Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Windows Driver Kit
Reference
 WdfDeviceInitAssignSDDLString

  Switch on low bandwidth view
Windows Driver Kit: Kernel-Mode Driver Framework
WdfDeviceInitAssignSDDLString

The WdfDeviceInitAssignSDDLString method assigns a security setting for a device.

NTSTATUS
  WdfDeviceInitAssignSDDLString(
    IN PWDFDEVICE_INIT  DeviceInit,
    IN PUNICODE_STRING  SDDLString
    );

Parameters

DeviceInit
A pointer to a WDFDEVICE_INIT structure.
SDDLString
A pointer to a UNICODE_STRING structure that describes a Unicode string. This string is an SDDL representation of a security descriptor.

Return Value

If the operation succeeds, WdfDeviceInitAssignSDDLString returns STATUS_SUCCESS. Additional return values include:

STATUS_INSUFFICIENT_RESOURCES, if the system cannot allocate space to store the device name.

Comments

Your driver can specify a security setting by using a subset of Security Descriptor Definition Language (SDDL). The Wdmsec.h file defines a set of SDDL_DEVOBJ_XXX-formatted constants that you can use. For more information about security descriptors and SDDL, see Securing Device Objects.

System administrators can override the specified security descriptor by adding a security descriptor to the registry. For more information, see IoCreateDeviceSecure.

Before calling WdfDeviceInitAssignSDDLString, your driver must call WdfDeviceInitAssignName, or it must call WdfDeviceInitSetCharacteristics and specify FILE_AUTOGENERATED_DEVICE_NAME, because you cannot provide a security descriptor for an unnamed device object.

The driver must call WdfDeviceInitAssignSDDLString before it calls WdfDeviceCreate. For more information about calling WdfDeviceCreate, see Creating a Framework Device Object.

For more information about security issues, see Security Issues for Framework-Based Drivers.

Example

The following code example assigns a security setting for a device.

NTSTATUS status;

status = WdfDeviceInitAssignSDDLString(
                                       pDeviceInit,
                                       &SDDL_DEVOBJ_SYS_ALL_ADM_ALL
                                       );

Requirements

Versions: The WdfDeviceInitAssignSDDLString method is available in version 1.0 and later versions of KMDF.

IRQL: PASSIVE_LEVEL

Headers: Declared in wdfdevice.h. Include wdf.h.

See Also


Send feedback on this topic
Built on May 20, 2009
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker