Beispiel #1
0
 public static SystemEnforcementMode GetLockdownPolicy(string path, SafeHandle handle)
 {
     try
     {
         if (hadMissingWldpAssembly)
         {
             return(GetDebugLockdownPolicy(path));
         }
         WLDP_HOST_INFORMATION pHostInformation = new WLDP_HOST_INFORMATION {
             dwRevision = 1,
             dwHostId   = WLDP_HOST_ID.WLDP_HOST_ID_POWERSHELL
         };
         if (!string.IsNullOrEmpty(path))
         {
             pHostInformation.szSource = path;
             if (handle != null)
             {
                 IntPtr zero = IntPtr.Zero;
                 zero = handle.DangerousGetHandle();
                 pHostInformation.hSource = zero;
             }
         }
         int pdwLockdownState = 0;
         WldpNativeMethods.WldpGetLockdownPolicy(ref pHostInformation, ref pdwLockdownState, 0);
         return(GetLockdownPolicyForResult(pdwLockdownState));
     }
     catch (DllNotFoundException)
     {
         hadMissingWldpAssembly = true;
         return(GetDebugLockdownPolicy(path));
     }
 }
Beispiel #2
0
        private static SystemEnforcementMode GetWldpPolicy(string path, SafeHandle handle)
        {
            // If the WLDP assembly is missing (such as windows 7 or down OS), return default/None to skip WLDP valification
            if (s_hadMissingWldpAssembly || !IO.File.Exists(IO.Path.Combine(Environment.SystemDirectory, "wldp.dll")))
            {
                s_hadMissingWldpAssembly = true;
                return(s_cachedWldpSystemPolicy.GetValueOrDefault(SystemEnforcementMode.None));
            }

            // If path is NULL, see if we have the cached system-wide lockdown policy.
            if (String.IsNullOrEmpty(path))
            {
                if ((s_cachedWldpSystemPolicy != null) && (!InternalTestHooks.BypassAppLockerPolicyCaching))
                {
                    return(s_cachedWldpSystemPolicy.Value);
                }
            }

            try
            {
                WLDP_HOST_INFORMATION hostInformation = new WLDP_HOST_INFORMATION();
                hostInformation.dwRevision = WldpNativeConstants.WLDP_HOST_INFORMATION_REVISION;
                hostInformation.dwHostId   = WLDP_HOST_ID.WLDP_HOST_ID_POWERSHELL;

                if (!String.IsNullOrEmpty(path))
                {
                    hostInformation.szSource = path;

                    if (handle != null)
                    {
                        IntPtr fileHandle = IntPtr.Zero;
                        fileHandle = handle.DangerousGetHandle();
                        hostInformation.hSource = fileHandle;
                    }
                }

                uint pdwLockdownState = 0;
                int  result           = WldpNativeMethods.WldpGetLockdownPolicy(ref hostInformation, ref pdwLockdownState, 0);
                if (result >= 0)
                {
                    SystemEnforcementMode resultingLockdownPolicy = GetLockdownPolicyForResult(pdwLockdownState);

                    // If this is a query for the system-wide lockdown policy, cache it.
                    if (String.IsNullOrEmpty(path))
                    {
                        s_cachedWldpSystemPolicy = resultingLockdownPolicy;
                    }

                    return(resultingLockdownPolicy);
                }
                else
                {
                    // API failure?
                    return(SystemEnforcementMode.Enforce);
                }
            }
            catch (DllNotFoundException)
            {
                s_hadMissingWldpAssembly = true;
                return(s_cachedWldpSystemPolicy.GetValueOrDefault(SystemEnforcementMode.None));
            }
        }