sdk/include/psdk/winsafer.h

   1 /*
   2  * winsafer.h
   3  *
   4  * This file is part of the ReactOS PSDK package.
   5  *
   6  * Contributors:
   7  *   Thomas Faber (thomas.faber@reactos.org)
   8  *
   9  * THIS SOFTWARE IS NOT COPYRIGHTED
  10  *
  11  * This source code is offered for use in the public domain. You may
  12  * use, modify or distribute it freely.
  13  *
  14  * This code is distributed in the hope that it will be useful but
  15  * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
  16  * DISCLAIMED. This includes but is not limited to warranties of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  18  *
  19  */
  20 #pragma once
  21
  22 #ifndef _WINSAFER_H
  23 #define _WINSAFER_H
  24
  25 #include <guiddef.h>
  26 #include <wincrypt.h>
  27
  28 #ifdef __cplusplus
  29 extern "C" {
  30 #endif /* __cplusplus */
  31
  32 DECLARE_HANDLE(SAFER_LEVEL_HANDLE);
  33
  34 #define SAFER_SCOPEID_MACHINE 1
  35 #define SAFER_SCOPEID_USER    2
  36
  37 #define SAFER_LEVELID_DISALLOWED   0x00000
  38 #define SAFER_LEVELID_UNTRUSTED    0x01000
  39 #define SAFER_LEVELID_CONSTRAINED  0x10000
  40 #define SAFER_LEVELID_NORMALUSER   0x20000
  41 #define SAFER_LEVELID_FULLYTRUSTED 0x40000
  42
  43 #define SAFER_LEVEL_OPEN 1
  44
  45 #define SAFER_MAX_HASH_SIZE          64
  46 #define SAFER_MAX_DESCRIPTION_SIZE  256
  47 #define SAFER_MAX_FRIENDLYNAME_SIZE 256
  48
  49 #define SAFER_TOKEN_NULL_IF_EQUAL 0x1
  50 #define SAFER_TOKEN_COMPARE_ONLY  0x2
  51 #define SAFER_TOKEN_MAKE_INERT    0x4
  52 #define SAFER_TOKEN_WANT_FLAGS    0x8
  53
  54 #define SAFER_CRITERIA_IMAGEPATH    0x0001
  55 #define SAFER_CRITERIA_NOSIGNEDHASH 0x0002
  56 #define SAFER_CRITERIA_IMAGEHASH    0x0004
  57 #define SAFER_CRITERIA_AUTHENTICODE 0x0008
  58 #define SAFER_CRITERIA_URLZONE      0x0010
  59 #define SAFER_CRITERIA_APPX_PACKAGE 0x0020
  60 #define SAFER_CRITERIA_IMAGEPATH_NT 0x1000
  61
  62 #define SAFER_POLICY_JOBID_UNTRUSTED            0x03000000
  63 #define SAFER_POLICY_JOBID_CONSTRAINED          0x04000000
  64 #define SAFER_POLICY_JOBID_MASK                 0xFF000000
  65 #define SAFER_POLICY_ONLY_EXES                  0x00010000
  66 #define SAFER_POLICY_SANDBOX_INERT              0x00020000
  67 #define SAFER_POLICY_HASH_DUPLICATE             0x00040000
  68 #define SAFER_POLICY_ONLY_AUDIT                 0x00001000
  69 #define SAFER_POLICY_BLOCK_CLIENT_UI            0x00002000
  70 #define SAFER_POLICY_UIFLAGS_INFORMATION_PROMPT 0x00000001
  71 #define SAFER_POLICY_UIFLAGS_OPTION_PROMPT      0x00000002
  72 #define SAFER_POLICY_UIFLAGS_HIDDEN             0x00000004
  73 #define SAFER_POLICY_UIFLAGS_MASK               0x000000FF
  74
  75
  76 #include <pshpack8.h>
  77
  78 typedef struct _SAFER_CODE_PROPERTIES_V1
  79 {
  80     DWORD cbSize;
  81     DWORD dwCheckFlags;
  82     PCWSTR ImagePath;
  83     HANDLE hImageFileHandle;
  84     DWORD UrlZoneId;
  85     BYTE ImageHash[SAFER_MAX_HASH_SIZE];
  86     DWORD dwImageHashSize;
  87     LARGE_INTEGER ImageSize;
  88     ALG_ID HashAlgorithm;
  89     PBYTE pByteBlock;
  90     HWND hWndParent;
  91     DWORD dwWVTUIChoice;
  92 } SAFER_CODE_PROPERTIES_V1, *PSAFER_CODE_PROPERTIES_V1;
  93
  94 typedef struct _SAFER_CODE_PROPERTIES_V2
  95 {
  96     SAFER_CODE_PROPERTIES_V1;
  97     PCWSTR PackageMoniker;
  98     PCWSTR PackagePublisher;
  99     PCWSTR PackageName;
 100     ULONG64 PackageVersion;
 101     BOOL PackageIsFramework;
 102 } SAFER_CODE_PROPERTIES_V2, *PSAFER_CODE_PROPERTIES_V2;
 103
 104 #include <poppack.h>
 105
 106 /* NOTE: MS defines SAFER_CODE_PROPERTIES as V2 unconditionally,
 107  * which is... not smart */
 108 #if _WIN32_WINNT >= 0x602
 109 typedef SAFER_CODE_PROPERTIES_V2 SAFER_CODE_PROPERTIES, *PSAFER_CODE_PROPERTIES;
 110 #else /* _WIN32_WINNT */
 111 typedef SAFER_CODE_PROPERTIES_V1 SAFER_CODE_PROPERTIES, *PSAFER_CODE_PROPERTIES;
 112 #endif /* _WIN32_WINNT */
 113
 114 typedef enum _SAFER_OBJECT_INFO_CLASS
 115 {
 116     SaferObjectLevelId = 1,
 117     SaferObjectScopeId = 2,
 118     SaferObjectFriendlyName = 3,
 119     SaferObjectDescription = 4,
 120     SaferObjectBuiltin = 5,
 121     SaferObjectDisallowed = 6,
 122     SaferObjectDisableMaxPrivilege = 7,
 123     SaferObjectInvertDeletedPrivileges = 8,
 124     SaferObjectDeletedPrivileges = 9,
 125     SaferObjectDefaultOwner = 10,
 126     SaferObjectSidsToDisable = 11,
 127     SaferObjectRestrictedSidsInverted = 12,
 128     SaferObjectRestrictedSidsAdded = 13,
 129     SaferObjectAllIdentificationGuids = 14,
 130     SaferObjectSingleIdentification = 15,
 131     SaferObjectExtendedError = 16,
 132 } SAFER_OBJECT_INFO_CLASS;
 133
 134 typedef enum _SAFER_POLICY_INFO_CLASS
 135 {
 136     SaferPolicyLevelList = 1,
 137     SaferPolicyEnableTransparentEnforcement = 2,
 138     SaferPolicyDefaultLevel = 3,
 139     SaferPolicyEvaluateUserScope = 4,
 140     SaferPolicyScopeFlags = 5,
 141     SaferPolicyDefaultLevelFlags = 6,
 142     SaferPolicyAuthenticodeEnabled = 7,
 143 } SAFER_POLICY_INFO_CLASS;
 144
 145 typedef enum _SAFER_IDENTIFICATION_TYPES
 146 {
 147     SaferIdentityDefault = 0,
 148     SaferIdentityTypeImageName = 1,
 149     SaferIdentityTypeImageHash = 2,
 150     SaferIdentityTypeUrlZone = 3,
 151     SaferIdentityTypeCertificate = 4,
 152 } SAFER_IDENTIFICATION_TYPES;
 153
 154 #include <pshpack8.h>
 155
 156 typedef struct _SAFER_IDENTIFICATION_HEADER
 157 {
 158     SAFER_IDENTIFICATION_TYPES dwIdentificationType;
 159     DWORD cbStructSize;
 160     GUID IdentificationGuid;
 161     FILETIME lastModified;
 162 } SAFER_IDENTIFICATION_HEADER, *PSAFER_IDENTIFICATION_HEADER;
 163
 164 typedef struct _SAFER_PATHNAME_IDENTIFICATION
 165 {
 166     SAFER_IDENTIFICATION_HEADER header;
 167     WCHAR Description[SAFER_MAX_DESCRIPTION_SIZE];
 168     PWCHAR ImageName;
 169     DWORD dwSaferFlags;
 170 } SAFER_PATHNAME_IDENTIFICATION, *PSAFER_PATHNAME_IDENTIFICATION;
 171
 172 typedef struct _SAFER_HASH_IDENTIFICATION
 173 {
 174     SAFER_IDENTIFICATION_HEADER header;
 175     WCHAR Description[SAFER_MAX_DESCRIPTION_SIZE];
 176     WCHAR FriendlyName[SAFER_MAX_FRIENDLYNAME_SIZE];
 177     DWORD HashSize;
 178     BYTE ImageHash[SAFER_MAX_HASH_SIZE];
 179     ALG_ID HashAlgorithm;
 180     LARGE_INTEGER ImageSize;
 181     DWORD dwSaferFlags;
 182 } SAFER_HASH_IDENTIFICATION, *PSAFER_HASH_IDENTIFICATION;
 183
 184 typedef struct _SAFER_HASH_IDENTIFICATION2
 185 {
 186     SAFER_HASH_IDENTIFICATION hashIdentification;
 187     DWORD HashSize;
 188     BYTE ImageHash[SAFER_MAX_HASH_SIZE];
 189     ALG_ID HashAlgorithm;
 190 } SAFER_HASH_IDENTIFICATION2, *PSAFER_HASH_IDENTIFICATION2;
 191
 192 typedef struct _SAFER_URLZONE_IDENTIFICATION
 193 {
 194     SAFER_IDENTIFICATION_HEADER header;
 195     DWORD UrlZoneId;
 196     DWORD dwSaferFlags;
 197 } SAFER_URLZONE_IDENTIFICATION, *PSAFER_URLZONE_IDENTIFICATION;
 198
 199 #include <poppack.h>
 200
 201
 202 WINADVAPI
 203 BOOL
 204 WINAPI
 205 SaferCloseLevel(
 206     _In_ SAFER_LEVEL_HANDLE hLevelHandle);
 207
 208 WINADVAPI
 209 BOOL
 210 WINAPI
 211 SaferComputeTokenFromLevel(
 212     _In_ SAFER_LEVEL_HANDLE LevelHandle,
 213     _In_opt_ HANDLE InAccessToken,
 214     _Out_ PHANDLE OutAccessToken,
 215     _In_ DWORD dwFlags,
 216     _Inout_opt_ PVOID pReserved);
 217
 218 WINADVAPI
 219 BOOL
 220 WINAPI
 221 SaferCreateLevel(
 222     _In_ DWORD dwScopeId,
 223     _In_ DWORD dwLevelId,
 224     _In_ DWORD OpenFlags,
 225     _Outptr_ SAFER_LEVEL_HANDLE *pLevelHandle,
 226     _Reserved_ PVOID pReserved);
 227
 228 WINADVAPI
 229 BOOL
 230 WINAPI
 231 SaferGetLevelInformation(
 232     _In_ SAFER_LEVEL_HANDLE LevelHandle,
 233     _In_ SAFER_OBJECT_INFO_CLASS dwInfoType,
 234     _Out_writes_bytes_opt_(dwInBufferSize) PVOID pQueryBuffer,
 235     _In_ DWORD dwInBufferSize,
 236     _Out_ PDWORD pdwOutBufferSize);
 237
 238 WINADVAPI
 239 BOOL
 240 WINAPI
 241 SaferGetPolicyInformation(
 242     _In_ DWORD dwScopeId,
 243     _In_ SAFER_POLICY_INFO_CLASS SaferPolicyInfoClass,
 244     _In_ DWORD InfoBufferSize,
 245     _Out_writes_bytes_opt_(InfoBufferSize) PVOID InfoBuffer,
 246     _Out_ PDWORD InfoBufferRetSize,
 247     _Reserved_ PVOID pReserved);
 248
 249 WINADVAPI
 250 BOOL
 251 WINAPI
 252 SaferIdentifyLevel(
 253     _In_ DWORD dwNumProperties,
 254     _In_reads_opt_(dwNumProperties) PSAFER_CODE_PROPERTIES pCodeProperties,
 255     _Outptr_ SAFER_LEVEL_HANDLE *pLevelHandle,
 256     _Reserved_ PVOID pReserved);
 257
 258 WINADVAPI
 259 BOOL
 260 WINAPI
 261 SaferiIsExecutableFileType(
 262     _In_ PCWSTR szFullPath,
 263     _In_ BOOLEAN bFromShellExecute);
 264
 265 WINADVAPI
 266 BOOL
 267 WINAPI
 268 SaferRecordEventLogEntry(
 269     _In_ SAFER_LEVEL_HANDLE hLevel,
 270     _In_ PCWSTR szTargetPath,
 271     _Reserved_ PVOID pReserved);
 272
 273 WINADVAPI
 274 BOOL
 275 WINAPI
 276 SaferSetLevelInformation(
 277     _In_ SAFER_LEVEL_HANDLE LevelHandle,
 278     _In_ SAFER_OBJECT_INFO_CLASS dwInfoType,
 279     _In_reads_bytes_(dwInBufferSize) PVOID pQueryBuffer,
 280     _In_ DWORD dwInBufferSize);
 281
 282 WINADVAPI
 283 BOOL
 284 WINAPI
 285 SaferSetPolicyInformation(
 286     _In_ DWORD dwScopeId,
 287     _In_ SAFER_POLICY_INFO_CLASS SaferPolicyInfoClass,
 288     _In_ DWORD InfoBufferSize,
 289     _In_reads_bytes_(InfoBufferSize) PVOID InfoBuffer,
 290     _Reserved_ PVOID pReserved);
 291
 292
 293 #define SRP_POLICY_EXE        L"EXE"
 294 #define SRP_POLICY_DLL        L"DLL"
 295 #define SRP_POLICY_MSI        L"MSI"
 296 #define SRP_POLICY_SCRIPT     L"SCRIPT"
 297 #define SRP_POLICY_SHELL      L"SHELL"
 298 #define SRP_POLICY_NOV2       L"IGNORESRPV2"
 299 #define SRP_POLICY_APPX       L"APPX"
 300 #define SRP_POLICY_WLDPMSI    L"WLDPMSI"
 301 #define SRP_POLICY_WLDPSCRIPT L"WLDPSCRIPT"
 302
 303 #ifdef __cplusplus
 304 } /* extern "C" */
 305 #endif /* __cplusplus */
 306
 307 #endif /* _WINSAFER_H */