A Macro element defines a text substitution macro that can be used in other elements.
Macros are referenced using NMAKE syntax, i.e. $(runtime.windows).
Required. The Id for this macro, used in macro references. For example, if the
Id for this macro is "runtime.windows", the macro would be referenced as $(runtime.windows).
Required. The value that will be substituted for macro references in macro- enabled XML attributes.
AppIDs may use either macros only (and be multi-valued). For example $(Adobe65)$(TestApp)
((\$\([a-zA-Z_][a-zA-Z_0-9.]*\))+)
or they may be a string that does not begin with a $ and be single valued
(^[^\$]([a-zA-Z0-9\-_!@#%\^\.,;:=\+~`'\{\}\(\)\[\]\$ \\])*)
Collection of setting elements.
Define a Signer
Define a Signing Scenario type
EKU ID type starts with ID_EKU_ and with reasonable length that should be less than 50 characters.
Signing Scenario ID type starts with ID_SIGNGINGSCENARIO_ and with reasonable length that should be less than 100 characters.
Multiple ID_SIGNINGSCENARIO_ seperated by ','
Allow Rule ID should start with ID_ALLOW_, with reasonable length that should be less than 100 characters.
Generic file rule ID should start with ID_ATTRIB_, with reasonable length that should be less than 100 characters.
Deny Rule ID should start with ID_DENY_, with reasonable length that should be less than 100 characters.
Signer ID should start with ID_SIGNER_, with reasonable length that should be less than 100 characters.
FileRulesRef is a collection of FileRuleRef
Multiple ID_ALLOW_ or ID_DENY_ separated by ',' with reasonable length that should be less than 150 characters.
Used to reference an file rule through rule ID
A FileAttribRef is used to reference a FILE_ATTRIB rule through ID
ExceptDenyRule rule is a deny rule type. It makes specific allow Signer conditional.
If the allow Signer rule allows, but the exception condition met, then the result is deny.
ExceptAllowRule rule is an allow rule type. It makes specific deny Signer conditional.
Collection of EKUs.
Define an EKU
Collection of File Rules.
Define a file allow rule
Define a File deny rule
Define a generic file attribute rule than can be combined with Signers
Colletion of AllowedSigner
Colletion of DeniedSigner
An AllowedSigner defines a signer with condition (with exceptions)
An DeniedSgner defines a deny rule
defines a signer for System Integrity Policy Updating
Collection of UpdatePolicySigner.
defines a signer that CI will trust for CI signing levels.
Collection of CiSigner.
Collection of signers.
A Signer
Collection of SigningScenarios
Define a Signing Scenario