Ejemplo n.º 1
0
 internal static int WldpIsClassInApprovedList(ref Guid rclsid, ref SystemPolicy.WLDP_HOST_INFORMATION pHostInformation, ref int ptIsApproved, int dwFlags)
 {
     ptIsApproved = 1;
     return 1;
 }
Ejemplo n.º 2
0
        /// <summary>
        /// Gets the system wide script file policy enforcement for an open file.
        /// Based on system WDAC (Windows Defender Application Control) or AppLocker policies.
        /// </summary>
        /// <param name="filePath">Script file path for policy check.</param>
        /// <param name="fileStream">FileStream object to script file path.</param>
        /// <returns>Policy check result for script file.</returns>
        public static SystemScriptFileEnforcement GetFilePolicyEnforcement(
            string filePath,
            System.IO.FileStream fileStream)
        {
            SafeHandle fileHandle = fileStream.SafeFileHandle;

            // First check latest WDAC APIs if available.
            if (s_wldpCanExecuteAvailable)
            {
                try
                {
                    string fileName = System.IO.Path.GetFileNameWithoutExtension(filePath);
                    string auditMsg = $"PowerShell ExternalScriptInfo reading file: {fileName}";

                    int hr = WldpNativeMethods.WldpCanExecuteFile(
                        host: PowerShellHost,
                        options: WLDP_EXECUTION_EVALUATION_OPTIONS.WLDP_EXECUTION_EVALUATION_OPTION_NONE,
                        fileHandle: fileHandle.DangerousGetHandle(),
                        auditInfo: auditMsg,
                        result: out WLDP_EXECUTION_POLICY canExecuteResult);

                    if (hr >= 0)
                    {
                        switch (canExecuteResult)
                        {
                        case WLDP_EXECUTION_POLICY.WLDP_CAN_EXECUTE_ALLOWED:
                            return(SystemScriptFileEnforcement.Allow);

                        case WLDP_EXECUTION_POLICY.WLDP_CAN_EXECUTE_BLOCKED:
                            return(SystemScriptFileEnforcement.Block);

                        case WLDP_EXECUTION_POLICY.WLDP_CAN_EXECUTE_REQUIRE_SANDBOX:
                            return(SystemScriptFileEnforcement.AllowConstrained);

                        default:
                            // Fall through to legacy system policy checks.
                            System.Diagnostics.Debug.Assert(false, $"Unknown execution policy returned from WldCanExecute: {canExecuteResult}");
                            break;
                        }
                    }

                    // If HResult is unsuccessful (such as E_NOTIMPL (0x80004001)), fall through to legacy system checks.
                }
                catch (DllNotFoundException)
                {
                    // Fall back to legacy system policy checks.
                    s_wldpCanExecuteAvailable = false;
                }
                catch (EntryPointNotFoundException)
                {
                    // Fall back to legacy system policy checks.
                    s_wldpCanExecuteAvailable = false;
                }
            }

            // Original (legacy) WDAC and AppLocker system checks.
            if (SystemPolicy.GetSystemLockdownPolicy() != SystemEnforcementMode.None)
            {
                switch (SystemPolicy.GetLockdownPolicy(filePath, fileHandle))
                {
                case SystemEnforcementMode.Enforce:
                    return(SystemScriptFileEnforcement.AllowConstrained);

                case SystemEnforcementMode.None:
                case SystemEnforcementMode.Audit:
                    return(SystemScriptFileEnforcement.Allow);

                default:
                    System.Diagnostics.Debug.Assert(false, "GetFilePolicyEnforcement: Unknown SystemEnforcementMode.");
                    return(SystemScriptFileEnforcement.Block);
                }
            }

            return(SystemScriptFileEnforcement.None);
        }
Ejemplo n.º 3
0
            /*
            [DllImport("wldp.dll")]
            internal static extern int WldpGetLockdownPolicy(ref SystemPolicy.WLDP_HOST_INFORMATION pHostInformation, ref int pdwLockdownState, int dwFlags);
            [DllImport("wldp.dll")]
            internal static extern int WldpIsClassInApprovedList(ref Guid rclsid, ref SystemPolicy.WLDP_HOST_INFORMATION pHostInformation, ref int ptIsApproved, int dwFlags);
             */

            internal static int WldpGetLockdownPolicy (ref SystemPolicy.WLDP_HOST_INFORMATION pHostInformation, ref int pdwLockdownState, int dwFlags)
			{
				if (pHostInformation.szSource != null) {
					var fi = new System.IO.FileInfo (pHostInformation.szSource);
					dwFlags = 1;
					if (fi.Exists) {
						if (fi.Directory.FullName.IndexOf (PowerShellConfiguration.PowerShellEngine.ApplicationBase, StringComparison.OrdinalIgnoreCase) != -1) {
							pdwLockdownState = WldpNativeConstants.WLDP_LOCKDOWN_UNDEFINED;
							return 1;
						}
					}
				}
				pdwLockdownState = WldpNativeConstants.WLDP_LOCKDOWN_UMCIENFORCE_FLAG;
                return 1;
            }