winapi_ui_automation/um/
winsafer.rs

1// Licensed under the Apache License, Version 2.0
2// <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
3// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
4// All files in the project carrying such notice may not be copied, modified, or distributed
5// except according to those terms.
6use shared::basetsd::{SIZE_T, ULONG64};
7use shared::guiddef::GUID;
8use shared::minwindef::{BOOL, BYTE, DWORD, FILETIME, LPBYTE, LPDWORD, LPVOID, PDWORD};
9use shared::windef::HWND;
10use um::wincrypt::ALG_ID;
11use um::winnt::{BOOLEAN, HANDLE, LARGE_INTEGER, LPCWSTR, PHANDLE, PVOID, PWCHAR, WCHAR};
12DECLARE_HANDLE!{SAFER_LEVEL_HANDLE, __SAFER_LEVEL_HANDLE}
13pub const SAFER_SCOPEID_MACHINE: DWORD = 1;
14pub const SAFER_SCOPEID_USER: DWORD = 2;
15pub const SAFER_LEVELID_DISALLOWED: DWORD = 0x00000;
16pub const SAFER_LEVELID_UNTRUSTED: DWORD = 0x01000;
17pub const SAFER_LEVELID_CONSTRAINED: DWORD = 0x10000;
18pub const SAFER_LEVELID_NORMALUSER: DWORD = 0x20000;
19pub const SAFER_LEVELID_FULLYTRUSTED: DWORD = 0x40000;
20pub const SAFER_LEVEL_OPEN: DWORD = 1;
21pub const SAFER_MAX_FRIENDLYNAME_SIZE: SIZE_T = 256;
22pub const SAFER_MAX_DESCRIPTION_SIZE: SIZE_T = 256;
23pub const SAFER_MAX_HASH_SIZE: SIZE_T = 64;
24pub const SAFER_TOKEN_NULL_IF_EQUAL: DWORD = 0x00000001;
25pub const SAFER_TOKEN_COMPARE_ONLY: DWORD = 0x00000002;
26pub const SAFER_TOKEN_MAKE_INERT: DWORD = 0x00000004;
27pub const SAFER_TOKEN_WANT_FLAGS: DWORD = 0x00000008;
28pub const SAFER_CRITERIA_IMAGEPATH: DWORD = 0x00001;
29pub const SAFER_CRITERIA_NOSIGNEDHASH: DWORD = 0x00002;
30pub const SAFER_CRITERIA_IMAGEHASH: DWORD = 0x00004;
31pub const SAFER_CRITERIA_AUTHENTICODE: DWORD = 0x00008;
32pub const SAFER_CRITERIA_URLZONE: DWORD = 0x00010;
33pub const SAFER_CRITERIA_APPX_PACKAGE: DWORD = 0x00020;
34pub const SAFER_CRITERIA_IMAGEPATH_NT: DWORD = 0x01000;
35STRUCT!{struct SAFER_CODE_PROPERTIES_V1 {
36    cbSize: DWORD,
37    dwCheckFlags: DWORD,
38    ImagePath: LPCWSTR,
39    hImageFileHandle: HANDLE,
40    UrlZoneId: DWORD,
41    ImageHash: [BYTE; SAFER_MAX_HASH_SIZE],
42    dwImageHashSize: DWORD,
43    ImageSize: LARGE_INTEGER,
44    HashAlgorithm: ALG_ID,
45    pByteBlock: LPBYTE,
46    hWndParent: HWND,
47    dwWVTUIChoice: DWORD,
48}}
49pub type PSAFER_CODE_PROPERTIES_V1 = *mut SAFER_CODE_PROPERTIES_V1;
50STRUCT!{struct SAFER_CODE_PROPERTIES_V2 {
51    cbSize: DWORD,
52    dwCheckFlags: DWORD,
53    ImagePath: LPCWSTR,
54    hImageFileHandle: HANDLE,
55    UrlZoneId: DWORD,
56    ImageHash: [BYTE; SAFER_MAX_HASH_SIZE],
57    dwImageHashSize: DWORD,
58    ImageSize: LARGE_INTEGER,
59    HashAlgorithm: ALG_ID,
60    pByteBlock: LPBYTE,
61    hWndParent: HWND,
62    dwWVTUIChoice: DWORD,
63    PackageMoniker: LPCWSTR,
64    PackagePublisher: LPCWSTR,
65    PackageName: LPCWSTR,
66    PackageVersion: ULONG64,
67    PackageIsFramework: BOOL,
68}}
69pub type PSAFER_CODE_PROPERTIES_V2 = *mut SAFER_CODE_PROPERTIES_V2;
70pub type SAFER_CODE_PROPERTIES = SAFER_CODE_PROPERTIES_V2;
71pub type PSAFER_CODE_PROPERTIES = *mut SAFER_CODE_PROPERTIES;
72pub const SAFER_POLICY_JOBID_MASK: DWORD = 0xFF000000;
73pub const SAFER_POLICY_JOBID_CONSTRAINED: DWORD = 0x04000000;
74pub const SAFER_POLICY_JOBID_UNTRUSTED: DWORD = 0x03000000;
75pub const SAFER_POLICY_ONLY_EXES: DWORD = 0x00010000;
76pub const SAFER_POLICY_SANDBOX_INERT: DWORD = 0x00020000;
77pub const SAFER_POLICY_HASH_DUPLICATE: DWORD = 0x00040000;
78pub const SAFER_POLICY_ONLY_AUDIT: DWORD = 0x00001000;
79pub const SAFER_POLICY_BLOCK_CLIENT_UI: DWORD = 0x00002000;
80pub const SAFER_POLICY_UIFLAGS_MASK: DWORD = 0x000000FF;
81pub const SAFER_POLICY_UIFLAGS_INFORMATION_PROMPT: DWORD = 0x00000001;
82pub const SAFER_POLICY_UIFLAGS_OPTION_PROMPT: DWORD = 0x00000002;
83pub const SAFER_POLICY_UIFLAGS_HIDDEN: DWORD = 0x00000004;
84ENUM!{enum SAFER_POLICY_INFO_CLASS {
85    SaferPolicyLevelList = 1,
86    SaferPolicyEnableTransparentEnforcement,
87    SaferPolicyDefaultLevel,
88    SaferPolicyEvaluateUserScope,
89    SaferPolicyScopeFlags,
90    SaferPolicyDefaultLevelFlags,
91    SaferPolicyAuthenticodeEnabled,
92}}
93ENUM!{enum SAFER_OBJECT_INFO_CLASS {
94    SaferObjectLevelId = 1,
95    SaferObjectScopeId,
96    SaferObjectFriendlyName,
97    SaferObjectDescription,
98    SaferObjectBuiltin,
99    SaferObjectDisallowed,
100    SaferObjectDisableMaxPrivilege,
101    SaferObjectInvertDeletedPrivileges,
102    SaferObjectDeletedPrivileges,
103    SaferObjectDefaultOwner,
104    SaferObjectSidsToDisable,
105    SaferObjectRestrictedSidsInverted,
106    SaferObjectRestrictedSidsAdded,
107    SaferObjectAllIdentificationGuids,
108    SaferObjectSingleIdentification,
109    SaferObjectExtendedError,
110}}
111ENUM!{enum SAFER_IDENTIFICATION_TYPES {
112    SaferIdentityDefault,
113    SaferIdentityTypeImageName = 1,
114    SaferIdentityTypeImageHash,
115    SaferIdentityTypeUrlZone,
116    SaferIdentityTypeCertificate,
117}}
118STRUCT!{struct SAFER_IDENTIFICATION_HEADER {
119    dwIdentificationType: SAFER_IDENTIFICATION_TYPES,
120    cbStructSize: DWORD,
121    IdentificationGuid: GUID,
122    lastModified: FILETIME,
123}}
124pub type PSAFER_IDENTIFICATION_HEADER = *mut SAFER_IDENTIFICATION_HEADER;
125STRUCT!{struct SAFER_PATHNAME_IDENTIFICATION {
126    header: SAFER_IDENTIFICATION_HEADER,
127    Description: [WCHAR; SAFER_MAX_DESCRIPTION_SIZE],
128    ImageName: PWCHAR,
129    dwSaferFlags: DWORD,
130}}
131pub type PSAFER_PATHNAME_IDENTIFICATION = *mut SAFER_PATHNAME_IDENTIFICATION;
132STRUCT!{struct SAFER_HASH_IDENTIFICATION {
133    header: SAFER_IDENTIFICATION_HEADER,
134    Description: [WCHAR; SAFER_MAX_DESCRIPTION_SIZE],
135    FriendlyName: [WCHAR; SAFER_MAX_DESCRIPTION_SIZE],
136    HashSize: DWORD,
137    ImageHash: [BYTE; SAFER_MAX_HASH_SIZE],
138    HashAlgorithm: ALG_ID,
139    ImageSize: LARGE_INTEGER,
140    dwSaferFlags: DWORD,
141}}
142pub type PSAFER_HASH_IDENTIFICATION = *mut SAFER_HASH_IDENTIFICATION;
143STRUCT!{struct SAFER_HASH_IDENTIFICATION2 {
144    hashIdentification: SAFER_HASH_IDENTIFICATION,
145    HashSize: DWORD,
146    ImageHash: [BYTE; SAFER_MAX_HASH_SIZE],
147    HashAlgorithm: ALG_ID,
148}}
149pub type PSAFER_HASH_IDENTIFICATION2 = *mut SAFER_HASH_IDENTIFICATION2;
150STRUCT!{struct SAFER_URLZONE_IDENTIFICATION {
151    header: SAFER_IDENTIFICATION_HEADER,
152    UrlZoneId: DWORD,
153    dwSaferFlags: DWORD,
154}}
155pub type PSAFER_URLZONE_IDENTIFICATION = *mut SAFER_URLZONE_IDENTIFICATION;
156extern "system" {
157    pub fn SaferGetPolicyInformation(
158        dwScopeId: DWORD,
159        SaferPolicyInfoClass: SAFER_POLICY_INFO_CLASS,
160        InfoBufferSize: DWORD,
161        InfoBuffer: PVOID,
162        InfoBufferRetSize: PDWORD,
163        lpReserved: LPVOID,
164    ) -> BOOL;
165    pub fn SaferSetPolicyInformation(
166        dwScopeId: DWORD,
167        SaferPolicyInfoClass: SAFER_POLICY_INFO_CLASS,
168        InfoBufferSize: DWORD,
169        InfoBuffer: PVOID,
170        lpReserved: LPVOID,
171    ) -> BOOL;
172    pub fn SaferCreateLevel(
173        dwScopeId: DWORD,
174        dwLevelId: DWORD,
175        OpenFlags: DWORD,
176        pLevelHandle: *mut SAFER_LEVEL_HANDLE,
177        lpReserved: LPVOID,
178    ) -> BOOL;
179    pub fn SaferCloseLevel(
180        hLevelHandle: SAFER_LEVEL_HANDLE,
181    ) -> BOOL;
182    pub fn SaferIdentifyLevel(
183        dwNumProperties: DWORD,
184        pCodeProperties: PSAFER_CODE_PROPERTIES,
185        pLevelHandle: *mut SAFER_LEVEL_HANDLE,
186        lpReserved: LPVOID,
187    ) -> BOOL;
188    pub fn SaferComputeTokenFromLevel(
189        LevelHandle: SAFER_LEVEL_HANDLE,
190        InAccessToken: HANDLE,
191        OutAccessToken: PHANDLE,
192        dwFlags: DWORD,
193        lpReserved: LPVOID,
194    ) -> BOOL;
195    pub fn SaferGetLevelInformation(
196        LevelHandle: SAFER_LEVEL_HANDLE,
197        dwInfoType: SAFER_OBJECT_INFO_CLASS,
198        lpQueryBuffer: LPVOID,
199        dwInBufferSize: DWORD,
200        lpdwOutBufferSize: LPDWORD,
201    ) -> BOOL;
202    pub fn SaferSetLevelInformation(
203        LevelHandle: SAFER_LEVEL_HANDLE,
204        dwInfoType: SAFER_OBJECT_INFO_CLASS,
205        lpQueryBuffer: LPVOID,
206        dwInBufferSize: DWORD,
207    ) -> BOOL;
208    pub fn SaferRecordEventLogEntry(
209        hLevel: SAFER_LEVEL_HANDLE,
210        szTargetPath: LPCWSTR,
211        lpReserved: LPVOID,
212    ) -> BOOL;
213    pub fn SaferiIsExecutableFileType(
214        szFullPath: LPCWSTR,
215        bFromShellExecute: BOOLEAN,
216    ) -> BOOL;
217}
218pub const SRP_POLICY_EXE: &'static str = "EXE";
219pub const SRP_POLICY_DLL: &'static str = "DLL";
220pub const SRP_POLICY_MSI: &'static str = "MSI";
221pub const SRP_POLICY_SCRIPT: &'static str = "SCRIPT";
222pub const SRP_POLICY_SHELL: &'static str = "SHELL";
223pub const SRP_POLICY_NOV2: &'static str = "IGNORESRPV2";
224pub const SRP_POLICY_APPX: &'static str = "APPX";
225pub const SRP_POLICY_WLDPMSI: &'static str = "WLDPMSI";
226pub const SRP_POLICY_WLDPSCRIPT: &'static str = "WLDPSCRIPT";
227pub const SRP_POLICY_WLDPCONFIGCI: &'static str = "WLDPCONFIGCI";
228pub const SRP_POLICY_MANAGEDINSTALLER: &'static str = "MANAGEDINSTALLER";