4 * This file is part of the ReactOS PSDK package.
7 * Thomas Faber (thomas.faber@reactos.org)
9 * THIS SOFTWARE IS NOT COPYRIGHTED
11 * This source code is offered for use in the public domain. You may
12 * use, modify or distribute it freely.
14 * This code is distributed in the hope that it will be useful but
15 * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
16 * DISCLAIMED. This includes but is not limited to warranties of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
30 #endif /* __cplusplus */
32 DECLARE_HANDLE(SAFER_LEVEL_HANDLE
);
34 #define SAFER_SCOPEID_MACHINE 1
35 #define SAFER_SCOPEID_USER 2
37 #define SAFER_LEVELID_DISALLOWED 0x00000
38 #define SAFER_LEVELID_UNTRUSTED 0x01000
39 #define SAFER_LEVELID_CONSTRAINED 0x10000
40 #define SAFER_LEVELID_NORMALUSER 0x20000
41 #define SAFER_LEVELID_FULLYTRUSTED 0x40000
43 #define SAFER_LEVEL_OPEN 1
45 #define SAFER_MAX_HASH_SIZE 64
46 #define SAFER_MAX_DESCRIPTION_SIZE 256
47 #define SAFER_MAX_FRIENDLYNAME_SIZE 256
49 #define SAFER_TOKEN_NULL_IF_EQUAL 0x1
50 #define SAFER_TOKEN_COMPARE_ONLY 0x2
51 #define SAFER_TOKEN_MAKE_INERT 0x4
52 #define SAFER_TOKEN_WANT_FLAGS 0x8
54 #define SAFER_CRITERIA_IMAGEPATH 0x0001
55 #define SAFER_CRITERIA_NOSIGNEDHASH 0x0002
56 #define SAFER_CRITERIA_IMAGEHASH 0x0004
57 #define SAFER_CRITERIA_AUTHENTICODE 0x0008
58 #define SAFER_CRITERIA_URLZONE 0x0010
59 #define SAFER_CRITERIA_APPX_PACKAGE 0x0020
60 #define SAFER_CRITERIA_IMAGEPATH_NT 0x1000
62 #define SAFER_POLICY_JOBID_UNTRUSTED 0x03000000
63 #define SAFER_POLICY_JOBID_CONSTRAINED 0x04000000
64 #define SAFER_POLICY_JOBID_MASK 0xFF000000
65 #define SAFER_POLICY_ONLY_EXES 0x00010000
66 #define SAFER_POLICY_SANDBOX_INERT 0x00020000
67 #define SAFER_POLICY_HASH_DUPLICATE 0x00040000
68 #define SAFER_POLICY_ONLY_AUDIT 0x00001000
69 #define SAFER_POLICY_BLOCK_CLIENT_UI 0x00002000
70 #define SAFER_POLICY_UIFLAGS_INFORMATION_PROMPT 0x00000001
71 #define SAFER_POLICY_UIFLAGS_OPTION_PROMPT 0x00000002
72 #define SAFER_POLICY_UIFLAGS_HIDDEN 0x00000004
73 #define SAFER_POLICY_UIFLAGS_MASK 0x000000FF
78 typedef struct _SAFER_CODE_PROPERTIES_V1
83 HANDLE hImageFileHandle
;
85 BYTE ImageHash
[SAFER_MAX_HASH_SIZE
];
86 DWORD dwImageHashSize
;
87 LARGE_INTEGER ImageSize
;
92 } SAFER_CODE_PROPERTIES_V1
, *PSAFER_CODE_PROPERTIES_V1
;
94 typedef struct _SAFER_CODE_PROPERTIES_V2
96 SAFER_CODE_PROPERTIES_V1
;
97 PCWSTR PackageMoniker
;
98 PCWSTR PackagePublisher
;
100 ULONG64 PackageVersion
;
101 BOOL PackageIsFramework
;
102 } SAFER_CODE_PROPERTIES_V2
, *PSAFER_CODE_PROPERTIES_V2
;
106 /* NOTE: MS defines SAFER_CODE_PROPERTIES as V2 unconditionally,
107 * which is... not smart */
108 #if _WIN32_WINNT >= 0x602
109 typedef SAFER_CODE_PROPERTIES_V2 SAFER_CODE_PROPERTIES
, *PSAFER_CODE_PROPERTIES
;
110 #else /* _WIN32_WINNT */
111 typedef SAFER_CODE_PROPERTIES_V1 SAFER_CODE_PROPERTIES
, *PSAFER_CODE_PROPERTIES
;
112 #endif /* _WIN32_WINNT */
114 typedef enum _SAFER_OBJECT_INFO_CLASS
116 SaferObjectLevelId
= 1,
117 SaferObjectScopeId
= 2,
118 SaferObjectFriendlyName
= 3,
119 SaferObjectDescription
= 4,
120 SaferObjectBuiltin
= 5,
121 SaferObjectDisallowed
= 6,
122 SaferObjectDisableMaxPrivilege
= 7,
123 SaferObjectInvertDeletedPrivileges
= 8,
124 SaferObjectDeletedPrivileges
= 9,
125 SaferObjectDefaultOwner
= 10,
126 SaferObjectSidsToDisable
= 11,
127 SaferObjectRestrictedSidsInverted
= 12,
128 SaferObjectRestrictedSidsAdded
= 13,
129 SaferObjectAllIdentificationGuids
= 14,
130 SaferObjectSingleIdentification
= 15,
131 SaferObjectExtendedError
= 16,
132 } SAFER_OBJECT_INFO_CLASS
;
134 typedef enum _SAFER_POLICY_INFO_CLASS
136 SaferPolicyLevelList
= 1,
137 SaferPolicyEnableTransparentEnforcement
= 2,
138 SaferPolicyDefaultLevel
= 3,
139 SaferPolicyEvaluateUserScope
= 4,
140 SaferPolicyScopeFlags
= 5,
141 SaferPolicyDefaultLevelFlags
= 6,
142 SaferPolicyAuthenticodeEnabled
= 7,
143 } SAFER_POLICY_INFO_CLASS
;
145 typedef enum _SAFER_IDENTIFICATION_TYPES
147 SaferIdentityDefault
= 0,
148 SaferIdentityTypeImageName
= 1,
149 SaferIdentityTypeImageHash
= 2,
150 SaferIdentityTypeUrlZone
= 3,
151 SaferIdentityTypeCertificate
= 4,
152 } SAFER_IDENTIFICATION_TYPES
;
154 #include <pshpack8.h>
156 typedef struct _SAFER_IDENTIFICATION_HEADER
158 SAFER_IDENTIFICATION_TYPES dwIdentificationType
;
160 GUID IdentificationGuid
;
161 FILETIME lastModified
;
162 } SAFER_IDENTIFICATION_HEADER
, *PSAFER_IDENTIFICATION_HEADER
;
164 typedef struct _SAFER_PATHNAME_IDENTIFICATION
166 SAFER_IDENTIFICATION_HEADER header
;
167 WCHAR Description
[SAFER_MAX_DESCRIPTION_SIZE
];
170 } SAFER_PATHNAME_IDENTIFICATION
, *PSAFER_PATHNAME_IDENTIFICATION
;
172 typedef struct _SAFER_HASH_IDENTIFICATION
174 SAFER_IDENTIFICATION_HEADER header
;
175 WCHAR Description
[SAFER_MAX_DESCRIPTION_SIZE
];
176 WCHAR FriendlyName
[SAFER_MAX_FRIENDLYNAME_SIZE
];
178 BYTE ImageHash
[SAFER_MAX_HASH_SIZE
];
179 ALG_ID HashAlgorithm
;
180 LARGE_INTEGER ImageSize
;
182 } SAFER_HASH_IDENTIFICATION
, *PSAFER_HASH_IDENTIFICATION
;
184 typedef struct _SAFER_HASH_IDENTIFICATION2
186 SAFER_HASH_IDENTIFICATION hashIdentification
;
188 BYTE ImageHash
[SAFER_MAX_HASH_SIZE
];
189 ALG_ID HashAlgorithm
;
190 } SAFER_HASH_IDENTIFICATION2
, *PSAFER_HASH_IDENTIFICATION2
;
192 typedef struct _SAFER_URLZONE_IDENTIFICATION
194 SAFER_IDENTIFICATION_HEADER header
;
197 } SAFER_URLZONE_IDENTIFICATION
, *PSAFER_URLZONE_IDENTIFICATION
;
206 _In_ SAFER_LEVEL_HANDLE hLevelHandle
);
211 SaferComputeTokenFromLevel(
212 _In_ SAFER_LEVEL_HANDLE LevelHandle
,
213 _In_opt_ HANDLE InAccessToken
,
214 _Out_ PHANDLE OutAccessToken
,
216 _Inout_opt_ PVOID pReserved
);
222 _In_ DWORD dwScopeId
,
223 _In_ DWORD dwLevelId
,
224 _In_ DWORD OpenFlags
,
225 _Outptr_ SAFER_LEVEL_HANDLE
*pLevelHandle
,
226 _Reserved_ PVOID pReserved
);
231 SaferGetLevelInformation(
232 _In_ SAFER_LEVEL_HANDLE LevelHandle
,
233 _In_ SAFER_OBJECT_INFO_CLASS dwInfoType
,
234 _Out_writes_bytes_opt_(dwInBufferSize
) PVOID pQueryBuffer
,
235 _In_ DWORD dwInBufferSize
,
236 _Out_ PDWORD pdwOutBufferSize
);
241 SaferGetPolicyInformation(
242 _In_ DWORD dwScopeId
,
243 _In_ SAFER_POLICY_INFO_CLASS SaferPolicyInfoClass
,
244 _In_ DWORD InfoBufferSize
,
245 _Out_writes_bytes_opt_(InfoBufferSize
) PVOID InfoBuffer
,
246 _Out_ PDWORD InfoBufferRetSize
,
247 _Reserved_ PVOID pReserved
);
253 _In_ DWORD dwNumProperties
,
254 _In_reads_opt_(dwNumProperties
) PSAFER_CODE_PROPERTIES pCodeProperties
,
255 _Outptr_ SAFER_LEVEL_HANDLE
*pLevelHandle
,
256 _Reserved_ PVOID pReserved
);
261 SaferiIsExecutableFileType(
262 _In_ PCWSTR szFullPath
,
263 _In_ BOOLEAN bFromShellExecute
);
268 SaferRecordEventLogEntry(
269 _In_ SAFER_LEVEL_HANDLE hLevel
,
270 _In_ PCWSTR szTargetPath
,
271 _Reserved_ PVOID pReserved
);
276 SaferSetLevelInformation(
277 _In_ SAFER_LEVEL_HANDLE LevelHandle
,
278 _In_ SAFER_OBJECT_INFO_CLASS dwInfoType
,
279 _In_reads_bytes_(dwInBufferSize
) PVOID pQueryBuffer
,
280 _In_ DWORD dwInBufferSize
);
285 SaferSetPolicyInformation(
286 _In_ DWORD dwScopeId
,
287 _In_ SAFER_POLICY_INFO_CLASS SaferPolicyInfoClass
,
288 _In_ DWORD InfoBufferSize
,
289 _In_reads_bytes_(InfoBufferSize
) PVOID InfoBuffer
,
290 _Reserved_ PVOID pReserved
);
293 #define SRP_POLICY_EXE L"EXE"
294 #define SRP_POLICY_DLL L"DLL"
295 #define SRP_POLICY_MSI L"MSI"
296 #define SRP_POLICY_SCRIPT L"SCRIPT"
297 #define SRP_POLICY_SHELL L"SHELL"
298 #define SRP_POLICY_NOV2 L"IGNORESRPV2"
299 #define SRP_POLICY_APPX L"APPX"
300 #define SRP_POLICY_WLDPMSI L"WLDPMSI"
301 #define SRP_POLICY_WLDPSCRIPT L"WLDPSCRIPT"
305 #endif /* __cplusplus */
307 #endif /* _WINSAFER_H */