I'm trying to create a Sandbox App Domain that has read only access to the file system. The code I have written to do this is
var ps = new PermissionSet(PermissionState.None);
ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
var f = new FileIOPermission(PermissionState.None);
f.AllLocalFiles = FileIOPermissionAccess.Read;
ps.AddPermission(f);
AppDomain domain = AppDomain.CreateDomain("MyDomain",
null,
new AppDomainSetup { ApplicationBase = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location) },
ps
);
string pathToDll = @"c:\temp\test.dll";
string thirdPartyFullName = "MyTest.Test";
IPlugin myObject = (IPlugin)domain.CreateInstanceFromAndUnwrap(pathToDll, thirdPartyFullName);
It almost works except it errors on the last line with this exception
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
If I change the FileIOPermission on the App Domain to have full access it runs fine. Is there something I need to change in Assembly I'm loading into the Application Domain to say it only needs read access to the file system?
I'm using .Net 4.0.
I think you probably also need
http://msdn.microsoft.com/en-us/library/y7h7t2a2.aspx