Trusted assemblies

The rule sandbox has the following classes of trusted assemblies:

• Oracle Central Designer assemblies built by Oracle and signed by the corporate code signing tool are trusted (security-critical and security safe-critical).
• User-defined function assemblies with their public keys registered in the machine certificate store are loaded in the sandbox as yellow or green.

Note:

The decision to trust these assemblies is based on a manual procedure of installing certificates in the certificate store. A manual procedure creates the possibility of human error by registering incorrect public keys and establishing trust for a bad assembly.

While trusted assemblies run in the highly restrictive sandbox, they can elevate permissions. For the procedure and guidelines for such elevations, see Elevating CAS permissions.

The only high-level restriction that you can specify at the assembly level is the SecurityTransparentAttribute, which prohibits all elevations in the assembly. If the assembly needs to elevate permissions, the only guards against over-elevating are code review and code analysis tools.