diff options
Diffstat (limited to 'src/inc/corpolicy.h')
-rw-r--r-- | src/inc/corpolicy.h | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/src/inc/corpolicy.h b/src/inc/corpolicy.h new file mode 100644 index 0000000000..ce37db463e --- /dev/null +++ b/src/inc/corpolicy.h @@ -0,0 +1,129 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + + +#ifndef _CORPOLICY_H +#define _CORPOLICY_H + +#include <ole2.h> // Definitions of OLE types. + +#ifdef __cplusplus +extern "C" { +#endif + +#include "product_version.h" + +// {D41E4F1D-A407-11d1-8BC9-00C04FA30A41} +#define COR_POLICY_PROVIDER_DOWNLOAD \ +{ 0xd41e4f1d, 0xa407, 0x11d1, {0x8b, 0xc9, 0x0, 0xc0, 0x4f, 0xa3, 0xa, 0x41 } } + +// {D41E4F1E-A407-11d1-8BC9-00C04FA30A41} +#define COR_POLICY_PROVIDER_CHECK \ +{ 0xd41e4f1e, 0xa407, 0x11d1, {0x8b, 0xc9, 0x0, 0xc0, 0x4f, 0xa3, 0xa, 0x41 } } + + +// {D41E4F1F-A407-11d1-8BC9-00C04FA30A41} +#define COR_POLICY_LOCKDOWN_CHECK \ +{ 0xd41e4f1f, 0xa407, 0x11d1, {0x8b, 0xc9, 0x0, 0xc0, 0x4f, 0xa3, 0xa, 0x41 } } + + +#ifndef FEATURE_CORECLR +// See if we're set up to do a version check +#if (VER_MAJORVERSION < 4) +#error "Looks like major version isn't set correctly. Are you including product_version.h?" +#endif + +// The following check has been added to ensure the right thing is done +// for SxS compatibility of mscorsecimpl.dll when moving to a new framework +// version. +// +// The library is registered using a full path and a GUID in the following location: +// HKLM\SOFTWARE\Microsoft\Cryptography\Providers\Trust\* +// With a new SxS version of the framework, we need to move to a new +// GUID so older versions continue to work unimpacted. +// +// The check will fail when the runtime version changes; when it does, +// please do the following: +// +// If the new version is NOT a SxS release with the version number in the #if, +// update the version number in the #if below to the new version and you're done. +// +// If the new release is a SxS release, then there's a bit more work involved: +// 1. Change COREE_POLICY_PROVIDER in CorPolicy.h to a new GUID. +// 2. Update batchSetup to use the new GUID. To do so, update +// all occurrences of the GUID in +// ndp\clr\src\dlls\mscorsecimpl\mscorsecimpl.vrg +// 3. Update "real" setup to use the new GUID. To do so, update +// all occurrences of the GUID in +// setupauthoring\netfx\clr\Components\mscorsec.dll.ddc +// 4. Update the version number in the #if below. + +#if !(VER_MAJORVERSION == 4 && VER_MINORVERSION == 0) +#error "The guid for mscorsecimpl needs to change when the runtime version changes" +#endif + +// {A7F4C378-21BE-494e-BA0F-BB12C5D208C5} +#define COREE_POLICY_PROVIDER \ +{ 0xa7f4c378, 0x21be, 0x494e, {0xba, 0x0f, 0xbb, 0x12, 0xc5, 0xd2, 0x08, 0xc5 } } + +#endif //#ifndef FEATURE_CORECLR + +// This structure is returned from the winverify trust call, free up the structure +// using CoTaskMemAlloc except for COREE_POLICY_PROVIDER which uses LocalALLoc. + +typedef struct _COR_TRUST { + DWORD cbSize; // Size of structure + DWORD flag; // Reserved + BOOL fAllActiveXPermissions; // ActiveX explicitly asked for all (must have been signed) + BOOL fAllPermissions; // Cor permissions, explicit ask for all + DWORD dwEncodingType; // Encoding type + PBYTE pbCorPermissions; // Encoded cor permission blob + DWORD cbCorPermissions; + PBYTE pbSigner; // Encoded signer. + DWORD cbSigner; + LPCWSTR pwszZone; // Zone index (copied from action data) + GUID guidZone; // Not used currently + HRESULT hVerify; // Authenticode policy return +} COR_TRUST, *PCOR_TRUST; + +// Pass this structure into WinVerifyTrust (corpol trust provider). The result +// is returned in pbCorTrust. +typedef struct _COR_POLICY_PROVIDER { + DWORD cbSize; // Size of policy provider + LPVOID pZoneManager; // Zone interface manager + LPCWSTR pwszZone; // Zone index + BOOL fNoBadUI; // Optional bad ui + PCOR_TRUST pbCorTrust; // Returned cor information (CoTaskMemAlloc) + DWORD cbCorTrust; // Total allocated size of pCorTrust + DWORD dwActionID; // Optional ActionID ID + DWORD dwUnsignedActionID; // Optional ActionID ID + BOOL VMBased; // Called from VM (FALSE by DEFAULT) + DWORD dwZoneIndex; // IE zone numbers +} COR_POLICY_PROVIDER, *PCOR_POLICY_PROVIDER; + +// Returned flags in COR_TRUST flag +#define COR_NOUI_DISPLAYED 0x1 +#define COR_DELAYED_PERMISSIONS 0x02 // The subject was unsigned, returned + // look up information in pbCorPermissions + // to be passed into GetUnsignedPermissions(). + // If this flag is not set and pbCorPermissions + // is not NULL then pbCorPermissions contains + // encoded permissions + +//-------------------------------------------------------------------- +// For COR_POLICY_LOCKDOWN_CHECK: +// ----------------------------- + +// Structure to pass into WVT +typedef struct _COR_LOCKDOWN { + DWORD cbSize; // Size of policy provider + DWORD flag; // reserved + BOOL fAllPublishers; // Trust all publishers or just ones in the trusted data base +} COR_LOCKDOWN, *PCOR_LOCKDOWN; + +#ifdef __cplusplus +} +#endif + +#endif // _CORPOLICY_H |