internal static int WldpIsClassInApprovedList(ref Guid rclsid, ref SystemPolicy.WLDP_HOST_INFORMATION pHostInformation, ref int ptIsApproved, int dwFlags)
{
ptIsApproved = 1;
return 1;
}
/// <summary>
/// Gets the system wide script file policy enforcement for an open file.
/// Based on system WDAC (Windows Defender Application Control) or AppLocker policies.
/// </summary>
/// <param name="filePath">Script file path for policy check.</param>
/// <param name="fileStream">FileStream object to script file path.</param>
/// <returns>Policy check result for script file.</returns>
public static SystemScriptFileEnforcement GetFilePolicyEnforcement(
string filePath,
System.IO.FileStream fileStream)
{
SafeHandle fileHandle = fileStream.SafeFileHandle;
// First check latest WDAC APIs if available.
if (s_wldpCanExecuteAvailable)
{
try
{
string fileName = System.IO.Path.GetFileNameWithoutExtension(filePath);
string auditMsg = $"PowerShell ExternalScriptInfo reading file: {fileName}";
int hr = WldpNativeMethods.WldpCanExecuteFile(
host: PowerShellHost,
options: WLDP_EXECUTION_EVALUATION_OPTIONS.WLDP_EXECUTION_EVALUATION_OPTION_NONE,
fileHandle: fileHandle.DangerousGetHandle(),
auditInfo: auditMsg,
result: out WLDP_EXECUTION_POLICY canExecuteResult);
if (hr >= 0)
{
switch (canExecuteResult)
{
case WLDP_EXECUTION_POLICY.WLDP_CAN_EXECUTE_ALLOWED:
return(SystemScriptFileEnforcement.Allow);
case WLDP_EXECUTION_POLICY.WLDP_CAN_EXECUTE_BLOCKED:
return(SystemScriptFileEnforcement.Block);
case WLDP_EXECUTION_POLICY.WLDP_CAN_EXECUTE_REQUIRE_SANDBOX:
return(SystemScriptFileEnforcement.AllowConstrained);
default:
// Fall through to legacy system policy checks.
System.Diagnostics.Debug.Assert(false, $"Unknown execution policy returned from WldCanExecute: {canExecuteResult}");
break;
}
}
// If HResult is unsuccessful (such as E_NOTIMPL (0x80004001)), fall through to legacy system checks.
}
catch (DllNotFoundException)
{
// Fall back to legacy system policy checks.
s_wldpCanExecuteAvailable = false;
}
catch (EntryPointNotFoundException)
{
// Fall back to legacy system policy checks.
s_wldpCanExecuteAvailable = false;
}
}
// Original (legacy) WDAC and AppLocker system checks.
if (SystemPolicy.GetSystemLockdownPolicy() != SystemEnforcementMode.None)
{
switch (SystemPolicy.GetLockdownPolicy(filePath, fileHandle))
{
case SystemEnforcementMode.Enforce:
return(SystemScriptFileEnforcement.AllowConstrained);
case SystemEnforcementMode.None:
case SystemEnforcementMode.Audit:
return(SystemScriptFileEnforcement.Allow);
default:
System.Diagnostics.Debug.Assert(false, "GetFilePolicyEnforcement: Unknown SystemEnforcementMode.");
return(SystemScriptFileEnforcement.Block);
}
}
return(SystemScriptFileEnforcement.None);
}
/*
[DllImport("wldp.dll")]
internal static extern int WldpGetLockdownPolicy(ref SystemPolicy.WLDP_HOST_INFORMATION pHostInformation, ref int pdwLockdownState, int dwFlags);
[DllImport("wldp.dll")]
internal static extern int WldpIsClassInApprovedList(ref Guid rclsid, ref SystemPolicy.WLDP_HOST_INFORMATION pHostInformation, ref int ptIsApproved, int dwFlags);
*/
internal static int WldpGetLockdownPolicy (ref SystemPolicy.WLDP_HOST_INFORMATION pHostInformation, ref int pdwLockdownState, int dwFlags)
{
if (pHostInformation.szSource != null) {
var fi = new System.IO.FileInfo (pHostInformation.szSource);
dwFlags = 1;
if (fi.Exists) {
if (fi.Directory.FullName.IndexOf (PowerShellConfiguration.PowerShellEngine.ApplicationBase, StringComparison.OrdinalIgnoreCase) != -1) {
pdwLockdownState = WldpNativeConstants.WLDP_LOCKDOWN_UNDEFINED;
return 1;
}
}
}
pdwLockdownState = WldpNativeConstants.WLDP_LOCKDOWN_UMCIENFORCE_FLAG;
return 1;
}