// Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. // See the LICENSE file in the project root for more information. /*============================================================================= ** ** ** ** Purpose: Domains represent an application within the runtime. Objects can ** not be shared between domains and each domain can be configured ** independently. ** ** =============================================================================*/ namespace System { using System; #if FEATURE_CLICKONCE using System.Deployment.Internal.Isolation; using System.Deployment.Internal.Isolation.Manifest; using System.Runtime.Hosting; #endif using System.Reflection; using System.Runtime; using System.Runtime.CompilerServices; #if FEATURE_REMOTING using System.Runtime.Remoting.Channels; using System.Runtime.Remoting.Contexts; #endif using System.Security; using System.Security.Permissions; #if FEATURE_IMPERSONATION using System.Security.Principal; #endif using System.Security.Policy; using System.Security.Util; using System.Collections; using System.Collections.Generic; using System.Threading; using System.Runtime.InteropServices; using System.Runtime.Remoting; #if FEATURE_REMOTING using Context = System.Runtime.Remoting.Contexts.Context; #endif using System.Reflection.Emit; using CultureInfo = System.Globalization.CultureInfo; #if !FEATURE_CORECLR using System.Globalization; #endif using System.IO; using AssemblyHashAlgorithm = System.Configuration.Assemblies.AssemblyHashAlgorithm; using System.Text; using Microsoft.Win32; using System.Runtime.ConstrainedExecution; using System.Runtime.Versioning; using System.Diagnostics.Contracts; #if FEATURE_EXCEPTION_NOTIFICATIONS using System.Runtime.ExceptionServices; #endif // FEATURE_EXCEPTION_NOTIFICATIONS [ComVisible(true)] public class ResolveEventArgs : EventArgs { private String _Name; private Assembly _RequestingAssembly; public String Name { get { return _Name; } } public Assembly RequestingAssembly { get { return _RequestingAssembly; } } public ResolveEventArgs(String name) { _Name = name; } public ResolveEventArgs(String name, Assembly requestingAssembly) { _Name = name; _RequestingAssembly = requestingAssembly; } } [ComVisible(true)] public class AssemblyLoadEventArgs : EventArgs { private Assembly _LoadedAssembly; public Assembly LoadedAssembly { get { return _LoadedAssembly; } } public AssemblyLoadEventArgs(Assembly loadedAssembly) { _LoadedAssembly = loadedAssembly; } } #if FEATURE_CORECLR [System.Security.SecurityCritical] // auto-generated #endif #if FEATURE_SERIALIZATION [Serializable] #endif [ComVisible(true)] public delegate Assembly ResolveEventHandler(Object sender, ResolveEventArgs args); #if FEATURE_SERIALIZATION [Serializable] #endif [ComVisible(true)] public delegate void AssemblyLoadEventHandler(Object sender, AssemblyLoadEventArgs args); #if FEATURE_SERIALIZATION [Serializable] #endif [ComVisible(true)] public delegate void AppDomainInitializer(string[] args); internal class AppDomainInitializerInfo { internal class ItemInfo { public string TargetTypeAssembly; public string TargetTypeName; public string MethodName; } internal ItemInfo[] Info; internal AppDomainInitializerInfo(AppDomainInitializer init) { Info=null; if (init==null) return; List itemInfo = new List(); List nestedDelegates = new List(); nestedDelegates.Add(init); int idx=0; while (nestedDelegates.Count>idx) { AppDomainInitializer curr = nestedDelegates[idx++]; Delegate[] list= curr.GetInvocationList(); for (int i=0;i _LocalStore; private AppDomainSetup _FusionStore; private Evidence _SecurityIdentity; #pragma warning disable 169 private Object[] _Policies; // Called from the VM. #pragma warning restore 169 [method: System.Security.SecurityCritical] public event AssemblyLoadEventHandler AssemblyLoad; [System.Security.SecurityCritical] private ResolveEventHandler _TypeResolve; public event ResolveEventHandler TypeResolve { [System.Security.SecurityCritical] add { lock (this) { _TypeResolve += value; } } [System.Security.SecurityCritical] remove { lock (this) { _TypeResolve -= value; } } } [System.Security.SecurityCritical] private ResolveEventHandler _ResourceResolve; public event ResolveEventHandler ResourceResolve { [System.Security.SecurityCritical] add { lock (this) { _ResourceResolve += value; } } [System.Security.SecurityCritical] remove { lock (this) { _ResourceResolve -= value; } } } [System.Security.SecurityCritical] private ResolveEventHandler _AssemblyResolve; public event ResolveEventHandler AssemblyResolve { [System.Security.SecurityCritical] add { lock (this) { _AssemblyResolve += value; } } [System.Security.SecurityCritical] remove { lock (this) { _AssemblyResolve -= value; } } } #if FEATURE_REFLECTION_ONLY_LOAD [method: System.Security.SecurityCritical] public event ResolveEventHandler ReflectionOnlyAssemblyResolve; #endif // FEATURE_REFLECTION_ONLY #if FEATURE_REMOTING private Context _DefaultContext; #endif #if FEATURE_CLICKONCE private ActivationContext _activationContext; private ApplicationIdentity _applicationIdentity; #endif private ApplicationTrust _applicationTrust; #if FEATURE_IMPERSONATION private IPrincipal _DefaultPrincipal; #endif // FEATURE_IMPERSONATION #if FEATURE_REMOTING private DomainSpecificRemotingData _RemotingData; #endif private EventHandler _processExit; #if FEATURE_CORECLR [System.Security.SecurityCritical] #endif private EventHandler _domainUnload; #if FEATURE_CORECLR [System.Security.SecurityCritical] // auto-generated #endif private UnhandledExceptionEventHandler _unhandledException; #if FEATURE_APTCA private String[] _aptcaVisibleAssemblies; #endif // The compat flags are set at domain creation time to indicate that the given breaking // changes (named in the strings) should not be used in this domain. We only use the // keys, the vhe values are ignored. private Dictionary _compatFlags; #if FEATURE_EXCEPTION_NOTIFICATIONS // Delegate that will hold references to FirstChance exception notifications private EventHandler _firstChanceException; #endif // FEATURE_EXCEPTION_NOTIFICATIONS private IntPtr _pDomain; // this is an unmanaged pointer (AppDomain * m_pDomain)` used from the VM. #if FEATURE_CAS_POLICY private PrincipalPolicy _PrincipalPolicy; // this is an enum #endif private bool _HasSetPolicy; private bool _IsFastFullTrustDomain; // quick check to see if the AppDomain is fully trusted and homogenous private bool _compatFlagsInitialized; internal const String TargetFrameworkNameAppCompatSetting = "TargetFrameworkName"; #if FEATURE_APPX private static APPX_FLAGS s_flags; // // Keep in async with vm\appdomainnative.cpp // [Flags] private enum APPX_FLAGS { APPX_FLAGS_INITIALIZED = 0x01, APPX_FLAGS_APPX_MODEL = 0x02, APPX_FLAGS_APPX_DESIGN_MODE = 0x04, APPX_FLAGS_APPX_NGEN = 0x08, APPX_FLAGS_APPX_MASK = APPX_FLAGS_APPX_MODEL | APPX_FLAGS_APPX_DESIGN_MODE | APPX_FLAGS_APPX_NGEN, APPX_FLAGS_API_CHECK = 0x10, } private static APPX_FLAGS Flags { [SecuritySafeCritical] get { if (s_flags == 0) s_flags = nGetAppXFlags(); Contract.Assert(s_flags != 0); return s_flags; } } internal static bool ProfileAPICheck { [SecuritySafeCritical] get { return (Flags & APPX_FLAGS.APPX_FLAGS_API_CHECK) != 0; } } internal static bool IsAppXNGen { [SecuritySafeCritical] get { return (Flags & APPX_FLAGS.APPX_FLAGS_APPX_NGEN) != 0; } } #endif // FEATURE_APPX [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SecurityCritical] [SuppressUnmanagedCodeSecurity] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool DisableFusionUpdatesFromADManager(AppDomainHandle domain); #if FEATURE_APPX [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SecurityCritical] [SuppressUnmanagedCodeSecurity] [return: MarshalAs(UnmanagedType.I4)] private static extern APPX_FLAGS nGetAppXFlags(); #endif [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SecurityCritical] [SuppressUnmanagedCodeSecurity] private static extern void GetAppDomainManagerType(AppDomainHandle domain, StringHandleOnStack retAssembly, StringHandleOnStack retType); [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SecurityCritical] [SuppressUnmanagedCodeSecurity] private static extern void SetAppDomainManagerType(AppDomainHandle domain, string assembly, string type); [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private static extern void nSetHostSecurityManagerFlags (HostSecurityManagerOptions flags); [SecurityCritical] [SuppressUnmanagedCodeSecurity] [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] private static extern void SetSecurityHomogeneousFlag(AppDomainHandle domain, [MarshalAs(UnmanagedType.Bool)] bool runtimeSuppliedHomogenousGrantSet); #if FEATURE_CAS_POLICY [SecurityCritical] [SuppressUnmanagedCodeSecurity] [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] private static extern void SetLegacyCasPolicyEnabled(AppDomainHandle domain); [SecurityCritical] private void SetLegacyCasPolicyEnabled() { SetLegacyCasPolicyEnabled(GetNativeHandle()); } #endif // FEATURE_CAS_POLICY /// /// Get a handle used to make a call into the VM pointing to this domain /// internal AppDomainHandle GetNativeHandle() { // This should never happen under normal circumstances. However, there ar ways to create an // uninitialized object through remoting, etc. if (_pDomain.IsNull()) { throw new InvalidOperationException(Environment.GetResourceString("Argument_InvalidHandle")); } #if FEATURE_REMOTING BCLDebug.Assert(!RemotingServices.IsTransparentProxy(this), "QCalls should be made with the real AppDomain object rather than a transparent proxy"); #endif // FEATURE_REMOTING return new AppDomainHandle(_pDomain); } /// /// If this AppDomain is configured to have an AppDomain manager then create the instance of it. /// This method is also called from the VM to create the domain manager in the default domain. /// [SecuritySafeCritical] private void CreateAppDomainManager() { Contract.Assert(_domainManager == null, "_domainManager == null"); AppDomainSetup adSetup = FusionStore; #if FEATURE_VERSIONING String trustedPlatformAssemblies = (String)(GetData("TRUSTED_PLATFORM_ASSEMBLIES")); if (trustedPlatformAssemblies != null) { String platformResourceRoots = (String)(GetData("PLATFORM_RESOURCE_ROOTS")); if (platformResourceRoots == null) { platformResourceRoots = String.Empty; } String appPaths = (String)(GetData("APP_PATHS")); if (appPaths == null) { appPaths = String.Empty; } String appNiPaths = (String)(GetData("APP_NI_PATHS")); if (appNiPaths == null) { appNiPaths = String.Empty; } String appLocalWinMD = (String)(GetData("APP_LOCAL_WINMETADATA")); if (appLocalWinMD == null) { appLocalWinMD = String.Empty; } SetupBindingPaths(trustedPlatformAssemblies, platformResourceRoots, appPaths, appNiPaths, appLocalWinMD); } #endif // FEATURE_VERSIONING string domainManagerAssembly; string domainManagerType; GetAppDomainManagerType(out domainManagerAssembly, out domainManagerType); if (domainManagerAssembly != null && domainManagerType != null) { try { new PermissionSet(PermissionState.Unrestricted).Assert(); _domainManager = CreateInstanceAndUnwrap(domainManagerAssembly, domainManagerType) as AppDomainManager; CodeAccessPermission.RevertAssert(); } catch (FileNotFoundException e) { throw new TypeLoadException(Environment.GetResourceString("Argument_NoDomainManager"), e); } catch (SecurityException e) { throw new TypeLoadException(Environment.GetResourceString("Argument_NoDomainManager"), e); } catch (TypeLoadException e) { throw new TypeLoadException(Environment.GetResourceString("Argument_NoDomainManager"), e); } if (_domainManager == null) { throw new TypeLoadException(Environment.GetResourceString("Argument_NoDomainManager")); } // If this domain was not created by a managed call to CreateDomain, then the AppDomainSetup // will not have the correct values for the AppDomainManager set. FusionStore.AppDomainManagerAssembly = domainManagerAssembly; FusionStore.AppDomainManagerType = domainManagerType; bool notifyFusion = _domainManager.GetType() != typeof(System.AppDomainManager) && !DisableFusionUpdatesFromADManager(); AppDomainSetup FusionStoreOld = null; if (notifyFusion) FusionStoreOld = new AppDomainSetup(FusionStore, true); // Initialize the AppDomainMAnager and register the instance with the native host if requested _domainManager.InitializeNewDomain(FusionStore); if (notifyFusion) SetupFusionStore(_FusionStore, FusionStoreOld); // Notify Fusion about the changes the user implementation of InitializeNewDomain may have made to the FusionStore object. #if FEATURE_APPDOMAINMANAGER_INITOPTIONS AppDomainManagerInitializationOptions flags = _domainManager.InitializationFlags; if ((flags & AppDomainManagerInitializationOptions.RegisterWithHost) == AppDomainManagerInitializationOptions.RegisterWithHost) { _domainManager.RegisterWithHost(); } #endif // FEATURE_APPDOMAINMANAGER_INITOPTIONS } InitializeCompatibilityFlags(); } /// /// Initialize the compatibility flags to non-NULL values. /// This method is also called from the VM when the default domain dosen't have a domain manager. /// private void InitializeCompatibilityFlags() { AppDomainSetup adSetup = FusionStore; // set up shim flags regardless of whether we create a DomainManager in this method. if (adSetup.GetCompatibilityFlags() != null) { _compatFlags = new Dictionary(adSetup.GetCompatibilityFlags(), StringComparer.OrdinalIgnoreCase); } // for perf, we don't intialize the _compatFlags dictionary when we don't need to. However, we do need to make a // note that we've run this method, because IsCompatibilityFlagsSet needs to return different values for the // case where the compat flags have been setup. Contract.Assert(!_compatFlagsInitialized); _compatFlagsInitialized = true; CompatibilitySwitches.InitializeSwitches(); } // Retrieves a possibly-cached target framework name for this appdomain. This could be set // either by a host in native, a host in managed using an AppDomainSetup, or by the // TargetFrameworkAttribute on the executable (VS emits its target framework moniker using this // attribute starting in version 4). [SecuritySafeCritical] internal String GetTargetFrameworkName() { String targetFrameworkName = _FusionStore.TargetFrameworkName; if (targetFrameworkName == null && IsDefaultAppDomain() && !_FusionStore.CheckedForTargetFrameworkName) { // This should only be run in the default appdomain. All other appdomains should have // values copied from the default appdomain and/or specified by the host. Assembly assembly = Assembly.GetEntryAssembly(); if (assembly != null) { TargetFrameworkAttribute[] attrs = (TargetFrameworkAttribute[])assembly.GetCustomAttributes(typeof(TargetFrameworkAttribute)); if (attrs != null && attrs.Length > 0) { Contract.Assert(attrs.Length == 1); targetFrameworkName = attrs[0].FrameworkName; _FusionStore.TargetFrameworkName = targetFrameworkName; } } _FusionStore.CheckedForTargetFrameworkName = true; } return targetFrameworkName; } /// /// Returns the setting of the corresponding compatibility config switch (see CreateAppDomainManager for the impact). /// [SecuritySafeCritical] internal bool DisableFusionUpdatesFromADManager() { return DisableFusionUpdatesFromADManager(GetNativeHandle()); } /// /// Returns whether the current AppDomain follows the AppX rules. /// [SecuritySafeCritical] [Pure] internal static bool IsAppXModel() { #if FEATURE_APPX return (Flags & APPX_FLAGS.APPX_FLAGS_APPX_MODEL) != 0; #else return false; #endif } /// /// Returns the setting of the AppXDevMode config switch. /// [SecuritySafeCritical] [Pure] internal static bool IsAppXDesignMode() { #if FEATURE_APPX return (Flags & APPX_FLAGS.APPX_FLAGS_APPX_MASK) == (APPX_FLAGS.APPX_FLAGS_APPX_MODEL | APPX_FLAGS.APPX_FLAGS_APPX_DESIGN_MODE); #else return false; #endif } /// /// Checks (and throws on failure) if the domain supports Assembly.LoadFrom. /// [SecuritySafeCritical] [Pure] internal static void CheckLoadFromSupported() { #if FEATURE_APPX if (IsAppXModel()) throw new NotSupportedException(Environment.GetResourceString("NotSupported_AppX", "Assembly.LoadFrom")); #endif } /// /// Checks (and throws on failure) if the domain supports Assembly.LoadFile. /// [SecuritySafeCritical] [Pure] internal static void CheckLoadFileSupported() { #if FEATURE_APPX if (IsAppXModel()) throw new NotSupportedException(Environment.GetResourceString("NotSupported_AppX", "Assembly.LoadFile")); #endif } /// /// Checks (and throws on failure) if the domain supports Assembly.ReflectionOnlyLoad. /// [SecuritySafeCritical] [Pure] internal static void CheckReflectionOnlyLoadSupported() { #if FEATURE_APPX if (IsAppXModel()) throw new NotSupportedException(Environment.GetResourceString("NotSupported_AppX", "Assembly.ReflectionOnlyLoad")); #endif } /// /// Checks (and throws on failure) if the domain supports Assembly.LoadWithPartialName. /// [SecuritySafeCritical] [Pure] internal static void CheckLoadWithPartialNameSupported(StackCrawlMark stackMark) { #if FEATURE_APPX if (IsAppXModel()) { RuntimeAssembly callingAssembly = RuntimeAssembly.GetExecutingAssembly(ref stackMark); bool callerIsFxAssembly = callingAssembly != null && callingAssembly.IsFrameworkAssembly(); if (!callerIsFxAssembly) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_AppX", "Assembly.LoadWithPartialName")); } } #endif } /// /// Checks (and throws on failure) if the domain supports DefinePInvokeMethod. /// [SecuritySafeCritical] [Pure] internal static void CheckDefinePInvokeSupported() { // We don't want users to use DefinePInvokeMethod in RefEmit to bypass app store validation on allowed native libraries. #if FEATURE_APPX if (IsAppXModel()) throw new NotSupportedException(Environment.GetResourceString("NotSupported_AppX", "DefinePInvokeMethod")); #endif } /// /// Checks (and throws on failure) if the domain supports Assembly.Load(byte[] ...). /// [SecuritySafeCritical] [Pure] internal static void CheckLoadByteArraySupported() { #if FEATURE_APPX if (IsAppXModel()) throw new NotSupportedException(Environment.GetResourceString("NotSupported_AppX", "Assembly.Load(byte[], ...)")); #endif } /// /// Checks (and throws on failure) if the domain supports AppDomain.CreateDomain. /// [SecuritySafeCritical] [Pure] internal static void CheckCreateDomainSupported() { #if FEATURE_APPX // Can create a new domain in an AppX process only when DevMode is enabled and // AssemblyLoadingCompat is not enabled (since there is no multi-domain support // for LoadFrom and LoadFile in AppX. if(IsAppXModel()) { if (!IsAppXDesignMode()) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_AppX", "AppDomain.CreateDomain")); } } #endif } /// /// Get the name of the assembly and type that act as the AppDomainManager for this domain /// [SecuritySafeCritical] internal void GetAppDomainManagerType(out string assembly, out string type) { // We can't just use our parameters because we need to ensure that the strings used for hte QCall // are on the stack. string localAssembly = null; string localType = null; GetAppDomainManagerType(GetNativeHandle(), JitHelpers.GetStringHandleOnStack(ref localAssembly), JitHelpers.GetStringHandleOnStack(ref localType)); assembly = localAssembly; type = localType; } /// /// Set the assembly and type which act as the AppDomainManager for this domain /// [SecuritySafeCritical] private void SetAppDomainManagerType(string assembly, string type) { Contract.Assert(assembly != null, "assembly != null"); Contract.Assert(type != null, "type != null"); SetAppDomainManagerType(GetNativeHandle(), assembly, type); } #if FEATURE_APTCA internal String[] PartialTrustVisibleAssemblies { get { return _aptcaVisibleAssemblies; } [SecuritySafeCritical] set { _aptcaVisibleAssemblies = value; // Build up the canonical representaiton of this list to allow the VM to do optimizations in // common cases string canonicalConditionalAptcaList = null; if (value != null) { StringBuilder conditionalAptcaListBuilder = StringBuilderCache.Acquire(); for (int i = 0; i < value.Length; ++i) { if (value[i] != null) { conditionalAptcaListBuilder.Append(value[i].ToUpperInvariant()); if (i != value.Length - 1) { conditionalAptcaListBuilder.Append(';'); } } } canonicalConditionalAptcaList = StringBuilderCache.GetStringAndRelease(conditionalAptcaListBuilder); } SetCanonicalConditionalAptcaList(canonicalConditionalAptcaList); } } [SecurityCritical] [SuppressUnmanagedCodeSecurity] [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] private static extern void SetCanonicalConditionalAptcaList(AppDomainHandle appDomain, string canonicalList); [SecurityCritical] private void SetCanonicalConditionalAptcaList(string canonicalList) { SetCanonicalConditionalAptcaList(GetNativeHandle(), canonicalList); } #endif // FEATURE_APTCA #if FEATURE_CLICKONCE /// /// If the CLR is being started up to run a ClickOnce applicaiton, setup the default AppDomain /// with information about that application. /// private void SetupDefaultClickOnceDomain(string fullName, string[] manifestPaths, string[] activationData) { Contract.Requires(fullName != null, "fullName != null"); FusionStore.ActivationArguments = new ActivationArguments(fullName, manifestPaths, activationData); } #endif // FEATURE_CLICKONCE /// /// Called for every AppDomain (including the default domain) to initialize the security of the AppDomain) /// [SecurityCritical] private void InitializeDomainSecurity(Evidence providedSecurityInfo, Evidence creatorsSecurityInfo, bool generateDefaultEvidence, IntPtr parentSecurityDescriptor, bool publishAppDomain) { AppDomainSetup adSetup = FusionStore; #if FEATURE_CAS_POLICY // If the AppDomain is setup to use legacy CAS policy, then set that bit in the application // security descriptor. if (CompatibilitySwitches.IsNetFx40LegacySecurityPolicy) { SetLegacyCasPolicyEnabled(); } #endif // FEATURE_CAS_POLICY #if FEATURE_CLICKONCE // Check if the domain manager set an ActivationContext (Debug-In-Zone for example) // or if this is an AppDomain with an ApplicationTrust. if (adSetup.ActivationArguments != null) { // Merge the new evidence with the manifest's evidence if applicable ActivationContext activationContext = null; ApplicationIdentity appIdentity = null; string[] activationData = null; CmsUtils.CreateActivationContext(adSetup.ActivationArguments.ApplicationFullName, adSetup.ActivationArguments.ApplicationManifestPaths, adSetup.ActivationArguments.UseFusionActivationContext, out appIdentity, out activationContext); activationData = adSetup.ActivationArguments.ActivationData; providedSecurityInfo = CmsUtils.MergeApplicationEvidence(providedSecurityInfo, appIdentity, activationContext, activationData, adSetup.ApplicationTrust); SetupApplicationHelper(providedSecurityInfo, creatorsSecurityInfo, appIdentity, activationContext, activationData); } else #endif // FEATURE_CLICKONCE { bool runtimeSuppliedHomogenousGrant = false; ApplicationTrust appTrust = adSetup.ApplicationTrust; #if FEATURE_CAS_POLICY // In non-legacy CAS mode, domains should be homogenous. If the host has not specified a sandbox // of their own, we'll set it up to be fully trusted. We must read the IsLegacyCasPolicy // enabled property here rathern than just reading the switch from above because the entire // process may also be opted into legacy CAS policy mode. if (appTrust == null && !IsLegacyCasPolicyEnabled) { _IsFastFullTrustDomain = true; runtimeSuppliedHomogenousGrant = true; } #endif // FEATURE_CAS_POLICY if (appTrust != null) { SetupDomainSecurityForHomogeneousDomain(appTrust, runtimeSuppliedHomogenousGrant); } else if (_IsFastFullTrustDomain) { SetSecurityHomogeneousFlag(GetNativeHandle(), runtimeSuppliedHomogenousGrant); } } // Get the evidence supplied for the domain. If no evidence was supplied, it means that we want // to use the default evidence creation strategy for this domain Evidence newAppDomainEvidence = (providedSecurityInfo != null ? providedSecurityInfo : creatorsSecurityInfo); if (newAppDomainEvidence == null && generateDefaultEvidence) { #if FEATURE_CAS_POLICY newAppDomainEvidence = new Evidence(new AppDomainEvidenceFactory(this)); #else // !FEATURE_CAS_POLICY newAppDomainEvidence = new Evidence(); #endif // FEATURE_CAS_POLICY } #if FEATURE_CAS_POLICY if (_domainManager != null) { // Give the host a chance to alter the AppDomain evidence HostSecurityManager securityManager = _domainManager.HostSecurityManager; if (securityManager != null) { nSetHostSecurityManagerFlags (securityManager.Flags); if ((securityManager.Flags & HostSecurityManagerOptions.HostAppDomainEvidence) == HostSecurityManagerOptions.HostAppDomainEvidence) { newAppDomainEvidence = securityManager.ProvideAppDomainEvidence(newAppDomainEvidence); // If this is a disconnected evidence collection, then attach it to the AppDomain, // allowing the host security manager to get callbacks for delay generated evidence if (newAppDomainEvidence != null && newAppDomainEvidence.Target == null) { newAppDomainEvidence.Target = new AppDomainEvidenceFactory(this); } } } } #endif // FEATURE_CAS_POLICY // Set the evidence on the managed side _SecurityIdentity = newAppDomainEvidence; // Set the evidence of the AppDomain in the VM. // Also, now that the initialization is complete, signal that to the security system. // Finish the AppDomain initialization and resolve the policy for the AppDomain evidence. SetupDomainSecurity(newAppDomainEvidence, parentSecurityDescriptor, publishAppDomain); #if FEATURE_CAS_POLICY // The AppDomain is now resolved. Go ahead and set the PolicyLevel // from the HostSecurityManager if specified. if (_domainManager != null) RunDomainManagerPostInitialization(_domainManager); #endif // FEATURE_CAS_POLICY } #if FEATURE_CAS_POLICY [System.Security.SecurityCritical] // auto-generated private void RunDomainManagerPostInitialization (AppDomainManager domainManager) { // force creation of the HostExecutionContextManager for the current AppDomain HostExecutionContextManager contextManager = domainManager.HostExecutionContextManager; if (IsLegacyCasPolicyEnabled) { #pragma warning disable 618 HostSecurityManager securityManager = domainManager.HostSecurityManager; if (securityManager != null) { if ((securityManager.Flags & HostSecurityManagerOptions.HostPolicyLevel) == HostSecurityManagerOptions.HostPolicyLevel) { // set AppDomain policy if specified PolicyLevel level = securityManager.DomainPolicy; if (level != null) SetAppDomainPolicy(level); } } #pragma warning restore 618 } } #endif #if FEATURE_CLICKONCE [System.Security.SecurityCritical] // auto-generated private void SetupApplicationHelper (Evidence providedSecurityInfo, Evidence creatorsSecurityInfo, ApplicationIdentity appIdentity, ActivationContext activationContext, string[] activationData) { Contract.Requires(providedSecurityInfo != null); HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager; ApplicationTrust appTrust = securityManager.DetermineApplicationTrust(providedSecurityInfo, creatorsSecurityInfo, new TrustManagerContext()); if (appTrust == null || !appTrust.IsApplicationTrustedToRun) throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"), System.__HResults.CORSEC_E_NO_EXEC_PERM, null); // The application is trusted to run. Set up the AppDomain according to the manifests. if (activationContext != null) SetupDomainForApplication(activationContext, activationData); SetupDomainSecurityForApplication(appIdentity, appTrust); } [System.Security.SecurityCritical] // auto-generated private void SetupDomainForApplication(ActivationContext activationContext, string[] activationData) { Contract.Requires(activationContext != null); if (IsDefaultAppDomain()) { // make the ActivationArguments available off the AppDomain object. AppDomainSetup adSetup = this.FusionStore; adSetup.ActivationArguments = new ActivationArguments(activationContext, activationData); // set the application base to point at where the application resides string entryPointPath = CmsUtils.GetEntryPointFullPath(activationContext); if (!String.IsNullOrEmpty(entryPointPath)) adSetup.SetupDefaults(entryPointPath); else adSetup.ApplicationBase = activationContext.ApplicationDirectory; // update fusion context SetupFusionStore(adSetup, null); } // perform app data directory migration. activationContext.PrepareForExecution(); activationContext.SetApplicationState(ActivationContext.ApplicationState.Starting); // set current app data directory. activationContext.SetApplicationState(ActivationContext.ApplicationState.Running); // make data directory path available. IPermission permission = null; string dataDirectory = activationContext.DataDirectory; if (dataDirectory != null && dataDirectory.Length > 0) permission = new FileIOPermission(FileIOPermissionAccess.PathDiscovery, dataDirectory); this.SetData("DataDirectory", dataDirectory, permission); _activationContext = activationContext; } [System.Security.SecurityCritical] // auto-generated private void SetupDomainSecurityForApplication(ApplicationIdentity appIdentity, ApplicationTrust appTrust) { // Set the Application trust on the managed side. _applicationIdentity = appIdentity; SetupDomainSecurityForHomogeneousDomain(appTrust, false); } #endif // FEATURE_CLICKONCE [System.Security.SecurityCritical] // auto-generated private void SetupDomainSecurityForHomogeneousDomain(ApplicationTrust appTrust, bool runtimeSuppliedHomogenousGrantSet) { // If the CLR has supplied the homogenous grant set (that is, this domain would have been // heterogenous in v2.0), then we need to strip the ApplicationTrust from the AppDomainSetup of // the current domain. This prevents code which does: // AppDomain.CreateDomain(..., AppDomain.CurrentDomain.SetupInformation); // // From looking like it is trying to create a homogenous domain intentionally, and therefore // having its evidence check bypassed. if (runtimeSuppliedHomogenousGrantSet) { BCLDebug.Assert(_FusionStore.ApplicationTrust != null, "Expected to find runtime supplied ApplicationTrust"); #if FEATURE_CAS_POLICY _FusionStore.ApplicationTrust = null; #endif // FEATURE_CAS_POLICY } _applicationTrust = appTrust; // Set the homogeneous bit in the VM's ApplicationSecurityDescriptor. SetSecurityHomogeneousFlag(GetNativeHandle(), runtimeSuppliedHomogenousGrantSet); } // This method is called from CorHost2::ExecuteApplication to activate a ClickOnce application in the default AppDomain. #if FEATURE_CLICKONCE [System.Security.SecuritySafeCritical] // auto-generated private int ActivateApplication () { ObjectHandle oh = Activator.CreateInstance(AppDomain.CurrentDomain.ActivationContext); return (int) oh.Unwrap(); } #endif //FEATURE_CLICKONCE public AppDomainManager DomainManager { [System.Security.SecurityCritical] // auto-generated_required get { return _domainManager; } } #if FEATURE_CAS_POLICY internal HostSecurityManager HostSecurityManager { [System.Security.SecurityCritical] // auto-generated get { HostSecurityManager securityManager = null; AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager; if (domainManager != null) securityManager = domainManager.HostSecurityManager; if (securityManager == null) securityManager = new HostSecurityManager(); return securityManager; } } #endif // FEATURE_CAS_POLICY #if FEATURE_REFLECTION_ONLY_LOAD private Assembly ResolveAssemblyForIntrospection(Object sender, ResolveEventArgs args) { Contract.Requires(args != null); return Assembly.ReflectionOnlyLoad(ApplyPolicy(args.Name)); } // Helper class for method code:EnableResolveAssembliesForIntrospection private class NamespaceResolverForIntrospection { private IEnumerable _packageGraphFilePaths; public NamespaceResolverForIntrospection(IEnumerable packageGraphFilePaths) { _packageGraphFilePaths = packageGraphFilePaths; } [System.Security.SecurityCritical] public void ResolveNamespace( object sender, System.Runtime.InteropServices.WindowsRuntime.NamespaceResolveEventArgs args) { Contract.Requires(args != null); IEnumerable fileNames = System.Runtime.InteropServices.WindowsRuntime.WindowsRuntimeMetadata.ResolveNamespace( args.NamespaceName, null, // windowsSdkFilePath ... Use OS installed .winmd files _packageGraphFilePaths); foreach (string fileName in fileNames) { args.ResolvedAssemblies.Add(Assembly.ReflectionOnlyLoadFrom(fileName)); } } } // Called only by native function code:ValidateWorker [System.Security.SecuritySafeCritical] private void EnableResolveAssembliesForIntrospection(string verifiedFileDirectory) { CurrentDomain.ReflectionOnlyAssemblyResolve += new ResolveEventHandler(ResolveAssemblyForIntrospection); string[] packageGraphFilePaths = null; if (verifiedFileDirectory != null) packageGraphFilePaths = new string[] { verifiedFileDirectory }; NamespaceResolverForIntrospection namespaceResolver = new NamespaceResolverForIntrospection(packageGraphFilePaths); System.Runtime.InteropServices.WindowsRuntime.WindowsRuntimeMetadata.ReflectionOnlyNamespaceResolve += new EventHandler(namespaceResolver.ResolveNamespace); } #endif // FEATURE_REFLECTION_ONLY_LOAD /********************************************** * If an AssemblyName has a public key specified, the assembly is assumed * to have a strong name and a hash will be computed when the assembly * is saved. **********************************************/ [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public AssemblyBuilder DefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, null, null, null, null, null, ref stackMark, null, SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public AssemblyBuilder DefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access, IEnumerable assemblyAttributes) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, null, null, null, null, null, ref stackMark, assemblyAttributes, SecurityContextSource.CurrentAssembly); } [MethodImplAttribute(MethodImplOptions.NoInlining)] // Due to the stack crawl mark [SecuritySafeCritical] public AssemblyBuilder DefineDynamicAssembly(AssemblyName name, AssemblyBuilderAccess access, IEnumerable assemblyAttributes, SecurityContextSource securityContextSource) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, null, null, null, null, null, ref stackMark, assemblyAttributes, securityContextSource); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public AssemblyBuilder DefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access, String dir) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, dir, null, null, null, null, ref stackMark, null, SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public AssemblyBuilder DefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access, Evidence evidence) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, null, evidence, null, null, null, ref stackMark, null, SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public AssemblyBuilder DefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access, PermissionSet requiredPermissions, PermissionSet optionalPermissions, PermissionSet refusedPermissions) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, null, null, requiredPermissions, optionalPermissions, refusedPermissions, ref stackMark, null, SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of DefineDynamicAssembly which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkId=155570 for more information.")] public AssemblyBuilder DefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access, String dir, Evidence evidence) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, dir, evidence, null, null, null, ref stackMark, null, SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public AssemblyBuilder DefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access, String dir, PermissionSet requiredPermissions, PermissionSet optionalPermissions, PermissionSet refusedPermissions) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, dir, null, requiredPermissions, optionalPermissions, refusedPermissions, ref stackMark, null, SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public AssemblyBuilder DefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access, Evidence evidence, PermissionSet requiredPermissions, PermissionSet optionalPermissions, PermissionSet refusedPermissions) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, null, evidence, requiredPermissions, optionalPermissions, refusedPermissions, ref stackMark, null, SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. Please see http://go.microsoft.com/fwlink/?LinkId=155570 for more information.")] public AssemblyBuilder DefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access, String dir, Evidence evidence, PermissionSet requiredPermissions, PermissionSet optionalPermissions, PermissionSet refusedPermissions) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, dir, evidence, requiredPermissions, optionalPermissions, refusedPermissions, ref stackMark, null, SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public AssemblyBuilder DefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access, String dir, Evidence evidence, PermissionSet requiredPermissions, PermissionSet optionalPermissions, PermissionSet refusedPermissions, bool isSynchronized) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, dir, evidence, requiredPermissions, optionalPermissions, refusedPermissions, ref stackMark, null, SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public AssemblyBuilder DefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access, String dir, Evidence evidence, PermissionSet requiredPermissions, PermissionSet optionalPermissions, PermissionSet refusedPermissions, bool isSynchronized, IEnumerable assemblyAttributes) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, dir, evidence, requiredPermissions, optionalPermissions, refusedPermissions, ref stackMark, assemblyAttributes, SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public AssemblyBuilder DefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access, String dir, bool isSynchronized, IEnumerable assemblyAttributes) { Contract.Ensures(Contract.Result() != null); StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return InternalDefineDynamicAssembly(name, access, dir, null, null, null, null, ref stackMark, assemblyAttributes, SecurityContextSource.CurrentAssembly); } [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable private AssemblyBuilder InternalDefineDynamicAssembly( AssemblyName name, AssemblyBuilderAccess access, String dir, Evidence evidence, PermissionSet requiredPermissions, PermissionSet optionalPermissions, PermissionSet refusedPermissions, ref StackCrawlMark stackMark, IEnumerable assemblyAttributes, SecurityContextSource securityContextSource) { return AssemblyBuilder.InternalDefineDynamicAssembly(name, access, dir, evidence, requiredPermissions, optionalPermissions, refusedPermissions, ref stackMark, assemblyAttributes, securityContextSource); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private extern String nApplyPolicy(AssemblyName an); // Return the assembly name that results from applying policy. [ComVisible(false)] public String ApplyPolicy(String assemblyName) { AssemblyName asmName = new AssemblyName(assemblyName); byte[] pk = asmName.GetPublicKeyToken(); if (pk == null) pk = asmName.GetPublicKey(); // Simply-named assemblies cannot have policy, so for those, // we simply return the passed-in assembly name. if ((pk == null) || (pk.Length == 0)) return assemblyName; else return nApplyPolicy(asmName); } public ObjectHandle CreateInstance(String assemblyName, String typeName) { // jit does not check for that, so we should do it ... if (this == null) throw new NullReferenceException(); if (assemblyName == null) throw new ArgumentNullException("assemblyName"); Contract.EndContractBlock(); return Activator.CreateInstance(assemblyName, typeName); } [System.Security.SecurityCritical] // auto-generated internal ObjectHandle InternalCreateInstanceWithNoSecurity (string assemblyName, string typeName) { PermissionSet.s_fullTrust.Assert(); return CreateInstance(assemblyName, typeName); } public ObjectHandle CreateInstanceFrom(String assemblyFile, String typeName) { // jit does not check for that, so we should do it ... if (this == null) throw new NullReferenceException(); Contract.EndContractBlock(); return Activator.CreateInstanceFrom(assemblyFile, typeName); } [System.Security.SecurityCritical] // auto-generated internal ObjectHandle InternalCreateInstanceFromWithNoSecurity (string assemblyName, string typeName) { PermissionSet.s_fullTrust.Assert(); return CreateInstanceFrom(assemblyName, typeName); } #if FEATURE_COMINTEROP // The first parameter should be named assemblyFile, but it was incorrectly named in a previous // release, and the compatibility police won't let us change the name now. public ObjectHandle CreateComInstanceFrom(String assemblyName, String typeName) { if (this == null) throw new NullReferenceException(); Contract.EndContractBlock(); return Activator.CreateComInstanceFrom(assemblyName, typeName); } public ObjectHandle CreateComInstanceFrom(String assemblyFile, String typeName, byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm) { if (this == null) throw new NullReferenceException(); Contract.EndContractBlock(); return Activator.CreateComInstanceFrom(assemblyFile, typeName, hashValue, hashAlgorithm); } #endif // FEATURE_COMINTEROP public ObjectHandle CreateInstance(String assemblyName, String typeName, Object[] activationAttributes) { // jit does not check for that, so we should do it ... if (this == null) throw new NullReferenceException(); if (assemblyName == null) throw new ArgumentNullException("assemblyName"); Contract.EndContractBlock(); return Activator.CreateInstance(assemblyName, typeName, activationAttributes); } public ObjectHandle CreateInstanceFrom(String assemblyFile, String typeName, Object[] activationAttributes) { // jit does not check for that, so we should do it ... if (this == null) throw new NullReferenceException(); Contract.EndContractBlock(); return Activator.CreateInstanceFrom(assemblyFile, typeName, activationAttributes); } [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of CreateInstance which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public ObjectHandle CreateInstance(String assemblyName, String typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityAttributes) { // jit does not check for that, so we should do it ... if (this == null) throw new NullReferenceException(); if (assemblyName == null) throw new ArgumentNullException("assemblyName"); Contract.EndContractBlock(); #if FEATURE_CAS_POLICY if (securityAttributes != null && !IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit")); } #endif // FEATURE_CAS_POLICY #pragma warning disable 618 return Activator.CreateInstance(assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityAttributes); #pragma warning restore 618 } public ObjectHandle CreateInstance(string assemblyName, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes) { // jit does not check for that, so we should do it ... if (this == null) throw new NullReferenceException(); if (assemblyName == null) throw new ArgumentNullException("assemblyName"); Contract.EndContractBlock(); return Activator.CreateInstance(assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes); } [System.Security.SecurityCritical] // auto-generated internal ObjectHandle InternalCreateInstanceWithNoSecurity (string assemblyName, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityAttributes) { #if FEATURE_CAS_POLICY Contract.Assert(IsLegacyCasPolicyEnabled || securityAttributes == null); #endif // FEATURE_CAS_POLICY PermissionSet.s_fullTrust.Assert(); #pragma warning disable 618 return CreateInstance(assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityAttributes); #pragma warning restore 618 } [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of CreateInstanceFrom which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public ObjectHandle CreateInstanceFrom(String assemblyFile, String typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityAttributes) { // jit does not check for that, so we should do it ... if (this == null) throw new NullReferenceException(); Contract.EndContractBlock(); #if FEATURE_CAS_POLICY if (securityAttributes != null && !IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit")); } #endif // FEATURE_CAS_POLICY return Activator.CreateInstanceFrom(assemblyFile, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityAttributes); } public ObjectHandle CreateInstanceFrom(string assemblyFile, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes) { // jit does not check for that, so we should do it ... if (this == null) throw new NullReferenceException(); Contract.EndContractBlock(); return Activator.CreateInstanceFrom(assemblyFile, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes); } [System.Security.SecurityCritical] // auto-generated internal ObjectHandle InternalCreateInstanceFromWithNoSecurity (string assemblyName, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityAttributes) { #if FEATURE_CAS_POLICY Contract.Assert(IsLegacyCasPolicyEnabled || securityAttributes == null); #endif // FEATURE_CAS_POLICY PermissionSet.s_fullTrust.Assert(); #pragma warning disable 618 return CreateInstanceFrom(assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityAttributes); #pragma warning restore 618 } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public Assembly Load(AssemblyName assemblyRef) { StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return RuntimeAssembly.InternalLoadAssemblyName(assemblyRef, null, null, ref stackMark, true /*thrownOnFileNotFound*/, false, false); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public Assembly Load(String assemblyString) { StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return RuntimeAssembly.InternalLoad(assemblyString, null, ref stackMark, false); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public Assembly Load(byte[] rawAssembly) { StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return RuntimeAssembly.nLoadImage(rawAssembly, null, // symbol store null, // evidence ref stackMark, false, SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public Assembly Load(byte[] rawAssembly, byte[] rawSymbolStore) { StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return RuntimeAssembly.nLoadImage(rawAssembly, rawSymbolStore, null, // evidence ref stackMark, false, // fIntrospection SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated #pragma warning disable 618 [SecurityPermissionAttribute(SecurityAction.Demand, ControlEvidence = true)] #pragma warning restore 618 [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of Load which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkId=155570 for more information.")] public Assembly Load(byte[] rawAssembly, byte[] rawSymbolStore, Evidence securityEvidence) { #if FEATURE_CAS_POLICY if (securityEvidence != null && !IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit")); } #endif // FEATURE_CAS_POLICY StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return RuntimeAssembly.nLoadImage(rawAssembly, rawSymbolStore, securityEvidence, ref stackMark, false, // fIntrospection SecurityContextSource.CurrentAssembly); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of Load which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public Assembly Load(AssemblyName assemblyRef, Evidence assemblySecurity) { StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return RuntimeAssembly.InternalLoadAssemblyName(assemblyRef, assemblySecurity, null, ref stackMark, true /*thrownOnFileNotFound*/, false, false); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of Load which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public Assembly Load(String assemblyString, Evidence assemblySecurity) { StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; return RuntimeAssembly.InternalLoad(assemblyString, assemblySecurity, ref stackMark, false); } public int ExecuteAssembly(String assemblyFile) { return ExecuteAssembly(assemblyFile, (string[])null); } [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of ExecuteAssembly which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public int ExecuteAssembly(String assemblyFile, Evidence assemblySecurity) { return ExecuteAssembly(assemblyFile, assemblySecurity, null); } [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of ExecuteAssembly which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public int ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args) { #if FEATURE_CAS_POLICY if (assemblySecurity != null && !IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit")); } #endif // FEATURE_CAS_POLICY RuntimeAssembly assembly = (RuntimeAssembly)Assembly.LoadFrom(assemblyFile, assemblySecurity); if (args == null) args = new String[0]; return nExecuteAssembly(assembly, args); } public int ExecuteAssembly(string assemblyFile, string[] args) { RuntimeAssembly assembly = (RuntimeAssembly)Assembly.LoadFrom(assemblyFile); if (args == null) args = new String[0]; return nExecuteAssembly(assembly, args); } [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of ExecuteAssembly which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public int ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args, byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm) { #if FEATURE_CAS_POLICY if (assemblySecurity != null && !IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit")); } #endif // FEATURE_CAS_POLICY RuntimeAssembly assembly = (RuntimeAssembly)Assembly.LoadFrom(assemblyFile, assemblySecurity, hashValue, hashAlgorithm); if (args == null) args = new String[0]; return nExecuteAssembly(assembly, args); } public int ExecuteAssembly(string assemblyFile, string[] args, byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm) { RuntimeAssembly assembly = (RuntimeAssembly)Assembly.LoadFrom(assemblyFile, hashValue, hashAlgorithm); if (args == null) args = new String[0]; return nExecuteAssembly(assembly, args); } #if FEATURE_CORECLR [System.Security.SecurityCritical] // auto-generated #endif public int ExecuteAssemblyByName(String assemblyName) { return ExecuteAssemblyByName(assemblyName, (string[])null); } [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of ExecuteAssemblyByName which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public int ExecuteAssemblyByName(String assemblyName, Evidence assemblySecurity) { #pragma warning disable 618 return ExecuteAssemblyByName(assemblyName, assemblySecurity, null); #pragma warning restore 618 } [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of ExecuteAssemblyByName which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public int ExecuteAssemblyByName(String assemblyName, Evidence assemblySecurity, params String[] args) { #if FEATURE_CAS_POLICY if (assemblySecurity != null && !IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit")); } #endif // FEATURE_CAS_POLICY RuntimeAssembly assembly = (RuntimeAssembly)Assembly.Load(assemblyName, assemblySecurity); if (args == null) args = new String[0]; return nExecuteAssembly(assembly, args); } public int ExecuteAssemblyByName(string assemblyName, params string[] args) { RuntimeAssembly assembly = (RuntimeAssembly)Assembly.Load(assemblyName); if (args == null) args = new String[0]; return nExecuteAssembly(assembly, args); } [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of ExecuteAssemblyByName which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public int ExecuteAssemblyByName(AssemblyName assemblyName, Evidence assemblySecurity, params String[] args) { #if FEATURE_CAS_POLICY if (assemblySecurity != null && !IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit")); } #endif // FEATURE_CAS_POLICY RuntimeAssembly assembly = (RuntimeAssembly)Assembly.Load(assemblyName, assemblySecurity); if (args == null) args = new String[0]; return nExecuteAssembly(assembly, args); } public int ExecuteAssemblyByName(AssemblyName assemblyName, params string[] args) { RuntimeAssembly assembly = (RuntimeAssembly)Assembly.Load(assemblyName); if (args == null) args = new String[0]; return nExecuteAssembly(assembly, args); } public static AppDomain CurrentDomain { get { Contract.Ensures(Contract.Result() != null); return Thread.GetDomain(); } } #if FEATURE_CAS_POLICY public Evidence Evidence { [System.Security.SecuritySafeCritical] // auto-generated [SecurityPermissionAttribute(SecurityAction.Demand, ControlEvidence = true)] get { return EvidenceNoDemand; } } internal Evidence EvidenceNoDemand { [SecurityCritical] get { if (_SecurityIdentity == null) { if (!IsDefaultAppDomain() && nIsDefaultAppDomainForEvidence()) { #if !FEATURE_CORECLR // // V1.x compatibility: If this is an AppDomain created // by the default appdomain without an explicit evidence // then reuse the evidence of the default AppDomain. // return GetDefaultDomain().Evidence; #else Contract.Assert(false,"This code should not be called for core CLR"); // This operation is not allowed throw new InvalidOperationException(); #endif } else { // We can't cache this value, since the VM needs to differentiate between AppDomains // which have no user supplied evidence and those which do and it uses the presence // of Evidence on the domain to make that switch. return new Evidence(new AppDomainEvidenceFactory(this)); } } else { return _SecurityIdentity.Clone(); } } } internal Evidence InternalEvidence { get { return _SecurityIdentity; } } internal EvidenceBase GetHostEvidence(Type type) { if (_SecurityIdentity != null) { return _SecurityIdentity.GetHostEvidence(type); } else { return new Evidence(new AppDomainEvidenceFactory(this)).GetHostEvidence(type); } } #endif // FEATURE_CAS_POLICY public String FriendlyName { [System.Security.SecuritySafeCritical] // auto-generated get { return nGetFriendlyName(); } } public String BaseDirectory { #if FEATURE_CORECLR [System.Security.SecurityCritical] #endif get { return FusionStore.ApplicationBase; } } #if FEATURE_FUSION public String RelativeSearchPath { get { return FusionStore.PrivateBinPath; } } public bool ShadowCopyFiles { get { String s = FusionStore.ShadowCopyFiles; if((s != null) && (String.Compare(s, "true", StringComparison.OrdinalIgnoreCase) == 0)) return true; else return false; } } #endif [System.Security.SecuritySafeCritical] // auto-generated public override String ToString() { StringBuilder sb = StringBuilderCache.Acquire(); String fn = nGetFriendlyName(); if (fn != null) { sb.Append(Environment.GetResourceString("Loader_Name") + fn); sb.Append(Environment.NewLine); } if(_Policies == null || _Policies.Length == 0) sb.Append(Environment.GetResourceString("Loader_NoContextPolicies") + Environment.NewLine); else { sb.Append(Environment.GetResourceString("Loader_ContextPolicies") + Environment.NewLine); for(int i = 0;i < _Policies.Length; i++) { sb.Append(_Policies[i]); sb.Append(Environment.NewLine); } } return StringBuilderCache.GetStringAndRelease(sb); } public Assembly[] GetAssemblies() { return nGetAssemblies(false /* forIntrospection */); } public Assembly[] ReflectionOnlyGetAssemblies() { return nGetAssemblies(true /* forIntrospection */); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private extern Assembly[] nGetAssemblies(bool forIntrospection); // this is true when we've removed the handles etc so really can't do anything [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] internal extern bool IsUnloadingForcedFinalize(); // this is true when we've just started going through the finalizers and are forcing objects to finalize // so must be aware that certain infrastructure may have gone away [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] public extern bool IsFinalizingForUnload(); [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] internal static extern void PublishAnonymouslyHostedDynamicMethodsAssembly(RuntimeAssembly assemblyHandle); #if FEATURE_FUSION // Appends the following string to the private path. Valid paths // are of the form "bin;util/i386" etc. [System.Security.SecurityCritical] // auto-generated_required [Obsolete("AppDomain.AppendPrivatePath has been deprecated. Please investigate the use of AppDomainSetup.PrivateBinPath instead. http://go.microsoft.com/fwlink/?linkid=14202")] public void AppendPrivatePath(String path) { if(path == null || path.Length == 0) return; String current = FusionStore.Value[(int) AppDomainSetup.LoaderInformation.PrivateBinPathValue]; StringBuilder appendPath = StringBuilderCache.Acquire(); if(current != null && current.Length > 0) { // See if the last character is a separator appendPath.Append(current); if((current[current.Length-1] != Path.PathSeparator) && (path[0] != Path.PathSeparator)) appendPath.Append(Path.PathSeparator); } appendPath.Append(path); String result = StringBuilderCache.GetStringAndRelease(appendPath); InternalSetPrivateBinPath(result); } [System.Security.SecurityCritical] // auto-generated_required [Obsolete("AppDomain.ClearPrivatePath has been deprecated. Please investigate the use of AppDomainSetup.PrivateBinPath instead. http://go.microsoft.com/fwlink/?linkid=14202")] public void ClearPrivatePath() { InternalSetPrivateBinPath(String.Empty); } [System.Security.SecurityCritical] // auto-generated_required [Obsolete("AppDomain.ClearShadowCopyPath has been deprecated. Please investigate the use of AppDomainSetup.ShadowCopyDirectories instead. http://go.microsoft.com/fwlink/?linkid=14202")] public void ClearShadowCopyPath() { InternalSetShadowCopyPath(String.Empty); } [System.Security.SecurityCritical] // auto-generated_required [Obsolete("AppDomain.SetCachePath has been deprecated. Please investigate the use of AppDomainSetup.CachePath instead. http://go.microsoft.com/fwlink/?linkid=14202")] public void SetCachePath(String path) { InternalSetCachePath(path); } #endif // FEATURE_FUSION [System.Security.SecurityCritical] // auto-generated_required public void SetData (string name, object data) { #if FEATURE_CORECLR if (!name.Equals("LOCATION_URI")) { // Only LOCATION_URI can be set using AppDomain.SetData throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_SetData_OnlyLocationURI", name)); } #endif // FEATURE_CORECLR SetDataHelper(name, data, null); } [System.Security.SecurityCritical] // auto-generated_required public void SetData (string name, object data, IPermission permission) { #if FEATURE_CORECLR if (!name.Equals("LOCATION_URI")) { // Only LOCATION_URI can be set using AppDomain.SetData throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_SetData_OnlyLocationURI", name)); } #endif // FEATURE_CORECLR SetDataHelper(name, data, permission); } [System.Security.SecurityCritical] // auto-generated private void SetDataHelper (string name, object data, IPermission permission) { if (name == null) throw new ArgumentNullException("name"); Contract.EndContractBlock(); // // Synopsis: // IgnoreSystemPolicy is provided as a legacy flag to allow callers to // skip enterprise, machine and user policy levels. When this flag is set, // any demands triggered in this AppDomain will be evaluated against the // AppDomain CAS policy level that is set on the AppDomain. // Security Requirements: // The caller needs to be fully trusted in order to be able to set // this legacy mode. // Remarks: // There needs to be an AppDomain policy level set before this compat // switch can be set on the AppDomain. // #if FEATURE_FUSION if (name.Equals(TargetFrameworkNameAppCompatSetting)) { _FusionStore.TargetFrameworkName = (String) data; return; } #if FEATURE_CAS_POLICY if (name.Equals("IgnoreSystemPolicy")) { lock (this) { if (!_HasSetPolicy) throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_SetData")); } new PermissionSet(PermissionState.Unrestricted).Demand(); } #endif int key = AppDomainSetup.Locate(name); if(key == -1) { lock (((ICollection)LocalStore).SyncRoot) { LocalStore[name] = new object[] {data, permission}; } } else { if (permission != null) throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_SetData")); // Be sure to call these properties, not Value, since // these do more than call Value. switch(key) { case (int) AppDomainSetup.LoaderInformation.DynamicBaseValue: FusionStore.DynamicBase = (string) data; break; case (int) AppDomainSetup.LoaderInformation.DevPathValue: FusionStore.DeveloperPath = (string) data; break; case (int) AppDomainSetup.LoaderInformation.ShadowCopyDirectoriesValue: FusionStore.ShadowCopyDirectories = (string) data; break; case (int) AppDomainSetup.LoaderInformation.DisallowPublisherPolicyValue: if(data != null) FusionStore.DisallowPublisherPolicy = true; else FusionStore.DisallowPublisherPolicy = false; break; case (int) AppDomainSetup.LoaderInformation.DisallowCodeDownloadValue: if (data != null) FusionStore.DisallowCodeDownload = true; else FusionStore.DisallowCodeDownload = false; break; case (int) AppDomainSetup.LoaderInformation.DisallowBindingRedirectsValue: if(data != null) FusionStore.DisallowBindingRedirects = true; else FusionStore.DisallowBindingRedirects = false; break; case (int) AppDomainSetup.LoaderInformation.DisallowAppBaseProbingValue: if(data != null) FusionStore.DisallowApplicationBaseProbing = true; else FusionStore.DisallowApplicationBaseProbing = false; break; case (int) AppDomainSetup.LoaderInformation.ConfigurationBytesValue: FusionStore.SetConfigurationBytes((byte[]) data); break; default: FusionStore.Value[key] = (string) data; break; } } #else // FEATURE_FUSION #if FEATURE_CORECLR // SetData should only be used to set values that don't already exist. { object[] currentVal; lock (((ICollection)LocalStore).SyncRoot) { LocalStore.TryGetValue(name, out currentVal); } if (currentVal != null && currentVal[0] != null) { throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_SetData_OnlyOnce")); } } #endif // FEATURE_CORECLR lock (((ICollection)LocalStore).SyncRoot) { LocalStore[name] = new object[] {data, permission}; } #endif // FEATURE_FUSION } [Pure] #if FEATURE_CORECLR [System.Security.SecurityCritical] // auto-generated #else [System.Security.SecuritySafeCritical] #endif public Object GetData(string name) { if(name == null) throw new ArgumentNullException("name"); Contract.EndContractBlock(); int key = AppDomainSetup.Locate(name); if(key == -1) { #if FEATURE_LOADER_OPTIMIZATION if(name.Equals(AppDomainSetup.LoaderOptimizationKey)) return FusionStore.LoaderOptimization; else #endif // FEATURE_LOADER_OPTIMIZATION { object[] data; lock (((ICollection)LocalStore).SyncRoot) { LocalStore.TryGetValue(name, out data); } if (data == null) return null; if (data[1] != null) { IPermission permission = (IPermission) data[1]; permission.Demand(); } return data[0]; } } else { // Be sure to call these properties, not Value, so // that the appropriate permission demand will be done switch(key) { case (int) AppDomainSetup.LoaderInformation.ApplicationBaseValue: return FusionStore.ApplicationBase; case (int) AppDomainSetup.LoaderInformation.ApplicationNameValue: return FusionStore.ApplicationName; #if FEATURE_FUSION case (int) AppDomainSetup.LoaderInformation.ConfigurationFileValue: return FusionStore.ConfigurationFile; case (int) AppDomainSetup.LoaderInformation.DynamicBaseValue: return FusionStore.DynamicBase; case (int) AppDomainSetup.LoaderInformation.DevPathValue: return FusionStore.DeveloperPath; case (int) AppDomainSetup.LoaderInformation.PrivateBinPathValue: return FusionStore.PrivateBinPath; case (int) AppDomainSetup.LoaderInformation.PrivateBinPathProbeValue: return FusionStore.PrivateBinPathProbe; case (int) AppDomainSetup.LoaderInformation.ShadowCopyDirectoriesValue: return FusionStore.ShadowCopyDirectories; case (int) AppDomainSetup.LoaderInformation.ShadowCopyFilesValue: return FusionStore.ShadowCopyFiles; case (int) AppDomainSetup.LoaderInformation.CachePathValue: return FusionStore.CachePath; case (int) AppDomainSetup.LoaderInformation.LicenseFileValue: return FusionStore.LicenseFile; case (int) AppDomainSetup.LoaderInformation.DisallowPublisherPolicyValue: return FusionStore.DisallowPublisherPolicy; case (int) AppDomainSetup.LoaderInformation.DisallowCodeDownloadValue: return FusionStore.DisallowCodeDownload; case (int) AppDomainSetup.LoaderInformation.DisallowBindingRedirectsValue: return FusionStore.DisallowBindingRedirects; case (int) AppDomainSetup.LoaderInformation.DisallowAppBaseProbingValue: return FusionStore.DisallowApplicationBaseProbing; case (int) AppDomainSetup.LoaderInformation.ConfigurationBytesValue: return FusionStore.GetConfigurationBytes(); #endif //FEATURE_FUSION default: Contract.Assert(false, "Need to handle new LoaderInformation value in AppDomain.GetData()"); return null; } } } // The compat flags are set at domain creation time to indicate that the given breaking // change should not be used in this domain. // // After the domain has been created, this Nullable boolean returned by this method should // always have a value. Code in the runtime uses this to know if it is safe to cache values // that might change if the compatibility switches have not been set yet. public Nullable IsCompatibilitySwitchSet(String value) { Nullable fReturn; if (_compatFlagsInitialized == false) { fReturn = new Nullable(); } else { fReturn = new Nullable(_compatFlags != null && _compatFlags.ContainsKey(value)); } return fReturn; } [Obsolete("AppDomain.GetCurrentThreadId has been deprecated because it does not provide a stable Id when managed threads are running on fibers (aka lightweight threads). To get a stable identifier for a managed thread, use the ManagedThreadId property on Thread. http://go.microsoft.com/fwlink/?linkid=14202", false)] [DllImport(Microsoft.Win32.Win32Native.KERNEL32)] public static extern int GetCurrentThreadId(); #if FEATURE_REMOTING [System.Security.SecuritySafeCritical] // auto-generated [SecurityPermissionAttribute( SecurityAction.Demand, ControlAppDomain = true ), ReliabilityContract(Consistency.MayCorruptAppDomain, Cer.MayFail)] public static void Unload(AppDomain domain) { if (domain == null) throw new ArgumentNullException("domain"); Contract.EndContractBlock(); try { Int32 domainID = AppDomain.GetIdForUnload(domain); if (domainID==0) throw new CannotUnloadAppDomainException(); AppDomain.nUnload(domainID); } catch(Exception e) { throw e; // throw it again to reset stack trace } } #endif // Explicitly set policy for a domain (providing policy hasn't been set // previously). Making this call will guarantee that previously loaded // assemblies will be granted permissions based on the default machine // policy that was in place prior to this call. #if FEATURE_CAS_POLICY [System.Security.SecurityCritical] // auto-generated_required [Obsolete("AppDomain policy levels are obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public void SetAppDomainPolicy(PolicyLevel domainPolicy) { if (domainPolicy == null) throw new ArgumentNullException("domainPolicy"); Contract.EndContractBlock(); if (!IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit")); } // Check that policy has not been set previously. lock (this) { if (_HasSetPolicy) throw new PolicyException(Environment.GetResourceString("Policy_PolicyAlreadySet")); _HasSetPolicy = true; // Make sure that the loader allows us to change security policy // at this time (this will throw if not.) nChangeSecurityPolicy(); } // Add the new policy level. SecurityManager.PolicyManager.AddLevel(domainPolicy); } #endif //#if !FEATURE_CAS_POLICY #if FEATURE_CLICKONCE public ActivationContext ActivationContext { [System.Security.SecurityCritical] // auto-generated_required get { return _activationContext; } } public ApplicationIdentity ApplicationIdentity { [System.Security.SecurityCritical] // auto-generated_required get { return _applicationIdentity; } } #endif // FEATURE_CLICKONCE #if FEATURE_CLICKONCE public ApplicationTrust ApplicationTrust { [System.Security.SecurityCritical] // auto-generated_required #else // FEATURE_CLICKONCE internal ApplicationTrust ApplicationTrust { #endif // FEATURE_CLICKONCE get { if (_applicationTrust == null && _IsFastFullTrustDomain) { _applicationTrust = new ApplicationTrust(new PermissionSet(PermissionState.Unrestricted)); } return _applicationTrust; } } #if FEATURE_IMPERSONATION // Set the default principal object to be attached to threads if they // attempt to bind to a principal while executing in this appdomain. The // default can only be set once. [System.Security.SecuritySafeCritical] // auto-generated [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.ControlPrincipal)] public void SetThreadPrincipal(IPrincipal principal) { if (principal == null) throw new ArgumentNullException("principal"); Contract.EndContractBlock(); lock (this) { // Check that principal has not been set previously. if (_DefaultPrincipal != null) throw new PolicyException(Environment.GetResourceString("Policy_PrincipalTwice")); _DefaultPrincipal = principal; } } #endif // FEATURE_IMPERSONATION #if FEATURE_CAS_POLICY // Similar to the above, but sets the class of principal to be created // instead. [System.Security.SecuritySafeCritical] // auto-generated [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.ControlPrincipal)] public void SetPrincipalPolicy(PrincipalPolicy policy) { _PrincipalPolicy = policy; } #endif #if FEATURE_REMOTING // This method gives AppDomain an infinite life time by preventing a lease from being // created [System.Security.SecurityCritical] // auto-generated_required public override Object InitializeLifetimeService() { return null; } // This is useful for requesting execution of some code // in another appDomain ... the delegate may be defined // on a marshal-by-value object or a marshal-by-ref or // contextBound object. public void DoCallBack(CrossAppDomainDelegate callBackDelegate) { if (callBackDelegate == null) throw new ArgumentNullException("callBackDelegate"); Contract.EndContractBlock(); callBackDelegate(); } #endif public String DynamicDirectory { [System.Security.SecuritySafeCritical] // auto-generated get { String dyndir = GetDynamicDir(); if (dyndir != null) new FileIOPermission( FileIOPermissionAccess.PathDiscovery, dyndir ).Demand(); return dyndir; } } #if FEATURE_CAS_POLICY public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo) // Optional { return CreateDomain(friendlyName, securityInfo, null); } public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo, // Optional String appBasePath, String appRelativeSearchPath, bool shadowCopyFiles) { AppDomainSetup info = new AppDomainSetup(); info.ApplicationBase = appBasePath; info.PrivateBinPath = appRelativeSearchPath; if(shadowCopyFiles) info.ShadowCopyFiles = "true"; return CreateDomain(friendlyName, securityInfo, info); } #endif // #if FEATURE_CAS_POLICY (not exposed in core) [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] extern private String GetDynamicDir(); // Private helpers called from unmanaged code. #if FEATURE_REMOTING public static AppDomain CreateDomain(String friendlyName) { return CreateDomain(friendlyName, null, null); } // Marshal a single object into a serialized blob. [System.Security.SecurityCritical] // auto-generated private static byte[] MarshalObject(Object o) { CodeAccessPermission.Assert(true); return Serialize(o); } // Marshal two objects into serialized blobs. [System.Security.SecurityCritical] // auto-generated private static byte[] MarshalObjects(Object o1, Object o2, out byte[] blob2) { CodeAccessPermission.Assert(true); byte[] blob1 = Serialize(o1); blob2 = Serialize(o2); return blob1; } // Unmarshal a single object from a serialized blob. [System.Security.SecurityCritical] // auto-generated private static Object UnmarshalObject(byte[] blob) { CodeAccessPermission.Assert(true); return Deserialize(blob); } // Unmarshal two objects from serialized blobs. [System.Security.SecurityCritical] // auto-generated private static Object UnmarshalObjects(byte[] blob1, byte[] blob2, out Object o2) { CodeAccessPermission.Assert(true); Object o1 = Deserialize(blob1); o2 = Deserialize(blob2); return o1; } // Helper routines. [System.Security.SecurityCritical] // auto-generated private static byte[] Serialize(Object o) { if (o == null) { return null; } else if (o is ISecurityEncodable) { SecurityElement element = ((ISecurityEncodable)o).ToXml(); MemoryStream ms = new MemoryStream( 4096 ); ms.WriteByte( 0 ); StreamWriter writer = new StreamWriter( ms, Encoding.UTF8 ); element.ToWriter( writer ); writer.Flush(); return ms.ToArray(); } else { MemoryStream ms = new MemoryStream(); ms.WriteByte( 1 ); CrossAppDomainSerializer.SerializeObject(o, ms); return ms.ToArray(); } } [System.Security.SecurityCritical] // auto-generated private static Object Deserialize(byte[] blob) { if (blob == null) return null; if (blob[0] == 0) { Parser parser = new Parser( blob, Tokenizer.ByteTokenEncoding.UTF8Tokens, 1 ); SecurityElement root = parser.GetTopElement(); if (root.Tag.Equals( "IPermission" ) || root.Tag.Equals( "Permission" )) { IPermission ip = System.Security.Util.XMLUtil.CreatePermission( root, PermissionState.None, false ); if (ip == null) { return null; } ip.FromXml( root ); return ip; } else if (root.Tag.Equals( "PermissionSet" )) { PermissionSet permissionSet = new PermissionSet(); permissionSet.FromXml( root, false, false ); return permissionSet; } else if (root.Tag.Equals( "PermissionToken" )) { PermissionToken pToken = new PermissionToken(); pToken.FromXml( root ); return pToken; } else { return null; } } else { Object obj = null; using(MemoryStream stream = new MemoryStream( blob, 1, blob.Length - 1 )) { obj = CrossAppDomainSerializer.DeserializeObject(stream); } Contract.Assert( !(obj is IPermission), "IPermission should be xml deserialized" ); Contract.Assert( !(obj is PermissionSet), "PermissionSet should be xml deserialized" ); return obj; } } #endif // FEATURE_REMOTING #if !FEATURE_CORECLR // // Called by the VM if ICLRExecutionManager::Pause is called with the PAUSE_APP_DOMAINS flag. // This mimics the behavior of the CoreCLR FAS (fast application switching) model, to ensure // that code that depends on things happening in a particular order will work. // [System.Security.SecurityCritical] internal static void Pause() { AppDomainPauseManager.Instance.Pausing(); AppDomainPauseManager.Instance.Paused(); } // // Called by the VM if ICLRExecutionManager::Resume is called after ICLRExecutionManager::Pause // was called with the PAUSE_APP_DOMAINS flag. // This mimics the behavior of the CoreCLR FAS (fast application switching) model, to ensure // that code that depends on things happening in a particular order will work. // [System.Security.SecurityCritical] internal static void Resume() { if (AppDomainPauseManager.IsPaused) { AppDomainPauseManager.Instance.Resuming(); AppDomainPauseManager.Instance.Resumed(); } } #endif private AppDomain() { throw new NotSupportedException(Environment.GetResourceString(ResId.NotSupported_Constructor)); } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private extern int _nExecuteAssembly(RuntimeAssembly assembly, String[] args); internal int nExecuteAssembly(RuntimeAssembly assembly, String[] args) { return _nExecuteAssembly(assembly, args); } #if FEATURE_VERSIONING [MethodImplAttribute(MethodImplOptions.InternalCall)] internal extern void nCreateContext(); [System.Security.SecurityCritical] [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SuppressUnmanagedCodeSecurity] private static extern void nSetupBindingPaths(String trustedPlatformAssemblies, String platformResourceRoots, String appPath, String appNiPaths, String appLocalWinMD); #if FEATURE_CORECLR [System.Security.SecurityCritical] // auto-generated #endif internal void SetupBindingPaths(String trustedPlatformAssemblies, String platformResourceRoots, String appPath, String appNiPaths, String appLocalWinMD) { nSetupBindingPaths(trustedPlatformAssemblies, platformResourceRoots, appPath, appNiPaths, appLocalWinMD); } #endif // FEATURE_VERSIONING #if FEATURE_REMOTING internal void CreateRemotingData() { lock(this) { if (_RemotingData == null) _RemotingData = new DomainSpecificRemotingData(); } } internal DomainSpecificRemotingData RemotingData { get { if (_RemotingData == null) CreateRemotingData(); return _RemotingData; } } #endif // FEATURE_REMOTING [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private extern String nGetFriendlyName(); [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private extern bool nIsDefaultAppDomainForEvidence(); // support reliability for certain event handlers, if the target // methods also participate in this discipline. If caller passes // an existing MulticastDelegate, then we could use a MDA to indicate // that reliability is not guaranteed. But if it is a single cast // scenario, we can make it work. public event EventHandler ProcessExit { [System.Security.SecuritySafeCritical] // auto-generated_required add { if (value != null) { RuntimeHelpers.PrepareContractedDelegate(value); lock(this) _processExit += value; } } remove { lock(this) _processExit -= value; } } public event EventHandler DomainUnload { [System.Security.SecuritySafeCritical] // auto-generated_required add { if (value != null) { RuntimeHelpers.PrepareContractedDelegate(value); lock(this) _domainUnload += value; } } #if FEATURE_CORECLR [System.Security.SecuritySafeCritical] #endif remove { lock(this) _domainUnload -= value; } } public event UnhandledExceptionEventHandler UnhandledException { [System.Security.SecurityCritical] // auto-generated_required add { if (value != null) { RuntimeHelpers.PrepareContractedDelegate(value); lock(this) _unhandledException += value; } } [System.Security.SecurityCritical] // auto-generated_required remove { lock(this) _unhandledException -= value; } } #if FEATURE_EXCEPTION_NOTIFICATIONS // This is the event managed code can wireup against to be notified // about first chance exceptions. // // To register/unregister the callback, the code must be SecurityCritical. public event EventHandler FirstChanceException { [System.Security.SecurityCritical] // auto-generated_required add { if (value != null) { RuntimeHelpers.PrepareContractedDelegate(value); lock(this) _firstChanceException += value; } } [System.Security.SecurityCritical] // auto-generated_required remove { lock(this) _firstChanceException -= value; } } #endif // FEATURE_EXCEPTION_NOTIFICATIONS private void OnAssemblyLoadEvent(RuntimeAssembly LoadedAssembly) { AssemblyLoadEventHandler eventHandler = AssemblyLoad; if (eventHandler != null) { AssemblyLoadEventArgs ea = new AssemblyLoadEventArgs(LoadedAssembly); eventHandler(this, ea); } } // This method is called by the VM. [System.Security.SecurityCritical] private RuntimeAssembly OnResourceResolveEvent(RuntimeAssembly assembly, String resourceName) { ResolveEventHandler eventHandler = _ResourceResolve; if ( eventHandler == null) return null; Delegate[] ds = eventHandler.GetInvocationList(); int len = ds.Length; for (int i = 0; i < len; i++) { Assembly asm = ((ResolveEventHandler)ds[i])(this, new ResolveEventArgs(resourceName, assembly)); RuntimeAssembly ret = GetRuntimeAssembly(asm); if (ret != null) return ret; } return null; } // This method is called by the VM [System.Security.SecurityCritical] private RuntimeAssembly OnTypeResolveEvent(RuntimeAssembly assembly, String typeName) { ResolveEventHandler eventHandler = _TypeResolve; if (eventHandler == null) return null; Delegate[] ds = eventHandler.GetInvocationList(); int len = ds.Length; for (int i = 0; i < len; i++) { Assembly asm = ((ResolveEventHandler)ds[i])(this, new ResolveEventArgs(typeName, assembly)); RuntimeAssembly ret = GetRuntimeAssembly(asm); if (ret != null) return ret; } return null; } // This method is called by the VM. [System.Security.SecurityCritical] private RuntimeAssembly OnAssemblyResolveEvent(RuntimeAssembly assembly, String assemblyFullName) { ResolveEventHandler eventHandler = _AssemblyResolve; if (eventHandler == null) { return null; } Delegate[] ds = eventHandler.GetInvocationList(); int len = ds.Length; for (int i = 0; i < len; i++) { Assembly asm = ((ResolveEventHandler)ds[i])(this, new ResolveEventArgs(assemblyFullName, assembly)); RuntimeAssembly ret = GetRuntimeAssembly(asm); if (ret != null) return ret; } return null; } #if FEATURE_REFLECTION_ONLY_LOAD private RuntimeAssembly OnReflectionOnlyAssemblyResolveEvent(RuntimeAssembly assembly, String assemblyFullName) { ResolveEventHandler eventHandler = ReflectionOnlyAssemblyResolve; if (eventHandler != null) { Delegate[] ds = eventHandler.GetInvocationList(); int len = ds.Length; for (int i = 0; i < len; i++) { Assembly asm = ((ResolveEventHandler)ds[i])(this, new ResolveEventArgs(assemblyFullName, assembly)); RuntimeAssembly ret = GetRuntimeAssembly(asm); if (ret != null) return ret; } } return null; } #if FEATURE_COMINTEROP // Called by VM - code:CLRPrivTypeCacheReflectionOnlyWinRT::RaiseNamespaceResolveEvent private RuntimeAssembly[] OnReflectionOnlyNamespaceResolveEvent(RuntimeAssembly assembly, string namespaceName) { return System.Runtime.InteropServices.WindowsRuntime.WindowsRuntimeMetadata.OnReflectionOnlyNamespaceResolveEvent(this, assembly, namespaceName); } #endif // FEATURE_COMINTEROP #endif // FEATURE_REFLECTION_ONLY_LOAD #if FEATURE_COMINTEROP // Called by VM - code:CLRPrivTypeCacheWinRT::RaiseDesignerNamespaceResolveEvent private string[] OnDesignerNamespaceResolveEvent(string namespaceName) { return System.Runtime.InteropServices.WindowsRuntime.WindowsRuntimeMetadata.OnDesignerNamespaceResolveEvent(this, namespaceName); } #endif // FEATURE_COMINTEROP internal AppDomainSetup FusionStore { get { Contract.Assert(_FusionStore != null, "Fusion store has not been correctly setup in this domain"); return _FusionStore; } } internal static RuntimeAssembly GetRuntimeAssembly(Assembly asm) { if (asm == null) return null; RuntimeAssembly rtAssembly = asm as RuntimeAssembly; if (rtAssembly != null) return rtAssembly; AssemblyBuilder ab = asm as AssemblyBuilder; if (ab != null) return ab.InternalAssembly; return null; } private Dictionary LocalStore { get { if (_LocalStore != null) return _LocalStore; else { _LocalStore = new Dictionary(); return _LocalStore; } } } #if FEATURE_FUSION private void TurnOnBindingRedirects() { _FusionStore.DisallowBindingRedirects = false; } #endif // This will throw a CannotUnloadAppDomainException if the appdomain is // in another process. #if FEATURE_REMOTING [System.Security.SecurityCritical] // auto-generated [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] internal static Int32 GetIdForUnload(AppDomain domain) { if (RemotingServices.IsTransparentProxy(domain)) { return RemotingServices.GetServerDomainIdForProxy(domain); } else return domain.Id; } #endif // Used to determine if server object context is valid in // x-domain remoting scenarios. [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] internal static extern bool IsDomainIdValid(Int32 id); #if FEATURE_REMOTING [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] static internal extern AppDomain GetDefaultDomain(); #endif #if FEATURE_IMPERSONATION // Internal routine to retrieve the default principal object. If this is // called before the principal has been explicitly set, it will // automatically allocate a default principal based on the policy set by // SetPrincipalPolicy. internal IPrincipal GetThreadPrincipal() { IPrincipal principal = null; if (_DefaultPrincipal == null) { #if FEATURE_CAS_POLICY switch (_PrincipalPolicy) { case PrincipalPolicy.NoPrincipal: principal = null; break; case PrincipalPolicy.UnauthenticatedPrincipal: principal = new GenericPrincipal(new GenericIdentity("", ""), new String[] {""}); break; case PrincipalPolicy.WindowsPrincipal: principal = new WindowsPrincipal(WindowsIdentity.GetCurrent()); break; default: principal = null; break; } #else principal = new GenericPrincipal(new GenericIdentity("", ""), new String[] {""}); #endif } else principal = _DefaultPrincipal; return principal; } #endif // FEATURE_IMPERSONATION #if FEATURE_REMOTING [System.Security.SecurityCritical] // auto-generated internal void CreateDefaultContext() { lock(this) { // if it has not been created we ask the Context class to // create a new default context for this appdomain. if (_DefaultContext == null) _DefaultContext = Context.CreateDefaultContext(); } } [System.Security.SecurityCritical] // auto-generated internal Context GetDefaultContext() { if (_DefaultContext == null) CreateDefaultContext(); return _DefaultContext; } // Ensure that evidence provided when creating an AppDomain would not have been used to create a // sandbox in legacy CAS mode. If it could have been used to create a sandbox, and we're not in CAS // mode, then we throw an exception to prevent acciental creation of unsandboxed domains where a // sandbox would have been expected. [SecuritySafeCritical] internal static void CheckDomainCreationEvidence(AppDomainSetup creationDomainSetup, Evidence creationEvidence) { if (creationEvidence != null && !CurrentDomain.IsLegacyCasPolicyEnabled) { if (creationDomainSetup == null || creationDomainSetup.ApplicationTrust == null) { // We allow non-null evidence in CAS mode to support the common pattern of passing in // AppDomain.CurrentDomain.Evidence. Since the zone evidence must have been changed // if the user has any expectation of sandboxing the domain under legacy CAS policy, // we use a zone comparison to check for this pattern. A strict comparison will not // work, since MSDN samples for creating a domain show using a modified version of the // current domain's evidence and we would capturce people who copied and pasted these // samples without intending to sandbox. Zone creatorsZone = CurrentDomain.EvidenceNoDemand.GetHostEvidence(); SecurityZone creatorsSecurityZone = creatorsZone != null ? creatorsZone.SecurityZone : SecurityZone.MyComputer; Zone suppliedZone = creationEvidence.GetHostEvidence(); if (suppliedZone != null) { if (suppliedZone.SecurityZone != creatorsSecurityZone && suppliedZone.SecurityZone != SecurityZone.MyComputer) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit")); } } } } } #if FEATURE_CAS_POLICY [System.Security.SecuritySafeCritical] // auto-generated [SecurityPermissionAttribute( SecurityAction.Demand, ControlAppDomain = true )] public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo, AppDomainSetup info) { return InternalCreateDomain(friendlyName, securityInfo, info); } #else internal static AppDomain CreateDomain(String friendlyName, Evidence securityInfo, AppDomainSetup info) { return InternalCreateDomain(friendlyName, securityInfo, info); } #endif [System.Security.SecurityCritical] // auto-generated internal static AppDomain InternalCreateDomain(String friendlyName, Evidence securityInfo, AppDomainSetup info) { if (friendlyName == null) throw new ArgumentNullException("friendlyName", Environment.GetResourceString("ArgumentNull_String")); Contract.EndContractBlock(); AppDomain.CheckCreateDomainSupported(); if (info == null) info = new AppDomainSetup(); if (info.TargetFrameworkName == null) info.TargetFrameworkName = AppDomain.CurrentDomain.GetTargetFrameworkName(); AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager; if (domainManager != null) return domainManager.CreateDomain(friendlyName, securityInfo, info); // No AppDomainManager is set up for this domain // If evidence is provided, we check to make sure that is allowed. if (securityInfo != null) { new SecurityPermission(SecurityPermissionFlag.ControlEvidence).Demand(); // If we're potentially trying to sandbox without using a homogenous domain, we need to reject // the domain creation. CheckDomainCreationEvidence(info, securityInfo); } return nCreateDomain(friendlyName, info, securityInfo, securityInfo == null ? AppDomain.CurrentDomain.InternalEvidence : null, AppDomain.CurrentDomain.GetSecurityDescriptor()); } #endif // FEATURE_REMOTING #if FEATURE_CAS_POLICY public static AppDomain CreateDomain (string friendlyName, Evidence securityInfo, AppDomainSetup info, PermissionSet grantSet, params StrongName[] fullTrustAssemblies) { if (info == null) throw new ArgumentNullException("info"); if (info.ApplicationBase == null) throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_AppDomainSandboxAPINeedsExplicitAppBase")); Contract.EndContractBlock(); if (fullTrustAssemblies == null) { fullTrustAssemblies = new StrongName[0]; } info.ApplicationTrust = new ApplicationTrust(grantSet, fullTrustAssemblies); return CreateDomain(friendlyName, securityInfo, info); } public static AppDomain CreateDomain(String friendlyName, Evidence securityInfo, // Optional String appBasePath, String appRelativeSearchPath, bool shadowCopyFiles, AppDomainInitializer adInit, string[] adInitArgs) { AppDomainSetup info = new AppDomainSetup(); info.ApplicationBase = appBasePath; info.PrivateBinPath = appRelativeSearchPath; info.AppDomainInitializer=adInit; info.AppDomainInitializerArguments=adInitArgs; if(shadowCopyFiles) info.ShadowCopyFiles = "true"; return CreateDomain(friendlyName, securityInfo, info); } #endif // FEATURE_CAS_POLICY #if FEATURE_CORECLR [System.Security.SecurityCritical] [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SuppressUnmanagedCodeSecurity] private static extern void nSetNativeDllSearchDirectories(string paths); #endif [System.Security.SecurityCritical] // auto-generated private void SetupFusionStore(AppDomainSetup info, AppDomainSetup oldInfo) { Contract.Requires(info != null); #if FEATURE_FUSION if (oldInfo == null) { // Create the application base and configuration file from the imagelocation // passed in or use the Win32 Image name. if(info.Value[(int) AppDomainSetup.LoaderInformation.ApplicationBaseValue] == null || info.Value[(int) AppDomainSetup.LoaderInformation.ConfigurationFileValue] == null ) #else if (info.ApplicationBase == null) #endif { #if FEATURE_FUSION AppDomain defaultDomain = GetDefaultDomain(); if (this == defaultDomain) { // The default domain gets its defaults from the main process. info.SetupDefaults(RuntimeEnvironment.GetModuleFileName(), imageLocationAlreadyNormalized : true); } else { // Other domains get their defaults from the default domain. This way, a host process // can use AppDomainManager to set up the defaults for every domain created in the process. if (info.Value[(int) AppDomainSetup.LoaderInformation.ConfigurationFileValue] == null) info.ConfigurationFile = defaultDomain.FusionStore.Value[(int) AppDomainSetup.LoaderInformation.ConfigurationFileValue]; if (info.Value[(int) AppDomainSetup.LoaderInformation.ApplicationBaseValue] == null) info.ApplicationBase = defaultDomain.FusionStore.Value[(int) AppDomainSetup.LoaderInformation.ApplicationBaseValue]; if (info.Value[(int) AppDomainSetup.LoaderInformation.ApplicationNameValue] == null) info.ApplicationName = defaultDomain.FusionStore.Value[(int) AppDomainSetup.LoaderInformation.ApplicationNameValue]; } #else info.SetupDefaults(RuntimeEnvironment.GetModuleFileName(), imageLocationAlreadyNormalized : true); #endif } #if FEATURE_FUSION // If there is no relative path then check the // environment if(info.Value[(int) AppDomainSetup.LoaderInformation.PrivateBinPathValue] == null) info.PrivateBinPath = Environment.nativeGetEnvironmentVariable(AppDomainSetup.PrivateBinPathEnvironmentVariable); // Add the developer path if it exists on this // machine. if(info.DeveloperPath == null) info.DeveloperPath = RuntimeEnvironment.GetDeveloperPath(); } // Set up the fusion context IntPtr fusionContext = GetFusionContext(); info.SetupFusionContext(fusionContext, oldInfo); // Set loader optimization policy #else #if FEATURE_VERSIONING nCreateContext(); #endif // FEATURE_VERSIONING #endif // FEATURE_FUSION #if FEATURE_LOADER_OPTIMIZATION if (info.LoaderOptimization != LoaderOptimization.NotSpecified || (oldInfo != null && info.LoaderOptimization != oldInfo.LoaderOptimization)) UpdateLoaderOptimization(info.LoaderOptimization); #endif // This must be the last action taken _FusionStore = info; } // used to package up evidence, so it can be serialized // for the call to InternalRemotelySetupRemoteDomain [Serializable] private class EvidenceCollection { public Evidence ProvidedSecurityInfo; public Evidence CreatorsSecurityInfo; } private static void RunInitializer(AppDomainSetup setup) { if (setup.AppDomainInitializer!=null) { string[] args=null; if (setup.AppDomainInitializerArguments!=null) args=(string[])setup.AppDomainInitializerArguments.Clone(); setup.AppDomainInitializer(args); } } // Used to switch into other AppDomain and call SetupRemoteDomain. // We cannot simply call through the proxy, because if there // are any remoting sinks registered, they can add non-mscorlib // objects to the message (causing an assembly load exception when // we try to deserialize it on the other side) [System.Security.SecurityCritical] // auto-generated private static object PrepareDataForSetup(String friendlyName, AppDomainSetup setup, Evidence providedSecurityInfo, Evidence creatorsSecurityInfo, IntPtr parentSecurityDescriptor, string sandboxName, string[] propertyNames, string[] propertyValues) { byte[] serializedEvidence = null; bool generateDefaultEvidence = false; #if FEATURE_CAS_POLICY // serialize evidence EvidenceCollection evidenceCollection = null; if (providedSecurityInfo != null || creatorsSecurityInfo != null) { // If we're just passing through AppDomain.CurrentDomain.Evidence, and that evidence is just // using the standard runtime AppDomainEvidenceFactory, don't waste time serializing it and // deserializing it back -- instead, we can recreate a new AppDomainEvidenceFactory in the new // domain. We only want to do this if there is no HostSecurityManager, otherwise the // HostSecurityManager could have added additional evidence on top of our standard factory. HostSecurityManager hsm = CurrentDomain.DomainManager != null ? CurrentDomain.DomainManager.HostSecurityManager : null; bool hostMayContributeEvidence = hsm != null && hsm.GetType() != typeof(HostSecurityManager) && (hsm.Flags & HostSecurityManagerOptions.HostAppDomainEvidence) == HostSecurityManagerOptions.HostAppDomainEvidence; if (!hostMayContributeEvidence) { if (providedSecurityInfo != null && providedSecurityInfo.IsUnmodified && providedSecurityInfo.Target != null && providedSecurityInfo.Target is AppDomainEvidenceFactory) { providedSecurityInfo = null; generateDefaultEvidence = true; } if (creatorsSecurityInfo != null && creatorsSecurityInfo.IsUnmodified && creatorsSecurityInfo.Target != null && creatorsSecurityInfo.Target is AppDomainEvidenceFactory) { creatorsSecurityInfo = null; generateDefaultEvidence = true; } } } if ((providedSecurityInfo != null) || (creatorsSecurityInfo != null)) { evidenceCollection = new EvidenceCollection(); evidenceCollection.ProvidedSecurityInfo = providedSecurityInfo; evidenceCollection.CreatorsSecurityInfo = creatorsSecurityInfo; } if (evidenceCollection != null) { serializedEvidence = CrossAppDomainSerializer.SerializeObject(evidenceCollection).GetBuffer(); } #endif // FEATURE_CAS_POLICY AppDomainInitializerInfo initializerInfo = null; if (setup!=null && setup.AppDomainInitializer!=null) initializerInfo=new AppDomainInitializerInfo(setup.AppDomainInitializer); // will travel x-Ad, drop non-agile data AppDomainSetup newSetup = new AppDomainSetup(setup, false); #if FEATURE_CORECLR // Remove the special AppDomainCompatSwitch entries from the set of name value pairs // And add them to the AppDomainSetup // // This is only supported on CoreCLR through ICLRRuntimeHost2.CreateAppDomainWithManager // Desktop code should use System.AppDomain.CreateDomain() or // System.AppDomainManager.CreateDomain() and add the flags to the AppDomainSetup List compatList = new List(); if(propertyNames!=null && propertyValues != null) { for (int i=0; i 0) { newSetup.SetCompatibilitySwitches(compatList); } } #endif // FEATURE_CORECLR return new Object[] { friendlyName, newSetup, parentSecurityDescriptor, generateDefaultEvidence, serializedEvidence, initializerInfo, sandboxName, propertyNames, propertyValues }; } // PrepareDataForSetup [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] private static Object Setup(Object arg) { Contract.Requires(arg != null && arg is Object[]); Contract.Requires(((Object[])arg).Length >= 8); Object[] args=(Object[])arg; String friendlyName = (String)args[0]; AppDomainSetup setup = (AppDomainSetup)args[1]; IntPtr parentSecurityDescriptor = (IntPtr)args[2]; bool generateDefaultEvidence = (bool)args[3]; byte[] serializedEvidence = (byte[])args[4]; AppDomainInitializerInfo initializerInfo = (AppDomainInitializerInfo)args[5]; string sandboxName = (string)args[6]; string[] propertyNames = (string[])args[7]; // can contain null elements string[] propertyValues = (string[])args[8]; // can contain null elements // extract evidence Evidence providedSecurityInfo = null; Evidence creatorsSecurityInfo = null; AppDomain ad = AppDomain.CurrentDomain; AppDomainSetup newSetup=new AppDomainSetup(setup,false); if(propertyNames!=null && propertyValues != null) { #if FEATURE_CORECLR StringBuilder normalisedAppPathList = null; #endif // FEATURE_CORECLR for (int i=0; i 0) { normalisedAppPathList.Remove(normalisedAppPathList.Length - 1, 1); } ad.SetDataHelper(propertyNames[i],normalisedAppPathList.ToString(),null); // not supported by fusion, so set explicitly } else if(propertyNames[i]!= null) { ad.SetDataHelper(propertyNames[i],propertyValues[i],null); // just propagate } #endif } } #if !FEATURE_CORECLR AppDomainSortingSetupInfo sortingSetup = newSetup._AppDomainSortingSetupInfo; if(sortingSetup != null) { if(sortingSetup._pfnIsNLSDefinedString == IntPtr.Zero || sortingSetup._pfnCompareStringEx == IntPtr.Zero || sortingSetup._pfnLCMapStringEx == IntPtr.Zero || sortingSetup._pfnFindNLSStringEx == IntPtr.Zero || sortingSetup._pfnCompareStringOrdinal == IntPtr.Zero || sortingSetup._pfnGetNLSVersionEx == IntPtr.Zero) { if(!(sortingSetup._pfnIsNLSDefinedString == IntPtr.Zero && sortingSetup._pfnCompareStringEx == IntPtr.Zero && sortingSetup._pfnLCMapStringEx == IntPtr.Zero && sortingSetup._pfnFindNLSStringEx == IntPtr.Zero && sortingSetup._pfnCompareStringOrdinal == IntPtr.Zero && sortingSetup._pfnGetNLSVersionEx == IntPtr.Zero)) { // Some functions defined but not all of them. throw new ArgumentException(Environment.GetResourceString("ArgumentException_NotAllCustomSortingFuncsDefined")); } } } #endif ad.SetupFusionStore(newSetup, null); // makes FusionStore a ref to newSetup // technically, we don't need this, newSetup refers to the same object as FusionStore // but it's confusing since it isn't immediately obvious whether we have a ref or a copy AppDomainSetup adSetup = ad.FusionStore; #if FEATURE_CORECLR adSetup.InternalSetApplicationTrust(sandboxName); #endif // FEATURE_CORECLR #if !FEATURE_CORECLR // not used by coreclr if (serializedEvidence != null) { EvidenceCollection evidenceCollection = (EvidenceCollection) CrossAppDomainSerializer.DeserializeObject(new MemoryStream(serializedEvidence)); providedSecurityInfo = evidenceCollection.ProvidedSecurityInfo; creatorsSecurityInfo = evidenceCollection.CreatorsSecurityInfo; } #endif // set up the friendly name ad.nSetupFriendlyName(friendlyName); #if FEATURE_COMINTEROP if (setup != null && setup.SandboxInterop) { ad.nSetDisableInterfaceCache(); } #endif // FEATURE_COMINTEROP // set up the AppDomainManager for this domain and initialize security. if (adSetup.AppDomainManagerAssembly != null && adSetup.AppDomainManagerType != null) { ad.SetAppDomainManagerType(adSetup.AppDomainManagerAssembly, adSetup.AppDomainManagerType); } #if FEATURE_APTCA // set any conditial-aptca visible assemblies ad.PartialTrustVisibleAssemblies = adSetup.PartialTrustVisibleAssemblies; #endif // FEATURE_APTCA ad.CreateAppDomainManager(); // could modify FusionStore's object ad.InitializeDomainSecurity(providedSecurityInfo, creatorsSecurityInfo, generateDefaultEvidence, parentSecurityDescriptor, true); // can load user code now if(initializerInfo!=null) adSetup.AppDomainInitializer=initializerInfo.Unwrap(); RunInitializer(adSetup); // Activate the application if needed. #if FEATURE_CLICKONCE ObjectHandle oh = null; if (adSetup.ActivationArguments != null && adSetup.ActivationArguments.ActivateInstance) oh = Activator.CreateInstance(ad.ActivationContext); return RemotingServices.MarshalInternal(oh, null, null); #else return null; #endif // FEATURE_CLICKONCE } [SecuritySafeCritical] internal static string NormalizePath(string path, bool fullCheck) { #if FEATURE_PATHCOMPAT // Appcontext switches can't currently be safely hit during AppDomain bringup return Path.LegacyNormalizePath( path: path, fullCheck: fullCheck, maxPathLength: PathInternal.MaxShortPath, expandShortPaths: true); #else return Path.NormalizePath( path: path, fullCheck: fullCheck, expandShortPaths: true); #endif } #if FEATURE_APTCA // Called from DomainAssembly in Conditional APTCA cases [PermissionSet(SecurityAction.Assert, Unrestricted = true)] [SecuritySafeCritical] private bool IsAssemblyOnAptcaVisibleList(RuntimeAssembly assembly) { if (_aptcaVisibleAssemblies == null) return false; AssemblyName assemblyName = assembly.GetName(); String name = assemblyName.GetNameWithPublicKey(); name = name.ToUpperInvariant(); int index = Array.BinarySearch(_aptcaVisibleAssemblies, name, StringComparer.OrdinalIgnoreCase); return (index >=0); } //Used to binary search the list of C-APTCA strings for an AssemblyName. It compares assembly name //and public key token. private class CAPTCASearcher : IComparer { int IComparer.Compare(object /*string*/lhs, object /*AssemblyName*/rhs) { AssemblyName captcaEntry = new AssemblyName((string)lhs); AssemblyName comparand = (AssemblyName)rhs; int nameComp = string.Compare(captcaEntry.Name, comparand.Name, StringComparison.OrdinalIgnoreCase); if (nameComp != 0) { return nameComp; } //simple names match. Compare public key tokens. byte[] lhsKey = captcaEntry.GetPublicKeyToken(); byte[] rhsKey = comparand.GetPublicKeyToken(); // We require both sides have a public key token if (lhsKey == null) { return -1; } if (rhsKey == null) { return 1; } if (lhsKey.Length < rhsKey.Length) { return -1; } if (lhsKey.Length > rhsKey.Length) { return 1; } // Tokens seem valid - make sure the compare correctly for (int i = 0; i < lhsKey.Length; ++i) { byte lhsByte = lhsKey[i]; byte rhsByte = rhsKey[i]; if (lhsByte < rhsByte) { return -1; } if (lhsByte > rhsByte) { return 1; } } //They match. return 0; } } [System.Security.SecurityCritical] private unsafe bool IsAssemblyOnAptcaVisibleListRaw(char * namePtr, int nameLen, byte * keyTokenPtr, int keyTokenLen) { //This version is used for checking ngen dependencies against the C-APTCA list. It lets us //reject ngen images that depend on an assembly that has been disabled in the current domain. //Since we only have the public key token in the ngen image, we'll check against that. The //rationale is that if you have a public key token collision in your process you have many //problems. Since the source of this public key token is an ngen image for a full trust //assembly, there is essentially no risk to the reduced check. if (_aptcaVisibleAssemblies == null) return false; string name = new string(namePtr, 0, nameLen); byte[] keyToken = new byte[keyTokenLen]; for( int i = 0; i < keyToken.Length; ++i ) keyToken[i] = keyTokenPtr[i]; AssemblyName asmName = new AssemblyName(); asmName.Name = name; asmName.SetPublicKeyToken(keyToken); try { int index = Array.BinarySearch(_aptcaVisibleAssemblies, asmName, new CAPTCASearcher()); return (index >= 0); } catch (InvalidOperationException) { /* Can happen for poorly formed assembly names */ return false; } } #endif // This routine is called from unmanaged code to // set the default fusion context. [System.Security.SecurityCritical] // auto-generated private void SetupDomain(bool allowRedirects, String path, String configFile, String[] propertyNames, String[] propertyValues) { // It is possible that we could have multiple threads initializing // the default domain. We will just take the winner of these two. // (eg. one thread doing a com call and another doing attach for IJW) lock (this) { if(_FusionStore == null) { AppDomainSetup setup = new AppDomainSetup(); #if FEATURE_CORECLR // always use internet permission set setup.InternalSetApplicationTrust("Internet"); #endif // FEATURE_CORECLR #if FEATURE_FUSION setup.SetupDefaults(RuntimeEnvironment.GetModuleFileName(), imageLocationAlreadyNormalized : true); if(path != null) setup.Value[(int) AppDomainSetup.LoaderInformation.ApplicationBaseValue] = path; if(configFile != null) setup.Value[(int) AppDomainSetup.LoaderInformation.ConfigurationFileValue] = configFile; // Default fusion context starts with binding redirects turned off. if (!allowRedirects) setup.DisallowBindingRedirects = true; #endif #if !FEATURE_CORECLR if (propertyNames != null) { BCLDebug.Assert(propertyValues != null, "propertyValues != null"); BCLDebug.Assert(propertyNames.Length == propertyValues.Length, "propertyNames.Length == propertyValues.Length"); for (int i = 0; i < propertyNames.Length; ++i) { if (String.Equals(propertyNames[i], "PARTIAL_TRUST_VISIBLE_ASSEMBLIES", StringComparison.Ordinal)) { // The value of the PARTIAL_TRUST_VISIBLE_ASSEMBLIES property is a semicolon // delimited list of assembly names to add to the // PartialTrustVisibleAssemblies setting of the domain setup if (propertyValues[i] != null) { if (propertyValues[i].Length > 0) { setup.PartialTrustVisibleAssemblies = propertyValues[i].Split(';'); } else { setup.PartialTrustVisibleAssemblies = new string[0]; } } } else { // In v4 we disallow anything but PARTIAL_TRUST_VISIBLE_ASSEMBLIES to come // in via the default domain properties. That restriction could be lifted // in a future release, at which point this assert should be removed. // // This should be kept in sync with the real externally facing filter code // in CorHost2::SetPropertiesForDefaultAppDomain BCLDebug.Assert(false, "Unexpected default domain property"); } } } #endif // !FEATURE_CORECLR #if FEATURE_APTCA // Propigate the set of conditional APTCA assemblies that will be used in the default // domain onto the domain itself and also into the VM PartialTrustVisibleAssemblies = setup.PartialTrustVisibleAssemblies; #endif // FEATURE_APTCA SetupFusionStore(setup, null); } } } #if FEATURE_LOADER_OPTIMIZATION [System.Security.SecurityCritical] // auto-generated private void SetupLoaderOptimization(LoaderOptimization policy) { if(policy != LoaderOptimization.NotSpecified) { Contract.Assert(FusionStore.LoaderOptimization == LoaderOptimization.NotSpecified, "It is illegal to change the Loader optimization on a domain"); FusionStore.LoaderOptimization = policy; UpdateLoaderOptimization(FusionStore.LoaderOptimization); } } #endif #if FEATURE_FUSION [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] internal extern IntPtr GetFusionContext(); #endif // FEATURE_FUSION [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] internal extern IntPtr GetSecurityDescriptor(); #if FEATURE_REMOTING [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] internal static extern AppDomain nCreateDomain(String friendlyName, AppDomainSetup setup, Evidence providedSecurityInfo, Evidence creatorsSecurityInfo, IntPtr parentSecurityDescriptor); [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] internal static extern ObjRef nCreateInstance(String friendlyName, AppDomainSetup setup, Evidence providedSecurityInfo, Evidence creatorsSecurityInfo, IntPtr parentSecurityDescriptor); #endif [SecurityCritical] private void SetupDomainSecurity(Evidence appDomainEvidence, IntPtr creatorsSecurityDescriptor, bool publishAppDomain) { Evidence stackEvidence = appDomainEvidence; SetupDomainSecurity(GetNativeHandle(), JitHelpers.GetObjectHandleOnStack(ref stackEvidence), creatorsSecurityDescriptor, publishAppDomain); } [SecurityCritical] [SuppressUnmanagedCodeSecurity] [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] private static extern void SetupDomainSecurity(AppDomainHandle appDomain, ObjectHandleOnStack appDomainEvidence, IntPtr creatorsSecurityDescriptor, [MarshalAs(UnmanagedType.Bool)] bool publishAppDomain); [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private extern void nSetupFriendlyName(string friendlyName); #if FEATURE_COMINTEROP [MethodImplAttribute(MethodImplOptions.InternalCall)] private extern void nSetDisableInterfaceCache(); #endif // FEATURE_COMINTEROP #if FEATURE_LOADER_OPTIMIZATION [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] internal extern void UpdateLoaderOptimization(LoaderOptimization optimization); #endif #if FEATURE_FUSION // // This is just designed to prevent compiler warnings. // This field is used from native, but we need to prevent the compiler warnings. // [System.Security.SecurityCritical] // auto-generated_required [Obsolete("AppDomain.SetShadowCopyPath has been deprecated. Please investigate the use of AppDomainSetup.ShadowCopyDirectories instead. http://go.microsoft.com/fwlink/?linkid=14202")] public void SetShadowCopyPath(String path) { InternalSetShadowCopyPath(path); } [System.Security.SecurityCritical] // auto-generated_required [Obsolete("AppDomain.SetShadowCopyFiles has been deprecated. Please investigate the use of AppDomainSetup.ShadowCopyFiles instead. http://go.microsoft.com/fwlink/?linkid=14202")] public void SetShadowCopyFiles() { InternalSetShadowCopyFiles(); } [System.Security.SecurityCritical] // auto-generated_required [Obsolete("AppDomain.SetDynamicBase has been deprecated. Please investigate the use of AppDomainSetup.DynamicBase instead. http://go.microsoft.com/fwlink/?linkid=14202")] public void SetDynamicBase(String path) { InternalSetDynamicBase(path); } #endif // FEATURE_FUSION public AppDomainSetup SetupInformation { get { return new AppDomainSetup(FusionStore,true); } } #if FEATURE_FUSION [System.Security.SecurityCritical] // auto-generated internal void InternalSetShadowCopyPath(String path) { if (path != null) { IntPtr fusionContext = GetFusionContext(); AppDomainSetup.UpdateContextProperty(fusionContext, AppDomainSetup.ShadowCopyDirectoriesKey, path); } FusionStore.ShadowCopyDirectories = path; } [System.Security.SecurityCritical] // auto-generated internal void InternalSetShadowCopyFiles() { IntPtr fusionContext = GetFusionContext(); AppDomainSetup.UpdateContextProperty(fusionContext, AppDomainSetup.ShadowCopyFilesKey, "true"); FusionStore.ShadowCopyFiles = "true"; } [System.Security.SecurityCritical] // auto-generated internal void InternalSetCachePath(String path) { FusionStore.CachePath = path; if (FusionStore.Value[(int) AppDomainSetup.LoaderInformation.CachePathValue] != null) { IntPtr fusionContext = GetFusionContext(); AppDomainSetup.UpdateContextProperty(fusionContext, AppDomainSetup.CachePathKey, FusionStore.Value[(int) AppDomainSetup.LoaderInformation.CachePathValue]); } } [System.Security.SecurityCritical] // auto-generated internal void InternalSetPrivateBinPath(String path) { IntPtr fusionContext = GetFusionContext(); AppDomainSetup.UpdateContextProperty(fusionContext, AppDomainSetup.PrivateBinPathKey, path); FusionStore.PrivateBinPath = path; } [System.Security.SecurityCritical] // auto-generated internal void InternalSetDynamicBase(String path) { FusionStore.DynamicBase = path; if (FusionStore.Value[(int) AppDomainSetup.LoaderInformation.DynamicBaseValue] != null) { IntPtr fusionContext = GetFusionContext(); AppDomainSetup.UpdateContextProperty(fusionContext, AppDomainSetup.DynamicBaseKey, FusionStore.Value[(int) AppDomainSetup.LoaderInformation.DynamicBaseValue]); } } #endif // FEATURE_FUSION [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] internal extern String IsStringInterned(String str); [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] internal extern String GetOrInternString(String str); [SecurityCritical] [SuppressUnmanagedCodeSecurity] [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] private static extern void GetGrantSet(AppDomainHandle domain, ObjectHandleOnStack retGrantSet); #if FEATURE_CAS_POLICY [SecurityCritical] [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SuppressUnmanagedCodeSecurity] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool GetIsLegacyCasPolicyEnabled(AppDomainHandle domain); #endif // FEATURE_CAS_POLICY public PermissionSet PermissionSet { // SecurityCritical because permissions can contain sensitive information such as paths [SecurityCritical] get { PermissionSet grantSet = null; GetGrantSet(GetNativeHandle(), JitHelpers.GetObjectHandleOnStack(ref grantSet)); if (grantSet != null) { return grantSet.Copy(); } else { return new PermissionSet(PermissionState.Unrestricted); } } } public bool IsFullyTrusted { [SecuritySafeCritical] get { PermissionSet grantSet = null; GetGrantSet(GetNativeHandle(), JitHelpers.GetObjectHandleOnStack(ref grantSet)); return grantSet == null || grantSet.IsUnrestricted(); } } public bool IsHomogenous { get { // Homogenous AppDomains always have an ApplicationTrust associated with them return _IsFastFullTrustDomain || _applicationTrust != null; } } #if FEATURE_CAS_POLICY internal bool IsLegacyCasPolicyEnabled { [SecuritySafeCritical] get { return GetIsLegacyCasPolicyEnabled(GetNativeHandle()); } } // Determine what this homogenous domain thinks the grant set should be for a specific set of evidence [SecuritySafeCritical] internal PermissionSet GetHomogenousGrantSet(Evidence evidence) { Contract.Assert(evidence != null); Contract.Assert(IsHomogenous); Contract.Assert(evidence.GetHostEvidence() == null); if (_IsFastFullTrustDomain) { return new PermissionSet(PermissionState.Unrestricted); } // If the ApplicationTrust's full trust list calls out the assembly, then it is fully trusted if (evidence.GetDelayEvaluatedHostEvidence() != null) { foreach (StrongName fullTrustAssembly in ApplicationTrust.FullTrustAssemblies) { StrongNameMembershipCondition sn = new StrongNameMembershipCondition(fullTrustAssembly.PublicKey, fullTrustAssembly.Name, fullTrustAssembly.Version); object usedEvidence = null; if ((sn as IReportMatchMembershipCondition).Check(evidence, out usedEvidence)) { IDelayEvaluatedEvidence delayEvidence = usedEvidence as IDelayEvaluatedEvidence; if (usedEvidence != null) { delayEvidence.MarkUsed(); } return new PermissionSet(PermissionState.Unrestricted); } } } // Otherwise, the grant set is just the default grant set return ApplicationTrust.DefaultGrantSet.PermissionSet.Copy(); } #endif // FEATURE_CAS_POLICY [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private extern void nChangeSecurityPolicy(); [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] [ReliabilityContract(Consistency.MayCorruptAppDomain, Cer.MayFail)] internal static extern void nUnload(Int32 domainInternal); public Object CreateInstanceAndUnwrap(String assemblyName, String typeName) { ObjectHandle oh = CreateInstance(assemblyName, typeName); if (oh == null) return null; return oh.Unwrap(); } // CreateInstanceAndUnwrap public Object CreateInstanceAndUnwrap(String assemblyName, String typeName, Object[] activationAttributes) { ObjectHandle oh = CreateInstance(assemblyName, typeName, activationAttributes); if (oh == null) return null; return oh.Unwrap(); } // CreateInstanceAndUnwrap [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of CreateInstanceAndUnwrap which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public Object CreateInstanceAndUnwrap(String assemblyName, String typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityAttributes) { #pragma warning disable 618 ObjectHandle oh = CreateInstance(assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityAttributes); #pragma warning restore 618 if (oh == null) return null; return oh.Unwrap(); } // CreateInstanceAndUnwrap public object CreateInstanceAndUnwrap(string assemblyName, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes) { ObjectHandle oh = CreateInstance(assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes); if (oh == null) { return null; } return oh.Unwrap(); } // The first parameter should be named assemblyFile, but it was incorrectly named in a previous // release, and the compatibility police won't let us change the name now. public Object CreateInstanceFromAndUnwrap(String assemblyName, String typeName) { ObjectHandle oh = CreateInstanceFrom(assemblyName, typeName); if (oh == null) return null; return oh.Unwrap(); } // CreateInstanceAndUnwrap // The first parameter should be named assemblyFile, but it was incorrectly named in a previous // release, and the compatibility police won't let us change the name now. public Object CreateInstanceFromAndUnwrap(String assemblyName, String typeName, Object[] activationAttributes) { ObjectHandle oh = CreateInstanceFrom(assemblyName, typeName, activationAttributes); if (oh == null) return null; return oh.Unwrap(); } // CreateInstanceAndUnwrap // The first parameter should be named assemblyFile, but it was incorrectly named in a previous // release, and the compatibility police won't let us change the name now. [Obsolete("Methods which use evidence to sandbox are obsolete and will be removed in a future release of the .NET Framework. Please use an overload of CreateInstanceFromAndUnwrap which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public Object CreateInstanceFromAndUnwrap(String assemblyName, String typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityAttributes) { #pragma warning disable 618 ObjectHandle oh = CreateInstanceFrom(assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityAttributes); #pragma warning restore 618 if (oh == null) return null; return oh.Unwrap(); } // CreateInstanceAndUnwrap public object CreateInstanceFromAndUnwrap(string assemblyFile, string typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, object[] args, CultureInfo culture, object[] activationAttributes) { ObjectHandle oh = CreateInstanceFrom(assemblyFile, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes); if (oh == null) { return null; } return oh.Unwrap(); } public Int32 Id { [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] get { return GetId(); } } [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] internal extern Int32 GetId(); internal const Int32 DefaultADID = 1; public bool IsDefaultAppDomain() { if (GetId()==DefaultADID) return true; return false; } #if FEATURE_FUSION private static AppDomainSetup InternalCreateDomainSetup(String imageLocation) { int i = imageLocation.LastIndexOf('\\'); Contract.Assert(i != -1, "invalid image location"); AppDomainSetup info = new AppDomainSetup(); info.ApplicationBase = imageLocation.Substring(0, i+1); StringBuilder config = new StringBuilder(imageLocation.Substring(i+1)); config.Append(AppDomainSetup.ConfigurationExtension); info.ConfigurationFile = config.ToString(); return info; } // Used by the validator for testing but not executing an assembly private static AppDomain InternalCreateDomain(String imageLocation) { AppDomainSetup info = InternalCreateDomainSetup(imageLocation); return CreateDomain("Validator", null, info); } [System.Security.SecurityCritical] // auto-generated private void InternalSetDomainContext(String imageLocation) { SetupFusionStore(InternalCreateDomainSetup(imageLocation), null); } #endif #if FEATURE_APPDOMAIN_RESOURCE_MONITORING [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private static extern void nEnableMonitoring(); [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private static extern bool nMonitoringIsEnabled(); // return -1 if ARM is not supported. [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private extern Int64 nGetTotalProcessorTime(); // return -1 if ARM is not supported. [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private extern Int64 nGetTotalAllocatedMemorySize(); // return -1 if ARM is not supported. [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private extern Int64 nGetLastSurvivedMemorySize(); // return -1 if ARM is not supported. [System.Security.SecurityCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.InternalCall)] private static extern Int64 nGetLastSurvivedProcessMemorySize(); public static bool MonitoringIsEnabled { [System.Security.SecurityCritical] get { return nMonitoringIsEnabled(); } [System.Security.SecurityCritical] set { if (value == false) { throw new ArgumentException(Environment.GetResourceString("Arg_MustBeTrue")); } else { nEnableMonitoring(); } } } // Gets the total processor time for this AppDomain. // Throws NotSupportedException if ARM is not enabled. public TimeSpan MonitoringTotalProcessorTime { [System.Security.SecurityCritical] get { Int64 i64ProcessorTime = nGetTotalProcessorTime(); if (i64ProcessorTime == -1) { throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_WithoutARM")); } return new TimeSpan(i64ProcessorTime); } } // Gets the number of bytes allocated in this AppDomain since // the AppDomain was created. // Throws NotSupportedException if ARM is not enabled. public Int64 MonitoringTotalAllocatedMemorySize { [System.Security.SecurityCritical] get { Int64 i64AllocatedMemory = nGetTotalAllocatedMemorySize(); if (i64AllocatedMemory == -1) { throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_WithoutARM")); } return i64AllocatedMemory; } } // Gets the number of bytes survived after the last collection // that are known to be held by this AppDomain. After a full // collection this number is accurate and complete. After an // ephemeral collection this number is potentially incomplete. // Throws NotSupportedException if ARM is not enabled. public Int64 MonitoringSurvivedMemorySize { [System.Security.SecurityCritical] get { Int64 i64LastSurvivedMemory = nGetLastSurvivedMemorySize(); if (i64LastSurvivedMemory == -1) { throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_WithoutARM")); } return i64LastSurvivedMemory; } } // Gets the total bytes survived from the last collection. After // a full collection this number represents the number of the bytes // being held live in managed heaps. (This number should be close // to the number obtained from GC.GetTotalMemory for a full collection.) // After an ephemeral collection this number represents the number // of bytes being held live in ephemeral generations. // Throws NotSupportedException if ARM is not enabled. public static Int64 MonitoringSurvivedProcessMemorySize { [System.Security.SecurityCritical] get { Int64 i64LastSurvivedProcessMemory = nGetLastSurvivedProcessMemorySize(); if (i64LastSurvivedProcessMemory == -1) { throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_WithoutARM")); } return i64LastSurvivedProcessMemory; } } #endif #if !FEATURE_CORECLR // this method is required so Object.GetType is not made virtual by the compiler // _AppDomain.GetType() public new Type GetType() { return base.GetType(); } void _AppDomain.GetTypeInfoCount(out uint pcTInfo) { throw new NotImplementedException(); } void _AppDomain.GetTypeInfo(uint iTInfo, uint lcid, IntPtr ppTInfo) { throw new NotImplementedException(); } void _AppDomain.GetIDsOfNames([In] ref Guid riid, IntPtr rgszNames, uint cNames, uint lcid, IntPtr rgDispId) { throw new NotImplementedException(); } // If you implement this method, make sure to include _AppDomain.Invoke in VM\DangerousAPIs.h and // include _AppDomain in SystemDomain::IsReflectionInvocationMethod in AppDomain.cpp. void _AppDomain.Invoke(uint dispIdMember, [In] ref Guid riid, uint lcid, short wFlags, IntPtr pDispParams, IntPtr pVarResult, IntPtr pExcepInfo, IntPtr puArgErr) { throw new NotImplementedException(); } #endif } // CallBacks provide a facility to request execution of some code // in another context/appDomain. // CrossAppDomainDelegate type is defined for appdomain call backs. // The delegate used to request a callbak through the DoCallBack method // must be of CrossContextDelegate type. #if FEATURE_REMOTING [System.Runtime.InteropServices.ComVisible(true)] public delegate void CrossAppDomainDelegate(); #endif /// /// Handle used to marshal an AppDomain to the VM (eg QCall). When marshaled via a QCall, the target /// method in the VM will recieve a QCall::AppDomainHandle parameter. /// internal struct AppDomainHandle { private IntPtr m_appDomainHandle; // Note: generall an AppDomainHandle should not be directly constructed, instead the // code:System.AppDomain.GetNativeHandle method should be called to get the handle for a specific // AppDomain. internal AppDomainHandle(IntPtr domainHandle) { m_appDomainHandle = domainHandle; } } }