[Ironpython-users] Problem with Restricted Permissions AppDomain, when using Compile() then ExecuteAndWrap()...

Jason A. Petrasko jason at wishray.com
Wed Sep 11 02:41:22 CEST 2013 

Update: Removing my list of full trust assemblies from 
AppDomain.CreateDomain() allows the code to run just fine with the 
restricted permission set. I'm not sure why, starting to think its an 
issue or bug in .NET itself, unless I'm just not understanding full 
trust assemblies right.

- Jason

On 9/8/2013 5:19 PM, Jason A. Petrasko wrote:
> I had my code setup to call ExecuteAndWrap on the ScriptSource, which 
> worked ok, but if there were errors in the compilation stage I lost 
> them because of the cross domain exceptions bungling. So I changed my 
> code like so:
>
> Source = Engine.CreateScriptSourceFromString (code, 
> Microsoft.Scripting.SourceCodeKind.File);
>             Reporter.Reset();
>             CompiledCode cc = Source.Compile (Reporter);
>             if (cc != null)
>             {
>                 ObjectHandle ohe;
>                 cc.ExecuteAndWrap (Scope, out ohe);
>                 if (ohe != null) {
>                     object o = ohe.Unwrap ();
>                     if (o is Exception)
>                         return ((Exception)o).ToString ();
>                 }
>                 return null;
>             } else
>                 return Reporter.AllErrors();
>
> However when I try to access my scope variable objects I get this 
> exception:
>
> ----
> System.Security.SecurityException: Request failed.
>    at 
> System.Security.CodeAccessSecurityEngine.ThrowSecurityException(RuntimeAssembly 
> asm, PermissionSet granted, PermissionSet refused, 
> RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, 
> IPermission permThatFailed)
>    at 
> System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Object 
> assemblyOrString, PermissionSet granted, PermissionSet refused, 
> RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, 
> IPermission permThatFailed)
>    at 
> System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet 
> grants, PermissionSet refused, PermissionSet demands, 
> RuntimeMethodHandleInternal rmh, Object assemblyOrString, 
> SecurityAction action, Boolean throwException)
>    at 
> System.Security.CodeAccessSecurityEngine.CheckSetHelper(CompressedStack cs, 
> PermissionSet grants, PermissionSet refused, PermissionSet demands, 
> RuntimeMethodHandleInternal rmh, RuntimeAssembly asm, SecurityAction 
> action)
>    at 
> System.Runtime.CompilerServices.RuntimeHelpers._CompileMethod(IRuntimeMethodInfo 
> method)
>    at System.Reflection.Emit.DynamicMethod.CreateDelegate(Type 
> delegateType, Object target)
>    at System.Linq.Expressions.Compiler.LambdaCompiler.CreateDelegate()
> ct state)
>    at 
> Microsoft.Scripting.Interpreter.LightDelegateCreator.CreateDelegate(StrongBox`1[] 
> closure)
>    at 
> Microsoft.Scripting.Interpreter.LightDelegateCreator.CreateDelegate()
>    at Microsoft.Scripting.Generation.CompilerHelpers.LightCompile(Lamb 
> at 
> System.Linq.Expressions.Compiler.LambdaCompiler.Compile(LambdaExpression 
> lambda, DebugInfoGenerator debugInfoGenerator)
>    at System.Linq.Expressions.LambdaExpression.Compile()
>    at 
> Microsoft.Scripting.Interpreter.LightDelegateCreator.Compile(ObjeDynamicMetaObject 
> binding, CachedBindingInfo`1 bindingInfo)
>    at 
> Microsoft.Scripting.Utils.DynamicUtils.GenericInterpretedBinder`1.Bind(DynamicMetaObjectBinder 
> binder, Int32 compilationThreshold, Object[] args)
>    at Microsoft.Scripting.Utils.DynamicUtidaExpression lambda, Int32 
> compilationThreshold)
>    at 
> Microsoft.Scripting.Generation.CompilerHelpers.LightCompile[T](Expression`1 
> lambda, Int32 compilationThreshold)
>    at 
> Microsoft.Scripting.Utils.DynamicUtils.GenericInterpretedBinder`1.CreateDelegate(ls.LightBind[T](DynamicMetaObjectBinder 
> binder, Object[] args, Int32 compilationThreshold)
>    at 
> IronPython.Runtime.Types.BuiltinFunction.IronPython.Runtime.Binding.IFastInvokable.MakeInvokeBinding[T](CallSite`1 
> site, PythonInvokeBinder binder, CodeContext state, Object[] args)
>    at 
> IronPython.Runtime.Binding.PythonInvokeBinder.BindDelegate[T](CallSite`1 
> site, Object[] args)
>    at 
> System.Runtime.CompilerServices.CallSiteBinder.BindCore[T](CallSite`1 
> site, Object[] args)
>    at 
> System.Dynamic.UpdateDelegates.UpdateAndExecute3[T0,T1,T2,TRet](CallSite 
> site, T0 arg0, T1 arg1, T2 arg2)
>    at 
> Microsoft.Scripting.Interpreter.DynamicInstruction`4.Run(InterpretedFrame 
> frame)
>    at Microsoft.Scripting.Interpreter.Interpreter.Run(InterpretedFrame 
> frame)
>    at Microsoft.Scripting.Interpreter.LightLambda.Run2[T0,T1,TRet](T0 
> arg0, T1 arg1)
>    at IronPython.Compiler.PythonScriptCode.RunWorker(CodeContext ctx)
>    at IronPython.Compiler.PythonScriptCode.Run(Scope scope)
>    at IronPython.Compiler.RuntimeScriptCode.InvokeTarget(Scope scope)
>    at IronPython.Compiler.RuntimeScriptCode.Run(Scope scope)
>    at Microsoft.Scripting.Hosting.CompiledCode.Execute(ScriptScope scope)
>    at 
> Microsoft.Scripting.Hosting.CompiledCode.ExecuteAndWrap(ScriptScope 
> scope, ObjectHandle& exception)
> The action that failed was:
> Demand
> The type of the first permission that failed was:
> System.Security.PermissionSet
> The demand was for:
> <PermissionSet class="System.Security.PermissionSet"
> version="1"
> Unrestricted="true"/>
>
> The granted set of the failing assembly was:
> <PermissionSet class="System.Security.PermissionSet"
> version="1">
> <IPermission class="System.Security.Permissions.ReflectionPermission, 
> mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=<snip>"
> version="1"
> Unrestricted="true"/>
> <IPermission class="System.Security.Permissions.SecurityPermission, 
> mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=<snip>"
> version="1"
> Flags="Execution"/>
> </PermissionSet>
>
> The assembly or AppDomain that failed was:
> mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=<snip>
> ----
>
> Which I didn't get when I called ExecuteAndWrap() from the 
> ScriptSource... I have no idea what is going on, and no internet 
> searches are helping me debug this :(
>
> I setup the AppDomain for the engine like so:
>
>                 pset.AddPermission (new SecurityPermission 
> (SecurityPermissionFlag.Execution));
>                 pset.AddPermission(new 
> ReflectionPermission(PermissionState.Unrestricted));
>                 pset.AddPermission(new 
> FileIOPermission(FileIOPermissionAccess.PathDiscovery | 
> FileIOPermissionAccess.Read | FileIOPermissionAccess.Write, 
> AppDomain.CurrentDomain.BaseDirectory));
>
> Any ideas?
>
> - Jason Petrasko
>
>
> _______________________________________________
> Ironpython-users mailing list
> Ironpython-users at python.org
> https://mail.python.org/mailman/listinfo/ironpython-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20130910/654020a4/attachment.html>

More information about the Ironpython-users mailing list