我正在嘗試爲加載程序集放置沙箱AppDomain的最低權限。似乎強制在加載程序集的appBase和Read權限上具有PathDiscovery權限,但在相關程序集上不需要權限。我的問題是: 爲什麼我們需要PathDiscovery?在每個需要的組件上讀取訪問不夠嗎? 爲什麼只有加載的程序集需要讀取權限而不是相關的程序?尋找在Sandbox AppDomain中加載程序集的最低權限。爲什麼需要這些權限?
下面的代碼片段給一些背景:
AppDomainSetup setup = new AppDomainSetup
{
ApplicationName = "Name",
ApplicationBase = binFolder,
};
PermissionSet permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
// Mandatory. Why PathDiscovery is needed?
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.PathDiscovery, binFolder));
// Mandatory. Why Read is not also needed for all dependent assemblies?
permissionSet.AddPermission(new FileIOPermission(FileIOPermissionAccess.Read, assemblyPath));
var domain = AppDomain.CreateDomain("Domain Name", null, setup, permissionSet);
domain.CreateInstanceFromAndUnwrap(assemblyPath, typeName);