xref: /reactos/sdk/include/psdk/winsafer.h (revision c2c66aff) 
1 /*
2  * winsafer.h
3  *
4  * This file is part of the ReactOS PSDK package.
5  *
6  * Contributors:
7  *   Thomas Faber (thomas.faber@reactos.org)
8  *
9  * THIS SOFTWARE IS NOT COPYRIGHTED
10  *
11  * This source code is offered for use in the public domain. You may
12  * use, modify or distribute it freely.
13  *
14  * This code is distributed in the hope that it will be useful but
15  * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
16  * DISCLAIMED. This includes but is not limited to warranties of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
18  *
19  */
20 #pragma once
21 
22 #ifndef _WINSAFER_H
23 #define _WINSAFER_H
24 
25 #include <guiddef.h>
26 #include <wincrypt.h>
27 
28 #ifdef __cplusplus
29 extern "C" {
30 #endif /* __cplusplus */
31 
32 DECLARE_HANDLE(SAFER_LEVEL_HANDLE);
33 
34 #define SAFER_SCOPEID_MACHINE 1
35 #define SAFER_SCOPEID_USER    2
36 
37 #define SAFER_LEVELID_DISALLOWED   0x00000
38 #define SAFER_LEVELID_UNTRUSTED    0x01000
39 #define SAFER_LEVELID_CONSTRAINED  0x10000
40 #define SAFER_LEVELID_NORMALUSER   0x20000
41 #define SAFER_LEVELID_FULLYTRUSTED 0x40000
42 
43 #define SAFER_LEVEL_OPEN 1
44 
45 #define SAFER_MAX_HASH_SIZE          64
46 #define SAFER_MAX_DESCRIPTION_SIZE  256
47 #define SAFER_MAX_FRIENDLYNAME_SIZE 256
48 
49 #define SAFER_TOKEN_NULL_IF_EQUAL 0x1
50 #define SAFER_TOKEN_COMPARE_ONLY  0x2
51 #define SAFER_TOKEN_MAKE_INERT    0x4
52 #define SAFER_TOKEN_WANT_FLAGS    0x8
53 
54 #define SAFER_CRITERIA_IMAGEPATH    0x0001
55 #define SAFER_CRITERIA_NOSIGNEDHASH 0x0002
56 #define SAFER_CRITERIA_IMAGEHASH    0x0004
57 #define SAFER_CRITERIA_AUTHENTICODE 0x0008
58 #define SAFER_CRITERIA_URLZONE      0x0010
59 #define SAFER_CRITERIA_APPX_PACKAGE 0x0020
60 #define SAFER_CRITERIA_IMAGEPATH_NT 0x1000
61 
62 #define SAFER_POLICY_JOBID_UNTRUSTED            0x03000000
63 #define SAFER_POLICY_JOBID_CONSTRAINED          0x04000000
64 #define SAFER_POLICY_JOBID_MASK                 0xFF000000
65 #define SAFER_POLICY_ONLY_EXES                  0x00010000
66 #define SAFER_POLICY_SANDBOX_INERT              0x00020000
67 #define SAFER_POLICY_HASH_DUPLICATE             0x00040000
68 #define SAFER_POLICY_ONLY_AUDIT                 0x00001000
69 #define SAFER_POLICY_BLOCK_CLIENT_UI            0x00002000
70 #define SAFER_POLICY_UIFLAGS_INFORMATION_PROMPT 0x00000001
71 #define SAFER_POLICY_UIFLAGS_OPTION_PROMPT      0x00000002
72 #define SAFER_POLICY_UIFLAGS_HIDDEN             0x00000004
73 #define SAFER_POLICY_UIFLAGS_MASK               0x000000FF
74 
75 
76 #include <pshpack8.h>
77 
78 typedef struct _SAFER_CODE_PROPERTIES_V1
79 {
80     DWORD cbSize;
81     DWORD dwCheckFlags;
82     PCWSTR ImagePath;
83     HANDLE hImageFileHandle;
84     DWORD UrlZoneId;
85     BYTE ImageHash[SAFER_MAX_HASH_SIZE];
86     DWORD dwImageHashSize;
87     LARGE_INTEGER ImageSize;
88     ALG_ID HashAlgorithm;
89     PBYTE pByteBlock;
90     HWND hWndParent;
91     DWORD dwWVTUIChoice;
92 } SAFER_CODE_PROPERTIES_V1, *PSAFER_CODE_PROPERTIES_V1;
93 
94 typedef struct _SAFER_CODE_PROPERTIES_V2
95 {
96     SAFER_CODE_PROPERTIES_V1;
97     PCWSTR PackageMoniker;
98     PCWSTR PackagePublisher;
99     PCWSTR PackageName;
100     ULONG64 PackageVersion;
101     BOOL PackageIsFramework;
102 } SAFER_CODE_PROPERTIES_V2, *PSAFER_CODE_PROPERTIES_V2;
103 
104 #include <poppack.h>
105 
106 /* NOTE: MS defines SAFER_CODE_PROPERTIES as V2 unconditionally,
107  * which is... not smart */
108 #if _WIN32_WINNT >= 0x602
109 typedef SAFER_CODE_PROPERTIES_V2 SAFER_CODE_PROPERTIES, *PSAFER_CODE_PROPERTIES;
110 #else /* _WIN32_WINNT */
111 typedef SAFER_CODE_PROPERTIES_V1 SAFER_CODE_PROPERTIES, *PSAFER_CODE_PROPERTIES;
112 #endif /* _WIN32_WINNT */
113 
114 typedef enum _SAFER_OBJECT_INFO_CLASS
115 {
116     SaferObjectLevelId = 1,
117     SaferObjectScopeId = 2,
118     SaferObjectFriendlyName = 3,
119     SaferObjectDescription = 4,
120     SaferObjectBuiltin = 5,
121     SaferObjectDisallowed = 6,
122     SaferObjectDisableMaxPrivilege = 7,
123     SaferObjectInvertDeletedPrivileges = 8,
124     SaferObjectDeletedPrivileges = 9,
125     SaferObjectDefaultOwner = 10,
126     SaferObjectSidsToDisable = 11,
127     SaferObjectRestrictedSidsInverted = 12,
128     SaferObjectRestrictedSidsAdded = 13,
129     SaferObjectAllIdentificationGuids = 14,
130     SaferObjectSingleIdentification = 15,
131     SaferObjectExtendedError = 16,
132 } SAFER_OBJECT_INFO_CLASS;
133 
134 typedef enum _SAFER_POLICY_INFO_CLASS
135 {
136     SaferPolicyLevelList = 1,
137     SaferPolicyEnableTransparentEnforcement = 2,
138     SaferPolicyDefaultLevel = 3,
139     SaferPolicyEvaluateUserScope = 4,
140     SaferPolicyScopeFlags = 5,
141     SaferPolicyDefaultLevelFlags = 6,
142     SaferPolicyAuthenticodeEnabled = 7,
143 } SAFER_POLICY_INFO_CLASS;
144 
145 typedef enum _SAFER_IDENTIFICATION_TYPES
146 {
147     SaferIdentityDefault = 0,
148     SaferIdentityTypeImageName = 1,
149     SaferIdentityTypeImageHash = 2,
150     SaferIdentityTypeUrlZone = 3,
151     SaferIdentityTypeCertificate = 4,
152 } SAFER_IDENTIFICATION_TYPES;
153 
154 #include <pshpack8.h>
155 
156 typedef struct _SAFER_IDENTIFICATION_HEADER
157 {
158     SAFER_IDENTIFICATION_TYPES dwIdentificationType;
159     DWORD cbStructSize;
160     GUID IdentificationGuid;
161     FILETIME lastModified;
162 } SAFER_IDENTIFICATION_HEADER, *PSAFER_IDENTIFICATION_HEADER;
163 
164 typedef struct _SAFER_PATHNAME_IDENTIFICATION
165 {
166     SAFER_IDENTIFICATION_HEADER header;
167     WCHAR Description[SAFER_MAX_DESCRIPTION_SIZE];
168     PWCHAR ImageName;
169     DWORD dwSaferFlags;
170 } SAFER_PATHNAME_IDENTIFICATION, *PSAFER_PATHNAME_IDENTIFICATION;
171 
172 typedef struct _SAFER_HASH_IDENTIFICATION
173 {
174     SAFER_IDENTIFICATION_HEADER header;
175     WCHAR Description[SAFER_MAX_DESCRIPTION_SIZE];
176     WCHAR FriendlyName[SAFER_MAX_FRIENDLYNAME_SIZE];
177     DWORD HashSize;
178     BYTE ImageHash[SAFER_MAX_HASH_SIZE];
179     ALG_ID HashAlgorithm;
180     LARGE_INTEGER ImageSize;
181     DWORD dwSaferFlags;
182 } SAFER_HASH_IDENTIFICATION, *PSAFER_HASH_IDENTIFICATION;
183 
184 typedef struct _SAFER_HASH_IDENTIFICATION2
185 {
186     SAFER_HASH_IDENTIFICATION hashIdentification;
187     DWORD HashSize;
188     BYTE ImageHash[SAFER_MAX_HASH_SIZE];
189     ALG_ID HashAlgorithm;
190 } SAFER_HASH_IDENTIFICATION2, *PSAFER_HASH_IDENTIFICATION2;
191 
192 typedef struct _SAFER_URLZONE_IDENTIFICATION
193 {
194     SAFER_IDENTIFICATION_HEADER header;
195     DWORD UrlZoneId;
196     DWORD dwSaferFlags;
197 } SAFER_URLZONE_IDENTIFICATION, *PSAFER_URLZONE_IDENTIFICATION;
198 
199 #include <poppack.h>
200 
201 
202 WINADVAPI
203 BOOL
204 WINAPI
205 SaferCloseLevel(
206     _In_ SAFER_LEVEL_HANDLE hLevelHandle);
207 
208 WINADVAPI
209 BOOL
210 WINAPI
211 SaferComputeTokenFromLevel(
212     _In_ SAFER_LEVEL_HANDLE LevelHandle,
213     _In_opt_ HANDLE InAccessToken,
214     _Out_ PHANDLE OutAccessToken,
215     _In_ DWORD dwFlags,
216     _Inout_opt_ PVOID pReserved);
217 
218 WINADVAPI
219 BOOL
220 WINAPI
221 SaferCreateLevel(
222     _In_ DWORD dwScopeId,
223     _In_ DWORD dwLevelId,
224     _In_ DWORD OpenFlags,
225     _Outptr_ SAFER_LEVEL_HANDLE *pLevelHandle,
226     _Reserved_ PVOID pReserved);
227 
228 WINADVAPI
229 BOOL
230 WINAPI
231 SaferGetLevelInformation(
232     _In_ SAFER_LEVEL_HANDLE LevelHandle,
233     _In_ SAFER_OBJECT_INFO_CLASS dwInfoType,
234     _Out_writes_bytes_opt_(dwInBufferSize) PVOID pQueryBuffer,
235     _In_ DWORD dwInBufferSize,
236     _Out_ PDWORD pdwOutBufferSize);
237 
238 WINADVAPI
239 BOOL
240 WINAPI
241 SaferGetPolicyInformation(
242     _In_ DWORD dwScopeId,
243     _In_ SAFER_POLICY_INFO_CLASS SaferPolicyInfoClass,
244     _In_ DWORD InfoBufferSize,
245     _Out_writes_bytes_opt_(InfoBufferSize) PVOID InfoBuffer,
246     _Out_ PDWORD InfoBufferRetSize,
247     _Reserved_ PVOID pReserved);
248 
249 WINADVAPI
250 BOOL
251 WINAPI
252 SaferIdentifyLevel(
253     _In_ DWORD dwNumProperties,
254     _In_reads_opt_(dwNumProperties) PSAFER_CODE_PROPERTIES pCodeProperties,
255     _Outptr_ SAFER_LEVEL_HANDLE *pLevelHandle,
256     _Reserved_ PVOID pReserved);
257 
258 WINADVAPI
259 BOOL
260 WINAPI
261 SaferiIsExecutableFileType(
262     _In_ PCWSTR szFullPath,
263     _In_ BOOLEAN bFromShellExecute);
264 
265 WINADVAPI
266 BOOL
267 WINAPI
268 SaferRecordEventLogEntry(
269     _In_ SAFER_LEVEL_HANDLE hLevel,
270     _In_ PCWSTR szTargetPath,
271     _Reserved_ PVOID pReserved);
272 
273 WINADVAPI
274 BOOL
275 WINAPI
276 SaferSetLevelInformation(
277     _In_ SAFER_LEVEL_HANDLE LevelHandle,
278     _In_ SAFER_OBJECT_INFO_CLASS dwInfoType,
279     _In_reads_bytes_(dwInBufferSize) PVOID pQueryBuffer,
280     _In_ DWORD dwInBufferSize);
281 
282 WINADVAPI
283 BOOL
284 WINAPI
285 SaferSetPolicyInformation(
286     _In_ DWORD dwScopeId,
287     _In_ SAFER_POLICY_INFO_CLASS SaferPolicyInfoClass,
288     _In_ DWORD InfoBufferSize,
289     _In_reads_bytes_(InfoBufferSize) PVOID InfoBuffer,
290     _Reserved_ PVOID pReserved);
291 
292 
293 #define SRP_POLICY_EXE        L"EXE"
294 #define SRP_POLICY_DLL        L"DLL"
295 #define SRP_POLICY_MSI        L"MSI"
296 #define SRP_POLICY_SCRIPT     L"SCRIPT"
297 #define SRP_POLICY_SHELL      L"SHELL"
298 #define SRP_POLICY_NOV2       L"IGNORESRPV2"
299 #define SRP_POLICY_APPX       L"APPX"
300 #define SRP_POLICY_WLDPMSI    L"WLDPMSI"
301 #define SRP_POLICY_WLDPSCRIPT L"WLDPSCRIPT"
302 
303 #ifdef __cplusplus
304 } /* extern "C" */
305 #endif /* __cplusplus */
306 
307 #endif /* _WINSAFER_H */
308