Creating a codegroup from an installer class
We install a small, lightweight exe to client machines that loads our application from a web server.
Most of our assemblies need to run in a FullTrust sandbox.
We added an installer class that runs when the msi runs that creates 2 code groups. We also added logic that removes the code groups on an uninstall. Below is the code from the Installer class; enjoy and I hope it helps you out.
Imports System.ComponentModel
Imports System.Configuration.Install
Imports System.Reflection
Imports System.Security
Imports System.Security.Policy
Imports System.Security.Permissions
Imports System.Configuration.ConfigurationSettings
Imports System.Xml
<RunInstaller(True)> Public Class Installer
Inherits System.Configuration.Install.Installer
#Region " Component Designer generated code "
Public Sub New()
MyBase.New()
'This call is required by the Component Designer.
InitializeComponent()
'Add any initialization after the InitializeComponent() call
End Sub
'Installer overrides dispose to clean up the component list.
Protected Overloads Overrides Sub Dispose(ByVal disposing As Boolean)
If disposing Then
If Not (components Is Nothing) Then
components.Dispose()
End If
End If
MyBase.Dispose(disposing)
End Sub
'Required by the Component Designer
Private components As System.ComponentModel.IContainer
'NOTE: The following procedure is required by the Component Designer
'It can be modified using the Component Designer.
'Do not modify it using the code editor.
<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
components = New System.ComponentModel.Container()
End Sub
#End Region
Private Sub SetSecurity(ByVal address As String, ByVal type As String)
Dim ph As System.Collections.IEnumerator
Dim pl As System.Security.Policy.PolicyLevel
Dim found As Boolean
' retrieve the security policy hierarchy
ph = SecurityManager.PolicyHierarchy
' loop through to find the Machine level sub-tree
Do While ph.MoveNext
pl = CType(ph.Current, PolicyLevel)
If pl.Label = "Machine" Then
found = True
Exit Do
End If
Loop
If found Then
' see if the codegroup for this app already exists
' as a machine-level entry
Dim cg As CodeGroup
For Each cg In pl.RootCodeGroup.Children
If cg.Name = "AM.NET " & type Then
' codegroup already exists
' we assume it is set to a valid
' permission level
Exit Sub
End If
Next
' the codegroup doesn't already exist, so
' we'll add a url group with FullTrust
Dim ucg As UnionCodeGroup = _
New UnionCodeGroup(New UrlMembershipCondition(address), _
New PolicyStatement(New NamedPermissionSet("FullTrust")))
Select Case type
Case "WAN"
ucg.Description = "This code group grants the FullTrust permission set to assemblies from the " & _
"external AM.NET web server url."
Case "LAN"
ucg.Description = "This code group grants the FullTrust permission set to assemblies from the " & _
"internal AM.NET web server url."
End Select
ucg.Name = "AM.NET " & type
pl.RootCodeGroup.AddChild(ucg)
SecurityManager.SavePolicy()
End If
End Sub ' SetSecurity
Private Sub UnSetSecurity(ByVal type As String)
Dim ph As System.Collections.IEnumerator
Dim pl As System.Security.Policy.PolicyLevel
Dim found As Boolean
' retrieve the security policy hierarchy
ph = SecurityManager.PolicyHierarchy
' loop through to find the Machine level sub-tree
Do While ph.MoveNext
pl = CType(ph.Current, PolicyLevel)
If pl.Label = "Machine" Then
found = True
Exit Do
End If
Loop
If found Then
Dim cg As CodeGroup
For Each cg In pl.RootCodeGroup.Children
If cg.Name = "AM.NET " & type Then
Exit For
End If
Next
If Not cg Is Nothing Then pl.RootCodeGroup.RemoveChild(cg)
SecurityManager.SavePolicy()
End If
End Sub ' UnSetSecurity
Public Overrides Sub Install(ByVal stateSaver As System.Collections.IDictionary)
Dim dllConfigFileName As String = New Uri(System.Reflection.Assembly.GetExecutingAssembly().CodeBase & ".config").LocalPath
Dim dllConfig As New System.Xml.XmlDocument
dllConfig.Load(dllConfigFileName)
Dim internalCodeGroupNode As System.Xml.XmlNode = _
dllConfig.SelectSingleNode("//configuration/appSettings/add[@key='InternalCodeGroup']")
Dim internalCodeGroupValue As String = _
internalCodeGroupNode.Attributes("value").InnerText
Dim externalCodeGroupNode As System.Xml.XmlNode = _
dllConfig.SelectSingleNode("//configuration/appSettings/add[@key='ExternalCodeGroup']")
Dim externalCodeGroupValue As String = _
externalCodeGroupNode.Attributes("value").InnerText
If Not internalCodeGroupValue Is Nothing AndAlso Not internalCodeGroupValue.Trim().Length() = 0 Then
Me.SetSecurity(internalCodeGroupValue, "LAN")
Else
Throw New InvalidOperationException("The application setting InternalCodeGroup is invalid")
End If
If Not externalCodeGroupValue Is Nothing AndAlso Not externalCodeGroupValue.Trim().Length() = 0 Then
Me.SetSecurity(externalCodeGroupValue, "WAN")
Else
Throw New InvalidOperationException("The application setting ExternalCodeGroup is invalid")
End If
End Sub ' Install
Public Overrides Sub Uninstall(ByVal savedState As System.Collections.IDictionary)
Me.UnSetSecurity("LAN")
Me.UnSetSecurity("WAN")
End Sub ' Uninstall
End Class