Export (0) Print
Expand All
ACE
ACL
SID
Expand Minimize
This topic has not yet been rated - Rate this topic

SYSTEM_MANDATORY_LABEL_ACE structure

The SYSTEM_MANDATORY_LABEL_ACE structure defines an access control entry (ACE) for the system access control list (SACL) that specifies the mandatory access level and policy for a securable object.

Syntax


typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
  ACE_HEADER  Header;
  ACCESS_MASK Mask;
  DWORD       SidStart;
} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;

Members

Header

An ACE_HEADER structure that specifies the size and type of the ACE. The structure also contains flags that control inheritance of the ACE by child objects. The AceType member of the ACE_HEADER structure must be set to SYSTEM_MANDATORY_LABEL_ACE_TYPE, and the AceSize member must be set to the total number of bytes allocated for the SYSTEM_MANDATORY_LABEL_ACE structure.

Mask

The access policy for principals with a mandatory integrity level lower than the object associated with the SACL that contains this ACE.

ValueMeaning
SYSTEM_MANDATORY_LABEL_NO_WRITE_UP
0x1

A principal with a lower mandatory level than the object cannot write to the object.

SYSTEM_MANDATORY_LABEL_NO_READ_UP
0x2

A principal with a lower mandatory level than the object cannot read the object.

SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP
0x4

A principal with a lower mandatory level than the object cannot execute the object.

 

SidStart

Specifies the first DWORD of a SID. The remaining bytes of the SID are stored in contiguous memory after the SidStart member. The identifier authority of the SID must be SECURITY_MANDATORY_LABEL_AUTHORITY. The RID of the SID specifies the mandatory integrity level of the object associated with the SACL that contains this ACE. The RID must be one of the following values.

ValueMeaning
0x1000

Low integrity level.

0x2000

Medium integrity level.

0x3000

High integrity level.

 

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

Winnt.h (include Windows.h)

See also

ACL

 

 

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.