How to remove full trust from assembly, which no longer exists on the disk?

StackOverflow https://stackoverflow.com/questions/21243308

Question

I am running this command:

C:\work\CreateInstanceTest\bin\Release>caspol -u -lf | findstr /i createinstancetest
22.  CreateInstanceTest 0.0.0.0 =
StrongName - 00240000048000009400000006020000002400005253413100040000010001000FA0D49898864D6AFDF5C69317CBAD9E02D1BB5E514AA7BE2B981DC68CF68E7501A763BD7FA33FFE0166ED7817A903CE158463313D29F52F3DA0CD4C48E1ECF034DF64A15173E9CA16EDA95A6244C09D44BD663B72CC45337D010B2BB9AE0C39738A84F42391AC19AA35F64A44D9ED742BDB44489D7E5C6D4E866C3EA46EE6BE name = CreateInstanceTest version = 0.0.0.0

C:\work\CreateInstanceTest\bin\Release>

I wish to remove this assembly from the full trust. I tried several different options to no avail:

C:\work\CreateInstanceTest\bin\Release>caspol -u -rf CreateInstanceTest
Microsoft .NET Framework CasPol 4.0.30319.18010
for Microsoft .NET Framework version 4.0.30319.18010
Copyright (C) Microsoft Corporation.  All rights reserved.

WARNING: The .NET Framework does not apply CAS policy by default. Any settings shown or modified by CasPol will only affect applications that opt
into using CAS policy.

Please see http://go.microsoft.com/fwlink/?LinkId=131738 for more information.


ERROR: Unable to load assembly

Usage: caspol <option> <args> ...

caspol -rf
caspol -remfulltrust <assembly_name>
    Remove a full trust assembly from the policy level


C:\work\CreateInstanceTest\bin\Release>caspol -u -rf "CreateInstanceTest, PublicKey=00240000048000009400000006020000002400005253413100040000010001000FA0D49898864D6AFDF5C69317CBAD9E02D1BB5E514AA7BE2B981DC68CF68E7501A763BD7FA33FFE0166ED7817A903CE158463313D29F52F3DA0CD4C48E1ECF034DF64A15173E9CA16EDA95A6244C09D44BD663B72CC45337D010B2BB9AE0C39738A84F42391AC19AA35F64A44D9ED742BDB44489D7E5C6D4E866C3EA46EE6BE"
Microsoft .NET Framework CasPol 4.0.30319.18010
for Microsoft .NET Framework version 4.0.30319.18010
Copyright (C) Microsoft Corporation.  All rights reserved.

WARNING: The .NET Framework does not apply CAS policy by default. Any settings shown or modified by CasPol will only affect applications that opt
into using CAS policy.

Please see http://go.microsoft.com/fwlink/?LinkId=131738 for more information.


ERROR: Unable to load assembly

Usage: caspol <option> <args> ...

caspol -rf
caspol -remfulltrust <assembly_name>
    Remove a full trust assembly from the policy level


C:\work\CreateInstanceTest\bin\Release>

caspol.exe wants me to have this assembly on disk, but I do not have it. I just want it removed from the full trust policy. Should not it be easy, even if I do not have the assembly?

Was it helpful?

Solution

This particular "full trust" list has to do with participation in CAS policy decisions, not a more typical unrestricted permission grant, and it hasn't been used by the .NET Framework since v.2 was release. In other words, removing the assembly from the list should have absolutely no effect.

That said, if you really want to do this, caspol.exe has no option for avoiding the file load, so you would need another approach. You could, for example, call [PolicyLevel.RemoveFullTrustAssembly(StrongNameMembershipCondition)][1] from custom code. e.g.:

new FullTrustPolicyRemover().RemoveAssembly("CreateInstanceTest", "0.0.0.0", "00240000048000009400000006020000002400005253413100040000010001000FA0D49898864D6AFDF5C69317CBAD9E02D1BB5E514AA7BE2B981DC68CF68E7501A763BD7FA33FFE0166ED7817A903CE158463313D29F52F3DA0CD4C48E1ECF034DF64A15173E9CA16EDA95A6244C09D44BD663B72CC45337D010B2BB9AE0C39738A84F42391AC19AA35F64A44D9ED742BDB44489D7E5C6D4E866C3EA46EE6BE");

where FullTrustPolicyRemover looks like this:

public class FullTrustPolicyRemover
{
    internal void RemoveAssembly(string name, string version, string strongNamePublicKey)
    {
        var membershipCondition = new StrongNameMembershipCondition(new StrongNamePublicKeyBlob(HexStringToBytes(strongNamePublicKey)), name, new Version(version));
        var levelEnumerator = SecurityManager.PolicyHierarchy();
        while (levelEnumerator.MoveNext())
        {
            this.RemoveAssembly(membershipCondition, (PolicyLevel)levelEnumerator.Current);
        }
    }

    private void RemoveAssembly(StrongNameMembershipCondition membershipCondition, PolicyLevel policyLevel)
    {
        if (policyLevel.FullTrustAssemblies.Cast<StrongNameMembershipCondition>().Any(c => c.Equals(membershipCondition)))
        {
            policyLevel.RemoveFullTrustAssembly(membershipCondition);
            SecurityManager.SavePolicyLevel(policyLevel);
        }
    }

    private static byte[] HexStringToBytes(string hexString)
    {
        var result = new byte[hexString.Length / 2];
        for (int i = 0; i < result.Length; i++)
        {
            result[i] = byte.Parse(hexString.Substring(i * 2, 2), NumberStyles.HexNumber, CultureInfo.InvariantCulture);
        }

        return result;
    }
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top