有没有办法限制我类中一个方法所能调用的方法和属性只能是封闭类(也包括继承的)中的方法和属性?我正在使用c# (.NET 4.5)。这将作为我们应用框架中的代码安全功能。
2个回答
3
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Reflection;
using System.Runtime.Remoting;
// The Sandboxer class needs to derive from MarshalByRefObject
// so that we can create it in another AppDomain and refer to
// it from the default AppDomain.
class Sandboxer : MarshalByRefObject
{
const string pathToUntrusted = @"..\..\..\UntrustedCode\bin\Debug";
const string untrustedAssembly = "UntrustedCode";
const string untrustedClass = "UntrustedCode.UntrustedClass";
const string entryPoint = "IsFibonacci";
private static Object[] parameters = { 45 };
static void Main()
{
// Setting the AppDomainSetup. It is very important to set the
// ApplicationBase to a folder other than the one in which
// the sandboxer resides.
AppDomainSetup adSetup = new AppDomainSetup();
adSetup.ApplicationBase = Path.GetFullPath(pathToUntrusted);
// Setting the permissions for the AppDomain. We give the permission
// to execute and to read/discover the location where the untrusted
// code is loaded.
PermissionSet permSet = new PermissionSet(PermissionState.None);
permSet.AddPermission(
new SecurityPermission(SecurityPermissionFlag.Execution));
// We want the sandboxer assembly's strong name, so that we can add
// it to the full trust list.
StrongName fullTrustAssembly =
typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();
// Now we have everything we need to create the AppDomain so,
// let's create it.
AppDomain newDomain = AppDomain.CreateDomain(
"Sandbox",
null,
adSetup,
permSet,
fullTrustAssembly);
// Use CreateInstanceFrom to load an instance of the Sandboxer class
// into the new AppDomain.
ObjectHandle handle = Activator.CreateInstanceFrom(
newDomain,
typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName,
typeof(Sandboxer).FullName);
// Unwrap the new domain instance into a reference in this domain and
// use it to execute the untrusted code.
Sandboxer newDomainInstance = (Sandboxer)handle.Unwrap();
newDomainInstance.ExecuteUntrustedCode(
untrustedAssembly,
untrustedClass,
entryPoint,
parameters);
}
public void ExecuteUntrustedCode(
string assemblyName,
string typeName,
string entryPoint,
object[] parameters)
{
// Load the MethodInfo for a method in the new Assembly. This might be
// a method you know, or you can use Assembly.EntryPoint to get to the
// main function in an executable.
MethodInfo target =
Assembly.Load(assemblyName)
.GetType(typeName)
.GetMethod(entryPoint);
try
{
//Now invoke the method.
bool retVal = (bool)target.Invoke(null, parameters);
}
catch (Exception ex)
{
// When we print informations from a SecurityException extra
// information can be printed if we are calling it with a
// full-trust stack.
(new PermissionSet(PermissionState.Unrestricted)).Assert();
Console.WriteLine(
"SecurityException caught:\n{0}",
ex);
CodeAccessPermission.RevertAssert();
Console.ReadLine();
}
}
}
- Jodrell
0
你应该研究一下AppDomain沙箱技术。它允许你将插件加载到一个单独的AppDomain中,并在非常精细的级别上分配执行权限。
通过在沙箱AppDomain中运行即时编译的C#脚本 和 http://msdn.microsoft.com/en-us/library/bb763046(v=vs.110).aspx 应该能给你一个指导方向。
通过在沙箱AppDomain中运行即时编译的C#脚本 和 http://msdn.microsoft.com/en-us/library/bb763046(v=vs.110).aspx 应该能给你一个指导方向。
- Bradley Uffner
3
请注意,我想要检查从我想要“保护”的方法中进行的调用。 - Richard Houltz
啊,对不起误解了。正在更新答案。 - Bradley Uffner
我已经更新了我的答案,以更符合您实际的需求。 - Bradley Uffner
网页内容由stack overflow 提供, 点击上面的可以查看英文原文,
原文链接
原文链接
AppDomain中运行它。 - Jodrell