TL;DR; How do I create a sandboxed AppDomain (configuring CAS) from a C++ app?
Long version:
I'm hosting the .NET CLR in a C++ app and everything is working fine... However, my AppDomain has full trust, and I'd like to have a more granular control over what it can do (i.e. configure PermissionSets, etc.) as I'll be loading unknown assemblies that could potentially cause damage.
This is the gist of it:
// Create instance (CLRCreateInstance)
// Get meta-host, CorRuntimeHost, etc.
// Start the CLR
// ...
Eventually I have everything I need to create an AppDomain (please pretend that I'm actually handling exceptions, testing the HRESULTs from each of these calls, etc...):
pCorRuntimeHost->CreateDomainSetup(&spAppDomainSetupThunk);
spAppDomainSetupThunk->QueryInterface(IID_PPV_ARGS(&spAppDomainSetup));
spAppDomainSetup->put_ApplicationBase(_bstr_t(L"C:\\PretendThisIsNotHardCoded"));
spAppDomainSetup->put_ApplicationName(appDomainName);
pCorRuntimeHost->CreateDomainEx(appDomainName, spAppDomainSetupThunk, 0, &spAppDomainThunk);
spAppDomainThunk->QueryInterface(IID_PPV_ARGS(&spAppDomain));
// AppDomain ready to go, and full trust (at least on .NET 4)
Any ideas or code samples appreciated.