public static SystemEnforcementMode GetLockdownPolicy(string path, SafeHandle handle) { try { if (hadMissingWldpAssembly) { return(GetDebugLockdownPolicy(path)); } WLDP_HOST_INFORMATION pHostInformation = new WLDP_HOST_INFORMATION { dwRevision = 1, dwHostId = WLDP_HOST_ID.WLDP_HOST_ID_POWERSHELL }; if (!string.IsNullOrEmpty(path)) { pHostInformation.szSource = path; if (handle != null) { IntPtr zero = IntPtr.Zero; zero = handle.DangerousGetHandle(); pHostInformation.hSource = zero; } } int pdwLockdownState = 0; WldpNativeMethods.WldpGetLockdownPolicy(ref pHostInformation, ref pdwLockdownState, 0); return(GetLockdownPolicyForResult(pdwLockdownState)); } catch (DllNotFoundException) { hadMissingWldpAssembly = true; return(GetDebugLockdownPolicy(path)); } }
/// <summary> /// Gets lockdown policy as applied to a COM object. /// </summary> /// <returns>True if the COM object is allowed, False otherwise.</returns> internal static bool IsClassInApprovedList(Guid clsid) { // This method is called only if there is an AppLocker and/or WLDP system wide lock down enforcement policy. if (s_cachedWldpSystemPolicy.GetValueOrDefault(SystemEnforcementMode.None) != SystemEnforcementMode.Enforce) { // No WLDP policy implies only AppLocker policy enforcement. Disallow all COM object instantiation. return(false); } // WLDP policy must be in system wide enforcement, look up COM Id in WLDP approval list. try { WLDP_HOST_INFORMATION hostInformation = new WLDP_HOST_INFORMATION(); hostInformation.dwRevision = WldpNativeConstants.WLDP_HOST_INFORMATION_REVISION; hostInformation.dwHostId = WLDP_HOST_ID.WLDP_HOST_ID_POWERSHELL; int pIsApproved = 0; int result = WldpNativeMethods.WldpIsClassInApprovedList(ref clsid, ref hostInformation, ref pIsApproved, 0); if (result >= 0) { if (pIsApproved == 1) { // Hook for testability. If we've got an environmental override, say that ADODB.Parameter // is not allowed. // 0000050b-0000-0010-8000-00aa006d2ea4 = ADODB.Parameter if (s_allowDebugOverridePolicy) { if (string.Equals(clsid.ToString(), "0000050b-0000-0010-8000-00aa006d2ea4", StringComparison.OrdinalIgnoreCase)) { return(false); } } return(true); } } return(false); } catch (DllNotFoundException) { // Hook for testability. IsClassInApprovedList is only called when the system is in global lockdown mode, // so this wouldn't be allowed in regular ConstrainedLanguage mode. // f6d90f11-9c73-11d3-b32e-00c04f990bb4 = MSXML2.DOMDocument if (string.Equals(clsid.ToString(), "f6d90f11-9c73-11d3-b32e-00c04f990bb4", StringComparison.OrdinalIgnoreCase)) { return(true); } return(false); } }
internal static bool IsClassInApprovedList(Guid clsid) { try { WLDP_HOST_INFORMATION pHostInformation = new WLDP_HOST_INFORMATION { dwRevision = 1, dwHostId = WLDP_HOST_ID.WLDP_HOST_ID_POWERSHELL }; int ptIsApproved = 0; WldpNativeMethods.WldpIsClassInApprovedList(ref clsid, ref pHostInformation, ref ptIsApproved, 0); return(ptIsApproved == 1); } catch (DllNotFoundException) { return(string.Equals(clsid.ToString(), "f6d90f11-9c73-11d3-b32e-00c04f990bb4", StringComparison.OrdinalIgnoreCase)); } }
/// <summary> /// Gets lockdown policy as applied to a COM object /// </summary> /// <returns>True if the COM object is allowed, False otherwise.</returns> internal static bool IsClassInApprovedList(Guid clsid) { try { WLDP_HOST_INFORMATION hostInformation = new WLDP_HOST_INFORMATION(); hostInformation.dwRevision = WldpNativeConstants.WLDP_HOST_INFORMATION_REVISION; hostInformation.dwHostId = WLDP_HOST_ID.WLDP_HOST_ID_POWERSHELL; int pIsApproved = 0; int result = WldpNativeMethods.WldpIsClassInApprovedList(ref clsid, ref hostInformation, ref pIsApproved, 0); if (result >= 0) { if (pIsApproved == 1) { // Hook for testability. If we've got an environmental override, say that ADODB.Parameter // is not allowed. // 0000050b-0000-0010-8000-00aa006d2ea4 = ADODB.Parameter if (s_wasSystemPolicyDebugPolicy) { if (String.Equals(clsid.ToString(), "0000050b-0000-0010-8000-00aa006d2ea4", StringComparison.OrdinalIgnoreCase)) { return(false); } } return(true); } } return(false); } catch (DllNotFoundException) { // Hook for testability. IsClassInApprovedList is only called when the system is in global lockdown mode, // so this wouldn't be allowed in regular ConstrainedLanguage mode. // f6d90f11-9c73-11d3-b32e-00c04f990bb4 = MSXML2.DOMDocument if (String.Equals(clsid.ToString(), "f6d90f11-9c73-11d3-b32e-00c04f990bb4", StringComparison.OrdinalIgnoreCase)) { return(true); } return(false); } }
private static string GetKnownFolderPath(Guid knownFolderId) { IntPtr pszPath = IntPtr.Zero; try { int hr = WldpNativeMethods.SHGetKnownFolderPath(knownFolderId, 0, IntPtr.Zero, out pszPath); if (hr >= 0) { return(Marshal.PtrToStringAuto(pszPath)); } throw new System.IO.IOException(); } finally { if (pszPath != IntPtr.Zero) { Marshal.FreeCoTaskMem(pszPath); } } }
private static SystemEnforcementMode GetWldpPolicy(string path, SafeHandle handle) { // If the WLDP assembly is missing (such as windows 7 or down OS), return default/None to skip WLDP valification if (s_hadMissingWldpAssembly || !IO.File.Exists(IO.Path.Combine(Environment.SystemDirectory, "wldp.dll"))) { s_hadMissingWldpAssembly = true; return(s_cachedWldpSystemPolicy.GetValueOrDefault(SystemEnforcementMode.None)); } // If path is NULL, see if we have the cached system-wide lockdown policy. if (String.IsNullOrEmpty(path)) { if ((s_cachedWldpSystemPolicy != null) && (!InternalTestHooks.BypassAppLockerPolicyCaching)) { return(s_cachedWldpSystemPolicy.Value); } } try { WLDP_HOST_INFORMATION hostInformation = new WLDP_HOST_INFORMATION(); hostInformation.dwRevision = WldpNativeConstants.WLDP_HOST_INFORMATION_REVISION; hostInformation.dwHostId = WLDP_HOST_ID.WLDP_HOST_ID_POWERSHELL; if (!String.IsNullOrEmpty(path)) { hostInformation.szSource = path; if (handle != null) { IntPtr fileHandle = IntPtr.Zero; fileHandle = handle.DangerousGetHandle(); hostInformation.hSource = fileHandle; } } uint pdwLockdownState = 0; int result = WldpNativeMethods.WldpGetLockdownPolicy(ref hostInformation, ref pdwLockdownState, 0); if (result >= 0) { SystemEnforcementMode resultingLockdownPolicy = GetLockdownPolicyForResult(pdwLockdownState); // If this is a query for the system-wide lockdown policy, cache it. if (String.IsNullOrEmpty(path)) { s_cachedWldpSystemPolicy = resultingLockdownPolicy; } return(resultingLockdownPolicy); } else { // API failure? return(SystemEnforcementMode.Enforce); } } catch (DllNotFoundException) { s_hadMissingWldpAssembly = true; return(s_cachedWldpSystemPolicy.GetValueOrDefault(SystemEnforcementMode.None)); } }