gpt4 book ai didi

c# - 程序集无法在受限制的 AppDomain 中加载

转载 作者:太空宇宙 更新时间:2023-11-03 15:20:50 25 4
gpt4 key购买 nike

我正在尝试将程序集加载到受限的 AppDomain 中。如果我不指定任何限制,程序集将正确加载:

var permissionSet = new PermissionSet(System.Security.Permissions.PermissionState.Unrestricted);
AppDomain targetAppDomain = AppDomain.CreateDomain("LockedDomain" + Guid.NewGuid().ToString("N"),null,domainSetup,permissionSet,null);
var instance = (IRemoteFilterClass) targetAppDomain.CreateInstanceFromAndUnwrap(tempAssemblyPath, "CompiledCode.CompiledClass");

但是我想尽可能完全地锁定创建的 AppDomain,即只授予绝对必要的权限。如果我指定一个 PermissionSet 来限制权限,程序集将无法加载:

var permissionSet = new PermissionSet(System.Security.Permissions.PermissionState.None);
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, tempAssemblyPath));
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, tempAssemblyPath));
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, Assembly.GetExecutingAssembly().Location));
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, Assembly.GetExecutingAssembly().Location));
permissionSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted)); //Not sure if this is necessary, but does not work anyway

AppDomain targetAppDomain = AppDomain.CreateDomain("LockedDomain" + Guid.NewGuid().ToString("N"),null,domainSetup,permissionSet,null);
var instance = (IRemoteFilterClass) targetAppDomain.CreateInstanceFromAndUnwrap(tempAssemblyPath, "CompiledCode.CompiledClass");

抛出以下异常:

System.IO.FileLoadException: Could not load file or assembly '5e1a72b7c5584f7c92c18ea9b221222f, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Failed to grant permission to execute. (Exception from HRESULT: 0x80131418) ---> System.Security.Policy.PolicyException: Execution permission cannot be acquired.

at System.Security.CodeAccessSecurityEngine.ResolveGrantSet(Evidence evidence, Int32& specialFlags, Boolean checkExecutionPermission)
--- End of inner exception stack trace ---
at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
at System.Reflection.RuntimeAssembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks)
at System.Reflection.RuntimeAssembly.InternalLoadFrom(String assemblyFile, Evidence securityEvidence, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm, Boolean forIntrospection, Boolean suppressSecurityChecks, StackCrawlMark& stackMark)
at System.Reflection.Assembly.LoadFrom(String assemblyFile, Evidence securityEvidence)
at System.Activator.CreateInstanceFromInternal(String assemblyFile, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo)
at System.AppDomain.CreateInstanceFrom(String assemblyFile, String typeName)
at System.AppDomain.CreateInstanceFromAndUnwrap(String assemblyName, String typeName)
at System.AppDomain.CreateInstanceFromAndUnwrap(String assemblyName, String typeName)

似乎还缺少权限,但我不知道缺少哪些。

最佳答案

有必要添加 SecurityPermission 并设置 SecurityPermissionFlag.Execution

这是工作代码:

var permissionSet = new PermissionSet(System.Security.Permissions.PermissionState.None);
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, tempAssemblyPath));
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, tempAssemblyPath));
//The following line fixed the code
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

AppDomain targetAppDomain = AppDomain.CreateDomain("LockedDomain" + Guid.NewGuid().ToString("N"),null,domainSetup,permissionSet,null);
var instance = (IRemoteFilterClass) targetAppDomain.CreateInstanceFromAndUnwrap(tempAssemblyPath, "CompiledCode.CompiledClass");

(来源:https://social.msdn.microsoft.com/Forums/vstudio/en-US/23a9197e-3581-4a28-912d-968004488773/how-to-change-permissions-of-appdomain?forum=clr)

关于c# - 程序集无法在受限制的 AppDomain 中加载,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37429312/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com