Restrict execution of dynamically loaded assembly

Question

I'm building a board game with the possibility of adding custom user bot. Bot behaviors and decisions are define according to an interface :

public interface IBotPlayer 
{
    .....

    void Init(); 

    PlayResult Play(TableState tableState) ; 

    ..... 
}

Other users can implement that interface in an external assembly that I load dynamically in my main application.

Assembly assembly = Assembly.LoadFile("externalLib.dll");

foreach (var botPlayerType in assembly.GetTypes().Where(t => t.IsClass && t.IsAssignableFrom(typeof(IBotPlayer)))
{
    ..........

    // Execution on a new thread th
    // Now I wanna run it in some kind of sandbox with very limited right, no disk access, no network, ...

     IBotPlayer botPlayer = Activator.CreateInstance<IBotPlayer>(botPlayerType); 
     botPlayer.Init() ;     

     ........
}

As if IBotPlayer implementation should only be algorithmic, is it possible to restrict the executing thread with only the use of collections for e.g? **If yes how ?

You can create `botPlayer` instance in restricted AppDomain created by you - like in [this question](http://stackoverflow.com/questions/11259304/restricted-permission-appdomain-grant-set-issue). — Konrad Kokosa, Jul 03 '14 at 11:58
You can be also interested in [MS Add-in Framework](http://msdn.microsoft.com/en-us/library/bb384200(v=vs.110).aspx) which can do basically the same but in more sophisticated way. — Konrad Kokosa, Jul 03 '14 at 12:04

score 1 · Answer 1 · edited May 23 '17 at 12:28

1

This answer is exactly what you need! https://stackoverflow.com/a/5621587/2687006

I played with the code myself and can say, that the tricky part of the answer above is in executing sandboxer also from restricted appdomain. Sandboxer then loads a dll with untrusted code and executes.

edited May 23 '17 at 12:28

Community

1
1

answered Jul 05 '14 at 13:52

Andrey Ershov

1,773
1
16
26

Restrict execution of dynamically loaded assembly

1 Answers1