2
制限付きAppDomainにアセンブリを読み込もうとしています。私は何の制限を指定しない場合、アセンブリが正しくロードされます:制限付きAppDomainでアセンブリが読み込まれない
var permissionSet = new PermissionSet(System.Security.Permissions.PermissionState.Unrestricted);
AppDomain targetAppDomain = AppDomain.CreateDomain("LockedDomain" + Guid.NewGuid().ToString("N"),null,domainSetup,permissionSet,null);
var instance = (IRemoteFilterClass) targetAppDomain.CreateInstanceFromAndUnwrap(tempAssemblyPath, "CompiledCode.CompiledClass");
Howevereを私はすなわち唯一絶対に必要な権限を与えて、できるだけ完全に作成されたアプリケーションドメインをロックダウンします。私は権限を制限するためのPermissionSetを指定した場合、アセンブリの読み込みに失敗:
var permissionSet = new PermissionSet(System.Security.Permissions.PermissionState.None);
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, tempAssemblyPath));
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, tempAssemblyPath));
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, Assembly.GetExecutingAssembly().Location));
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, Assembly.GetExecutingAssembly().Location));
permissionSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted)); //Not sure if this is necessary, but does not work anyway
AppDomain targetAppDomain = AppDomain.CreateDomain("LockedDomain" + Guid.NewGuid().ToString("N"),null,domainSetup,permissionSet,null);
var instance = (IRemoteFilterClass) targetAppDomain.CreateInstanceFromAndUnwrap(tempAssemblyPath, "CompiledCode.CompiledClass");
次の例外がスローされます。
System.IO.FileLoadException: Could not load file or assembly '5e1a72b7c5584f7c92c18ea9b221222f, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Failed to grant permission to execute. (Exception from HRESULT: 0x80131418) ---> System.Security.Policy.PolicyException: Execution permission cannot be acquired.
at System.Security.CodeAccessSecurityEngine.ResolveGrantSet(Evidence evidence, Int32& specialFlags, Boolean checkExecutionPermission)
--- End of inner exception stack trace ---
at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
at System.Reflection.RuntimeAssembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
at System.Reflection.RuntimeAssembly.InternalLoadFrom(String assemblyFile, Evidence securityEvidence, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm, Boolean forIntrospection, Boolean suppressSecurityChecks, StackCrawlMark& stackMark)
at System.Reflection.Assembly.LoadFrom(String assemblyFile, Evidence securityEvidence)
at System.Activator.CreateInstanceFromInternal(String assemblyFile, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo)
at System.AppDomain.CreateInstanceFrom(String assemblyFile, String typeName)
at System.AppDomain.CreateInstanceFromAndUnwrap(String assemblyName, String typeName)
at System.AppDomain.CreateInstanceFromAndUnwrap(String assemblyName, String typeName)
不足しているアクセス権が残っているかのように思えるが、私は考えていますどちらが欠けているか。