programming4us
programming4us
SECURITY

Programming Security Policy (part 4) - Programming Application Domain Policy

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

4. Programming Application Domain Policy

Application domain policy is the final layer of security policy evaluated when determining the code-access permissions to grant an assembly. Regardless of the permissions granted to an assembly based on the enterprise, machine, and user policies, you can further lock down its permissions using application domain policy. Application domain policy is resolved even if the assembly is a member of a LevelFinal code group in a higher policy level.

You configure application domain policy by calling the AppDomain.SetAppDomainPolicy method and passing a configured PolicyLevel object. Application domain policy can be set only once per application domain—setting it a second time results in a System.Security.Policy.PolicyException. Your code must have the ControlDomainPolicy permission to call the SetAppDomainPolicy method. ControlDomainPolicy is an element of SecurityPermission:

# C#

public void SetAppDomainPolicy(
    PolicyLevel domainPolicy
);

# Visual Basic .NET

NotOverridable Public Sub SetAppDomainPolicy( _
    ByVal domainPolicy As PolicyLevel
)

Any assemblies loaded into an application domain before you configure the application domain policy are subject to the standard policy resolution results from the enterprise, machine, and user levels. Application domain policy affects only those assemblies loaded after it's set. This allows you to load assemblies that require higher trust, before locking down the application domain through the additional layer of policy.

The need to implement application domain policy will not be an everyday occurrence, but when writing applications that are responsible for loading other code, the capability is invaluable.

Example 4 uses the SetDomainPolicy method to create a policy level with the code group structure shown in Figure 3 and assign it to a specified application domain. The root code group matches all code but grants the Nothing permission set. The second layer of code groups determines the permissions to grant based on Url evidence of a loaded assembly. You grant assemblies loaded from the Trusted folder the FullTrust permission set, assemblies loaded from the Untrusted folder the Internet permission set, and assemblies loaded from the Demo the Execution permission set. You grant all other assemblies no permissions. Because we expect an assembly to have only one piece of Url evidence, we make the root code group of type FirstMatchCodeGroup, saving the runtime from performing unnecessary policy resolution processing.

Figure 3. Sample application domain policy

Example 4. Creating a policy level and assigning it to an application domain
# C#

private static void SetDomainPolicy(AppDomain domain) {
        
        // Create a new PolicyLevel for the application domain
    PolicyLevel policy = PolicyLevel.CreateAppDomainLevel(  );

    // Create a new FirstMatchCodeGroup that matches all code and
    // grants the named permission set "Nothing".
    policy.RootCodeGroup = new FirstMatchCodeGroup(
        new AllMembershipCondition(  ),
        new PolicyStatement(policy.GetNamedPermissionSet("Nothing"))
    );
        
    // Determine the base path name for the URL evidence
    String basePath = "file://" + AppDomain.CurrentDomain.BaseDirectory;

    // Create the code groups that apply to the assemblies loaded 
    // from specific folders. Make each of the the code groups
    // Exclusive so that they set the absolut maximum permisisons a
    // plugin can have.
    policy.RootCodeGroup.AddChild(new UnionCodeGroup(
        new UrlMembershipCondition(basePath + "Trusted/*"),
        new PolicyStatement(policy.GetNamedPermissionSet("FullTrust"),
        PolicyStatementAttribute.Exclusive)
    ));

    policy.RootCodeGroup.AddChild(new UnionCodeGroup(
        new UrlMembershipCondition(basePath + "Untrusted/*"),
        new PolicyStatement(policy.GetNamedPermissionSet("Internet"),
        PolicyStatementAttribute.Exclusive)
    ));

    policy.RootCodeGroup.AddChild(new UnionCodeGroup(
        new UrlMembershipCondition(basePath + "Demo/*"),
        new PolicyStatement(policy.GetNamedPermissionSet("Execution"),
        PolicyStatementAttribute.Exclusive)
    ));

    // Assign the policy to the specified application domain.
    domain.SetAppDomainPolicy(policy);
}

# Visual Basic .NET

Private Shared Sub SetDomainPolicy(ByVal domain As AppDomain)
 
        ' Create a new PolicyLevel for the application domain
    Dim policy As PolicyLevel = _
    PolicyLevel.CreateAppDomainLevel(  ) 
 
    ' Create a new FirstMatchCodeGroup that matches all code and
    ' grants the named permission set "Nothing".
    policy.RootCodeGroup = New FirstMatchCodeGroup( _
    New AllMembershipCondition(  ), _
    New PolicyStatement(policy.GetNamedPermissionSet("Nothing")))
 
    ' Determine the base path name for the URL evidence
    Dim basePath As String = _
    "file://" & AppDomain.CurrentDomain.BaseDirectory;

    ' Create the code groups that apply to the assemblies loaded 
    ' from specific folders. Make each of the the code groups
    ' Exclusive so that they set the absolut maximum permisisons a
    ' plugin can have.
    policy.RootCodeGroup.AddChild(New UnionCodeGroup( _
    New UrlMembershipCondition(basePath & "Trusted/*"), _
    New PolicyStatement(policy.GetNamedPermissionSet("FullTrust"), _
    PolicyStatementAttribute.Exclusive)))
 
    policy.RootCodeGroup.AddChild(New UnionCodeGroup( _
    New UrlMembershipCondition(basePath & "Untrusted/*"), _
    New PolicyStatement(policy.GetNamedPermissionSet("Internet"), _
    PolicyStatementAttribute.Exclusive)))
 
    policy.RootCodeGroup.AddChild(New UnionCodeGroup( _
    New UrlMembershipCondition(basePath & "Demo/*"), _
    New PolicyStatement(policy.GetNamedPermissionSet("Execution"), _
    PolicyStatementAttribute.Exclusive)))

 
    ' Assign the policy to the specified application domain.
    domain.SetAppDomainPolicy(policy)
End Sub		  
Other  
 
Top 10
Free Mobile And Desktop Apps For Accessing Restricted Websites
MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
TOYOTA CAMRY 2; 2.5 : Camry now more comely
KIA SORENTO 2.2CRDi : Fuel-sipping slugger
How To Setup, Password Protect & Encrypt Wireless Internet Connection
Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
Backup & Restore Game Progress From Any Game With SaveGameProgress
Generate A Facebook Timeline Cover Using A Free App
New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
- Messages forwarded by Outlook rule go nowhere
- Create and Deploy Windows 7 Image
- How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
- Creating and using an unencrypted cookie in ASP.NET
- Directories
- Poor Performance on Sharepoint 2010 Server
- SBS 2008 ~ The e-mail alias already exists...
- Public to Private IP - DNS Changes
- Send Email from Winform application
- How to create a .mdb file from ms sql server database.......
programming4us programming4us
programming4us
 
 
programming4us