如何从磁盘上不再存在的程序集中删除完全信任？

Question

我正在运行以下命令：

C:\work\CreateInstanceTest\bin\Release>caspol -u -lf | findstr /i createinstancetest
22.  CreateInstanceTest 0.0.0.0 =
StrongName - 00240000048000009400000006020000002400005253413100040000010001000FA0D49898864D6AFDF5C69317CBAD9E02D1BB5E514AA7BE2B981DC68CF68E7501A763BD7FA33FFE0166ED7817A903CE158463313D29F52F3DA0CD4C48E1ECF034DF64A15173E9CA16EDA95A6244C09D44BD663B72CC45337D010B2BB9AE0C39738A84F42391AC19AA35F64A44D9ED742BDB44489D7E5C6D4E866C3EA46EE6BE name = CreateInstanceTest version = 0.0.0.0

C:\work\CreateInstanceTest\bin\Release>

我希望从完全信任中删除此程序集。我尝试了几种不同的选择，但都没有结果：

C:\work\CreateInstanceTest\bin\Release>caspol -u -rf CreateInstanceTest
Microsoft .NET Framework CasPol 4.0.30319.18010
for Microsoft .NET Framework version 4.0.30319.18010
Copyright (C) Microsoft Corporation.  All rights reserved.

WARNING: The .NET Framework does not apply CAS policy by default. Any settings shown or modified by CasPol will only affect applications that opt
into using CAS policy.

Please see http://go.microsoft.com/fwlink/?LinkId=131738 for more information.


ERROR: Unable to load assembly

Usage: caspol <option> <args> ...

caspol -rf
caspol -remfulltrust <assembly_name>
    Remove a full trust assembly from the policy level


C:\work\CreateInstanceTest\bin\Release>caspol -u -rf "CreateInstanceTest, PublicKey=00240000048000009400000006020000002400005253413100040000010001000FA0D49898864D6AFDF5C69317CBAD9E02D1BB5E514AA7BE2B981DC68CF68E7501A763BD7FA33FFE0166ED7817A903CE158463313D29F52F3DA0CD4C48E1ECF034DF64A15173E9CA16EDA95A6244C09D44BD663B72CC45337D010B2BB9AE0C39738A84F42391AC19AA35F64A44D9ED742BDB44489D7E5C6D4E866C3EA46EE6BE"
Microsoft .NET Framework CasPol 4.0.30319.18010
for Microsoft .NET Framework version 4.0.30319.18010
Copyright (C) Microsoft Corporation.  All rights reserved.

WARNING: The .NET Framework does not apply CAS policy by default. Any settings shown or modified by CasPol will only affect applications that opt
into using CAS policy.

Please see http://go.microsoft.com/fwlink/?LinkId=131738 for more information.


ERROR: Unable to load assembly

Usage: caspol <option> <args> ...

caspol -rf
caspol -remfulltrust <assembly_name>
    Remove a full trust assembly from the policy level


C:\work\CreateInstanceTest\bin\Release>

caspol.exe想让我把这个程序集放在磁盘上，但是我没有它。我只想把它从完全信任政策中删除。即使我没有集会，难道不是很容易吗？

Answer 1

这个特殊的“完全信任”列表与参与CAS策略决策有关，而不是一个更典型的无限制权限授予，而且自从v.2发布以来，它就没有被.NET框架使用过。换句话说，从列表中删除程序集应该没有任何效果。

尽管如此，如果您真的想这样做，caspol.exe没有避免文件加载的选项，所以您需要另一种方法。例如，您可以从自定义代码调用[PolicyLevel.RemoveFullTrustAssembly(StrongNameMembershipCondition)][1]。例如：

new FullTrustPolicyRemover().RemoveAssembly("CreateInstanceTest", "0.0.0.0", "00240000048000009400000006020000002400005253413100040000010001000FA0D49898864D6AFDF5C69317CBAD9E02D1BB5E514AA7BE2B981DC68CF68E7501A763BD7FA33FFE0166ED7817A903CE158463313D29F52F3DA0CD4C48E1ECF034DF64A15173E9CA16EDA95A6244C09D44BD663B72CC45337D010B2BB9AE0C39738A84F42391AC19AA35F64A44D9ED742BDB44489D7E5C6D4E866C3EA46EE6BE");

其中FullTrustPolicyRemover看起来是这样的：

public class FullTrustPolicyRemover
{
    internal void RemoveAssembly(string name, string version, string strongNamePublicKey)
    {
        var membershipCondition = new StrongNameMembershipCondition(new StrongNamePublicKeyBlob(HexStringToBytes(strongNamePublicKey)), name, new Version(version));
        var levelEnumerator = SecurityManager.PolicyHierarchy();
        while (levelEnumerator.MoveNext())
        {
            this.RemoveAssembly(membershipCondition, (PolicyLevel)levelEnumerator.Current);
        }
    }

    private void RemoveAssembly(StrongNameMembershipCondition membershipCondition, PolicyLevel policyLevel)
    {
        if (policyLevel.FullTrustAssemblies.Cast<StrongNameMembershipCondition>().Any(c => c.Equals(membershipCondition)))
        {
            policyLevel.RemoveFullTrustAssembly(membershipCondition);
            SecurityManager.SavePolicyLevel(policyLevel);
        }
    }

    private static byte[] HexStringToBytes(string hexString)
    {
        var result = new byte[hexString.Length / 2];
        for (int i = 0; i < result.Length; i++)
        {
            result[i] = byte.Parse(hexString.Substring(i * 2, 2), NumberStyles.HexNumber, CultureInfo.InvariantCulture);
        }

        return result;
    }
}