Windows Driver Kit: Kernel-Mode Driver Framework
WdfDeviceInitAssignSDDLString

The WdfDeviceInitAssignSDDLString method assigns a security setting for a device.

NTSTATUS
  WdfDeviceInitAssignSDDLString(
    IN PWDFDEVICE_INIT  DeviceInit,
    IN PUNICODE_STRING  SDDLString
    );

Parameters

DeviceInit
A pointer to a WDFDEVICE_INIT structure.
SDDLString
A pointer to a UNICODE_STRING structure that describes a Unicode string. This string is an SDDL representation of a security descriptor.

Return Value

If the operation succeeds, WdfDeviceInitAssignSDDLString returns STATUS_SUCCESS. Additional return values include:

STATUS_INSUFFICIENT_RESOURCES, if the system cannot allocate space to store the device name.

Comments

Your driver can specify a security setting by using a subset of Security Descriptor Definition Language (SDDL). The Wdmsec.h file defines a set of SDDL_DEVOBJ_XXX-formatted constants that you can use. For more information about security descriptors and SDDL, see Securing Device Objects.

System administrators can override the specified security descriptor by adding a security descriptor to the registry. For more information, see IoCreateDeviceSecure.

Before calling WdfDeviceInitAssignSDDLString, your driver must call WdfDeviceInitAssignName, or it must call WdfDeviceInitSetCharacteristics and specify FILE_AUTOGENERATED_DEVICE_NAME, because you cannot provide a security descriptor for an unnamed device object.

If the driver calls WdfDeviceInitAssignSDDLString, it must do so before it calls WdfDeviceCreate. For more information about calling WdfDeviceCreate, see Creating a Framework Device Object.

For more information about security issues, see Security Issues for Framework-Based Drivers.

Example

The following code example assigns a security setting for a device.

NTSTATUS status;

status = WdfDeviceInitAssignSDDLString(
                                       pDeviceInit,
                                       &SDDL_DEVOBJ_SYS_ALL_ADM_ALL
                                       );

Requirements

Versions: The WdfDeviceInitAssignSDDLString method is available in version 1.0 and later versions of KMDF.

IRQL: PASSIVE_LEVEL

Headers: Declared in wdfdevice.h. Include wdf.h.

See Also


Send feedback on this topic
Built on October 01, 2009
Page view tracker