[Ironpython-users] Importing modules in a restricted AppDomain

Cesar Mello cmello at gmail.com
Mon Mar 5 20:26:37 CET 2012 

Please ignore my previous question. Sucessfully added FileIOPermission with
PathDiscovery and it worked:

      var pythonLibsPath = ExpressionEvaluator.GetPythonLibsPath();
      permissionSet.AddPermission(new
FileIOPermission(FileIOPermissionAccess.PathDiscovery |
FileIOPermissionAccess.Read, pythonLibsPath));


Now I'm facing some problem with Emit permissions.
Added ReflectionPermission(PermissionState.Unrestricted) but still doesn't
work.

I'm using .NET 4 in this project at work. Sorry if the subject is too
general and off-topic.

Best regards
Mello

Message: Request for the permission of type
'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

at System.Security.CodeAccessSecurityEngine.Check(Object demand,
StackCrawlMark& stackMark, Boolean isPermSet)
   at System.Security.CodeAccessPermission.Demand()
   at
System.Reflection.Emit.AssemblyBuilder.DefineDynamicModuleInternalNoLock(String
name, Boolean emitSymbolInfo, StackCrawlMark& stackMark)
   at
System.Reflection.Emit.AssemblyBuilder.DefineDynamicModuleInternal(String
name, Boolean emitSymbolInfo, StackCrawlMark& stackMark)
   at System.Reflection.Emit.AssemblyBuilder.DefineDynamicModule(String
name, Boolean emitSymbolInfo)
   at Microsoft.Scripting.Generation.AssemblyGen..ctor(AssemblyName name,
String outDir, String outFileExtension, Boolean isDebuggable,
PortableExecutableKinds peKind, ImageFileMachine machine)
   at Microsoft.Scripting.Generation.AssemblyGen..ctor(AssemblyName name,
String outDir, String outFileExtension, Boolean isDebuggable)
   at Microsoft.Scripting.Generation.Snippets.CreateNewAssembly(String
nameSuffix, Boolean emitSymbols)
   at Microsoft.Scripting.Generation.Snippets.GetOrCreateAssembly(Boolean
emitSymbols, AssemblyGen& assembly)
   at Microsoft.Scripting.Generation.Snippets.GetAssembly(Boolean
emitSymbols)
   at Microsoft.Scripting.Generation.Snippets.DefineType(String name, Type
parent, Boolean preserveName, Boolean emitDebugSymbols)
   at
Microsoft.Scripting.Generation.CompilerHelpers.CompileToMethod(LambdaExpression
lambda, DebugInfoGenerator debugInfoGenerator, Boolean emitDebugSymbols)
   at
Microsoft.Scripting.Generation.CompilerHelpers.CompileToMethod[T](Expression`1
lambda, DebugInfoGenerator debugInfoGenerator, Boolean emitDebugSymbols)
   at
Microsoft.Scripting.Generation.CompilerHelpers.Compile[T](Expression`1
lambda, Boolean emitDebugSymbols)
   at IronPython.Compiler.RuntimeScriptCode.Compile()
   at IronPython.Compiler.RuntimeScriptCode.EnsureCompiled()
   at IronPython.Compiler.RuntimeScriptCode.InvokeTarget(Scope scope)
   at IronPython.Compiler.RuntimeScriptCode.Run(Scope scope)
   at IronPython.Runtime.PythonContext.InitializeModule(String fileName,
ModuleContext moduleContext, ScriptCode scriptCode, ModuleOptions options)
   at IronPython.Runtime.PythonContext.CompileModule(String fileName,
String moduleName, SourceUnit sourceCode, ModuleOptions options,
ScriptCode& scriptCode)
   at IronPython.Runtime.PythonContext.CompileModule(String fileName,
String moduleName, SourceUnit sourceCode, ModuleOptions options)
   at IronPython.Runtime.Importer.LoadFromSourceUnit(CodeContext context,
SourceUnit sourceCode, String name, String path)
   at IronPython.Runtime.Importer.LoadModuleFromSource(CodeContext context,
String name, String path)
   at IronPython.Runtime.Importer.LoadFromDisk(CodeContext context, String
name, String fullName, String str)
   at IronPython.Runtime.Importer.ImportFromPathHook(CodeContext context,
String name, String fullName, List path, Func`5 defaultLoader)
   at IronPython.Runtime.Importer.ImportFromPath(CodeContext context,
String name, String fullName, List path)
   at IronPython.Runtime.Importer.ImportTopAbsolute(CodeContext context,
String name)
   at IronPython.Runtime.Importer.ImportModule(CodeContext context, Object
globals, String modName, Boolean bottom, Int32 level)
   at IronPython.Modules.Builtin.__import__(CodeContext context, String
name, Object globals, Object locals, Object fromlist, Int32 level)
   at
Microsoft.Scripting.Interpreter.FuncCallInstruction`7.Run(InterpretedFrame
frame)
   at Microsoft.Scripting.Interpreter.Interpreter.Run(InterpretedFrame
frame)
   at
Microsoft.Scripting.Interpreter.LightLambda.Run7[T0,T1,T2,T3,T4,T5,T6,TRet](T0
arg0, T1 arg1, T2 arg2, T3 arg3, T4 arg4, T5 arg5, T6 arg6)
   at IronPython.Runtime.Importer.ImportLightThrow(CodeContext context,
String fullName, PythonTuple from, Int32 level)
   at IronPython.Runtime.Operations.PythonOps.ImportTop(CodeContext
context, String fullName, Int32 level)
   at
Microsoft.Scripting.Interpreter.FuncCallInstruction`4.Run(InterpretedFrame
frame)
   at Microsoft.Scripting.Interpreter.Interpreter.Run(InterpretedFrame
frame)
   at Microsoft.Scripting.Interpreter.LightLambda.Run2[T0,T1,TRet](T0 arg0,
T1 arg1)
   at IronPython.Compiler.PythonScriptCode.RunWorker(CodeContext ctx)
   at IronPython.Compiler.PythonScriptCode.Run(Scope scope)
   at IronPython.Compiler.RuntimeScriptCode.InvokeTarget(Scope scope)
   at IronPython.Compiler.RuntimeScriptCode.Run(Scope scope)
   at Microsoft.Scripting.SourceUnit.Execute(Scope scope, ErrorSink
errorSink)
   at Microsoft.Scripting.SourceUnit.Execute(Scope scope)
   at Microsoft.Scripting.Hosting.ScriptSource.Execute(ScriptScope scope)
   at Microsoft.Scripting.Hosting.ScriptEngine.Execute(String expression,
ScriptScope scope)
   at Microsoft.Scripting.Hosting.ScriptEngine.Execute(String expression,
ScriptScope scope)
   at
Elipse.Epm.Scripting.ExpressionEvaluator.ImportStandardModules(ScriptScope
scope) in
D:\proj\epm_5527\Source\EpmCommon\Elipse.Epm.Scripting\ExpressionEvaluator.cs:line
174
   at Elipse.Epm.Scripting.ExpressionEvaluator.AddExpression(Expression
expression, Object clientHandle) in
D:\proj\epm_5527\Source\EpmCommon\Elipse.Epm.Scripting\ExpressionEvaluator.cs:line
82



On Mon, Mar 5, 2012 at 3:18 PM, Cesar Mello <cmello at gmail.com> wrote:

> Hi!
>
> Is there a way to load modules without giving permission to the AppDomain
> to read .py files from disk?
>
> I need to run user code with limited permissions. They should be able to
> do some simple calculations. But when I try to import a module like
> 'decimal', filesystem access permission is required.
>
> Thank you a lot for the attention!
>
> Best regards
> Mello
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20120305/4766718d/attachment.html>

More information about the Ironpython-users mailing list