winsafer.h

Go to the documentation of this file.

/*
 * winsafer.h
 *
 * This file is part of the ReactOS PSDK package.
 *
 * Contributors:
 *   Thomas Faber (thomas.faber@reactos.org)
 *
 * THIS SOFTWARE IS NOT COPYRIGHTED
 *
 * This source code is offered for use in the public domain. You may
 * use, modify or distribute it freely.
 *
 * This code is distributed in the hope that it will be useful but
 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
 * DISCLAIMED. This includes but is not limited to warranties of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 *
 */
#pragma once
 
#ifndef _WINSAFER_H
#define _WINSAFER_H
 
#include <guiddef.h>
#include <wincrypt.h>
 
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
 
DECLARE_HANDLE(SAFER_LEVEL_HANDLE);
 
#define SAFER_SCOPEID_MACHINE 1
#define SAFER_SCOPEID_USER    2
 
#define SAFER_LEVELID_DISALLOWED   0x00000
#define SAFER_LEVELID_UNTRUSTED    0x01000
#define SAFER_LEVELID_CONSTRAINED  0x10000
#define SAFER_LEVELID_NORMALUSER   0x20000
#define SAFER_LEVELID_FULLYTRUSTED 0x40000
 
#define SAFER_LEVEL_OPEN 1
 
#define SAFER_MAX_HASH_SIZE          64
#define SAFER_MAX_DESCRIPTION_SIZE  256
#define SAFER_MAX_FRIENDLYNAME_SIZE 256
 
#define SAFER_TOKEN_NULL_IF_EQUAL 0x1
#define SAFER_TOKEN_COMPARE_ONLY  0x2
#define SAFER_TOKEN_MAKE_INERT    0x4
#define SAFER_TOKEN_WANT_FLAGS    0x8
 
#define SAFER_CRITERIA_IMAGEPATH    0x0001
#define SAFER_CRITERIA_NOSIGNEDHASH 0x0002
#define SAFER_CRITERIA_IMAGEHASH    0x0004
#define SAFER_CRITERIA_AUTHENTICODE 0x0008
#define SAFER_CRITERIA_URLZONE      0x0010
#define SAFER_CRITERIA_APPX_PACKAGE 0x0020
#define SAFER_CRITERIA_IMAGEPATH_NT 0x1000
 
#define SAFER_POLICY_JOBID_UNTRUSTED            0x03000000
#define SAFER_POLICY_JOBID_CONSTRAINED          0x04000000
#define SAFER_POLICY_JOBID_MASK                 0xFF000000
#define SAFER_POLICY_ONLY_EXES                  0x00010000
#define SAFER_POLICY_SANDBOX_INERT              0x00020000
#define SAFER_POLICY_HASH_DUPLICATE             0x00040000
#define SAFER_POLICY_ONLY_AUDIT                 0x00001000
#define SAFER_POLICY_BLOCK_CLIENT_UI            0x00002000
#define SAFER_POLICY_UIFLAGS_INFORMATION_PROMPT 0x00000001
#define SAFER_POLICY_UIFLAGS_OPTION_PROMPT      0x00000002
#define SAFER_POLICY_UIFLAGS_HIDDEN             0x00000004
#define SAFER_POLICY_UIFLAGS_MASK               0x000000FF
 
 
#include <pshpack8.h>
 
typedef struct _SAFER_CODE_PROPERTIES_V1
{
    DWORD cbSize;
    DWORD dwCheckFlags;
    PCWSTR ImagePath;
    HANDLE hImageFileHandle;
    DWORD UrlZoneId;
    BYTE ImageHash[SAFER_MAX_HASH_SIZE];
    DWORD dwImageHashSize;
    LARGE_INTEGER ImageSize;
    ALG_ID HashAlgorithm;
    PBYTE pByteBlock;
    HWND hWndParent;
    DWORD dwWVTUIChoice;
} SAFER_CODE_PROPERTIES_V1, *PSAFER_CODE_PROPERTIES_V1;
 
typedef struct _SAFER_CODE_PROPERTIES_V2
{
    SAFER_CODE_PROPERTIES_V1;
    PCWSTR PackageMoniker;
    PCWSTR PackagePublisher;
    PCWSTR PackageName;
    ULONG64 PackageVersion;
    BOOL PackageIsFramework;
} SAFER_CODE_PROPERTIES_V2, *PSAFER_CODE_PROPERTIES_V2;
 
#include <poppack.h>
 
/* NOTE: MS defines SAFER_CODE_PROPERTIES as V2 unconditionally,
 * which is... not smart */
#if _WIN32_WINNT >= 0x602
typedef SAFER_CODE_PROPERTIES_V2 SAFER_CODE_PROPERTIES, *PSAFER_CODE_PROPERTIES;
#else /* _WIN32_WINNT */
typedef SAFER_CODE_PROPERTIES_V1 SAFER_CODE_PROPERTIES, *PSAFER_CODE_PROPERTIES;
#endif /* _WIN32_WINNT */
 
typedef enum _SAFER_OBJECT_INFO_CLASS
{
    SaferObjectLevelId = 1,
    SaferObjectScopeId = 2,
    SaferObjectFriendlyName = 3,
    SaferObjectDescription = 4,
    SaferObjectBuiltin = 5,
    SaferObjectDisallowed = 6,
    SaferObjectDisableMaxPrivilege = 7,
    SaferObjectInvertDeletedPrivileges = 8,
    SaferObjectDeletedPrivileges = 9,
    SaferObjectDefaultOwner = 10,
    SaferObjectSidsToDisable = 11,
    SaferObjectRestrictedSidsInverted = 12,
    SaferObjectRestrictedSidsAdded = 13,
    SaferObjectAllIdentificationGuids = 14,
    SaferObjectSingleIdentification = 15,
    SaferObjectExtendedError = 16,
} SAFER_OBJECT_INFO_CLASS;
 
typedef enum _SAFER_POLICY_INFO_CLASS
{
    SaferPolicyLevelList = 1,
    SaferPolicyEnableTransparentEnforcement = 2,
    SaferPolicyDefaultLevel = 3,
    SaferPolicyEvaluateUserScope = 4,
    SaferPolicyScopeFlags = 5,
    SaferPolicyDefaultLevelFlags = 6,
    SaferPolicyAuthenticodeEnabled = 7,
} SAFER_POLICY_INFO_CLASS;
 
typedef enum _SAFER_IDENTIFICATION_TYPES
{
    SaferIdentityDefault = 0,
    SaferIdentityTypeImageName = 1,
    SaferIdentityTypeImageHash = 2,
    SaferIdentityTypeUrlZone = 3,
    SaferIdentityTypeCertificate = 4,
} SAFER_IDENTIFICATION_TYPES;
 
#include <pshpack8.h>
 
typedef struct _SAFER_IDENTIFICATION_HEADER
{
    SAFER_IDENTIFICATION_TYPES dwIdentificationType;
    DWORD cbStructSize;
    GUID IdentificationGuid;
    FILETIME lastModified;
} SAFER_IDENTIFICATION_HEADER, *PSAFER_IDENTIFICATION_HEADER;
 
typedef struct _SAFER_PATHNAME_IDENTIFICATION
{
    SAFER_IDENTIFICATION_HEADER header;
    WCHAR Description[SAFER_MAX_DESCRIPTION_SIZE];
    PWCHAR ImageName;
    DWORD dwSaferFlags;
} SAFER_PATHNAME_IDENTIFICATION, *PSAFER_PATHNAME_IDENTIFICATION;
 
typedef struct _SAFER_HASH_IDENTIFICATION
{
    SAFER_IDENTIFICATION_HEADER header;
    WCHAR Description[SAFER_MAX_DESCRIPTION_SIZE];
    WCHAR FriendlyName[SAFER_MAX_FRIENDLYNAME_SIZE];
    DWORD HashSize;
    BYTE ImageHash[SAFER_MAX_HASH_SIZE];
    ALG_ID HashAlgorithm;
    LARGE_INTEGER ImageSize;
    DWORD dwSaferFlags;
} SAFER_HASH_IDENTIFICATION, *PSAFER_HASH_IDENTIFICATION;
 
typedef struct _SAFER_HASH_IDENTIFICATION2
{
    SAFER_HASH_IDENTIFICATION hashIdentification;
    DWORD HashSize;
    BYTE ImageHash[SAFER_MAX_HASH_SIZE];
    ALG_ID HashAlgorithm;
} SAFER_HASH_IDENTIFICATION2, *PSAFER_HASH_IDENTIFICATION2;
 
typedef struct _SAFER_URLZONE_IDENTIFICATION
{
    SAFER_IDENTIFICATION_HEADER header;
    DWORD UrlZoneId;
    DWORD dwSaferFlags;
} SAFER_URLZONE_IDENTIFICATION, *PSAFER_URLZONE_IDENTIFICATION;
 
#include <poppack.h>
 
 
WINADVAPI
BOOL
WINAPI
SaferCloseLevel(
    _In_ SAFER_LEVEL_HANDLE hLevelHandle);
 
WINADVAPI
BOOL
WINAPI
SaferComputeTokenFromLevel(
    _In_ SAFER_LEVEL_HANDLE LevelHandle,
    _In_opt_ HANDLE InAccessToken,
    _Out_ PHANDLE OutAccessToken,
    _In_ DWORD dwFlags,
    _Inout_opt_ PVOID pReserved);
 
WINADVAPI
BOOL
WINAPI
SaferCreateLevel(
    _In_ DWORD dwScopeId,
    _In_ DWORD dwLevelId,
    _In_ DWORD OpenFlags,
    _Outptr_ SAFER_LEVEL_HANDLE *pLevelHandle,
    _Reserved_ PVOID pReserved);
 
WINADVAPI
BOOL
WINAPI
SaferGetLevelInformation(
    _In_ SAFER_LEVEL_HANDLE LevelHandle,
    _In_ SAFER_OBJECT_INFO_CLASS dwInfoType,
    _Out_writes_bytes_opt_(dwInBufferSize) PVOID pQueryBuffer,
    _In_ DWORD dwInBufferSize,
    _Out_ PDWORD pdwOutBufferSize);
 
WINADVAPI
BOOL
WINAPI
SaferGetPolicyInformation(
    _In_ DWORD dwScopeId,
    _In_ SAFER_POLICY_INFO_CLASS SaferPolicyInfoClass,
    _In_ DWORD InfoBufferSize,
    _Out_writes_bytes_opt_(InfoBufferSize) PVOID InfoBuffer,
    _Out_ PDWORD InfoBufferRetSize,
    _Reserved_ PVOID pReserved);
 
WINADVAPI
BOOL
WINAPI
SaferIdentifyLevel(
    _In_ DWORD dwNumProperties,
    _In_reads_opt_(dwNumProperties) PSAFER_CODE_PROPERTIES pCodeProperties,
    _Outptr_ SAFER_LEVEL_HANDLE *pLevelHandle,
    _Reserved_ PVOID pReserved);
 
WINADVAPI
BOOL
WINAPI
SaferiIsExecutableFileType(
    _In_ PCWSTR szFullPath,
    _In_ BOOLEAN bFromShellExecute);
 
WINADVAPI
BOOL
WINAPI
SaferRecordEventLogEntry(
    _In_ SAFER_LEVEL_HANDLE hLevel,
    _In_ PCWSTR szTargetPath,
    _Reserved_ PVOID pReserved);
 
WINADVAPI
BOOL
WINAPI
SaferSetLevelInformation(
    _In_ SAFER_LEVEL_HANDLE LevelHandle,
    _In_ SAFER_OBJECT_INFO_CLASS dwInfoType,
    _In_reads_bytes_(dwInBufferSize) PVOID pQueryBuffer,
    _In_ DWORD dwInBufferSize);
 
WINADVAPI
BOOL
WINAPI
SaferSetPolicyInformation(
    _In_ DWORD dwScopeId,
    _In_ SAFER_POLICY_INFO_CLASS SaferPolicyInfoClass,
    _In_ DWORD InfoBufferSize,
    _In_reads_bytes_(InfoBufferSize) PVOID InfoBuffer,
    _Reserved_ PVOID pReserved);
 
 
#define SRP_POLICY_EXE        L"EXE"
#define SRP_POLICY_DLL        L"DLL"
#define SRP_POLICY_MSI        L"MSI"
#define SRP_POLICY_SCRIPT     L"SCRIPT"
#define SRP_POLICY_SHELL      L"SHELL"
#define SRP_POLICY_NOV2       L"IGNORESRPV2"
#define SRP_POLICY_APPX       L"APPX"
#define SRP_POLICY_WLDPMSI    L"WLDPMSI"
#define SRP_POLICY_WLDPSCRIPT L"WLDPSCRIPT"
 
#ifdef __cplusplus
} /* extern "C" */
#endif /* __cplusplus */
 
#endif /* _WINSAFER_H */