none
Executing unmanaged code in AppDomain with restricted permissions set RRS feed

  • Question

  • Hi all,

    My application creates an AppDomain to load and execute other assemblies, these assemblies access to unmanaged code.

    If I create my AppDomain with and unrestricted permissions set, all works fine, but if not an exception is thrown when accessing to unmanaged code although I have added an unrestricted SecurityPermission instance to my AppDomain permissions set. The next code shows how I create AppDomain.

    // Create a new sandboxed AppDomain            
                Evidence evidence = new System.Security.Policy.Evidence();
                evidence.AddHostEvidence(new System.Security.Policy.Zone(SecurityZone.MyComputer));
                PermissionSet permissionSet = SecurityManager.GetStandardSandbox(evidence);           
                
                permissionSet.SetPermission(new DataProtectionPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new EnvironmentPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new FileDialogPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new FileIOPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new GacIdentityPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new KeyContainerPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new MediaPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new PrincipalPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new PublisherIdentityPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new ReflectionPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new RegistryPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new SecurityPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new SiteIdentityPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new StorePermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new StrongNameIdentityPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new TypeDescriptorPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new UIPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new UrlIdentityPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new WebBrowserPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new ZoneIdentityPermission(PermissionState.Unrestricted));
                permissionSet.SetPermission(new SocketPermission(PermissionState.None));
    
                AppDomainSetup appDomainSetup = new AppDomainSetup();
                appDomainSetup.ApplicationBase = Path.GetDirectoryName(applicationPath);
                appDomainSetup.ApplicationName = Path.GetFileName(applicationPath);
                appDomainSetup.PrivateBinPath = Path.Combine(appDomainSetup.ApplicationBase, "VCReferences");
    
                this.sandboxedAppDomain = AppDomain.CreateDomain("Testing Sandbox", evidence, appDomainSetup, permissionSet, null);

    When code in my AppDomain try to access unmanaged code a TypeInitializationException is thrown. The innerException is a SecurityException ("Request failed"). Debugging I realize that CodeAccessSecurityEngine throws the SsecurityException because an unrestridted permissions set is demanded.

    So although I have added an unrestrited SecurityPermission instance that have UnmanagedCode Flag set I have no access to unmanaged code.

    What is the correct use of UnmanagedCode flag in SecurityPermission? Am I missing something?

    P.D.: I Have successfully cretaed an instance of object of loaded assembly (using CreateInstanceAndUnwrap), and I can execute its methods also. The only problem is accesing to unmanaged code, the rest work fine.

    Thank you in advance. Best regards,

    Alex

    • Moved by Mike FengModerator Tuesday, December 18, 2012 10:14 AM (From:.NET Base Class Library)
    Monday, December 17, 2012 2:46 PM

All replies

  • Hi Alex,

    Welcome to the MSDN Forum.

    Appdomain: http://msdn.microsoft.com/en-us/library/system.appdomain(v=vs.110).aspx  

    Application domains, which are represented by AppDomain objects, help provide isolation, unloading, and security boundaries for executing managed code.

    And here is a similar thread: http://stackoverflow.com/questions/3369009/how-to-execute-unmanaged-assembly-in-appdomain 

    It also explained: 

    1. AppDomains are pure managed construct. Any unmanaged code running in the process is unaffected by the AppDomain boundaries and has full access to all process memory, data and code.

    2. Unmanaged assemblies are not executed the same way managed assemblies are. The process of loading the assembly, and finding and executing the entry point for the unmanaged assembly is different than the one for managed assemblies. Hence the particular failure you get.

    3. If you want to execute functions exported by an unmanaged dll, you should use P/Invoke, which will ensure that the assembly is loaded using the right mechanism and the proper entry point is invoked.

    4. You can't run code from an executable in the same process, as in your scenario above; you can only start a new process.

    And one workaround is:

    You're correct, an un-managed DLL cannot be loaded into an AppDomain. You need to use P/Invoke to call methods in the DLL.

    I hope this will be helpful.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, December 18, 2012 10:32 AM
    Moderator
  • Hi,

    Thank you for the answer, but I see I didn´t explain my problem clearly.

    I execute managed code in my new AppDomain, although this managed code could, in some cases, call to unmanaged code (using P/Invoke as you mention). I am not trying to load unmanaged code directly into an AppDomain and my unmanaged code is not inside an executable.

    I have no problem in executing my managed code (that sometimes uses unmanaged code) in my new AppDomain if, and this is the key point, the permissions set used for AppDomain creation is unrestricted. All works well, my managed code inside my new AppDomain can access and execute unmanaged code without any problem.

    Now If I try to restrict some permissions, in my code example the SocketPermission, and I use a restricted permissions set that restricts that permission but includes an unrestricted instance of SecurityPermission that implies that SecurityPermissionFlag.UnmanagedCode flag is set an exception is thrown.

    From documentation UnmanagedCode flag implies:

    "Ability to call unmanaged code.Since unmanaged code potentially allows other permissions to be bypassed, this is a dangerous permission that should only be granted to highly trusted code. It is used for such applications as calling native code using PInvoke or using COM interop."

    So, why CodeAccessSecurityEngine is demanding an unrestricted permissions set for executing unmaged code and not only a permissions set with an instance of SecurityException with UnmanagedCode flag set?

    Thank you in advance,

    Alex



    Tuesday, December 18, 2012 2:15 PM
  • Hi Alex,

    Thank you for your clarification.

    I am trying to involve some other into this case, wait it patiently, please.

    Thank you.

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, December 19, 2012 1:36 AM
    Moderator
  • Hi Alex,

    Is your assembly stronname signed?  You will need to provide the fullTrustAssemblies parameter for all assemblies that will be considered trusted in the domain.  Maybe that is what you're missing?

    Jon Burchel

    • Proposed as answer by Jon Burchel Friday, December 21, 2012 7:51 PM
    Friday, December 21, 2012 7:50 PM
  • Hi Jon,

    Thanks for your answer.

    It´s supossed that my assemblies don´t need to be full trusted to execute native code if I use a restricted permissions set that includes an unrestricted instance of SecurityPermission that implies that SecurityPermissionFlag.UnmanagedCode.

    In fact my question is if that is true, as is written in documentation, or not.

    Regards,

    Alex

    Friday, December 28, 2012 4:09 PM
  • Hi Alex,

    Thanks for your response.

    I am going to see if someone from our languages team can confirm, although I would expect you are correct.  It may be necessary for them to go deeper in an investigation particularly if this turns out to be unexpected or contradicts documented expected behavior.  I will see if we can answer directly in the forum though and hopefully it may not be necessary to open a case directly with support.

    Jon

    Tuesday, January 8, 2013 6:33 PM
  • Hi,

    From a support perspective this is really beyond what we can do here in the forums. If you cannot determine your answer here or on your own, consider opening a support case with us. Visit this link to see the various support options that are available to better meet your needs: http://support.microsoft.com/default.aspx?id=fh;en-us;offerprophone.

    Thanks!


    Shaleen Thapa

    Wednesday, January 9, 2013 6:24 PM
  • Hi all,

    and thanks for your interest.

    Ok I hope you can give me some (good or bad) news.

    Anyway I think I am going to spend some time trying to find a workaround for this, I will feedback you if I found something interesting.

    Thanks again,

    Alex

    Thursday, January 10, 2013 12:44 PM
  • Hi all,

    any news on this issue?

    Is an important issue for us and if is necessary to open a case directly with support we will do it but we would like to be sure that we have to.

    Thanks and best regards,

    Alex

    Tuesday, February 12, 2013 4:10 PM
  • Hi, Alex :) I know this is an old post, but nevertheless I will ask you is there any progress on your issue. I am also trying to get unmanaged code to be called from managed one in a sandbox AppDomain with limited permissions.

    Best regards,

    Lubo

    Friday, July 11, 2014 8:10 AM