internal static extern int WldpIsClassInApprovedList(ref Guid rclsid, ref WLDP_HOST_INFORMATION pHostInformation, ref int ptIsApproved, uint dwFlags);
private static SystemEnforcementMode GetWldpPolicy(string path, SafeHandle handle) { // If the WLDP assembly is missing (such as windows 7 or down OS), return default/None to skip WLDP validation if (s_hadMissingWldpAssembly) { return(s_cachedWldpSystemPolicy.GetValueOrDefault(SystemEnforcementMode.None)); } // If path is NULL, see if we have the cached system-wide lockdown policy. if (string.IsNullOrEmpty(path)) { if ((s_cachedWldpSystemPolicy != null) && (!InternalTestHooks.BypassAppLockerPolicyCaching)) { return(s_cachedWldpSystemPolicy.Value); } } try { WLDP_HOST_INFORMATION hostInformation = new WLDP_HOST_INFORMATION(); hostInformation.dwRevision = WldpNativeConstants.WLDP_HOST_INFORMATION_REVISION; hostInformation.dwHostId = WLDP_HOST_ID.WLDP_HOST_ID_POWERSHELL; if (!string.IsNullOrEmpty(path)) { hostInformation.szSource = path; if (handle != null) { IntPtr fileHandle = IntPtr.Zero; fileHandle = handle.DangerousGetHandle(); hostInformation.hSource = fileHandle; } } uint pdwLockdownState = 0; int result = WldpNativeMethods.WldpGetLockdownPolicy(ref hostInformation, ref pdwLockdownState, 0); if (result >= 0) { SystemEnforcementMode resultingLockdownPolicy = GetLockdownPolicyForResult(pdwLockdownState); // If this is a query for the system-wide lockdown policy, cache it. if (string.IsNullOrEmpty(path)) { s_cachedWldpSystemPolicy = resultingLockdownPolicy; } return(resultingLockdownPolicy); } else { // API failure? return(SystemEnforcementMode.Enforce); } } catch (DllNotFoundException) { s_hadMissingWldpAssembly = true; return(s_cachedWldpSystemPolicy.GetValueOrDefault(SystemEnforcementMode.None)); } }
internal static extern int WldpGetLockdownPolicy(ref WLDP_HOST_INFORMATION pHostInformation, ref uint pdwLockdownState, uint dwFlags);
/// <summary> /// Gets lockdown policy as applied to a COM object /// </summary> /// <returns>True if the COM object is allowed, False otherwise.</returns> internal static bool IsClassInApprovedList(Guid clsid) { try { WLDP_HOST_INFORMATION hostInformation = new WLDP_HOST_INFORMATION(); hostInformation.dwRevision = WldpNativeConstants.WLDP_HOST_INFORMATION_REVISION; hostInformation.dwHostId = WLDP_HOST_ID.WLDP_HOST_ID_POWERSHELL; int pIsApproved = 0; int result = WldpNativeMethods.WldpIsClassInApprovedList(ref clsid, ref hostInformation, ref pIsApproved, 0); if (result >= 0) { if (pIsApproved == 1) { // Hook for testability. If we've got an environmental override, say that ADODB.Parameter // is not allowed. // 0000050b-0000-0010-8000-00aa006d2ea4 = ADODB.Parameter if (s_wasSystemPolicyDebugPolicy) { if (String.Equals(clsid.ToString(), "0000050b-0000-0010-8000-00aa006d2ea4", StringComparison.OrdinalIgnoreCase)) { return false; } } return true; } } return false; } catch (DllNotFoundException) { // Hook for testability. IsClassInApprovedList is only called when the system is in global lockdown mode, // so this wouldn't be allowed in regular ConstrainedLanguage mode. // f6d90f11-9c73-11d3-b32e-00c04f990bb4 = MSXML2.DOMDocument if (String.Equals(clsid.ToString(), "f6d90f11-9c73-11d3-b32e-00c04f990bb4", StringComparison.OrdinalIgnoreCase)) { return true; } return false; } }
private static SystemEnforcementMode GetWldpPolicy(string path, SafeHandle handle) { // If the WLDP assembly is missing (such as windows 7 or down OS), return default/None to skip WLDP validation if (s_hadMissingWldpAssembly || !IO.File.Exists(IO.Path.Combine(Environment.SystemDirectory, "wldp.dll"))) { s_hadMissingWldpAssembly = true; return s_cachedWldpSystemPolicy.GetValueOrDefault(SystemEnforcementMode.None); } // If path is NULL, see if we have the cached system-wide lockdown policy. if (String.IsNullOrEmpty(path)) { if ((s_cachedWldpSystemPolicy != null) && (!InternalTestHooks.BypassAppLockerPolicyCaching)) { return s_cachedWldpSystemPolicy.Value; } } try { WLDP_HOST_INFORMATION hostInformation = new WLDP_HOST_INFORMATION(); hostInformation.dwRevision = WldpNativeConstants.WLDP_HOST_INFORMATION_REVISION; hostInformation.dwHostId = WLDP_HOST_ID.WLDP_HOST_ID_POWERSHELL; if (!String.IsNullOrEmpty(path)) { hostInformation.szSource = path; if (handle != null) { IntPtr fileHandle = IntPtr.Zero; fileHandle = handle.DangerousGetHandle(); hostInformation.hSource = fileHandle; } } uint pdwLockdownState = 0; int result = WldpNativeMethods.WldpGetLockdownPolicy(ref hostInformation, ref pdwLockdownState, 0); if (result >= 0) { SystemEnforcementMode resultingLockdownPolicy = GetLockdownPolicyForResult(pdwLockdownState); // If this is a query for the system-wide lockdown policy, cache it. if (String.IsNullOrEmpty(path)) { s_cachedWldpSystemPolicy = resultingLockdownPolicy; } return resultingLockdownPolicy; } else { // API failure? return SystemEnforcementMode.Enforce; } } catch (DllNotFoundException) { s_hadMissingWldpAssembly = true; return s_cachedWldpSystemPolicy.GetValueOrDefault(SystemEnforcementMode.None); } }
public static SystemEnforcementMode GetLockdownPolicy(string path, SafeHandle handle) { try { if (hadMissingWldpAssembly) { return GetDebugLockdownPolicy(path); } WLDP_HOST_INFORMATION pHostInformation = new WLDP_HOST_INFORMATION { dwRevision = 1, dwHostId = WLDP_HOST_ID.WLDP_HOST_ID_POWERSHELL }; if (!string.IsNullOrEmpty(path)) { pHostInformation.szSource = path; if (handle != null) { IntPtr zero = IntPtr.Zero; zero = handle.DangerousGetHandle(); pHostInformation.hSource = zero; } } int pdwLockdownState = 0; WldpNativeMethods.WldpGetLockdownPolicy(ref pHostInformation, ref pdwLockdownState, 0); return GetLockdownPolicyForResult(pdwLockdownState); } catch (DllNotFoundException) { hadMissingWldpAssembly = true; return GetDebugLockdownPolicy(path); } }
internal static bool IsClassInApprovedList(Guid clsid) { try { WLDP_HOST_INFORMATION pHostInformation = new WLDP_HOST_INFORMATION { dwRevision = 1, dwHostId = WLDP_HOST_ID.WLDP_HOST_ID_POWERSHELL }; int ptIsApproved = 0; WldpNativeMethods.WldpIsClassInApprovedList(ref clsid, ref pHostInformation, ref ptIsApproved, 0); return (ptIsApproved == 1); } catch (DllNotFoundException) { return string.Equals(clsid.ToString(), "f6d90f11-9c73-11d3-b32e-00c04f990bb4", StringComparison.OrdinalIgnoreCase); } }