2

TL;DR; How do I create a sandboxed AppDomain (configuring CAS) from a C++ app?

Long version:

I'm hosting the .NET CLR in a C++ app and everything is working fine... However, my AppDomain has full trust, and I'd like to have a more granular control over what it can do (i.e. configure PermissionSets, etc.) as I'll be loading unknown assemblies that could potentially cause damage.

This is the gist of it:

// Create instance (CLRCreateInstance)
// Get meta-host, CorRuntimeHost, etc.
// Start the CLR
// ...

Eventually I have everything I need to create an AppDomain (please pretend that I'm actually handling exceptions, testing the HRESULTs from each of these calls, etc...):

pCorRuntimeHost->CreateDomainSetup(&spAppDomainSetupThunk);
spAppDomainSetupThunk->QueryInterface(IID_PPV_ARGS(&spAppDomainSetup));

spAppDomainSetup->put_ApplicationBase(_bstr_t(L"C:\\PretendThisIsNotHardCoded"));
spAppDomainSetup->put_ApplicationName(appDomainName);

pCorRuntimeHost->CreateDomainEx(appDomainName, spAppDomainSetupThunk, 0, &spAppDomainThunk);
spAppDomainThunk->QueryInterface(IID_PPV_ARGS(&spAppDomain));

// AppDomain ready to go, and full trust (at least on .NET 4)

Any ideas or code samples appreciated.

C. Augusto Proiete
  • 24,684
  • 2
  • 63
  • 91
  • 1
    Are you looking for the SetAppDomainPolicyLevel method: https://msdn.microsoft.com/en-us/library/system.appdomain.setappdomainpolicy.aspx ? In a policy level, you can put a lot of different permissions. – Simon Mourier Dec 02 '15 at 06:48
  • Hi @SimonMourier. Yes, I'm looking for something like that, except that `SetAppDomainPolicyLevel` is obsolete, so looking for an alternative. If I was using C#, I would call `AppDomain.CreateDomain` and pass a list of `PermissionSet`s. Looking to do something similar, but in C++ using the COM Interop. – C. Augusto Proiete Dec 02 '15 at 14:26
  • 1
    ok, if you go that route, all xxCorxx interfaces are obsolete as well. The equivalent for .NET 4 is here: https://msdn.microsoft.com/en-us/library/bb763046.aspx. I think you're supposed to code all this in a .NET assembly and call it using ICLRRuntimeHost::ExecuteInDefaultAppDomain or use AppDomainManager as described here: http://www.codeproject.com/Articles/416471/CLR-Hosting-Customizing-the-CLR – Simon Mourier Dec 03 '15 at 15:15

0 Answers0