaded by AssemblyResolve event of SandBoxer at runtime. Assemblies get loaded from database as binary array or from GAC. They are not fully trusted. I control their behavior with permission objects added at second line of code. Are there special permissions that I have to add for letting them be only loaded as partially trusted assemblies?

I think everything can be done by adding security permissions like second line of code, If I'm misunderstanding the concept, I would be grateful to be guided.

EDIT1: Parent Assembly is the assembly of main application that creates instance of SandBoxr and runs it. Please take a look at SandBoxer2 class and its Execute method: 

public class Sandboxer2 : MarshalByRefObject
{
    public void Execute()
    {
        AppDomain ad = AppDomain.CurrentDomain;
        ad.AssemblyResolve += MyHandler;
        .
        .
        .
    }
}

Inside of Execute method, after ad is instantiated, I used ad.GetAssemblies() and this was the list of all assemblies already loaded. Line number 2 holds ParentAssembly from the very beginning of execution of sandboxer.

  • [0] {mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
  • [1] {System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
  • [2] {ParentAssembly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
  • [3] {System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
  • [4] {System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
  • [5] {MacroBase_IO, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
  • [6] {System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
  • [7] {System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}
  • [8] {System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089} System.Reflection.Assembly {System.Reflection.RuntimeAssembly}

1 answers

solution1
 0  2017-10-19 15:18:38

Answer to questions 1 and 2:

Sandboxer must be in a separate assembly (Another DLL) and this separate assembly must be signed with a key. Then, main application will not be automatically loaded and this exception won't be raised.

Edit:

1- signing with a key is done through Properties of Assembly-Signing tab.

2- This sample helps understanding how to define an assembly as full trust and introduce strong names to Sandbox.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Load assembly in new appdomain Load Assembly in New AppDomain without loading it in Parent AppDomain Load Byte[] Assembly into new AppDomain Unable to load executing assembly into new AppDomain, FileNotFoundException How to load only signed assembly to a new AppDomain? Using AppDomain to load assembly Load Assembly into AppDomain Load Current Assembly into different AppDomain How to load this assembly into my AppDomain? Load and Unload Assembly in own AppDomain
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM