diff --git a/PInvoke/Security/AdvApi32/WinNT.cs b/PInvoke/Security/AdvApi32/WinNT.cs
index c9d50af4..05f84b1e 100644
--- a/PInvoke/Security/AdvApi32/WinNT.cs
+++ b/PInvoke/Security/AdvApi32/WinNT.cs
@@ -951,6 +951,26 @@ namespace Vanara.PInvoke
TOKEN_EXECUTE = 0x00020000
}
+ /// The mandatory integrity access policy for the associated token.
+ [PInvokeData("winnt.h", MSDNShortId = "f5fc438b-c4f0-46f6-a188-52ce660d13da")]
+ public enum TokenMandatoryPolicy
+ {
+ /// No mandatory integrity policy is enforced for the token.
+ TOKEN_MANDATORY_POLICY_OFF = 0x0,
+
+ /// A process associated with the token cannot write to objects that have a greater mandatory integrity level.
+ TOKEN_MANDATORY_POLICY_NO_WRITE_UP = 0x1,
+
+ ///
+ /// A process created with the token has an integrity level that is the lesser of the parent-process integrity level and the
+ /// executable-file integrity level.
+ ///
+ TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN = 0x2,
+
+ /// A combination of TOKEN_MANDATORY_POLICY_NO_WRITE_UP and TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN.
+ TOKEN_MANDATORY_POLICY_VALID_MASK = 0x3,
+ }
+
///
///
/// The WELL_KNOWN_SID_TYPE enumeration is a list of commonly used security identifiers (SIDs). Programs can pass these values
@@ -3868,14 +3888,39 @@ namespace Vanara.PInvoke
public SID_AND_ATTRIBUTES Label;
}
- /// The TOKEN_MANDATORY_POLICY structure specifies the mandatory integrity policy for a token.
+ /// The TOKEN_MANDATORY_POLICY structure specifies the mandatory integrity policy for a token.
+ // https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-token_mandatory_policy
+ // typedef struct _TOKEN_MANDATORY_POLICY { DWORD Policy; } TOKEN_MANDATORY_POLICY, *PTOKEN_MANDATORY_POLICY;
+ [PInvokeData("winnt.h", MSDNShortId = "f5fc438b-c4f0-46f6-a188-52ce660d13da")]
[StructLayout(LayoutKind.Sequential)]
- [PInvokeData("WinNT.h", MSDNShortId = "bb394728")]
public struct TOKEN_MANDATORY_POLICY
{
- /// The mandatory integrity access policy for the associated token.
- // TODO: Convert to enum
- public uint Policy;
+ ///
+ /// The mandatory integrity access policy for the associated token. This can be one of the following values.
+ ///
+ ///
+ /// Value
+ /// Meaning
+ ///
+ /// -
+ /// TOKEN_MANDATORY_POLICY_OFF 0x0
+ /// No mandatory integrity policy is enforced for the token.
+ ///
+ /// -
+ /// TOKEN_MANDATORY_POLICY_NO_WRITE_UP 0x1
+ /// A process associated with the token cannot write to objects that have a greater mandatory integrity level.
+ ///
+ /// -
+ /// TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN 0x2
+ /// A process created with the token has an integrity level that is the lesser of the parent-process integrity level and the executable-file integrity level.
+ ///
+ /// -
+ /// TOKEN_MANDATORY_POLICY_VALID_MASK 0x3
+ /// A combination of TOKEN_MANDATORY_POLICY_NO_WRITE_UP and TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN.
+ ///
+ ///
+ ///
+ public TokenMandatoryPolicy Policy;
}
///