Created
October 19, 2017 18:38
-
-
Save mattifestation/dbe732f853577eab521b5f990f8f0094 to your computer and use it in GitHub Desktop.
AppLocker Configuration Schema
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0"?> | |
<xs:schema attributeFormDefault="unqualified" | |
elementFormDefault="qualified" | |
xmlns:xs="http://www.w3.org/2001/XMLSchema" | |
version="1.0"> | |
<!-- --> | |
<!-- AppLockerPolicy-Type --> | |
<!-- --> | |
<xs:element name="AppLockerPolicy" | |
type="PolicyType"> | |
<xs:unique name="UniqueRuleCollectionTypeConstraint"> | |
<xs:selector xpath="RuleCollection"/> | |
<xs:field xpath="@Type"/> | |
</xs:unique> | |
<xs:unique name="UniqueRuleIdConstraint"> | |
<xs:selector xpath="RuleCollection/*"/> | |
<xs:field xpath="@Id"/> | |
</xs:unique> | |
</xs:element> | |
<!-- --> | |
<!-- Policy-Type --> | |
<!-- --> | |
<xs:complexType name="PolicyType"> | |
<xs:sequence> | |
<xs:element name="RuleCollection" | |
type="RuleCollectionType" | |
minOccurs="0" | |
maxOccurs="unbounded"> | |
</xs:element> | |
<xs:element name="PolicyExtensions" | |
type="PolicyExtensionsType" | |
minOccurs="0" | |
maxOccurs="1"> | |
</xs:element> | |
</xs:sequence> | |
<xs:attribute name="Version" | |
type="PolicyVersionType" | |
use="required"/> | |
</xs:complexType> | |
<!-- --> | |
<!-- PolicyVersion-Type --> | |
<!-- --> | |
<xs:simpleType name="PolicyVersionType"> | |
<xs:restriction base="xs:decimal"> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- RuleCollection-Type --> | |
<!-- --> | |
<xs:complexType name="RuleCollectionType"> | |
<xs:sequence> | |
<xs:choice minOccurs="0" | |
maxOccurs="unbounded"> | |
<xs:element name="FilePublisherRule" | |
type="FilePublisherRuleType" | |
minOccurs="0" | |
maxOccurs="unbounded"> | |
</xs:element> | |
<xs:element name="FilePathRule" | |
type="FilePathRuleType" | |
minOccurs="0" | |
maxOccurs="unbounded"> | |
</xs:element> | |
<xs:element name="FileHashRule" | |
type="FileHashRuleType" | |
minOccurs="0" | |
maxOccurs="unbounded"> | |
</xs:element> | |
</xs:choice> | |
<xs:element name="RuleCollectionExtensions" | |
type="RuleCollectionExtensionsType" | |
minOccurs="0" | |
maxOccurs="1"> | |
</xs:element> | |
</xs:sequence> | |
<xs:attribute name="Type" | |
type="xs:string" | |
use="required"/> | |
<xs:attribute name="EnforcementMode" | |
type="EnforcementModeType" | |
use="optional"/> | |
</xs:complexType> | |
<!-- --> | |
<!-- PolicyExtensions-Type --> | |
<!-- --> | |
<xs:complexType name="PolicyExtensionsType"> | |
<xs:sequence> | |
<xs:element name="ThresholdExtensions" | |
type="ThresholdPolicyExtensionsType" | |
minOccurs="1" | |
maxOccurs="1" /> | |
<xs:any processContents="lax" | |
minOccurs="0" | |
maxOccurs="unbounded" /> | |
</xs:sequence> | |
</xs:complexType> | |
<!-- --> | |
<!-- RuleCollectionExtensions-Type --> | |
<!-- --> | |
<xs:complexType name="RuleCollectionExtensionsType"> | |
<xs:sequence> | |
<xs:element name="ThresholdExtensions" | |
type="ThresholdCollectionExtensionsType" | |
minOccurs="1" | |
maxOccurs="1"> | |
<!-- --> | |
<!-- Because of the way schema validation works, ThresholdExtensions | |
must be present if RuleCollectionExtensions is present. Otherwise | |
it could be ambiguous whether a ThresholdExtensions element | |
matched the explicit element, or the xs:any element. As new | |
extensions are invented in subsequent releases, they can follow | |
the same model. --> | |
<!-- --> | |
</xs:element> | |
<xs:element name="RedstoneExtensions" | |
type="RedstoneCollectionExtensionsType" | |
minOccurs="1" | |
maxOccurs="1" /> | |
<xs:any processContents="lax" | |
minOccurs="0" | |
maxOccurs="unbounded" /> | |
</xs:sequence> | |
</xs:complexType> | |
<!-- --> | |
<!-- EnforcementMode-Type --> | |
<!-- --> | |
<xs:simpleType name="EnforcementModeType"> | |
<xs:restriction base="xs:string"> | |
<xs:enumeration value="NotConfigured"/> | |
<xs:enumeration value="Enabled"/> | |
<xs:enumeration value="AuditOnly"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- FilePublisherRule-Type --> | |
<!-- --> | |
<xs:complexType name="FilePublisherRuleType"> | |
<xs:all> | |
<xs:element name="Conditions" | |
type="FilePublisherRuleConditionsType" | |
minOccurs="1" | |
maxOccurs="1" /> | |
<xs:element name="Exceptions" | |
type="FilePublisherRuleExceptionsType" | |
minOccurs="0" | |
maxOccurs="1" /> | |
</xs:all> | |
<xs:attributeGroup ref="RuleAttributes"/> | |
</xs:complexType> | |
<!-- --> | |
<!-- FilePathRule-Type --> | |
<!-- --> | |
<xs:complexType name="FilePathRuleType"> | |
<xs:all> | |
<xs:element name="Conditions" | |
type="FilePathRuleConditionsType" | |
minOccurs="1" | |
maxOccurs="1" /> | |
<xs:element name="Exceptions" | |
type="FilePathRuleExceptionsType" | |
minOccurs="0" | |
maxOccurs="1" /> | |
</xs:all> | |
<xs:attributeGroup ref="RuleAttributes"/> | |
</xs:complexType> | |
<!-- --> | |
<!-- FileHashRule-Type --> | |
<!-- --> | |
<xs:complexType name="FileHashRuleType"> | |
<xs:all> | |
<xs:element name="Conditions" | |
type="FileHashRuleConditionsType" | |
minOccurs="1" | |
maxOccurs="1" /> | |
</xs:all> | |
<xs:attributeGroup ref="RuleAttributes"/> | |
</xs:complexType> | |
<!-- --> | |
<!-- FilePublisherRuleConditions-Type --> | |
<!-- --> | |
<xs:complexType name="FilePublisherRuleConditionsType"> | |
<xs:sequence> | |
<xs:element name="FilePublisherCondition" | |
type="FilePublisherConditionType" | |
minOccurs="1" | |
maxOccurs="1"/> | |
</xs:sequence> | |
</xs:complexType> | |
<!-- --> | |
<!-- FilePublisherRuleExceptions-Type --> | |
<!-- --> | |
<xs:complexType name="FilePublisherRuleExceptionsType"> | |
<xs:sequence> | |
<xs:choice minOccurs="0" | |
maxOccurs="unbounded"> | |
<xs:element name="FilePublisherCondition" | |
type="FilePublisherConditionType" | |
minOccurs="0" | |
maxOccurs="unbounded"/> | |
<xs:element name="FilePathCondition" | |
type="FilePathConditionType" | |
minOccurs="0" | |
maxOccurs="unbounded"/> | |
<xs:element name="FileHashCondition" | |
type="FileHashConditionType" | |
minOccurs="0" | |
maxOccurs="unbounded"/> | |
</xs:choice> | |
</xs:sequence> | |
</xs:complexType> | |
<!-- --> | |
<!-- FilePathRuleConditions-Type --> | |
<!-- --> | |
<xs:complexType name="FilePathRuleConditionsType"> | |
<xs:sequence> | |
<xs:element name="FilePathCondition" | |
type="FilePathConditionType" | |
minOccurs="1" | |
maxOccurs="1"/> | |
</xs:sequence> | |
</xs:complexType> | |
<!-- --> | |
<!-- FilePathRuleExceptions-Type --> | |
<!-- --> | |
<xs:complexType name="FilePathRuleExceptionsType"> | |
<xs:sequence> | |
<xs:choice minOccurs="0" | |
maxOccurs="unbounded"> | |
<xs:element name="FilePathCondition" | |
type="FilePathConditionType" | |
minOccurs="0" | |
maxOccurs="unbounded"/> | |
<xs:element name="FilePublisherCondition" | |
type="FilePublisherConditionType" | |
minOccurs="0" | |
maxOccurs="unbounded"/> | |
<xs:element name="FileHashCondition" | |
type="FileHashConditionType" | |
minOccurs="0" | |
maxOccurs="unbounded"/> | |
</xs:choice> | |
</xs:sequence> | |
</xs:complexType> | |
<!-- --> | |
<!-- FileHashRuleConditions-Type --> | |
<!-- --> | |
<xs:complexType name="FileHashRuleConditionsType"> | |
<xs:sequence> | |
<xs:element name="FileHashCondition" | |
type="FileHashConditionType" | |
minOccurs="1" | |
maxOccurs="1"/> | |
</xs:sequence> | |
</xs:complexType> | |
<!-- --> | |
<!-- Rule-Attributes --> | |
<!-- --> | |
<xs:attributeGroup name="RuleAttributes"> | |
<xs:attribute name="Id" | |
type="GuidType" | |
use="required"/> | |
<xs:attribute name="Name" | |
type="RuleNameType" | |
use="required"/> | |
<xs:attribute name="Description" | |
type="RuleDescriptionType" | |
use="required"/> | |
<xs:attribute name="UserOrGroupSid" | |
type="SidType" | |
use="required"/> | |
<xs:attribute name="Action" | |
type="RuleActionType" | |
use="required"/> | |
</xs:attributeGroup> | |
<!-- --> | |
<!-- RuleName-Type --> | |
<!-- --> | |
<xs:simpleType name="RuleNameType"> | |
<xs:restriction base="xs:string"> | |
<xs:minLength value="1"/> | |
<xs:maxLength value="1024"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- RuleDescription-Type --> | |
<!-- --> | |
<xs:simpleType name="RuleDescriptionType"> | |
<xs:restriction base="xs:string"> | |
<xs:minLength value="0"/> | |
<xs:maxLength value="1024"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- RuleAction-Type --> | |
<!-- --> | |
<xs:simpleType name="RuleActionType"> | |
<xs:restriction base="xs:string"> | |
<xs:enumeration value="Allow"/> | |
<xs:enumeration value="Deny"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- FilePublisherCondition-Type --> | |
<!-- --> | |
<xs:complexType name="FilePublisherConditionType"> | |
<xs:all> | |
<xs:element name="BinaryVersionRange" | |
type="FileVersionRangeType" | |
minOccurs="1" | |
maxOccurs="1" /> | |
</xs:all> | |
<xs:attribute name="PublisherName" | |
type="PublisherNameType" | |
use="required"/> | |
<xs:attribute name="ProductName" | |
type="ProductNameType" | |
use="required"/> | |
<xs:attribute name="BinaryName" | |
type="BinaryNameType" | |
use="required"/> | |
</xs:complexType> | |
<!-- --> | |
<!-- PublisherName-Type --> | |
<!-- --> | |
<xs:simpleType name="PublisherNameType"> | |
<xs:restriction base="xs:string"> | |
<xs:minLength value="1"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- ProductName-Type --> | |
<!-- --> | |
<xs:simpleType name="ProductNameType"> | |
<xs:restriction base="xs:string"> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- BinaryName-Type --> | |
<!-- --> | |
<xs:simpleType name="BinaryNameType"> | |
<xs:restriction base="xs:string"> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- FileVersionRange-Type --> | |
<!-- --> | |
<xs:complexType name="FileVersionRangeType"> | |
<xs:attribute name="LowSection" | |
type="FileVersionType" | |
use="required"/> | |
<xs:attribute name="HighSection" | |
type="FileVersionType" | |
use="required"/> | |
</xs:complexType> | |
<!-- --> | |
<!-- FileVersion-Type --> | |
<!-- --> | |
<xs:simpleType name="FileVersionType"> | |
<xs:union memberTypes="SpecificFileVersionType AnyFileVersionType"/> | |
</xs:simpleType> | |
<!-- --> | |
<!-- SpecificFileVersion-Type --> | |
<!-- --> | |
<xs:simpleType name="SpecificFileVersionType"> | |
<xs:restriction base="xs:string"> | |
<xs:pattern value="([0-9]{1,5}.){3}[0-9]{1,5}"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- AnyFileVersion-Type --> | |
<!-- --> | |
<xs:simpleType name="AnyFileVersionType"> | |
<xs:restriction base="xs:string"> | |
<xs:enumeration value="*"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- FilePathCondition-Type --> | |
<!-- --> | |
<xs:complexType name="FilePathConditionType"> | |
<xs:attribute name="Path" | |
type="FilePathType" | |
use="required"/> | |
</xs:complexType> | |
<!-- --> | |
<!-- FilePath-Type --> | |
<!-- --> | |
<xs:simpleType name="FilePathType"> | |
<xs:restriction base="xs:string"> | |
<xs:minLength value="1"/> | |
<xs:maxLength value="32767"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- FileHashCondition-Type --> | |
<!-- --> | |
<xs:complexType name="FileHashConditionType"> | |
<xs:sequence> | |
<xs:element name="FileHash" | |
type="FileHashType" | |
minOccurs="1" | |
maxOccurs="unbounded"/> | |
</xs:sequence> | |
</xs:complexType> | |
<!-- --> | |
<!-- FileHash-Type --> | |
<!-- --> | |
<xs:complexType name="FileHashType"> | |
<xs:attribute name="Type" | |
type="HashType" | |
use="required"/> | |
<xs:attribute name="Data" | |
type="HashDataType" | |
use="required"/> | |
<xs:attribute name="SourceFileName" | |
type="xs:string" | |
use="optional"/> | |
<xs:attribute name="SourceFileLength" | |
type="xs:integer" | |
use="optional"/> | |
</xs:complexType> | |
<!-- --> | |
<!-- Hash-Type --> | |
<!-- --> | |
<xs:simpleType name="HashType"> | |
<xs:restriction base="xs:string"> | |
<xs:enumeration value="SHA256"/> | |
<xs:enumeration value="SHA256Flat"/> | |
<xs:enumeration value="SHA1"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- HashData-Type --> | |
<!-- --> | |
<xs:simpleType name="HashDataType"> | |
<xs:union memberTypes="SHA256HashDataType SHA256FlatHashDataType SHA1HashDataType"/> | |
</xs:simpleType> | |
<xs:simpleType name="SHA256HashDataType"> | |
<xs:restriction base="xs:string"> | |
<xs:pattern value="0x([0-9A-Fa-f]{64})"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<xs:simpleType name="SHA256FlatHashDataType"> | |
<xs:restriction base="xs:string"> | |
<xs:pattern value="0x([0-9A-Fa-f]{64})"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<xs:simpleType name="SHA1HashDataType"> | |
<xs:restriction base="xs:string"> | |
<xs:pattern value="0x([0-9A-Fa-f]{40})"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- ServicesEnforcementMode-Type --> | |
<!-- --> | |
<xs:simpleType name="ServicesEnforcementModeType"> | |
<xs:restriction base="xs:string"> | |
<xs:enumeration value="NotConfigured"/> | |
<xs:enumeration value="Enabled"/> | |
<xs:enumeration value="ServicesOnly"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- Services-Type --> | |
<!-- --> | |
<xs:complexType name="ServicesType"> | |
<xs:attribute name="EnforcementMode" | |
type="ServicesEnforcementModeType" | |
use="required"/> | |
</xs:complexType> | |
<!-- --> | |
<!-- ThresholdCollectionExtensions-Type --> | |
<!-- --> | |
<xs:complexType name="ThresholdCollectionExtensionsType"> | |
<xs:sequence> | |
<xs:element name="Services" | |
type="ServicesType" | |
minOccurs="0" | |
maxOccurs="1" /> | |
</xs:sequence> | |
</xs:complexType> | |
<!-- --> | |
<!-- AllowSystemApps-Type --> | |
<!-- --> | |
<xs:simpleType name="AllowSystemAppsType"> | |
<xs:restriction base="xs:string"> | |
<xs:enumeration value="Enabled" /> | |
<xs:enumeration value="NotEnabled" /> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- SystemApps-Type --> | |
<!-- --> | |
<xs:complexType name="SystemAppsType"> | |
<xs:attribute name="Allow" | |
type="AllowSystemAppsType" | |
use="required"/> | |
</xs:complexType> | |
<!-- --> | |
<!-- OriginDataRevocation-Type --> | |
<!-- --> | |
<xs:complexType name="OriginDataRevocationType"> | |
<xs:attribute name="CurrentOriginDataId" | |
type="xs:unsignedInt" | |
use="required"/> | |
<xs:attribute name="TrustedOriginDataId" | |
type="xs:unsignedInt" | |
use="required"/> | |
</xs:complexType> | |
<!-- --> | |
<!-- RedstoneCollectionExtensions-Type --> | |
<!-- --> | |
<xs:complexType name="RedstoneCollectionExtensionsType"> | |
<xs:sequence> | |
<xs:element name="SystemApps" | |
type="SystemAppsType" | |
minOccurs="0" | |
maxOccurs="1" /> | |
<xs:element name="OriginDataRevocation" | |
type="OriginDataRevocationType" | |
minOccurs="0" | |
maxOccurs="1" /> | |
</xs:sequence> | |
</xs:complexType> | |
<!-- --> | |
<!-- ThresholdPolicyExtensions-Type --> | |
<!-- --> | |
<xs:complexType name="ThresholdPolicyExtensionsType"> | |
<xs:sequence> | |
<xs:element name="Plugins" | |
type="PluginsType" | |
minOccurs="0" | |
maxOccurs="1" /> | |
</xs:sequence> | |
</xs:complexType> | |
<xs:complexType name="PluginsType"> | |
<xs:sequence> | |
<xs:element name="Plugin" | |
type="PluginType" | |
minOccurs="0" | |
maxOccurs="unbounded" /> | |
</xs:sequence> | |
</xs:complexType> | |
<xs:complexType name="PluginType"> | |
<xs:sequence> | |
<xs:element name="ExecutionCategories" | |
type="ExecutionCategoriesType" | |
minOccurs="1" | |
maxOccurs="1" /> | |
</xs:sequence> | |
<xs:attribute name="Name" type="xs:string" /> | |
<xs:attribute name="Id" type="GuidType" /> | |
</xs:complexType> | |
<xs:complexType name="ExecutionCategoriesType"> | |
<xs:sequence> | |
<xs:element name="ExecutionCategory" | |
type="ExecutionCategoryType" | |
minOccurs="1" | |
maxOccurs="unbounded" /> | |
</xs:sequence> | |
</xs:complexType> | |
<xs:complexType name="ExecutionCategoryType"> | |
<xs:sequence> | |
<xs:element name="Policies" | |
type="PluginPoliciesType" | |
minOccurs="0" | |
maxOccurs="1" /> | |
</xs:sequence> | |
<xs:attribute name="Id" | |
type="GuidType" /> | |
<xs:attribute name="AppidTypes" | |
type="AttributeListType" | |
use="optional" /> | |
</xs:complexType> | |
<xs:simpleType name="AttributeListType"> | |
<xs:list itemType="AttributeEnumType" /> | |
</xs:simpleType> | |
<xs:simpleType name="AttributeEnumType"> | |
<xs:restriction base="xs:string"> | |
<xs:enumeration value="Hash" /> | |
<xs:enumeration value="Path" /> | |
<xs:enumeration value="Publisher" /> | |
</xs:restriction> | |
</xs:simpleType> | |
<xs:complexType name="PluginPoliciesType"> | |
<xs:sequence> | |
<xs:element name="Policy" | |
type="PluginPolicyType" | |
minOccurs="0" | |
maxOccurs="unbounded" /> | |
</xs:sequence> | |
</xs:complexType> | |
<xs:complexType name="PluginPolicyType"> | |
<xs:attribute name="Id" | |
type="GuidType" /> | |
</xs:complexType> | |
<!-- --> | |
<!-- Generic Types... --> | |
<!-- --> | |
<!-- --> | |
<!-- Boolean-Type --> | |
<!-- --> | |
<xs:simpleType name="BooleanType"> | |
<xs:restriction base="xs:string"> | |
<xs:enumeration value="True"/> | |
<xs:enumeration value="False"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- Guid-Type --> | |
<!-- --> | |
<xs:simpleType name="GuidType"> | |
<xs:restriction base="xs:string"> | |
<xs:pattern value="[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}"/> | |
</xs:restriction> | |
</xs:simpleType> | |
<!-- --> | |
<!-- Sid-Type --> | |
<!-- --> | |
<xs:simpleType name="SidType"> | |
<xs:restriction base="xs:string"> | |
<xs:minLength value="7"/> | |
<xs:pattern value="S-1(-[0-9a-fA-F]+)+"/> | |
</xs:restriction> | |
</xs:simpleType> | |
</xs:schema> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment