FltSetSecurityObject function

FltSetSecurityObject sets an object's security state.

Syntax


NTSTATUS FltSetSecurityObject(
  _In_ PFLT_INSTANCE        Instance,
  _In_ PFILE_OBJECT         FileObject,
  _In_ SECURITY_INFORMATION SecurityInformation,
  _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
);

Parameters

Instance [in]

Opaque instance pointer for the caller. This parameter is required and cannot be NULL.

FileObject [in]

File object pointer for the object whose security state is to be set. The caller must have the access specified in the Meaning column of the table shown in the description of the SecurityInformation parameter. This parameter is required and cannot be NULL.

SecurityInformation [in]

Pointer to a SECURITY_INFORMATION value specifying the information to be set as a combination of one or more of the following. This parameter is required and cannot be NULL.

ValueMeaning

DACL_SECURITY_INFORMATION

Indicates the discretionary access control list (DACL) of the object is to be set. Requires WRITE_DAC access.

GROUP_SECURITY_INFORMATION

Indicates the primary group identifier of the object is to be set. Requires WRITE_OWNER access.

OWNER_SECURITY_INFORMATION

Indicates the owner identifier of the object is to be set. Requires WRITE_OWNER access.

SACL_SECURITY_INFORMATION

Indicates the system ACL (SACL) of the object is to be set. Requires ACCESS_SYSTEM_SECURITY access.

 

SecurityDescriptor [in]

Pointer to the security descriptor to be set for the object.

Return value

FltSetSecurityObject returns STATUS_SUCCESS or an appropriate NTSTATUS value such as one of the following:

Return codeDescription
STATUS_ACCESS_DENIED

The caller did not have the required access. This is an error code.

STATUS_ACCESS_VIOLATION

SecurityDescriptor was a NULL pointer. This is an error code.

STATUS_INSUFFICIENT_RESOURCES

The object's security descriptor could not be captured. This is an error code.

STATUS_INVALID_ACL

The object's security descriptor contained an invalid ACL. This is an error code.

STATUS_INVALID_SECURITY_DESCR

SecurityDescriptor did not point to a valid security descriptor. This is an error code.

STATUS_INVALID_SID

The object's security descriptor contained an invalid SID. This is an error code.

STATUS_UNKNOWN_REVISION

The revision level of the object's security descriptor was unknown or not supported. This is an error code.

STATUS_NOT_IMPLEMENTED

The FltSetSecurityObject routine is present but not supported in the operating system environment in which it was called.

 

Remarks

The FltSetSecurityObject routine is present and supported starting with Windows Vista. In Windows 2000, Windows XP, and Server 2003 SP1, the routine is present but not supported, and will return STATUS_NOT_IMPLEMENTED if called in any of these environments.

A security descriptor can be in absolute or self-relative form. In self-relative form, all members of the structure are located contiguously in memory. In absolute form, the structure only contains pointers to the members. For more information, see "Absolute and Self-Relative Security Descriptors" in the Security section of the Microsoft Windows SDK documentation.

For more information about security and access control, see the documentation on these topics in the Windows SDK.

Requirements

Target platform

Universal

Header

Fltkernel.h (include Fltkernel.h)

Library

FltMgr.lib

DLL

Fltmgr.sys

IRQL

PASSIVE_LEVEL

See also

FltQuerySecurityObject
SECURITY_DESCRIPTOR
SECURITY_INFORMATION
ZwQuerySecurityObject
ZwSetSecurityObject

 

 

Send comments about this topic to Microsoft

Show: