1 // 2 // PolicyLevelTest.cs - NUnit Test Cases for PolicyLevel 3 // 4 // Author: 5 // Sebastien Pouliot <sebastien@ximian.com> 6 // 7 // (C) 2004 Motus Technologies Inc. (http://www.motus.com) 8 // Copyright (C) 2004 Novell, Inc (http://www.novell.com) 9 // 10 // Permission is hereby granted, free of charge, to any person obtaining 11 // a copy of this software and associated documentation files (the 12 // "Software"), to deal in the Software without restriction, including 13 // without limitation the rights to use, copy, modify, merge, publish, 14 // distribute, sublicense, and/or sell copies of the Software, and to 15 // permit persons to whom the Software is furnished to do so, subject to 16 // the following conditions: 17 // 18 // The above copyright notice and this permission notice shall be 19 // included in all copies or substantial portions of the Software. 20 // 21 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 22 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 23 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 24 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 25 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 26 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 27 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 28 // 29 30 using NUnit.Framework; 31 using System; 32 using System.IO; 33 using System.Security; 34 using System.Security.Permissions; 35 using System.Security.Policy; 36 using System.Text; 37 38 namespace MonoTests.System.Security.Policy { 39 40 [TestFixture] 41 #if MOBILE 42 [Ignore ("Not supported")] 43 #endif 44 public class PolicyLevelTest { 45 46 static string minimal = null; 47 static string minimal_policy = null; 48 static byte[] snPublicKey = { 0x00, 0x24, 0x00, 0x00, 0x04, 0x80, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x06, 0x02, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x31, 0x00, 0x04, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x3D, 0xBD, 0x72, 0x08, 0xC6, 0x2B, 0x0E, 0xA8, 0xC1, 0xC0, 0x58, 0x07, 0x2B, 0x63, 0x5F, 0x7C, 0x9A, 0xBD, 0xCB, 0x22, 0xDB, 0x20, 0xB2, 0xA9, 0xDA, 0xDA, 0xEF, 0xE8, 0x00, 0x64, 0x2F, 0x5D, 0x8D, 0xEB, 0x78, 0x02, 0xF7, 0xA5, 0x36, 0x77, 0x28, 0xD7, 0x55, 0x8D, 0x14, 0x68, 0xDB, 0xEB, 0x24, 0x09, 0xD0, 0x2B, 0x13, 0x1B, 0x92, 0x6E, 0x2E, 0x59, 0x54, 0x4A, 0xAC, 0x18, 0xCF, 0xC9, 0x09, 0x02, 0x3F, 0x4F, 0xA8, 0x3E, 0x94, 0x00, 0x1F, 0xC2, 0xF1, 0x1A, 0x27, 0x47, 0x7D, 0x10, 0x84, 0xF5, 0x14, 0xB8, 0x61, 0x62, 0x1A, 0x0C, 0x66, 0xAB, 0xD2, 0x4C, 0x4B, 0x9F, 0xC9, 0x0F, 0x3C, 0xD8, 0x92, 0x0F, 0xF5, 0xFF, 0xCE, 0xD7, 0x6E, 0x5C, 0x6F, 0xB1, 0xF5, 0x7D, 0xD3, 0x56, 0xF9, 0x67, 0x27, 0xA4, 0xA5, 0x48, 0x5B, 0x07, 0x93, 0x44, 0x00, 0x4A, 0xF8, 0xFF, 0xA4, 0xCB }; 49 50 [SetUp] SetUp()51 public void SetUp () 52 { 53 if (minimal == null) { 54 minimal_policy = "<PolicyLevel version=\"1\">\r\n <SecurityClasses>\r\n <SecurityClass Name=\"NamedPermissionSet\"\r\n Description=\"System.Security.NamedPermissionSet\"/>\r\n <SecurityClass Name=\"ReflectionPermission\"\r\n Description=\"System.Security.Permissions.ReflectionPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n <SecurityClass Name=\"IsolatedStorageFilePermission\"\r\n Description=\"System.Security.Permissions.IsolatedStorageFilePermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n <SecurityClass Name=\"AllMembershipCondition\"\r\n Description=\"System.Security.Policy.AllMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n <SecurityClass Name=\"FirstMatchCodeGroup\"\r\n Description=\"System.Security.Policy.FirstMatchCodeGroup\"/>\r\n <SecurityClass Name=\"EnvironmentPermission\"\r\n Description=\"System.Security.Permissions.EnvironmentPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n"; 55 minimal_policy += " <SecurityClass Name=\"StrongNameMembershipCondition\"\r\n Description=\"System.Security.Policy.StrongNameMembershipCondition, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n <SecurityClass Name=\"SecurityPermission\"\r\n Description=\"System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n <SecurityClass Name=\"UIPermission\"\r\n Description=\"System.Security.Permissions.UIPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n <SecurityClass Name=\"FileDialogPermission\"\r\n Description=\"System.Security.Permissions.FileDialogPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"/>\r\n </SecurityClasses>\r\n <NamedPermissionSets>\r\n <PermissionSet class=\"NamedPermissionSet\"\r\n version=\"1\"\r\n Unrestricted=\"true\"\r\n Name=\"FullTrust\"\r\n Description=\"Allows full access to all resources\"/>\r\n <PermissionSet class=\"NamedPermissionSet\"\r\n version=\"1\"\r\n Name=\"SkipVerification\"\r\n Description=\"Grants right to bypass the verification\">\r\n <IPermission class=\"SecurityPermission\"\r\n version=\"1\"\r\n Flags=\"SkipVerification\"/>\r\n </PermissionSet>\r\n <PermissionSet class=\"NamedPermissionSet\"\r\n version=\"1\"\r\n Name=\"Execution\"\r\n Description=\"Permits execution\">\r\n <IPermission class=\"SecurityPermission\"\r\n version=\"1\"\r\n Flags=\"Execution\"/>\r\n </PermissionSet>\r\n"; 56 minimal_policy += " <PermissionSet class=\"NamedPermissionSet\"\r\n version=\"1\"\r\n Name=\"Nothing\"\r\n Description=\"Denies all resources, including the right to execute\"/>\r\n <PermissionSet class=\"NamedPermissionSet\"\r\n version=\"1\"\r\n Name=\"LocalIntranet\"\r\n Description=\"Default rights given to applications on the local intranet\">\r\n <IPermission class=\"EnvironmentPermission\"\r\n version=\"1\"\r\n Read=\"USERNAME\"/>\r\n <IPermission class=\"FileDialogPermission\"\r\n version=\"1\"\r\n Unrestricted=\"true\"/>\r\n <IPermission class=\"IsolatedStorageFilePermission\"\r\n version=\"1\"\r\n Allowed=\"AssemblyIsolationByUser\"\r\n UserQuota=\"9223372036854775807\"\r\n Expiry=\"9223372036854775807\"\r\n Permanent=\"True\"/>\r\n <IPermission class=\"ReflectionPermission\"\r\n version=\"1\"\r\n Flags=\"ReflectionEmit\"/>\r\n <IPermission class=\"SecurityPermission\"\r\n version=\"1\"\r\n Flags=\"Assertion, Execution, BindingRedirects\"/>\r\n <IPermission class=\"UIPermission\"\r\n version=\"1\"\r\n Unrestricted=\"true\"/>\r\n"; 57 minimal_policy += " </PermissionSet>\r\n <PermissionSet class=\"NamedPermissionSet\"\r\n version=\"1\"\r\n Name=\"Internet\"\r\n Description=\"Default rights given to internet applications\">\r\n <IPermission class=\"FileDialogPermission\"\r\n version=\"1\"\r\n Access=\"Open\"/>\r\n <IPermission class=\"IsolatedStorageFilePermission\"\r\n version=\"1\"\r\n Allowed=\"DomainIsolationByUser\"\r\n UserQuota=\"10240\"/>\r\n <IPermission class=\"SecurityPermission\"\r\n version=\"1\"\r\n Flags=\"Execution\"/>\r\n <IPermission class=\"UIPermission\"\r\n version=\"1\"\r\n Window=\"SafeTopLevelWindows\"\r\n Clipboard=\"OwnClipboard\"/>\r\n </PermissionSet>\r\n </NamedPermissionSets>\r\n <CodeGroup class=\"FirstMatchCodeGroup\"\r\n version=\"1\"\r\n PermissionSetName=\"Nothing\">\r\n <IMembershipCondition class=\"AllMembershipCondition\"\r\n version=\"1\"/>\r\n </CodeGroup>\r\n <FullTrustAssemblies>\r\n <IMembershipCondition class=\"StrongNameMembershipCondition\"\r\n version=\"1\"\r\n PublicKeyBlob=\"00000000000000000400000000000000\"\r\n Name=\"System\"/>\r\n </FullTrustAssemblies>\r\n</PolicyLevel>\r\n"; 58 minimal = Envelope (minimal_policy); 59 } 60 } 61 Envelope(string policy)62 private string Envelope (string policy) 63 { 64 return "<configuration><mscorlib><security><policy>" + policy + "</policy></security></mscorlib></configuration>"; 65 } 66 Load(string xml, PolicyLevelType type)67 private PolicyLevel Load (string xml, PolicyLevelType type) 68 { 69 return SecurityManager.LoadPolicyLevelFromString (xml, type); 70 // return SecurityManager.LoadPolicyLevelFromFile (@"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CONFIG\minimal.config", type); 71 } 72 73 [Test] AddFullTrustAssembly()74 public void AddFullTrustAssembly () 75 { 76 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 77 int n = pl.FullTrustAssemblies.Count; 78 79 StrongName sn = new StrongName (new StrongNamePublicKeyBlob (snPublicKey), "First", new Version (1, 2, 3, 4)); 80 pl.AddFullTrustAssembly (sn); 81 Assert.AreEqual (n + 1, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+1"); 82 83 StrongNameMembershipCondition snmc = new StrongNameMembershipCondition (new StrongNamePublicKeyBlob (snPublicKey), "Second", new Version ("0.1.2.3")); 84 pl.AddFullTrustAssembly (snmc); 85 Assert.AreEqual (n + 2, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+2"); 86 } 87 88 [Test] 89 [ExpectedException (typeof (ArgumentNullException))] AddFullTrustAssembly_NullStrongName()90 public void AddFullTrustAssembly_NullStrongName () 91 { 92 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 93 StrongName sn = null; 94 pl.AddFullTrustAssembly (sn); 95 } 96 97 [Test] 98 [ExpectedException (typeof (ArgumentNullException))] AddFullTrustAssembly_NullStrongNameMembershipCondition()99 public void AddFullTrustAssembly_NullStrongNameMembershipCondition () 100 { 101 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 102 StrongNameMembershipCondition snmc = null; 103 pl.AddFullTrustAssembly (snmc); 104 } 105 106 [Test] 107 [ExpectedException (typeof (ArgumentException))] AddFullTrustAssembly_DuplicateStrongName()108 public void AddFullTrustAssembly_DuplicateStrongName () 109 { 110 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 111 StrongName sn = new StrongName (new StrongNamePublicKeyBlob (snPublicKey), "First", new Version (1, 2, 3, 4)); 112 pl.AddFullTrustAssembly (sn); 113 pl.AddFullTrustAssembly (sn); 114 } 115 116 [Test] 117 [ExpectedException (typeof (ArgumentException))] AddFullTrustAssembly_DuplicateStrongNameMembershipCondition()118 public void AddFullTrustAssembly_DuplicateStrongNameMembershipCondition () 119 { 120 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 121 StrongNameMembershipCondition snmc = new StrongNameMembershipCondition (new StrongNamePublicKeyBlob (snPublicKey), "Second", new Version ("0.1.2.3")); 122 pl.AddFullTrustAssembly (snmc); 123 pl.AddFullTrustAssembly (snmc); 124 } 125 126 [Test] AddNamedPermissionSet()127 public void AddNamedPermissionSet () 128 { 129 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 130 int n = pl.NamedPermissionSets.Count; 131 132 NamedPermissionSet nps = new NamedPermissionSet ("Mono", PermissionState.Unrestricted); 133 pl.AddNamedPermissionSet (nps); 134 // ExecutionEngineException here! 135 Assert.AreEqual (n + 1, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count+1"); 136 } 137 138 [Test] 139 [ExpectedException (typeof (ArgumentNullException))] AddNamedPermissionSet_Null()140 public void AddNamedPermissionSet_Null () 141 { 142 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 143 pl.AddNamedPermissionSet (null); 144 } 145 146 [Test] 147 [ExpectedException (typeof (ArgumentException))] AddNamedPermissionSet_Duplicate()148 public void AddNamedPermissionSet_Duplicate () 149 { 150 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 151 NamedPermissionSet nps1 = new NamedPermissionSet ("Mono", PermissionState.Unrestricted); 152 pl.AddNamedPermissionSet (nps1); 153 NamedPermissionSet nps2 = new NamedPermissionSet ("Mono", PermissionState.None); 154 // ExecutionEngineException here! 155 pl.AddNamedPermissionSet (nps2); 156 } 157 158 [Test] ChangeNamedPermissionSet()159 public void ChangeNamedPermissionSet () 160 { 161 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 162 NamedPermissionSet nps1 = new NamedPermissionSet ("Mono", PermissionState.Unrestricted); 163 pl.AddNamedPermissionSet (nps1); 164 165 NamedPermissionSet nps2 = new NamedPermissionSet ("Mono", PermissionState.None); 166 // ExecutionEngineException here! 167 pl.ChangeNamedPermissionSet ("Mono", nps2); 168 } 169 170 [Test] 171 [ExpectedException (typeof (ArgumentNullException))] ChangeNamedPermissionSet_NullName()172 public void ChangeNamedPermissionSet_NullName () 173 { 174 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 175 NamedPermissionSet nps2 = new NamedPermissionSet ("Mono", PermissionState.None); 176 pl.ChangeNamedPermissionSet (null, nps2); 177 } 178 179 [Test] 180 [ExpectedException (typeof (ArgumentNullException))] ChangeNamedPermissionSet_NullPermissionSet()181 public void ChangeNamedPermissionSet_NullPermissionSet () 182 { 183 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 184 pl.ChangeNamedPermissionSet ("Mono", null); 185 } 186 187 [Test] 188 [ExpectedException (typeof (ArgumentException))] ChangeNamedPermissionSet_NotFound()189 public void ChangeNamedPermissionSet_NotFound () 190 { 191 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 192 NamedPermissionSet nps2 = new NamedPermissionSet ("Mono", PermissionState.None); 193 pl.ChangeNamedPermissionSet ("Mono", nps2); 194 } 195 196 [Test] 197 [ExpectedException (typeof (ArgumentException))] ChangeNamedPermissionSet_Reserved_FullTrust()198 public void ChangeNamedPermissionSet_Reserved_FullTrust () 199 { 200 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 201 PermissionSet ps = new PermissionSet (PermissionState.None); 202 pl.ChangeNamedPermissionSet ("FullTrust", ps); 203 } 204 205 [Test] 206 [ExpectedException (typeof (ArgumentException))] ChangeNamedPermissionSet_Reserved_LocalIntranet()207 public void ChangeNamedPermissionSet_Reserved_LocalIntranet () 208 { 209 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 210 PermissionSet ps = new PermissionSet (PermissionState.None); 211 pl.ChangeNamedPermissionSet ("LocalIntranet", ps); 212 } 213 214 [Test] 215 [ExpectedException (typeof (ArgumentException))] ChangeNamedPermissionSet_Reserved_Internet()216 public void ChangeNamedPermissionSet_Reserved_Internet () 217 { 218 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 219 PermissionSet ps = new PermissionSet (PermissionState.None); 220 pl.ChangeNamedPermissionSet ("Internet", ps); 221 } 222 223 [Test] 224 [ExpectedException (typeof (ArgumentException))] ChangeNamedPermissionSet_Reserved_SkipVerification()225 public void ChangeNamedPermissionSet_Reserved_SkipVerification () 226 { 227 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 228 PermissionSet ps = new PermissionSet (PermissionState.None); 229 pl.ChangeNamedPermissionSet ("SkipVerification", ps); 230 } 231 232 [Test] 233 [ExpectedException (typeof (ArgumentException))] ChangeNamedPermissionSet_Reserved_()234 public void ChangeNamedPermissionSet_Reserved_ () 235 { 236 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 237 PermissionSet ps = new PermissionSet (PermissionState.None); 238 pl.ChangeNamedPermissionSet ("Execution", ps); 239 } 240 241 [Test] 242 [ExpectedException (typeof (ArgumentException))] ChangeNamedPermissionSet_Reserved_Nothing()243 public void ChangeNamedPermissionSet_Reserved_Nothing () 244 { 245 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 246 PermissionSet ps = new PermissionSet (PermissionState.None); 247 pl.ChangeNamedPermissionSet ("SkipVerification", ps); 248 } 249 250 [Test] 251 [ExpectedException (typeof (ArgumentException))] ChangeNamedPermissionSet_Reserved_Everything()252 public void ChangeNamedPermissionSet_Reserved_Everything () 253 { 254 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 255 PermissionSet ps = new PermissionSet (PermissionState.None); 256 pl.ChangeNamedPermissionSet ("Everything", ps); 257 } 258 259 [Test] CreateAppDomainLevel()260 public void CreateAppDomainLevel () 261 { 262 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); 263 Assert.AreEqual ("AppDomain", pl.Label, "Label"); 264 Assert.AreEqual ("FullTrust", pl.RootCodeGroup.PermissionSetName, "RootCodeGroup==FullTrust"); 265 Assert.AreEqual (0, pl.RootCodeGroup.Children.Count, "RootCodeGroup/NoChildren"); 266 Assert.IsTrue (pl.RootCodeGroup.PolicyStatement.PermissionSet.IsUnrestricted (), "RootCodeGroup.PolicyStatement.PermissionSet.IsUnrestricted"); 267 } 268 269 [Test] 270 // Makes distcheck fail because there is no Mono installed into the prefix 271 // thus making the GAC not work... 272 [Category ("NotWorking")] FromXml()273 public void FromXml () 274 { 275 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); 276 SecurityElement se = pl.ToXml (); 277 pl.FromXml (se); 278 Assert.AreEqual ("AppDomain", pl.Label, "Label"); 279 Assert.AreEqual ("All_Code", pl.RootCodeGroup.Name, "RootCodeGroup"); 280 Assert.AreEqual ("FullTrust", pl.RootCodeGroup.PermissionSetName, "PermissionSetName"); 281 Assert.AreEqual (0, pl.RootCodeGroup.Children.Count, "Children"); 282 } 283 284 [Test] 285 [ExpectedException (typeof (ArgumentNullException))] FromXml_Null()286 public void FromXml_Null () 287 { 288 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); 289 pl.FromXml (null); 290 } 291 292 [Test] 293 // Makes distcheck fail because there is no Mono installed into the prefix 294 // thus making the GAC not work... 295 [Category ("NotWorking")] 296 [ExpectedException (typeof (ArgumentException))] FromXml_Invalid()297 public void FromXml_Invalid () 298 { 299 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); 300 SecurityElement se = pl.ToXml (); 301 se.Tag = "Mono"; 302 // strangely this works :( 303 pl.FromXml (se); 304 // let's get weirder :) 305 foreach (SecurityElement child in se.Children) { 306 child.Tag = "Mono"; 307 } 308 pl.FromXml (se); 309 // it's enough >:) 310 } 311 312 [Test] GetNamedPermissionSet()313 public void GetNamedPermissionSet () 314 { 315 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 316 NamedPermissionSet nps = pl.GetNamedPermissionSet ("Mono"); 317 Assert.IsNull (nps, "GetNamedPermissionSet(notfound)"); 318 nps = new NamedPermissionSet ("Mono", PermissionState.None); 319 pl.AddNamedPermissionSet (nps); 320 // ExecutionEngineException here! 321 nps = pl.GetNamedPermissionSet ("Mono"); 322 Assert.IsNotNull (nps, "GetNamedPermissionSet(found)"); 323 } 324 325 [Test] 326 [ExpectedException (typeof (ArgumentNullException))] GetNamedPermissionSet_Null()327 public void GetNamedPermissionSet_Null () 328 { 329 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 330 NamedPermissionSet nps = pl.GetNamedPermissionSet (null); 331 } 332 333 [Test] Label()334 public void Label () 335 { 336 PolicyLevel pl = Load (minimal, PolicyLevelType.AppDomain); 337 Assert.AreEqual ("AppDomain", pl.Label, "Label.AppDomain"); 338 pl = Load (minimal, PolicyLevelType.Enterprise); 339 Assert.AreEqual ("Enterprise", pl.Label, "Label.Enterprise"); 340 pl = Load (minimal, PolicyLevelType.Machine); 341 Assert.AreEqual ("Machine", pl.Label, "Label.Machine"); 342 pl = Load (minimal, PolicyLevelType.User); 343 Assert.AreEqual ("User", pl.Label, "Label.User"); 344 // static method 345 pl = PolicyLevel.CreateAppDomainLevel (); 346 Assert.AreEqual ("AppDomain", pl.Label, "Label.AppDomain"); 347 } 348 349 [Test] 350 [ExpectedException (typeof (PolicyException))] Recover_LoadPolicyLevelFromFile()351 public void Recover_LoadPolicyLevelFromFile () 352 { 353 string temp = Path.GetTempFileName (); 354 using (FileStream fs = File.OpenWrite (temp)) { 355 // that way we're sure that no back exists 356 byte[] data = Encoding.UTF8.GetBytes (minimal); 357 fs.Write (data, 0, data.Length); 358 fs.Close (); 359 } 360 PolicyLevel pl = SecurityManager.LoadPolicyLevelFromFile (temp, PolicyLevelType.User); 361 pl.Recover (); 362 // can't recover if no backup exists 363 } 364 365 [Test] 366 [ExpectedException (typeof (PolicyException))] Recover_LoadPolicyLevelFromString()367 public void Recover_LoadPolicyLevelFromString () 368 { 369 PolicyLevel pl = SecurityManager.LoadPolicyLevelFromString (minimal, PolicyLevelType.Enterprise); 370 pl.Recover (); 371 // can't recover as it's not file based 372 } 373 374 [Test] 375 [ExpectedException (typeof (PolicyException))] Recover_AppDomainLevel()376 public void Recover_AppDomainLevel () 377 { 378 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); 379 pl.Recover (); 380 // can't recover as it's not file based 381 } 382 383 [Test] RemoveFullTrustAssembly()384 public void RemoveFullTrustAssembly () 385 { 386 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 387 int n = pl.FullTrustAssemblies.Count; 388 389 StrongName sn = new StrongName (new StrongNamePublicKeyBlob (snPublicKey), "First", new Version (1, 2, 3, 4)); 390 pl.AddFullTrustAssembly (sn); 391 Assert.AreEqual (n + 1, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+1"); 392 393 StrongNameMembershipCondition snmc = new StrongNameMembershipCondition (new StrongNamePublicKeyBlob (snPublicKey), "Second", new Version ("0.1.2.3")); 394 pl.AddFullTrustAssembly (snmc); 395 Assert.AreEqual (n + 2, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+2"); 396 397 pl.RemoveFullTrustAssembly (sn); 398 Assert.AreEqual (n + 1, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count-1"); 399 400 pl.RemoveFullTrustAssembly (snmc); 401 Assert.AreEqual (n, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count-2"); 402 } 403 404 [Test] 405 [ExpectedException (typeof (ArgumentNullException))] RemoveFullTrustAssembly_NullStrongName()406 public void RemoveFullTrustAssembly_NullStrongName () 407 { 408 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 409 StrongName sn = null; 410 pl.RemoveFullTrustAssembly (sn); 411 } 412 413 [Test] 414 [ExpectedException (typeof (ArgumentNullException))] RemoveFullTrustAssembly_NullStrongNameMembershipCondition()415 public void RemoveFullTrustAssembly_NullStrongNameMembershipCondition () 416 { 417 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 418 StrongNameMembershipCondition snmc = null; 419 pl.RemoveFullTrustAssembly (snmc); 420 } 421 422 [Test] 423 [ExpectedException (typeof (ArgumentException))] RemoveFullTrustAssembly_UnknownStrongName()424 public void RemoveFullTrustAssembly_UnknownStrongName () { 425 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 426 StrongName sn = new StrongName (new StrongNamePublicKeyBlob (snPublicKey), "First", new Version (1, 2, 3, 4)); 427 pl.RemoveFullTrustAssembly (sn); 428 } 429 430 [Test] 431 [ExpectedException (typeof (ArgumentException))] RemoveFullTrustAssembly_UnknownStrongNameMembershipCondition()432 public void RemoveFullTrustAssembly_UnknownStrongNameMembershipCondition () 433 { 434 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 435 StrongNameMembershipCondition snmc = new StrongNameMembershipCondition (new StrongNamePublicKeyBlob (snPublicKey), "Second", new Version ("0.1.2.3")); 436 pl.RemoveFullTrustAssembly (snmc); 437 } 438 439 [Test] RemoveNamedPermissionSet()440 public void RemoveNamedPermissionSet () 441 { 442 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 443 int n = pl.NamedPermissionSets.Count; 444 NamedPermissionSet nps = new NamedPermissionSet ("Mono", PermissionState.Unrestricted); 445 pl.AddNamedPermissionSet (nps); 446 // ExecutionEngineException here! 447 pl.RemoveNamedPermissionSet (nps); 448 Assert.AreEqual (n, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count"); 449 } 450 451 [Test] 452 [ExpectedException (typeof (ArgumentNullException))] RemoveNamedPermissionSet_Null()453 public void RemoveNamedPermissionSet_Null () 454 { 455 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 456 pl.RemoveNamedPermissionSet ((NamedPermissionSet)null); 457 } 458 459 [Test] 460 [ExpectedException (typeof (ArgumentException))] RemoveNamedPermissionSet_NotFound()461 public void RemoveNamedPermissionSet_NotFound () 462 { 463 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 464 NamedPermissionSet nps = new NamedPermissionSet ("Mono", PermissionState.Unrestricted); 465 pl.RemoveNamedPermissionSet (nps); 466 } 467 468 [Test] RemoveNamedPermissionSet_String()469 public void RemoveNamedPermissionSet_String () 470 { 471 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 472 int n = pl.NamedPermissionSets.Count; 473 NamedPermissionSet nps = new NamedPermissionSet ("Mono", PermissionState.Unrestricted); 474 pl.AddNamedPermissionSet (nps); 475 // ExecutionEngineException here! 476 pl.RemoveNamedPermissionSet ("Mono"); 477 Assert.AreEqual (n, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count"); 478 } 479 480 [Test] 481 [ExpectedException (typeof (ArgumentNullException))] RemoveNamedPermissionSet_StringNull()482 public void RemoveNamedPermissionSet_StringNull () 483 { 484 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 485 pl.RemoveNamedPermissionSet ((string)null); 486 } 487 488 [Test] 489 [ExpectedException (typeof (ArgumentException))] RemoveNamedPermissionSet_StringNotFound()490 public void RemoveNamedPermissionSet_StringNotFound () 491 { 492 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 493 pl.RemoveNamedPermissionSet ("Mono"); 494 } 495 496 [Test] 497 [ExpectedException (typeof (ArgumentException))] RemoveNamedPermissionSet_FullTrust_ReservedName()498 public void RemoveNamedPermissionSet_FullTrust_ReservedName () 499 { 500 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 501 pl.RemoveNamedPermissionSet ("FullTrust"); 502 } 503 504 [Test] 505 [ExpectedException (typeof (ArgumentException))] RemoveNamedPermissionSet_LocalIntranet_ReservedName()506 public void RemoveNamedPermissionSet_LocalIntranet_ReservedName () 507 { 508 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 509 pl.RemoveNamedPermissionSet ("LocalIntranet"); 510 } 511 512 [Test] 513 [ExpectedException (typeof (ArgumentException))] RemoveNamedPermissionSet_Internet_ReservedName()514 public void RemoveNamedPermissionSet_Internet_ReservedName () 515 { 516 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 517 pl.RemoveNamedPermissionSet ("Internet"); 518 } 519 520 [Test] 521 [ExpectedException (typeof (ArgumentException))] RemoveNamedPermissionSet_SkipVerification_ReservedName()522 public void RemoveNamedPermissionSet_SkipVerification_ReservedName () 523 { 524 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 525 pl.RemoveNamedPermissionSet ("SkipVerification"); 526 } 527 528 [Test] 529 [ExpectedException (typeof (ArgumentException))] RemoveNamedPermissionSet_Execution_ReservedName()530 public void RemoveNamedPermissionSet_Execution_ReservedName () 531 { 532 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 533 pl.RemoveNamedPermissionSet ("Execution"); 534 } 535 536 [Test] 537 [ExpectedException (typeof (ArgumentException))] RemoveNamedPermissionSet_Nothing_ReservedName()538 public void RemoveNamedPermissionSet_Nothing_ReservedName () 539 { 540 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 541 pl.RemoveNamedPermissionSet ("Nothing"); 542 } 543 544 [Test] 545 [ExpectedException (typeof (ArgumentException))] RemoveNamedPermissionSet_Everything_ReservedName()546 public void RemoveNamedPermissionSet_Everything_ReservedName () 547 { 548 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 549 pl.RemoveNamedPermissionSet ("Everything"); 550 } 551 552 [Test] Reset()553 public void Reset () 554 { 555 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); 556 557 int n = pl.FullTrustAssemblies.Count; 558 StrongName sn = new StrongName (new StrongNamePublicKeyBlob (snPublicKey), "First", new Version (1, 2, 3, 4)); 559 pl.AddFullTrustAssembly (sn); 560 Assert.AreEqual (n + 1, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count+1"); 561 562 int m = pl.NamedPermissionSets.Count; 563 564 NamedPermissionSet nps = new NamedPermissionSet ("Mono"); 565 pl.AddNamedPermissionSet (nps); 566 Assert.AreEqual (m + 1, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count+1"); 567 568 pl.Reset (); 569 Assert.AreEqual (n, pl.FullTrustAssemblies.Count, "FullTrustAssemblies.Count"); 570 Assert.AreEqual (m, pl.NamedPermissionSets.Count, "NamedPermissionSets.Count"); 571 } 572 573 [Test] 574 [ExpectedException (typeof (ArgumentNullException))] Resolve_Null()575 public void Resolve_Null () 576 { 577 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); 578 pl.Resolve (null); 579 } 580 581 [Test] Resolve_Empty()582 public void Resolve_Empty () 583 { 584 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); 585 PolicyStatement result = pl.Resolve (new Evidence ()); 586 Assert.IsNotNull (result, "PolicyStatement"); 587 Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, "Attributes"); 588 Assert.AreEqual (String.Empty, result.AttributeString, "AttributeString"); 589 Assert.IsTrue (result.PermissionSet.IsUnrestricted (), "IsUnrestricted"); 590 Assert.AreEqual (0, result.PermissionSet.Count, "Count"); 591 } 592 Resolve_Zone(PolicyLevel level, SecurityZone z, PolicyStatementAttribute attr, bool unrestricted, int count)593 private void Resolve_Zone (PolicyLevel level, SecurityZone z, PolicyStatementAttribute attr, bool unrestricted, int count) 594 { 595 string prefix = z.ToString () + "-" + attr.ToString () + "-"; 596 Evidence e = new Evidence (); 597 e.AddHost (new Zone (z)); 598 PolicyStatement result = level.Resolve (e); 599 if (unrestricted) { 600 Assert.AreEqual (attr, result.Attributes, prefix + "Attributes"); 601 switch (attr) { 602 case PolicyStatementAttribute.Nothing: 603 Assert.AreEqual (String.Empty, result.AttributeString, prefix + "AttributeString"); 604 break; 605 case PolicyStatementAttribute.Exclusive: 606 Assert.AreEqual ("Exclusive", result.AttributeString, prefix + "AttributeString"); 607 break; 608 case PolicyStatementAttribute.LevelFinal: 609 Assert.AreEqual ("LevelFinal", result.AttributeString, prefix + "AttributeString"); 610 break; 611 case PolicyStatementAttribute.All: 612 Assert.AreEqual ("Exclusive LevelFinal", result.AttributeString, prefix + "AttributeString"); 613 break; 614 } 615 } 616 else { 617 Assert.AreEqual (PolicyStatementAttribute.Nothing, result.Attributes, prefix + "Attributes"); 618 Assert.AreEqual (String.Empty, result.AttributeString, prefix + "AttributeString"); 619 } 620 Assert.AreEqual (unrestricted, result.PermissionSet.IsUnrestricted (), prefix + "IsUnrestricted"); 621 Assert.AreEqual (count, result.PermissionSet.Count, prefix + "Count"); 622 } 623 Resolve_Zone_Unrestricted_Attribute(SecurityZone zone, PolicyStatementAttribute attr)624 private void Resolve_Zone_Unrestricted_Attribute (SecurityZone zone, PolicyStatementAttribute attr) 625 { 626 IMembershipCondition mc = new ZoneMembershipCondition (zone); 627 PolicyStatement ps = new PolicyStatement (new PermissionSet (PermissionState.Unrestricted)); 628 ps.Attributes = attr; 629 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); 630 pl.RootCodeGroup = new UnionCodeGroup (mc, ps); 631 632 Resolve_Zone (pl, SecurityZone.Internet, attr, (zone == SecurityZone.Internet), 0); 633 Resolve_Zone (pl, SecurityZone.Intranet, attr, (zone == SecurityZone.Intranet), 0); 634 Resolve_Zone (pl, SecurityZone.MyComputer, attr, (zone == SecurityZone.MyComputer), 0); 635 Resolve_Zone (pl, SecurityZone.NoZone, attr, (zone == SecurityZone.NoZone), 0); 636 Resolve_Zone (pl, SecurityZone.Trusted, attr, (zone == SecurityZone.Trusted), 0); 637 Resolve_Zone (pl, SecurityZone.Untrusted, attr, (zone == SecurityZone.Untrusted), 0); 638 } 639 640 [Test] Resolve_MyComputerUnrestricted()641 public void Resolve_MyComputerUnrestricted () 642 { 643 SecurityZone z = SecurityZone.MyComputer; 644 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.Nothing); 645 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.Exclusive); 646 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.LevelFinal); 647 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.All); 648 } 649 650 [Test] Resolve_InternetUnrestricted()651 public void Resolve_InternetUnrestricted () 652 { 653 SecurityZone z = SecurityZone.Internet; 654 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.Nothing); 655 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.Exclusive); 656 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.LevelFinal); 657 Resolve_Zone_Unrestricted_Attribute (z, PolicyStatementAttribute.All); 658 } 659 660 [Test] 661 [ExpectedException (typeof (ArgumentNullException))] ResolveMatchingCodeGroups_Null()662 public void ResolveMatchingCodeGroups_Null () 663 { 664 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); 665 pl.ResolveMatchingCodeGroups (null); 666 } 667 668 [Test] ResolveMatchingCodeGroups_Empty()669 public void ResolveMatchingCodeGroups_Empty () 670 { 671 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); 672 CodeGroup result = pl.ResolveMatchingCodeGroups (new Evidence ()); 673 Assert.IsNotNull (result, "CodeGroup"); 674 Assert.AreEqual (String.Empty, result.AttributeString, "AttributeString"); 675 Assert.AreEqual (0, result.Children.Count, "Count"); 676 Assert.AreEqual ("Union", result.MergeLogic, "MergeLogic"); 677 Assert.IsTrue (result.PolicyStatement.PermissionSet.IsUnrestricted (), "IsUnrestricted"); 678 } 679 680 [Test] 681 [ExpectedException (typeof (ArgumentNullException))] RootCodeGroup_Null()682 public void RootCodeGroup_Null () 683 { 684 PolicyLevel pl = PolicyLevel.CreateAppDomainLevel (); 685 pl.RootCodeGroup = null; 686 } 687 688 [Test] StoreLocation()689 public void StoreLocation () 690 { 691 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 692 // loaded from a string - no store 693 Assert.IsNull (pl.StoreLocation, "StoreLocation(string)"); 694 695 string filename = Path.GetFullPath (Environment.UserName + "-unittest.config"); 696 using (StreamWriter sw = new StreamWriter (filename, false)) { 697 sw.Write (minimal); 698 } 699 pl = SecurityManager.LoadPolicyLevelFromFile (filename, PolicyLevelType.Machine); 700 Assert.AreEqual (filename, pl.StoreLocation, "StoreLocation(file)"); 701 702 File.Delete (filename); 703 } 704 705 [Test] ToXml()706 public void ToXml () 707 { 708 PolicyLevel pl = Load (minimal, PolicyLevelType.Machine); 709 PolicyLevel pl2 = PolicyLevel.CreateAppDomainLevel (); 710 SecurityElement se = pl.ToXml (); 711 pl2.FromXml (se); 712 713 Assert.AreEqual (pl.FullTrustAssemblies.Count, pl2.FullTrustAssemblies.Count, "ToXml-FullTrustAssemblies"); 714 Assert.AreEqual (pl.NamedPermissionSets.Count, pl2.NamedPermissionSets.Count, "ToXml-NamedPermissionSets"); 715 Assert.IsTrue (pl.RootCodeGroup.Equals (pl2.RootCodeGroup, true), "ToXml-RootCodeGroup"); 716 Assert.AreEqual (pl.StoreLocation, pl2.StoreLocation, "ToXml-StoreLocation"); 717 } 718 } 719 } 720