OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 // | |
5 // This file contains snippets borrowed from the Vista SDK version of | |
6 // WinNT.h, (c) Microsoft (2006) | |
7 | |
8 #ifndef RLZ_WIN_LIB_VISTA_WINNT_H_ | |
9 #define RLZ_WIN_LIB_VISTA_WINNT_H_ | |
10 | |
11 #include <windows.h> | |
12 | |
13 // If no Vista SDK yet, borrow these from Vista's version of WinNT.h | |
14 #ifndef SE_GROUP_INTEGRITY | |
15 | |
16 // TOKEN_MANDATORY_LABEL.Label.Attributes = SE_GROUP_INTEGRITY | |
17 #define SE_GROUP_INTEGRITY (0x00000020L) | |
18 #define SE_GROUP_INTEGRITY_ENABLED (0x00000040L) | |
19 | |
20 typedef struct _TOKEN_MANDATORY_LABEL { | |
21 SID_AND_ATTRIBUTES Label; | |
22 } TOKEN_MANDATORY_LABEL, *PTOKEN_MANDATORY_LABEL; | |
23 | |
24 // These are a few new enums for TOKEN_INFORMATION_CLASS | |
25 #define TokenElevationType static_cast<TOKEN_INFORMATION_CLASS>(18) | |
26 #define TokenLinkedToken static_cast<TOKEN_INFORMATION_CLASS>(19) | |
27 #define TokenElevation static_cast<TOKEN_INFORMATION_CLASS>(20) | |
28 #define TokenHasRestrictions static_cast<TOKEN_INFORMATION_CLASS>(21) | |
29 #define TokenAccessInformation static_cast<TOKEN_INFORMATION_CLASS>(22) | |
30 #define TokenVirtualizationAllowed static_cast<TOKEN_INFORMATION_CLASS>(23) | |
31 #define TokenVirtualizationEnabled static_cast<TOKEN_INFORMATION_CLASS>(24) | |
32 // TokenIntegrityLevel is the proces's privilege level, low, med, or high | |
33 #define TokenIntegrityLevel static_cast<TOKEN_INFORMATION_CLASS>(25) | |
34 // TokenIntegrityLevelDeasktop is an alternate level used for access apis | |
35 // (screen readers, imes) | |
36 #define TokenIntegrityLevelDesktop static_cast<TOKEN_INFORMATION_CLASS>(26) | |
37 | |
38 // This is a new flag to pass to GetNamedSecurityInfo or SetNamedSecurityInfo | |
39 // that puts the mandatory level label info in an access control list (ACL) | |
40 // structure in the parameter normally used for system acls (SACL) | |
41 #define LABEL_SECURITY_INFORMATION (0x00000010L) | |
42 | |
43 // The new Access Control Entry type identifier for mandatory labels | |
44 #define SYSTEM_MANDATORY_LABEL_ACE_TYPE (0x11) | |
45 | |
46 // The structure of mandatory label acess control binary entry | |
47 typedef struct _SYSTEM_MANDATORY_LABEL_ACE { | |
48 ACE_HEADER Header; | |
49 ACCESS_MASK Mask; | |
50 DWORD SidStart; | |
51 } SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE; | |
52 | |
53 // Masks for ACCESS_MASK above | |
54 #define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP 0x1 | |
55 #define SYSTEM_MANDATORY_LABEL_NO_READ_UP 0x2 | |
56 #define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP 0x4 | |
57 #define SYSTEM_MANDATORY_LABEL_VALID_MASK \ | |
58 (SYSTEM_MANDATORY_LABEL_NO_WRITE_UP | \ | |
59 SYSTEM_MANDATORY_LABEL_NO_READ_UP | \ | |
60 SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP) | |
61 | |
62 // The SID authority for mandatory labels | |
63 #define SECURITY_MANDATORY_LABEL_AUTHORITY {0, 0, 0, 0, 0, 16} | |
64 | |
65 // the RID values (sub authorities) that define mandatory label levels | |
66 #define SECURITY_MANDATORY_UNTRUSTED_RID (0x00000000L) | |
67 #define SECURITY_MANDATORY_LOW_RID (0x00001000L) | |
68 #define SECURITY_MANDATORY_MEDIUM_RID (0x00002000L) | |
69 #define SECURITY_MANDATORY_HIGH_RID (0x00003000L) | |
70 #define SECURITY_MANDATORY_SYSTEM_RID (0x00004000L) | |
71 #define SECURITY_MANDATORY_UI_ACCESS_RID (0x00004100L) | |
72 #define SECURITY_MANDATORY_PROTECTED_PROCESS_RID (0x00005000L) | |
73 | |
74 // Vista's mandatory labels, enumerated | |
75 typedef enum _MANDATORY_LEVEL { | |
76 MandatoryLevelUntrusted = 0, | |
77 MandatoryLevelLow, | |
78 MandatoryLevelMedium, | |
79 MandatoryLevelHigh, | |
80 MandatoryLevelSystem, | |
81 MandatoryLevelSecureProcess, | |
82 MandatoryLevelCount | |
83 } MANDATORY_LEVEL, *PMANDATORY_LEVEL; | |
84 | |
85 | |
86 // Token elevation values describe the relative strength of a given token. | |
87 // A full token is a token with all groups and privileges to which the | |
88 // principal is authorized. A limited token is one with some groups or | |
89 // privileges removed. | |
90 | |
91 typedef enum _TOKEN_ELEVATION_TYPE { | |
92 TokenElevationTypeDefault = 1, | |
93 TokenElevationTypeFull, | |
94 TokenElevationTypeLimited, | |
95 } TOKEN_ELEVATION_TYPE, *PTOKEN_ELEVATION_TYPE; | |
96 | |
97 #endif // #ifndef SE_GROUP_INTEGRITY | |
98 | |
99 #endif // RLZ_WIN_LIB_VISTA_WINNT_H_ | |
OLD | NEW |