[英]C# Reflection, AppDomain: Execute same assembly from different folders
[英]C# Prevent class instance of AppDomain assembly from file access
我想加載一個程序集,其中包含一個實現接口的類。 該接口只有一個方法:“ Run()”。
我想在完全受限的AppDomain中加載該類,並阻止實例從文件或注冊表訪問。
這是我的布局:
這是我用於加載外部庫,創建實例並執行接口方法的代碼:
Evidence ev = new Evidence();
ev.AddHostEvidence(new Zone(SecurityZone.Internet));
PermissionSet permSet = SecurityManager.GetStandardSandbox(ev);
StrongName fullTrustAssembly = typeof(Program).Assembly.Evidence.GetHostEvidence<StrongName>();
AppDomainSetup adSetup = new AppDomainSetup()
{
ApplicationBase = Path.GetFullPath(Environment.CurrentDirectory)
};
AppDomain newDomain = AppDomain.CreateDomain("Sandbox", ev, adSetup, permSet, fullTrustAssembly);
Assembly asm = newDomain.Load(System.IO.File.ReadAllBytes("ExternalLib.dll"));
var instance = asm.CreateInstance("ExternalLib.MyProvider", true);
IProvider provider = instance as IProvider;
//Should not work, because my Assembly is accessing a file/Registry or something else
string result = provider.Run("Test");
我希望最后一行拋出異常,因為ExternalLib.dll實現了接口,但是正在訪問我的文件系統或更改注冊表等
關於如何做到這一點的任何想法?
您可以刪除的權限從PermissionSet
,如:
permSet.RemovePermission(typeof(FileIOPermission));
permSet.RemovePermission(typeof(RegistryPermission));
或者你可以創建一個PermissionSet
,沒有權限,然后添加你想要的,如概述在這里 :
PermissionSet permSet = new PermissionSet(PermissionState.None);
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.