Loading An Assembly Into An Application Domain With Lower Security
-
21-04-2021 - |
Question
I'm trying to create a Sandbox App Domain that has read only access to the file system. The code I have written to do this is
var ps = new PermissionSet(PermissionState.None);
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
var f = new FileIOPermission(PermissionState.None);
f.AllLocalFiles = FileIOPermissionAccess.Read;
ps.AddPermission(f);
AppDomain domain = AppDomain.CreateDomain("MyDomain",
null,
new AppDomainSetup { ApplicationBase = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) },
ps
);
string pathToDll = @"c:\temp\test.dll";
string thirdPartyFullName = "MyTest.Test";
IPlugin myObject = (IPlugin)domain.CreateInstanceFromAndUnwrap(pathToDll, thirdPartyFullName);
It almost works except it errors on the last line with this exception
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
If I change the FileIOPermission on the App Domain to have full access it runs fine. Is there something I need to change in Assembly I'm loading into the Application Domain to say it only needs read access to the file system?
I'm using .Net 4.0.
Solution
I think you probably also need
FileIOPermissionAccess.PathDiscovery
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow