[Ironpython-users] Importing modules in a restricted AppDomain

Cesar Mello cmello at gmail.com
Wed Mar 7 14:17:07 CET 2012 

Hi,

Must I grant fulltrust permissions to the IronPython assemblies? Sorry for
the basic question, but will the scripts still be restricted in this case?

Thank you a lot. This is a bit urgent for me, because it's the last step
before I can finish the prototype with IronPython and let it be accepted
for embedding in our product.

Best regards!
Mello



On Mon, Mar 5, 2012 at 4:26 PM, Cesar Mello <cmello at gmail.com> wrote:

> Please ignore my previous question. Sucessfully added FileIOPermission
> with PathDiscovery and it worked:
>
>       var pythonLibsPath = ExpressionEvaluator.GetPythonLibsPath();
>       permissionSet.AddPermission(new
> FileIOPermission(FileIOPermissionAccess.PathDiscovery |
> FileIOPermissionAccess.Read, pythonLibsPath));
>
>
> Now I'm facing some problem with Emit permissions.
> Added ReflectionPermission(PermissionState.Unrestricted) but still doesn't
> work.
>
> I'm using .NET 4 in this project at work. Sorry if the subject is too
> general and off-topic.
>
> Best regards
> Mello
>
> Message: Request for the permission of type
> 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0,
> Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
>
> at System.Security.CodeAccessSecurityEngine.Check(Object demand,
> StackCrawlMark& stackMark, Boolean isPermSet)
>    at System.Security.CodeAccessPermission.Demand()
>    at
> System.Reflection.Emit.AssemblyBuilder.DefineDynamicModuleInternalNoLock(String
> name, Boolean emitSymbolInfo, StackCrawlMark& stackMark)
>    at
> System.Reflection.Emit.AssemblyBuilder.DefineDynamicModuleInternal(String
> name, Boolean emitSymbolInfo, StackCrawlMark& stackMark)
>    at System.Reflection.Emit.AssemblyBuilder.DefineDynamicModule(String
> name, Boolean emitSymbolInfo)
>    at Microsoft.Scripting.Generation.AssemblyGen..ctor(AssemblyName name,
> String outDir, String outFileExtension, Boolean isDebuggable,
> PortableExecutableKinds peKind, ImageFileMachine machine)
>    at Microsoft.Scripting.Generation.AssemblyGen..ctor(AssemblyName name,
> String outDir, String outFileExtension, Boolean isDebuggable)
>    at Microsoft.Scripting.Generation.Snippets.CreateNewAssembly(String
> nameSuffix, Boolean emitSymbols)
>    at Microsoft.Scripting.Generation.Snippets.GetOrCreateAssembly(Boolean
> emitSymbols, AssemblyGen& assembly)
>    at Microsoft.Scripting.Generation.Snippets.GetAssembly(Boolean
> emitSymbols)
>    at Microsoft.Scripting.Generation.Snippets.DefineType(String name, Type
> parent, Boolean preserveName, Boolean emitDebugSymbols)
>    at
> Microsoft.Scripting.Generation.CompilerHelpers.CompileToMethod(LambdaExpression
> lambda, DebugInfoGenerator debugInfoGenerator, Boolean emitDebugSymbols)
>    at
> Microsoft.Scripting.Generation.CompilerHelpers.CompileToMethod[T](Expression`1
> lambda, DebugInfoGenerator debugInfoGenerator, Boolean emitDebugSymbols)
>    at
> Microsoft.Scripting.Generation.CompilerHelpers.Compile[T](Expression`1
> lambda, Boolean emitDebugSymbols)
>    at IronPython.Compiler.RuntimeScriptCode.Compile()
>    at IronPython.Compiler.RuntimeScriptCode.EnsureCompiled()
>    at IronPython.Compiler.RuntimeScriptCode.InvokeTarget(Scope scope)
>    at IronPython.Compiler.RuntimeScriptCode.Run(Scope scope)
>    at IronPython.Runtime.PythonContext.InitializeModule(String fileName,
> ModuleContext moduleContext, ScriptCode scriptCode, ModuleOptions options)
>    at IronPython.Runtime.PythonContext.CompileModule(String fileName,
> String moduleName, SourceUnit sourceCode, ModuleOptions options,
> ScriptCode& scriptCode)
>    at IronPython.Runtime.PythonContext.CompileModule(String fileName,
> String moduleName, SourceUnit sourceCode, ModuleOptions options)
>    at IronPython.Runtime.Importer.LoadFromSourceUnit(CodeContext context,
> SourceUnit sourceCode, String name, String path)
>    at IronPython.Runtime.Importer.LoadModuleFromSource(CodeContext
> context, String name, String path)
>    at IronPython.Runtime.Importer.LoadFromDisk(CodeContext context, String
> name, String fullName, String str)
>    at IronPython.Runtime.Importer.ImportFromPathHook(CodeContext context,
> String name, String fullName, List path, Func`5 defaultLoader)
>    at IronPython.Runtime.Importer.ImportFromPath(CodeContext context,
> String name, String fullName, List path)
>    at IronPython.Runtime.Importer.ImportTopAbsolute(CodeContext context,
> String name)
>    at IronPython.Runtime.Importer.ImportModule(CodeContext context, Object
> globals, String modName, Boolean bottom, Int32 level)
>    at IronPython.Modules.Builtin.__import__(CodeContext context, String
> name, Object globals, Object locals, Object fromlist, Int32 level)
>    at
> Microsoft.Scripting.Interpreter.FuncCallInstruction`7.Run(InterpretedFrame
> frame)
>    at Microsoft.Scripting.Interpreter.Interpreter.Run(InterpretedFrame
> frame)
>    at
> Microsoft.Scripting.Interpreter.LightLambda.Run7[T0,T1,T2,T3,T4,T5,T6,TRet](T0
> arg0, T1 arg1, T2 arg2, T3 arg3, T4 arg4, T5 arg5, T6 arg6)
>    at IronPython.Runtime.Importer.ImportLightThrow(CodeContext context,
> String fullName, PythonTuple from, Int32 level)
>    at IronPython.Runtime.Operations.PythonOps.ImportTop(CodeContext
> context, String fullName, Int32 level)
>    at
> Microsoft.Scripting.Interpreter.FuncCallInstruction`4.Run(InterpretedFrame
> frame)
>    at Microsoft.Scripting.Interpreter.Interpreter.Run(InterpretedFrame
> frame)
>    at Microsoft.Scripting.Interpreter.LightLambda.Run2[T0,T1,TRet](T0
> arg0, T1 arg1)
>    at IronPython.Compiler.PythonScriptCode.RunWorker(CodeContext ctx)
>    at IronPython.Compiler.PythonScriptCode.Run(Scope scope)
>    at IronPython.Compiler.RuntimeScriptCode.InvokeTarget(Scope scope)
>    at IronPython.Compiler.RuntimeScriptCode.Run(Scope scope)
>    at Microsoft.Scripting.SourceUnit.Execute(Scope scope, ErrorSink
> errorSink)
>    at Microsoft.Scripting.SourceUnit.Execute(Scope scope)
>    at Microsoft.Scripting.Hosting.ScriptSource.Execute(ScriptScope scope)
>    at Microsoft.Scripting.Hosting.ScriptEngine.Execute(String expression,
> ScriptScope scope)
>    at Microsoft.Scripting.Hosting.ScriptEngine.Execute(String expression,
> ScriptScope scope)
>    at
> Elipse.Epm.Scripting.ExpressionEvaluator.ImportStandardModules(ScriptScope
> scope) in
> D:\proj\epm_5527\Source\EpmCommon\Elipse.Epm.Scripting\ExpressionEvaluator.cs:line
> 174
>    at Elipse.Epm.Scripting.ExpressionEvaluator.AddExpression(Expression
> expression, Object clientHandle) in
> D:\proj\epm_5527\Source\EpmCommon\Elipse.Epm.Scripting\ExpressionEvaluator.cs:line
> 82
>
>
>
> On Mon, Mar 5, 2012 at 3:18 PM, Cesar Mello <cmello at gmail.com> wrote:
>
>> Hi!
>>
>> Is there a way to load modules without giving permission to the AppDomain
>> to read .py files from disk?
>>
>> I need to run user code with limited permissions. They should be able to
>> do some simple calculations. But when I try to import a module like
>> 'decimal', filesystem access permission is required.
>>
>> Thank you a lot for the attention!
>>
>> Best regards
>> Mello
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20120307/486d7072/attachment.html>

More information about the Ironpython-users mailing list