Init

Author: 0x5bfa

Diff for: src/Files.App/Data/Contracts/IStorageSecurityService.cs

@@ -0,0 +1,60 @@
+// Copyright (c) 2024 Files Community
+// Licensed under the MIT License. See the LICENSE.
+
+using Windows.Win32.Foundation;
+
+namespace Files.App.Data.Contracts
+{
+	/// <summary>
+	/// Provides service to manage storage security objects on NTFS and ReFS.
+	/// </summary>
+	public interface IStorageSecurityService
+	{
+		/// <summary>
+		/// Get the owner of the object specified by the path.
+		/// </summary>
+		/// <param name="path">The file full path</param>
+		/// <returns>The SID string of the owner</returns>
+		string GetOwner(string path);
+
+		/// <summary>
+		/// Set the owner of the object specified by the path.
+		/// </summary>
+		/// <param name="path">The file full path</param>
+		/// <param name="sid">The owner security identifier (SID)</param>
+		/// <returns></returns>
+		bool SetOwner(string path, string sid);
+
+		/// <summary>
+		/// Get information about an access control list (ACL).
+		/// </summary>
+		/// <param name="path"></param>
+		/// <param name="isFolder"></param>
+		/// <returns>If the function succeeds, an instance of AccessControlList; otherwise, null. To get extended error information, call GetLastError.</returns>
+		WIN32_ERROR GetAccessControlList(string path, bool isFolder, out AccessControlList acl);
+
+		/// <summary>
+		/// Get access control list (ACL) initialized with default data.
+		/// </summary>
+		/// <param name="isFolder"></param>
+		/// <param name="ownerSid"></param>
+		/// <returns>If the function succeeds, an instance of AccessControlList; otherwise, null.</returns>
+		AccessControlEntry InitializeDefaultAccessControlEntry(bool isFolder, string ownerSid);
+
+		/// <summary>
+		/// Add an default Access Control Entry (ACE) to the specified object's DACL
+		/// </summary>
+		/// <param name="path">The object's path to add an new ACE to its DACL</param>
+		/// <param name="sid">Principal's SID</param>
+		/// <returns> If the function succeeds, the return value is ERROR_SUCCESS. If the function fails, the return value is a nonzero error code defined in WinError.h.</returns>
+		WIN32_ERROR AddAccessControlEntry(string szPath, string szSid);
+
+		/// <summary>
+		/// Add an Access Control Entry (ACE) from the specified object's DACL
+		/// </summary>
+		/// <param name="szPath">The object's path to remove an ACE from its DACL</param>
+		/// <param name="dwAceIndex"></param>
+		/// <returns></returns>
+		WIN32_ERROR RemoveAccessControlEntry(string szPath, uint dwAceIndex);
+	}
+}

Diff for: src/Files.App/Utils/Storage/Security/AccessControlEntryFlags.cs renamed to src/Files.App/Data/Enums/AccessControlEntryFlags.cs

@@ -1,7 +1,7 @@
 // Copyright (c) 2024 Files Community
 // Licensed under the MIT License. See the LICENSE.
 
-namespace Files.App.Utils.Storage
+namespace Files.App.Data.Enums
 {
 	/// <summary>
 	/// Represents inheritance flags of an ACE

Diff for: src/Files.App/Utils/Storage/Security/AccessControlEntryType.cs renamed to src/Files.App/Data/Enums/AccessControlEntryType.cs

@@ -1,7 +1,7 @@
 // Copyright (c) 2024 Files Community
 // Licensed under the MIT License. See the LICENSE.
 
-namespace Files.App.Utils.Storage
+namespace Files.App.Data.Enums
 {
 	/// <summary>
 	/// Represents ACE type.

Diff for: src/Files.App/Utils/Storage/Security/PrincipalType.cs renamed to src/Files.App/Data/Enums/AccessControlPrincipalType.cs

@@ -1,15 +1,15 @@
 // Copyright (c) 2024 Files Community
 // Licensed under the MIT License. See the LICENSE.
 
-namespace Files.App.Utils.Storage
+namespace Files.App.Data.Enums
 {
 	/// <summary>
 	/// Represents an ACL owner or an ACE principal type
 	/// </summary>
-	public enum PrincipalType
+	public enum AccessControlPrincipalType
 	{
 		/// <summary>
-		/// Unknwon principal type
+		/// Unknown principal type
 		/// </summary>
 		Unknown,
 

Diff for: src/Files.App/Utils/Storage/Security/AccessMaskFlags.cs renamed to src/Files.App/Data/Enums/AccessMaskFlags.cs

@@ -1,7 +1,7 @@
 // Copyright (c) 2024 Files Community
 // Licensed under the MIT License. See the LICENSE.
 
-namespace Files.App.Utils.Storage
+namespace Files.App.Data.Enums
 {
 	/// <summary>
 	/// Represents access mask flags of an ACE.

Diff for: src/Files.App/Utils/Storage/Security/AccessControlEntry.cs renamed to src/Files.App/Data/Items/AccessControlEntry.cs

@@ -1,7 +1,7 @@
 // Copyright (c) 2024 Files Community
 // Licensed under the MIT License. See the LICENSE.
 
-namespace Files.App.Utils.Storage
+namespace Files.App.Data.Items
 {
 	/// <summary>
 	/// Represents an access control entry (ACE).
@@ -17,7 +17,7 @@ public sealed class AccessControlEntry : ObservableObject
 		/// The owner in the security descriptor (SD).
 		/// NULL if the security descriptor has no owner SID.
 		/// </summary>
-		public Principal Principal { get; set; }
+		public AccessControlPrincipal Principal { get; set; }
 
 		/// <summary>
 		/// Whether the ACE is inherited or not

Diff for: src/Files.App/Utils/Storage/Security/AccessControlList.cs renamed to src/Files.App/Data/Items/AccessControlList.cs

@@ -1,7 +1,7 @@
 // Copyright (c) 2024 Files Community
 // Licensed under the MIT License. See the LICENSE.
 
-namespace Files.App.Utils.Storage
+namespace Files.App.Data.Items
 {
 	/// <summary>
 	/// Represents an access control list (ACL).
@@ -22,7 +22,7 @@ public sealed class AccessControlList : ObservableObject
 		/// The owner in the security descriptor (SD).
 		/// NULL if the security descriptor has no owner SID.
 		/// </summary>
-		public Principal Owner { get; private set; }
+		public AccessControlPrincipal Owner { get; private set; }
 
 		/// <summary>
 		/// Validates an access control list (ACL).
@@ -34,7 +34,7 @@ public sealed class AccessControlList : ObservableObject
 		/// </summary>
 		public ObservableCollection<AccessControlEntry> AccessControlEntries { get; private set; }
 
-		public AccessControlList(string path, bool isFolder, Principal owner, bool isValid)
+		public AccessControlList(string path, bool isFolder, AccessControlPrincipal owner, bool isValid)
 		{
 			Path = path;
 			IsFolder = isFolder;

Diff for: src/Files.App/Utils/Storage/Security/Principal.cs renamed to src/Files.App/Data/Items/AccessControlPrincipal.cs

@@ -5,20 +5,20 @@
 using Vanara.PInvoke;
 using static Vanara.PInvoke.AdvApi32;
 
-namespace Files.App.Utils.Storage
+namespace Files.App.Data.Items
 {
 	/// <summary>
 	/// Represents a principal of an ACE or an owner of an ACL.
 	/// </summary>
-	public sealed class Principal : ObservableObject
+	public sealed class AccessControlPrincipal : ObservableObject
 	{
 		/// <summary>
 		/// Account type.
 		/// </summary>
-		public PrincipalType PrincipalType { get; private set; }
+		public AccessControlPrincipalType PrincipalType { get; private set; }
 
 		/// <summary>
-		/// Acount security identifier (SID).
+		/// Account security identifier (SID).
 		/// </summary>
 		public string? Sid { get; private set; }
 
@@ -43,8 +43,8 @@ public sealed class Principal : ObservableObject
 		public string Glyph
 			=> PrincipalType switch
 			{
-				PrincipalType.User => "\xE77B",
-				PrincipalType.Group => "\xE902",
+				AccessControlPrincipalType.User => "\xE77B",
+				AccessControlPrincipalType.Group => "\xE902",
 				_ => "\xE716",
 			};
 
@@ -66,7 +66,7 @@ public string? FullNameHumanized
 		public string FullNameHumanizedWithBrackes
 			=> string.IsNullOrEmpty(Domain) ? string.Empty : $"({Domain}\\{Name})";
 
-		public Principal(string sid)
+		public AccessControlPrincipal(string sid)
 		{
 			if (string.IsNullOrEmpty(sid))
 				return;
@@ -96,14 +96,14 @@ var x when
 					(x == SID_NAME_USE.SidTypeAlias ||
 					x == SID_NAME_USE.SidTypeGroup ||
 					x == SID_NAME_USE.SidTypeWellKnownGroup)
-					=> PrincipalType.Group,
+					=> AccessControlPrincipalType.Group,
 
 				// User
 				SID_NAME_USE.SidTypeUser
-					=> PrincipalType.User,
+					=> AccessControlPrincipalType.User,
 
 				// Unknown
-				_ => PrincipalType.Unknown
+				_ => AccessControlPrincipalType.Unknown
 			};
 
 			lpDomain.Clear();

Diff for: src/Files.App/Utils/Storage/Security/AccessMaskItem.cs renamed to src/Files.App/Data/Items/AccessMaskItem.cs

@@ -1,7 +1,7 @@
 // Copyright (c) 2024 Files Community
 // Licensed under the MIT License. See the LICENSE.
 
-namespace Files.App.Utils.Storage
+namespace Files.App.Data.Items
 {
 	/// <summary>
 	/// Represents an access mask details, such as its name and changeability.

Diff for: src/Files.App/Helpers/Application/AppLifecycleHelper.cs

@@ -197,6 +197,7 @@ public static IHost ConfigureHost()
 					.AddSingleton<IStartMenuService, StartMenuService>()
 					.AddSingleton<IStorageCacheService, StorageCacheService>()
 					.AddSingleton<IStorageArchiveService, StorageArchiveService>()
+					.AddSingleton<IStorageSecurityService, StorageSecurityService>()
 					.AddSingleton<IWindowsCompatibilityService, WindowsCompatibilityService>()
 					// ViewModels
 					.AddSingleton<MainPageViewModel>()

Diff for: src/Files.App/NativeMethods.json

@@ -1,28 +1,10 @@
-// Copyright (c) 2024 Files Community
-// Licensed under the MIT License. See the LICENSE.
 {
 	"$schema": "https://aka.ms/CsWin32.schema.json",
-
-	// Emit COM interfaces instead of structs, and allow generation of non-blittable structs for the sake of an easier to use API.
 	"allowMarshaling": true,
-
-	// A value indicating whether to generate APIs judged to be unnecessary or redundant given the target framework.
-	// This is useful for multi-targeting projects that need a consistent set of APIs across target frameworks
-	// to avoid too many conditional compilation regions.
 	"multiTargetingFriendlyAPIs": false,
-
-	// A value indicating whether friendly overloads should use safe handles.
 	"useSafeHandles": true,
-
-	// Omit ANSI functions and remove `W` suffix from UTF-16 functions.
 	"wideCharOnly": true,
-
-	// A value indicating whether to emit a single source file as opposed to types spread across many files.
 	"emitSingleFile": false,
-
-	// The name of a single class under which all p/invoke methods and constants are generated, regardless of imported module.
 	"className": "PInvoke",
-
-	// A value indicating whether to expose the generated APIs publicly (as opposed to internally).
 	"public": true
 }

Diff for: src/Files.App/NativeMethods.txt

@@ -70,3 +70,16 @@ D3D11CreateDevice
 IDXGIDevice
 DCompositionCreateDevice
 IDCompositionDevice
+GetNamedSecurityInfo
+ConvertSidToStringSid
+ConvertStringSidToSid
+SetNamedSecurityInfo
+GetAclInformation
+IsValidAcl
+GetAce
+SetEntriesInAcl
+ACL_SIZE_INFORMATION
+DeleteAce
+EXPLICIT_ACCESS
+ACCESS_ALLOWED_ACE
+ACCESS_MASK