AppDomain.DoCallBack requires ReflectionPermission?

Question

I have this class, instance of which I create in an AppDomain with no permissions but SecurityPermissionFlag.Execute:

class IsolationEntryPoint : MarshalByRefObject
{
    // main is the original AppDomain with all the permissions
    public void Enter(AppDomain main)
    {
        // these work correctly
        Console.WriteLine("Currently in: " + AppDomain.CurrentDomain.FriendlyName);
        Console.WriteLine("Host: " + main.FriendlyName);

        // the exception is thrown here
        main.DoCallBack(this.MyCallBack);
    }

    public void MyCallBack()
    {
        Console.WriteLine("Currently in: " + AppDomain.CurrentDomain.FriendlyName);
    }
}

The odd thing is that I get SecurityException in the DoCallback line saying:

Request for the permission of type 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

MSDNsays this about permission requirements of AppDomain.DoCallBack:

ReflectionPermission when invoked late-bound through mechanisms such as Type.InvokeMember.

The call is not using anything like Type.InvokeMember, why am I getting the exception?

EDIT:

For clarity, here is the code I use to create the AppDomain with the isolation object:

    [STAThread]
    static void Main(string[] args)
    {

        var setup = new AppDomainSetup();
        setup.ApplicationBase = Path.GetDirectoryName(Assembly.GetExecutingAssembly().CodeBase);

        var evidence = new Evidence();

        var permissions = new PermissionSet(PermissionState.None);
        permissions.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

        var domain = AppDomain.CreateDomain(
            "isolationDomain",
            evidence,
            setup,
            permissions);

        var handle = Activator.CreateInstanceFrom(
            domain, typeof(IsolationEntryPoint).Assembly.ManifestModule.FullyQualifiedName,
            typeof(IsolationEntryPoint).FullName);

        var instance = (IsolationEntryPoint)handle.Unwrap();

        instance.Enter(AppDomain.CurrentDomain);
    }

These two pieces code are my full application, there is nothing else (so the exception should be easy to reproduce).

Thanks for your help

Steffen Opel · Accepted Answer · 2012-01-26T21:18:28.820

3

The solution is actually quite simple: You missed to add the public access modifier to class IsolationEntryPoint, i.e after changing the class signature like so your sample runs just fine:

public class IsolationEntryPoint : MarshalByRefObject
{
    // [...]
}

edited Jan 26 '12 at 21:18

answered Jan 25 '12 at 12:24

Steffen Opel

63,899
11
192
211

Oh course. ReShaper is even yelling at me to give the class an access qualifier. Thanks for help, +100 for you (once SO allows me to) :) – Matěj Zábský Jan 25 '12 at 12:31
Yo, sometimes _use the tools_ trumps _use the source_ even ;) - Thanks for the generous bounty, which makes solving those puzzles all the more worthwhile :) – Steffen Opel Jan 26 '12 at 21:18

score 0 · Answer 2 · edited Aug 21 '13 at 06:32

0

I tried the below and it seems to work.

class Program
{

    static void Main(string[] args)
    {
        SecurityPermission t = new SecurityPermission(SecurityPermissionFlag.Execution);
        t.Demand();
        IsolationEntryPoint x = new IsolationEntryPoint();
        x.Enter(AppDomain.CurrentDomain);
    }
}


class IsolationEntryPoint : MarshalByRefObject
{
    // main is the original AppDomain with all the permissions 
    public void Enter(AppDomain main)
    {
        // these work correctly 
        Console.WriteLine("Currently in: " + AppDomain.CurrentDomain.FriendlyName);
        Console.WriteLine("Host: " + main.FriendlyName);

        // the exception is thrown here 
        main.DoCallBack(this.MyCallBack);
    }

    public void MyCallBack()
    {
        Console.WriteLine("Currently in: " + AppDomain.CurrentDomain.FriendlyName);
    }
}

edited Aug 21 '13 at 06:32

Carsten

11,287
7
39
62

answered Jan 21 '12 at 19:29

Soundararajan

2,000
21
23

But you are executing it from the default AppDomain which does have the Reflection privilege by default. I'm executing it from AppDomain no permissions but Execute. – Matěj Zábský Jan 21 '12 at 19:37
You can try adding custom permissions to the AppDomain explicitly by appDomainObject.PermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); – Soundararajan Jan 21 '12 at 19:45
How would that help? The AppDomain has the execute privilege alright (and I for purposes of security, I don't want to add the reflection privlege). I also posted full code I use to create the AppDomain. – Matěj Zábský Jan 21 '12 at 19:56

AppDomain.DoCallBack requires ReflectionPermission?

2 Answers2