364 switch (OperationType)
367 case SetSecurityDescriptor:
376 OldSecurityDescriptor,
380 case QuerySecurityDescriptor:
387 OldSecurityDescriptor);
389 case DeleteSecurityDescriptor:
394 case AssignSecurityDescriptor:
524 (AuditParameters ==
NULL) ||
BOOLEAN NTAPI ExLuidInitialization(VOID)
const LUID SeSystemEnvironmentPrivilege
enum _SE_ADT_PARAMETER_TYPE SE_ADT_PARAMETER_TYPE
VOID NTAPI SeSetSecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Sets the access mask for a security information context.
const LUID SeRemoteShutdownPrivilege
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
LUID SeEnableDelegationPrivilege
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
LUID SeManageVolumePrivilege
#define ExInitializeResource
const LUID SeSystemtimePrivilege
#define _In_range_(lb, ub)
#define OBJ_CASE_INSENSITIVE
const LUID SeIncreaseQuotaPrivilege
#define ACCESS_SYSTEM_SECURITY
#define PsGetCurrentThread()
#define PspClearCrossThreadFlag(Thread, Flag)
PTOKEN NTAPI SepCreateSystemProcessToken(VOID)
Creates the system process token.
const LUID SeCreateTokenPrivilege
#define SE_MAX_AUDIT_PARAMETERS
const LUID SeCreatePermanentPrivilege
const LUID SeDebugPrivilege
const LUID SeBackupPrivilege
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
#define STATUS_INVALID_PARAMETER
NTSYSAPI NTSTATUS NTAPI ZwClose(_In_ HANDLE Handle)
PSID SeAuthenticatedUsersSid
LUID SeChangeNotifyPrivilege
LUID SeLockMemoryPrivilege
const LUID SeEnableDelegationPrivilege
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
VOID NTAPI SepInitPrivileges(VOID)
Initializes the privileges during the startup phase of the security manager module....
BOOLEAN NTAPI SepInitializationPhase0(VOID)
Handles the phase 0 procedure of the SRM initialization.
#define GROUP_SECURITY_INFORMATION
const LUID SeAssignPrimaryTokenPrivilege
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
const LUID SeSystemProfilePrivilege
PSID SeAuthenticatedUsersSid
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
PSID SeAliasAccountOpsSid
const LUID SeSyncAgentPrivilege
LUID SeUnsolicitedInputPrivilege
BOOLEAN NTAPI SepInitSecurityIDs(VOID)
Initializes all the SIDs known in the system.
BOOLEAN NTAPI SepInitDACLs(VOID)
Initializes known discretionary access control lists in the system upon kernel and Executive initiali...
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
PSECURITY_DESCRIPTOR SePublicDefaultSd
PTOKEN SeAnonymousLogonTokenNoEveryone
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
DWORD SECURITY_INFORMATION
PTOKEN SepCreateSystemAnonymousLogonToken(VOID)
Creates the anonymous logon token for the system. The difference between this token and the other one...
LUID SeLoadDriverPrivilege
VOID NTAPI SepInitializeTokenImplementation(VOID)
Internal function that initializes critical kernel data for access token implementation in SRM.
#define PsGetCurrentProcess
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject(_Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
NTSTATUS NTAPI ObSetSecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping)
const LUID SeLoadDriverPrivilege
const LUID SeManageVolumePrivilege
const LUID SeTakeOwnershipPrivilege
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
PSID SeAliasPowerUsersSid
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
LUID SeSystemEnvironmentPrivilege
LUID SeProfileSingleProcessPrivilege
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
#define DIRECTORY_TRAVERSE
static BOOLEAN SepInitExports(VOID)
Initializes all the security exports upon initialization phase of the module.
PSID SeAliasAccountOpsSid
ULONG ExpInitializationPhase
_Must_inspect_result_ _In_ ULONG Flags
const LUID SeCreatePagefilePrivilege
LUID SeImpersonatePrivilege
LUID SeRemoteShutdownPrivilege
const LUID SeRestorePrivilege
#define NT_SUCCESS(StatCode)
DWORD * PSECURITY_INFORMATION
_In_ WDFCOLLECTION _In_ ULONG Index
VOID NTAPI SeCaptureSubjectContext(_Out_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Captures the security subject context of the calling thread and calling process.
LUID SeCreatePermanentPrivilege
BOOLEAN NTAPI SepInitializationPhase1(VOID)
Handles the phase 1 procedure of the SRM initialization.
#define SACL_SECURITY_INFORMATION
static const LUID SeChangeNotifyPrivilege
VOID FASTCALL ObInitializeFastReference(IN PEX_FAST_REF FastRef, IN PVOID Object)
static const LUID SeCreateGlobalPrivilege
#define ExAllocatePoolWithTag(hernya, size, tag)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
BOOLEAN NTAPI SeRmInitPhase0(VOID)
Manages the phase 0 initialization of the security reference monitoring module of the kernel.
VOID NTAPI SeQuerySecurityAccessMask(_In_ SECURITY_INFORMATION SecurityInformation, _Out_ PACCESS_MASK DesiredAccess)
Queries the access mask from a security information context.
NTSTATUS NTAPI ObQuerySecurityDescriptorInfo(IN PVOID Object, IN PSECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG Length, IN PSECURITY_DESCRIPTOR *OutputSecurityDescriptor)
const LUID SeLockMemoryPrivilege
const LUID SeProfileSingleProcessPrivilege
const LUID SeIncreaseBasePriorityPrivilege
NTSTATUS NTAPI SeReportSecurityEvent(_In_ ULONG Flags, _In_ PUNICODE_STRING SourceName, _In_opt_ PSID UserSid, _In_ PSE_ADT_PARAMETER_ARRAY AuditParameters)
Report a security event to the security manager.
_Must_inspect_result_ _In_ WDFCOLLECTION _In_ WDFOBJECT Object
const LUID SeTcbPrivilege
NTSTATUS NTAPI ObDeassignSecurity(IN OUT PSECURITY_DESCRIPTOR *SecurityDescriptor)
LUID SeCreateGlobalPrivilege
static GENERIC_MAPPING GenericMapping
LUID SeIncreaseBasePriorityPrivilege
const LUID SeShutdownPrivilege
NTSTATUS NTAPI ObInsertObject(IN PVOID Object, IN PACCESS_STATE AccessState OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG ObjectPointerBias, OUT PVOID *NewObject OPTIONAL, OUT PHANDLE Handle)
PSID SeAliasPowerUsersSid
LUID SeSystemtimePrivilege
#define DIRECTORY_ALL_ACCESS
LUID SeSyncAgentPrivilege
BOOLEAN NTAPI SeInitSystem(VOID)
Main security manager initialization function.
#define OWNER_SECURITY_INFORMATION
NTSTATUS NTAPI ObAssignObjectSecurityDescriptor(IN PVOID Object, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN POOL_TYPE PoolType)
VOID NTAPI SeReleaseSubjectContext(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Releases both the primary and client tokens of a security subject context.
const LUID SeSecurityPrivilege
#define CT_ACTIVE_IMPERSONATION_INFO_BIT
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
_Const_ NTSTATUS NTAPI SeSetAuditParameter(_Inout_ PSE_ADT_PARAMETER_ARRAY AuditParameters, _In_ SE_ADT_PARAMETER_TYPE Type, _In_range_(<, SE_MAX_AUDIT_PARAMETERS) ULONG Index, _In_reads_(_Inexpressible_("depends on SE_ADT_PARAMETER_TYPE")) PVOID Data)
Sets an array of audit parameters for later security auditing use.
ACCESS_MASK * PACCESS_MASK
NTSTATUS NTAPI SeDefaultObjectMethod(_In_ PVOID Object, _In_ SECURITY_OPERATION_CODE OperationType, _In_ PSECURITY_INFORMATION SecurityInformation, _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Inout_opt_ PULONG ReturnLength, _Inout_ PSECURITY_DESCRIPTOR *OldSecurityDescriptor, _In_ POOL_TYPE PoolType, _In_ PGENERIC_MAPPING GenericMapping)
Internal function that is responsible for querying, deleting, assigning and setting a security descri...
PTOKEN SeAnonymousLogonToken
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
PSID_AND_ATTRIBUTES UserAndGroups
const LUID SeUnsolicitedInputPrivilege
LUID SeIncreaseQuotaPrivilege
LUID SeTakeOwnershipPrivilege
LUID SeAssignPrimaryTokenPrivilege
const LUID SeUndockPrivilege
ERESOURCE SepSubjectContextLock
#define ExFreePoolWithTag(_P, _T)
PTOKEN SepCreateSystemAnonymousLogonTokenNoEveryone(VOID)
Creates the anonymous logon token for the system. This kind of token doesn't include the everyone SID...
const LUID SeAuditPrivilege
LUID SeSystemProfilePrivilege
LUID SeCreatePagefilePrivilege
VOID NTAPI KeBugCheckEx(_In_ ULONG BugCheckCode, _In_ ULONG_PTR BugCheckParameter1, _In_ ULONG_PTR BugCheckParameter2, _In_ ULONG_PTR BugCheckParameter3, _In_ ULONG_PTR BugCheckParameter4)
#define DACL_SECURITY_INFORMATION
BOOLEAN NTAPI SepInitSDs(VOID)
Initializes the known security descriptors in the system.
static const LUID SeImpersonatePrivilege
LUID SeCreateTokenPrivilege
_Out_ PHANDLE EventHandle