NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Assembly manifest code request

Security policy mechanism grants permissions to managed code based on the evidence from the code, plus the request the code makes for permissions. The assembly is the basic packaging unit for application code; each assembly manifest contains a declarative security request for the permissions it needs to run. For more information on code requests and how the work with policy to product the grant, see Security Policy Specification.

LM serializes each of the provided permission sets (using ConvertPermissionSet exported from mscoree.dll) and writes the result as an uninterpreted blob into a custom value associated with the assembly metadata token. If a given (optional) permission set is not provided, the associated custom value is not created. The names of the custom values are as follows:

Macros for all of these are defined in cor.h (COR_PERM_REQUEST_REQD_CUSTOM_VALUE etc).

Adding code request to an assembly

Use the LM tool to set the code request on an assembly. Only one request (which may have three parts) exists for each assembly, so this operation overwrites any pre-existing code request. Tools that product assemblies may support specifying code requests directly without use of LM.

The XML format input file consists of up to three permission sets. At least one permission set must be present in the input file in order to be valid. This first permission set declares the permissions that are required in order for the program to run. The first permission set declaration can be optionally followed by one or two further permission set declarations. (There is no separating syntax, it's just a straight list of permission sets.) These represent optional permissions and permissions that should never be granted, respectively. If the user wishes to provide a refused set but not an optional set, they can place an empty declaration in the optional sets place (<PermissionSet></PermissionSet>). XML parsing is case sensitive.

Example:

   lm -n Sample -f sample.exe util.dll -s permissions.xml

Where permissions.xml is a file of the form:

<PermissionSet>
   … required permissions (see format below)
</PermissionSet>
<PermissionSet>
   … required permissions (see format below)
</PermissionSet>
<PermissionSet>
   … required permissions (see format below)
</PermissionSet>

Signing assemblies

Assemblies may be signed by software publishers using the standard AuthentiCode signing tools. For more info, see Windows Platform SDK – http://msdn.microsoft.com/library/sdkdoc/crypto/cryptotools_0bl1.htm

Since any change to an assembly breaks a digital signature, signing should be the last step in producing code. Specifically, code requests should be specified before signing.

A simple example of code signing follows.

makecert /sk XYZ /n "CN=XYZ Company" XYZ.cer

Generates a test X.509 certificate called XYZ.cer.

cert2spc XYZ.cer XYZ.spc

Generates a test Software Publisher Certificate (SPC) from the X.509 certificate called XYZ.cer.

signcode /spc XYZ.spc /k XYZ  XYZ.exe

Signs XYZ.exe with the XYZ.spc Software Publisher Certificate.