Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
AddIntegrityLabelToBoundaryDescriptor
Collapse the table of content
Expand the table of content

AddIntegrityLabelToBoundaryDescriptor function

Adds a new required security identifier (SID) to the specified boundary descriptor.

Syntax


BOOL WINAPI AddIntegrityLabelToBoundaryDescriptor(
  _Inout_ HANDLE *BoundaryDescriptor,
  _In_    PSID   IntegrityLabel
);

Parameters

BoundaryDescriptor [in, out]

A handle to the boundary descriptor. The CreateBoundaryDescriptor function returns this handle.

IntegrityLabel [in]

A pointer to a SID structure that represents the mandatory integrity level for the namespace. Use one of the following RID values to create the SID:

SECURITY_MANDATORY_UNTRUSTED_RID
SECURITY_MANDATORY_LOW_RID
SECURITY_MANDATORY_MEDIUM_RID
SECURITY_MANDATORY_SYSTEM_RID
SECURITY_MANDATORY_PROTECTED_PROCESS_RID

For more information, see Well-Known SIDs.

Return value

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

A process can create a private namespace only with an integrity level that is equal to or lower than the current integrity level of the process. Therefore, a high integrity-level process can create a high, medium or low integrity-level namespace. A medium integrity-level process can create only a medium or low integrity-level namespace.

A process would usually specify a namespace at the same integrity level as the process for protection against squatting attacks by lower integrity-level processes.

The security descriptor that the creator places on the namespace determines who can open the namespace. So a low or medium integrity-level process could be given permission to open a high integrity level namespace if the security descriptor of the namespace permits it.

To compile an application that uses this function, define _WIN32_WINNT as 0x0601 or later.

Requirements

Minimum supported client

Windows 7 [desktop apps only]

Minimum supported server

Windows Server 2008 R2 [desktop apps only]

Header

WinBase.h (include Windows.h)

Library

Kernel32.lib

DLL

Kernel32.dll

See also

CreateBoundaryDescriptor

 

 

Community Additions

ADD
Show:
© 2015 Microsoft