FltBuildDefaultSecurityDescriptor function

FltBuildDefaultSecurityDescriptor builds a default security descriptor for use with FltCreateCommunicationPort.

Syntax


NTSTATUS FltBuildDefaultSecurityDescriptor(
  _Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor,
  _In_  ACCESS_MASK          DesiredAccess
);

Parameters

SecurityDescriptor [out]

Pointer to a caller-allocated variable that receives an opaque pointer to the newly created SECURITY_DESCRIPTOR.

DesiredAccess [in]

Bitmask of flags that specify the type of access that the caller requires to the port object. The set of system-defined DesiredAccess flags determines the following specific access rights for minifilter driver communication port objects.

DesiredAccess FlagsMeaning

FLT_PORT_CONNECT

The caller can connect to the port.

FLT_PORT_ALL_ACCESS

FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL

 

Return value

FltBuildDefaultSecurityDescriptor returns STATUS_SUCCESS or an appropriate NTSTATUS value such as one of the following:

Return codeDescription
STATUS_INSUFFICIENT_RESOURCES

FltBuildDefaultSecurityDescriptor encountered a pool allocation failure. This is an error code.

 

Remarks

When creating a minifilter driver communication port, a minifilter driver can call FltBuildDefaultSecurityDescriptor to create a default security descriptor for the port. The minifilter driver then creates the port by calling InitializeObjectAttributes and FltCreateCommunicationPort. The security descriptor is passed as a parameter to InitializeObjectAttributes.

FltBuildDefaultSecurityDescriptor causes the system to allocate a default security descriptor from paged pool. When this security descriptor is applied to an object, only users with system or administrator privileges have access to the object.

Minifilter drivers usually call FltBuildDefaultSecurityDescriptor immediately before calling FltCreateCommunicationPort and FltFreeSecurityDescriptor immediately after calling FltCreateCommunicationPort.

Requirements

Target platform

Universal

Header

Fltkernel.h (include Fltkernel.h)

Library

FltMgr.lib

IRQL

<= APC_LEVEL

See also

ACCESS_MASK
FltCreateCommunicationPort
FltFreeSecurityDescriptor
InitializeObjectAttributes
RtlCreateSecurityDescriptor
RtlCreateSecurityDescriptorRelative
SECURITY_DESCRIPTOR

 

 

Send comments about this topic to Microsoft

Show: