ZoneSandboxAppDomainManager.cs
1 using System;
2 using System.Reflection;
3 using System.Security;
4 using System.Security.Policy;
5
6 namespace AppDomainManagers
7 {
8 public sealed class ZoneSandboxAppDomainManager : AppDomainManager
9 {
10 private AppDomain internetDomain = null;
11 private AppDomain localIntranetDomain = null;
12 private AppDomain myComputerDomain = null;
13
14 /// <summary>
15 /// Create a new AppDomain
16 /// </summary>
17 /// <remarks>
18 /// Provides a new AppDomain using the following algorithm:
19 ///
20 /// 1. If this is not the default domain, return the current domain
21 /// 2. All new domains get an ApplicationBase of the plugins directory
22 /// 3. Put all requests to create domains for the MyComputer zone in a single domain
23 /// 4. Put all requests to create domains for the Intranet zone in a single domain
24 /// 5. Put all requests to create domains for the Internet zone in a single domain
25 ///
26 /// Note: This is not thread-safe.
27 /// </remarks>
28 /// <param name="friendlyName">Friendly name of the AppDomain to create</param>
29 /// <param name="securityInfo">Evidence to create the AppDomain with</param>
30 /// <param name="appDomainSetup">Information about the new domain</param>
31 public override AppDomain CreateDomain(string friendlyName,
32 Evidence securityInfo, AppDomainSetup appDomainInfo)
33 {
34 // 1. if this is not the default domain, then just return the current domain
35 if(!AppDomain.CurrentDomain.IsDefaultAppDomain())
36 return AppDomain.CurrentDomain;
37
38 // 2. All new domains get an ApplicationBase of the plugins directory
39 appDomainInfo.ApplicationBase =
40 AppDomain.CurrentDomain.SetupInformation.ApplicationBase + @"\plugins";
41
42 // make sure there is some evidence
43 if(securityInfo == null)
44 securityInfo = new Evidence();
45
46 // find the security zone, defaulting to Internet
47 Zone zone = null;
48 foreach(object evidence in securityInfo)
49 if(evidence is Zone)
50 zone = evidence as Zone;
51
52 if(zone == null)
53 {
54 zone = new Zone(SecurityZone.Internet);
55 securityInfo.AddHost(zone);
56 }
57
58 // figure out which AppDomain to get
59 switch(zone.SecurityZone)
60 {
61 // 3. Put all requests to create domains for the MyComputer zone in a single domain
62 case SecurityZone.MyComputer:
63 if(myComputerDomain == null)
64 myComputerDomain = CreateDomainHelper("MyComputer Plugins",
65 securityInfo, appDomainInfo);
66 return myComputerDomain;
67
68 // 4. Put all requests to create domains for the Intranet zone in a single domain
69 case SecurityZone.Intranet:
70 if(localIntranetDomain == null)
71 localIntranetDomain = CreateDomainHelper("LocalIntranet Plugins",
72 securityInfo, appDomainInfo);
73 return localIntranetDomain;
74
75 // 5. Put all requests to create domains for the Internet zone in a single domain
76 case SecurityZone.Internet:
77 default:
78 if(internetDomain == null)
79 internetDomain = CreateDomainHelper("Internet Plugins",
80 securityInfo, appDomainInfo);
81 return internetDomain;
82 }
83 }
84 }
85 }
Comments
Anonymous
January 19, 2010
5 years later, would you still use this approach for loading untrusted 3rd party plugins, or would you recommend a different approach to sandboxing an app domain? I have a scenario where I am writing code that is explicitly responsible for loading code written by untrust(ed/able) 3rd parties.Anonymous
February 24, 2010
5 years later, we now ship frameworks such as the Managed Extensibility Framework and Managed AddIn Framework that take care of lots of the security and versioning issues for you. I would recommend checking those out to see if they meet your needs before rolling your own implementation. -Shawn