Add winsafer

Cargo.toml

@@ -293,6 +293,7 @@ winnetwk = []
 winnls = []
 winnt = []
 winreg = []
+winsafer = []
 winscard = []
 winsmcrd = []
 winsock2 = []

build.rs

@@ -292,6 +292,7 @@ const DATA: &'static [(&'static str, &'static [&'static str], &'static [&'static
     ("winnls", &["basetsd", "guiddef", "minwinbase", "minwindef", "winnt"], &["kernel32"]),
     ("winnt", &["basetsd", "excpt", "guiddef", "ktmtypes", "minwindef", "vcruntime"], &["kernel32"]),
     ("winreg", &["basetsd", "minwinbase", "minwindef", "winnt"], &["advapi32"]),
+    ("winsafer", &["basetsd", "guiddef", "minwindef", "wincrypt", "windef", "winnt"], &["advapi32"]),
     ("winscard", &["basetsd", "guiddef", "minwindef", "rpcdce", "windef", "winnt", "winsmcrd"], &["winscard"]),
     ("winsmcrd", &["minwindef", "winioctl"], &[]),
     ("winsock2", &["basetsd", "guiddef", "inaddr", "minwinbase", "minwindef", "qos", "winbase", "windef", "winerror", "winnt", "ws2def", "wtypesbase"], &["ws2_32"]),

src/um/mod.rs

@@ -223,6 +223,7 @@ pub mod gl;
 #[cfg(feature = "winnls")] pub mod winnls;
 #[cfg(feature = "winnt")] pub mod winnt;
 #[cfg(feature = "winreg")] pub mod winreg;
+#[cfg(feature = "winsafer")] pub mod winsafer;
 #[cfg(feature = "winscard")] pub mod winscard;
 #[cfg(feature = "winsmcrd")] pub mod winsmcrd;
 #[cfg(feature = "winsock2")] pub mod winsock2;

src/um/winsafer.rs

@@ -0,0 +1,229 @@
+// Copyright © 2017 winapi-rs developers
+// Licensed under the Apache License, Version 2.0
+// <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
+// All files in the project carrying such notice may not be copied, modified, or distributed
+// except according to those terms.
+use shared::basetsd::{SIZE_T, ULONG64};
+use shared::guiddef::GUID;
+use shared::minwindef::{BOOL, BYTE, DWORD, FILETIME, LPBYTE, LPDWORD, LPVOID, PDWORD};
+use shared::windef::HWND;
+use um::wincrypt::ALG_ID;
+use um::winnt::{BOOLEAN, HANDLE, LARGE_INTEGER, LPCWSTR, PHANDLE, PVOID, PWCHAR, WCHAR};
+DECLARE_HANDLE!(SAFER_LEVEL_HANDLE, __SAFER_LEVEL_HANDLE);
+pub const SAFER_SCOPEID_MACHINE: DWORD = 1;
+pub const SAFER_SCOPEID_USER: DWORD = 2;
+pub const SAFER_LEVELID_DISALLOWED: DWORD = 0x00000;
+pub const SAFER_LEVELID_UNTRUSTED: DWORD = 0x01000;
+pub const SAFER_LEVELID_CONSTRAINED: DWORD = 0x10000;
+pub const SAFER_LEVELID_NORMALUSER: DWORD = 0x20000;
+pub const SAFER_LEVELID_FULLYTRUSTED: DWORD = 0x40000;
+pub const SAFER_LEVEL_OPEN: DWORD = 1;
+pub const SAFER_MAX_FRIENDLYNAME_SIZE: SIZE_T = 256;
+pub const SAFER_MAX_DESCRIPTION_SIZE: SIZE_T = 256;
+pub const SAFER_MAX_HASH_SIZE: SIZE_T = 64;
+pub const SAFER_TOKEN_NULL_IF_EQUAL: DWORD = 0x00000001;
+pub const SAFER_TOKEN_COMPARE_ONLY: DWORD = 0x00000002;
+pub const SAFER_TOKEN_MAKE_INERT: DWORD = 0x00000004;
+pub const SAFER_TOKEN_WANT_FLAGS: DWORD = 0x00000008;
+pub const SAFER_CRITERIA_IMAGEPATH: DWORD = 0x00001;
+pub const SAFER_CRITERIA_NOSIGNEDHASH: DWORD = 0x00002;
+pub const SAFER_CRITERIA_IMAGEHASH: DWORD = 0x00004;
+pub const SAFER_CRITERIA_AUTHENTICODE: DWORD = 0x00008;
+pub const SAFER_CRITERIA_URLZONE: DWORD = 0x00010;
+pub const SAFER_CRITERIA_APPX_PACKAGE: DWORD = 0x00020;
+pub const SAFER_CRITERIA_IMAGEPATH_NT: DWORD = 0x01000;
+STRUCT!{struct SAFER_CODE_PROPERTIES_V1 {
+    cbSize: DWORD,
+    dwCheckFlags: DWORD,
+    ImagePath: LPCWSTR,
+    hImageFileHandle: HANDLE,
+    UrlZoneId: DWORD,
+    ImageHash: [BYTE; SAFER_MAX_HASH_SIZE],
+    dwImageHashSize: DWORD,
+    ImageSize: LARGE_INTEGER,
+    HashAlgorithm: ALG_ID,
+    pByteBlock: LPBYTE,
+    hWndParent: HWND,
+    dwWVTUIChoice: DWORD,
+}}
+pub type PSAFER_CODE_PROPERTIES_V1 = *mut SAFER_CODE_PROPERTIES_V1;
+STRUCT!{struct SAFER_CODE_PROPERTIES_V2 {
+    cbSize: DWORD,
+    dwCheckFlags: DWORD,
+    ImagePath: LPCWSTR,
+    hImageFileHandle: HANDLE,
+    UrlZoneId: DWORD,
+    ImageHash: [BYTE; SAFER_MAX_HASH_SIZE],
+    dwImageHashSize: DWORD,
+    ImageSize: LARGE_INTEGER,
+    HashAlgorithm: ALG_ID,
+    pByteBlock: LPBYTE,
+    hWndParent: HWND,
+    dwWVTUIChoice: DWORD,
+    PackageMoniker: LPCWSTR,
+    PackagePublisher: LPCWSTR,
+    PackageName: LPCWSTR,
+    PackageVersion: ULONG64,
+    PackageIsFramework: BOOL,
+}}
+pub type PSAFER_CODE_PROPERTIES_V2 = *mut SAFER_CODE_PROPERTIES_V2;
+pub type SAFER_CODE_PROPERTIES = SAFER_CODE_PROPERTIES_V2;
+pub type PSAFER_CODE_PROPERTIES = *mut SAFER_CODE_PROPERTIES;
+pub const SAFER_POLICY_JOBID_MASK: DWORD = 0xFF000000;
+pub const SAFER_POLICY_JOBID_CONSTRAINED: DWORD = 0x04000000;
+pub const SAFER_POLICY_JOBID_UNTRUSTED: DWORD = 0x03000000;
+pub const SAFER_POLICY_ONLY_EXES: DWORD = 0x00010000;
+pub const SAFER_POLICY_SANDBOX_INERT: DWORD = 0x00020000;
+pub const SAFER_POLICY_HASH_DUPLICATE: DWORD = 0x00040000;
+pub const SAFER_POLICY_ONLY_AUDIT: DWORD = 0x00001000;
+pub const SAFER_POLICY_BLOCK_CLIENT_UI: DWORD = 0x00002000;
+pub const SAFER_POLICY_UIFLAGS_MASK: DWORD = 0x000000FF;
+pub const SAFER_POLICY_UIFLAGS_INFORMATION_PROMPT: DWORD = 0x00000001;
+pub const SAFER_POLICY_UIFLAGS_OPTION_PROMPT: DWORD = 0x00000002;
+pub const SAFER_POLICY_UIFLAGS_HIDDEN: DWORD = 0x00000004;
+ENUM!{enum SAFER_POLICY_INFO_CLASS {
+    SaferPolicyLevelList = 1,
+    SaferPolicyEnableTransparentEnforcement,
+    SaferPolicyDefaultLevel,
+    SaferPolicyEvaluateUserScope,
+    SaferPolicyScopeFlags,
+    SaferPolicyDefaultLevelFlags,
+    SaferPolicyAuthenticodeEnabled,
+}}
+ENUM!{enum SAFER_OBJECT_INFO_CLASS {
+    SaferObjectLevelId = 1,
+    SaferObjectScopeId,
+    SaferObjectFriendlyName,
+    SaferObjectDescription,
+    SaferObjectBuiltin,
+    SaferObjectDisallowed,
+    SaferObjectDisableMaxPrivilege,
+    SaferObjectInvertDeletedPrivileges,
+    SaferObjectDeletedPrivileges,
+    SaferObjectDefaultOwner,
+    SaferObjectSidsToDisable,
+    SaferObjectRestrictedSidsInverted,
+    SaferObjectRestrictedSidsAdded,
+    SaferObjectAllIdentificationGuids,
+    SaferObjectSingleIdentification,
+    SaferObjectExtendedError,
+}}
+ENUM!{enum SAFER_IDENTIFICATION_TYPES {
+    SaferIdentityDefault,
+    SaferIdentityTypeImageName = 1,
+    SaferIdentityTypeImageHash,
+    SaferIdentityTypeUrlZone,
+    SaferIdentityTypeCertificate,
+}}
+STRUCT!{struct SAFER_IDENTIFICATION_HEADER {
+    dwIdentificationType: SAFER_IDENTIFICATION_TYPES,
+    cbStructSize: DWORD,
+    IdentificationGuid: GUID,
+    lastModified: FILETIME,
+}}
+pub type PSAFER_IDENTIFICATION_HEADER = *mut SAFER_IDENTIFICATION_HEADER;
+STRUCT!{struct SAFER_PATHNAME_IDENTIFICATION {
+    header: SAFER_IDENTIFICATION_HEADER,
+    Description: [WCHAR; SAFER_MAX_DESCRIPTION_SIZE],
+    ImageName: PWCHAR,
+    dwSaferFlags: DWORD,
+}}
+pub type PSAFER_PATHNAME_IDENTIFICATION = *mut SAFER_PATHNAME_IDENTIFICATION;
+STRUCT!{struct SAFER_HASH_IDENTIFICATION {
+    header: SAFER_IDENTIFICATION_HEADER,
+    Description: [WCHAR; SAFER_MAX_DESCRIPTION_SIZE],
+    FriendlyName: [WCHAR; SAFER_MAX_DESCRIPTION_SIZE],
+    HashSize: DWORD,
+    ImageHash: [BYTE; SAFER_MAX_HASH_SIZE],
+    HashAlgorithm: ALG_ID,
+    ImageSize: LARGE_INTEGER,
+    dwSaferFlags: DWORD,
+}}
+pub type PSAFER_HASH_IDENTIFICATION = *mut SAFER_HASH_IDENTIFICATION;
+STRUCT!{struct SAFER_HASH_IDENTIFICATION2 {
+    hashIdentification: SAFER_HASH_IDENTIFICATION,
+    HashSize: DWORD,
+    ImageHash: [BYTE; SAFER_MAX_HASH_SIZE],
+    HashAlgorithm: ALG_ID,
+}}
+pub type PSAFER_HASH_IDENTIFICATION2 = *mut SAFER_HASH_IDENTIFICATION2;
+STRUCT!{struct SAFER_URLZONE_IDENTIFICATION {
+    header: SAFER_IDENTIFICATION_HEADER,
+    UrlZoneId: DWORD,
+    dwSaferFlags: DWORD,
+}}
+pub type PSAFER_URLZONE_IDENTIFICATION = *mut SAFER_URLZONE_IDENTIFICATION;
+extern "system" {
+    pub fn SaferGetPolicyInformation(
+        dwScopeId: DWORD,
+        SaferPolicyInfoClass: SAFER_POLICY_INFO_CLASS,
+        InfoBufferSize: DWORD,
+        InfoBuffer: PVOID,
+        InfoBufferRetSize: PDWORD,
+        lpReserved: LPVOID,
+    ) -> BOOL;
+    pub fn SaferSetPolicyInformation(
+        dwScopeId: DWORD,
+        SaferPolicyInfoClass: SAFER_POLICY_INFO_CLASS,
+        InfoBufferSize: DWORD,
+        InfoBuffer: PVOID,
+        lpReserved: LPVOID,
+    ) -> BOOL;
+    pub fn SaferCreateLevel(
+        dwScopeId: DWORD,
+        dwLevelId: DWORD,
+        OpenFlags: DWORD,
+        pLevelHandle: *mut SAFER_LEVEL_HANDLE,
+        lpReserved: LPVOID,
+    ) -> BOOL;
+    pub fn SaferCloseLevel(
+        hLevelHandle: SAFER_LEVEL_HANDLE,
+    ) -> BOOL;
+    pub fn SaferIdentifyLevel(
+        dwNumProperties: DWORD,
+        pCodeProperties: PSAFER_CODE_PROPERTIES,
+        pLevelHandle: *mut SAFER_LEVEL_HANDLE,
+        lpReserved: LPVOID,
+    ) -> BOOL;
+    pub fn SaferComputeTokenFromLevel(
+        LevelHandle: SAFER_LEVEL_HANDLE,
+        InAccessToken: HANDLE,
+        OutAccessToken: PHANDLE,
+        dwFlags: DWORD,
+        lpReserved: LPVOID,
+    ) -> BOOL;
+    pub fn SaferGetLevelInformation(
+        LevelHandle: SAFER_LEVEL_HANDLE,
+        dwInfoType: SAFER_OBJECT_INFO_CLASS,
+        lpQueryBuffer: LPVOID,
+        dwInBufferSize: DWORD,
+        lpdwOutBufferSize: LPDWORD,
+    ) -> BOOL;
+    pub fn SaferSetLevelInformation(
+        LevelHandle: SAFER_LEVEL_HANDLE,
+        dwInfoType: SAFER_OBJECT_INFO_CLASS,
+        lpQueryBuffer: LPVOID,
+        dwInBufferSize: DWORD,
+    ) -> BOOL;
+    pub fn SaferRecordEventLogEntry(
+        hLevel: SAFER_LEVEL_HANDLE,
+        szTargetPath: LPCWSTR,
+        lpReserved: LPVOID,
+    ) -> BOOL;
+    pub fn SaferiIsExecutableFileType(
+        szFullPath: LPCWSTR,
+        bFromShellExecute: BOOLEAN,
+    ) -> BOOL;
+}
+pub const SRP_POLICY_EXE: &'static str = "EXE";
+pub const SRP_POLICY_DLL: &'static str = "DLL";
+pub const SRP_POLICY_MSI: &'static str = "MSI";
+pub const SRP_POLICY_SCRIPT: &'static str = "SCRIPT";
+pub const SRP_POLICY_SHELL: &'static str = "SHELL";
+pub const SRP_POLICY_NOV2: &'static str = "IGNORESRPV2";
+pub const SRP_POLICY_APPX: &'static str = "APPX";
+pub const SRP_POLICY_WLDPMSI: &'static str = "WLDPMSI";
+pub const SRP_POLICY_WLDPSCRIPT: &'static str = "WLDPSCRIPT";
+pub const SRP_POLICY_WLDPCONFIGCI: &'static str = "WLDPCONFIGCI";
+pub const SRP_POLICY_MANAGEDINSTALLER: &'static str = "MANAGEDINSTALLER";