#include <ntoskrnl.h>#include <debug.h>
Include dependency graph for acl.c:
Go to the source code of this file.
Macros | |
| #define | NDEBUG |
Functions | |
| BOOLEAN NTAPI | SepInitDACLs (VOID) |
| Initializes known discretionary access control lists in the system upon kernel and Executive initialization procedure. | |
| NTSTATUS NTAPI | SepCreateImpersonationTokenDacl (_In_ PTOKEN Token, _In_ PTOKEN PrimaryToken, _Out_ PACL *Dacl) |
| Allocates a discretionary access control list based on certain properties of a regular and primary access tokens. | |
| NTSTATUS NTAPI | SepCaptureAcl (_In_ PACL InputAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ POOL_TYPE PoolType, _In_ BOOLEAN CaptureIfKernel, _Out_ PACL *CapturedAcl) |
| Captures an access control list from an already valid input ACL. | |
| VOID NTAPI | SepReleaseAcl (_In_ PACL CapturedAcl, _In_ KPROCESSOR_MODE AccessMode, _In_ BOOLEAN CaptureIfKernel) |
| Releases (frees) a captured ACL from the memory pool. | |
| BOOLEAN | SepShouldPropagateAce (_In_ UCHAR AceFlags, _Out_ PUCHAR NewAceFlags, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject) |
| Determines if a certain ACE can or cannot be propagated based on ACE inheritation flags and whatnot. | |
| NTSTATUS | SepPropagateAcl (_Out_writes_bytes_opt_(AclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping) |
| Propagates (copies) an access control list. | |
| PACL | SepSelectAcl (_In_opt_ PACL ExplicitAcl, _In_ BOOLEAN ExplicitPresent, _In_ BOOLEAN ExplicitDefaulted, _In_opt_ PACL ParentAcl, _In_opt_ PACL DefaultAcl, _Out_ PULONG AclLength, _In_ PSID Owner, _In_ PSID Group, _Out_ PBOOLEAN AclPresent, _Out_ PBOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping) |
| Selects an ACL and returns it to the caller. | |
Macro Definition Documentation
◆ NDEBUG
Function Documentation
◆ SepCaptureAcl()
| NTSTATUS NTAPI SepCaptureAcl | ( | _In_ PACL | InputAcl, |
| _In_ KPROCESSOR_MODE | AccessMode, | ||
| _In_ POOL_TYPE | PoolType, | ||
| _In_ BOOLEAN | CaptureIfKernel, | ||
| _Out_ PACL * | CapturedAcl | ||
| ) |
Captures an access control list from an already valid input ACL.
- Parameters
-
[in] InputAcl A valid ACL. [in] AccessMode Processor level access mode. The processor mode determines how the input arguments are probed. [in] PoolType Pool type for new captured ACL for creation. The pool type determines in which memory pool the ACL data should reside. [in] CaptureIfKernel If set to TRUE and the processor access mode being KernelMode, we are capturing an ACL directly in the kernel. Otherwise we are capturing within a kernel mode driver. [out] CapturedAcl The returned and allocated captured ACL.
- Returns
- Returns STATUS_SUCCESS if the ACL has been successfully captured. STATUS_INSUFFICIENT_RESOURCES is returned otherwise.
Definition at line 352 of file acl.c.
358{
359 PACL NewAcl;
360 ULONG AclSize;
361
362 PAGED_CODE();
363
364 /* If in kernel mode and we do not capture, just
365 * return the given ACL and don't validate it. */
367 {
368 *CapturedAcl = InputAcl;
370 }
371
372 /* Otherwise, capture and validate the ACL, depending on the access mode */
374 {
375 _SEH2_TRY
376 {
377 ProbeForRead(InputAcl,
380 AclSize = InputAcl->AclSize;
381 ProbeForRead(InputAcl,
382 AclSize,
384 }
386 {
387 /* Return the exception code */
389 }
390 _SEH2_END;
391
392 /* Validate the minimal size an ACL can have */
395
397 AclSize,
398 TAG_ACL);
399 if (!NewAcl)
401
402 _SEH2_TRY
403 {
404 RtlCopyMemory(NewAcl, InputAcl, AclSize);
405 }
407 {
408 /* Free the ACL and return the exception code */
411 }
412 _SEH2_END;
413 }
414 else
415 {
416 AclSize = InputAcl->AclSize;
417
418 /* Validate the minimal size an ACL can have */
421
423 AclSize,
424 TAG_ACL);
425 if (!NewAcl)
427
428 RtlCopyMemory(NewAcl, InputAcl, AclSize);
429 }
430
431 /* Validate the captured ACL */
433 {
434 /* Free the ACL and fail */
437 }
438
439 /* It's valid, return it */
440 *CapturedAcl = NewAcl;
442}
VOID NTAPI ProbeForRead(IN CONST VOID *Address, IN SIZE_T Length, IN ULONG Alignment)
Definition: exintrin.c:102
NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl)
Definition: ms-dtyp.idl:293
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ _Strict_type_match_ POOL_TYPE PoolType
Definition: wdfdevice.h:3815
Referenced by NtCreateToken(), and NtSetInformationToken().
◆ SepCreateImpersonationTokenDacl()
| NTSTATUS NTAPI SepCreateImpersonationTokenDacl | ( | _In_ PTOKEN | Token, |
| _In_ PTOKEN | PrimaryToken, | ||
| _Out_ PACL * | Dacl | ||
| ) |
Allocates a discretionary access control list based on certain properties of a regular and primary access tokens.
- Parameters
-
[in] Token An access token. [in] PrimaryToken A primary access token. [out] Dacl The returned allocated DACL.
- Returns
- Returns STATUS_SUCCESS if DACL creation from tokens has completed successfully. STATUS_INSUFFICIENT_RESOURCES is returned if DACL allocation from memory pool fails otherwise.
Definition at line 277 of file acl.c.
281{
283 PACL TokenDacl;
284
285 PAGED_CODE();
286
288
295
298 {
300 }
301
304 Token->UserAndGroups->Sid);
306 PrimaryToken->UserAndGroups->Sid);
308 SeAliasAdminsSid);
310 SeLocalSystemSid);
311
313 {
315 SeRestrictedCodeSid);
316 }
317
318 *Dacl = TokenDacl;
319
321}
Definition: tokenizer.hpp:28
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
struct _ACL ACL
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
Definition: rtltypes.h:993
Referenced by SepOpenThreadToken().
◆ SepInitDACLs()
Initializes known discretionary access control lists in the system upon kernel and Executive initialization procedure.
- Returns
- Returns TRUE if all the DACLs have been successfully initialized, FALSE otherwise.
Definition at line 38 of file acl.c.
39{
41
42 /* create PublicDefaultDacl */
47
49 AclLength,
50 TAG_ACL);
53
55 AclLength,
56 ACL_REVISION);
57
59 ACL_REVISION,
60 GENERIC_EXECUTE,
61 SeWorldSid);
62
64 ACL_REVISION,
65 GENERIC_ALL,
66 SeLocalSystemSid);
67
69 ACL_REVISION,
70 GENERIC_ALL,
71 SeAliasAdminsSid);
72
73 /* create PublicDefaultUnrestrictedDacl */
79
81 AclLength,
82 TAG_ACL);
85
87 AclLength,
88 ACL_REVISION);
89
91 ACL_REVISION,
92 GENERIC_EXECUTE,
93 SeWorldSid);
94
96 ACL_REVISION,
97 GENERIC_ALL,
98 SeLocalSystemSid);
99
101 ACL_REVISION,
102 GENERIC_ALL,
103 SeAliasAdminsSid);
104
106 ACL_REVISION,
108 SeRestrictedCodeSid);
109
110 /* create PublicOpenDacl */
115
117 AclLength,
118 TAG_ACL);
121
123 AclLength,
124 ACL_REVISION);
125
127 ACL_REVISION,
129 SeWorldSid);
130
132 ACL_REVISION,
133 GENERIC_ALL,
134 SeLocalSystemSid);
135
137 ACL_REVISION,
138 GENERIC_ALL,
139 SeAliasAdminsSid);
140
141 /* create PublicOpenUnrestrictedDacl */
147
149 AclLength,
150 TAG_ACL);
153
155 AclLength,
156 ACL_REVISION);
157
159 ACL_REVISION,
160 GENERIC_ALL,
161 SeWorldSid);
162
164 ACL_REVISION,
165 GENERIC_ALL,
166 SeLocalSystemSid);
167
169 ACL_REVISION,
170 GENERIC_ALL,
171 SeAliasAdminsSid);
172
174 ACL_REVISION,
176 SeRestrictedCodeSid);
177
178 /* create SystemDefaultDacl */
182
184 AclLength,
185 TAG_ACL);
188
190 AclLength,
191 ACL_REVISION);
192
194 ACL_REVISION,
195 GENERIC_ALL,
196 SeLocalSystemSid);
197
199 ACL_REVISION,
201 SeAliasAdminsSid);
202
203 /* create UnrestrictedDacl */
207
209 AclLength,
210 TAG_ACL);
213
215 AclLength,
216 ACL_REVISION);
217
219 ACL_REVISION,
220 GENERIC_ALL,
221 SeWorldSid);
222
224 ACL_REVISION,
226 SeRestrictedCodeSid);
227
228 /* create SystemAnonymousLogonDacl */
232
234 AclLength,
235 TAG_ACL);
238
240 AclLength,
241 ACL_REVISION);
242
244 ACL_REVISION,
245 GENERIC_ALL,
246 SeWorldSid);
247
249 ACL_REVISION,
250 GENERIC_ALL,
251 SeAnonymousLogonSid);
252
254}
Referenced by SepInitializationPhase0().
◆ SepPropagateAcl()
| NTSTATUS SepPropagateAcl | ( | _Out_writes_bytes_opt_(AclLength) PACL | AclDest, |
| _Inout_ PULONG | AclLength, | ||
| _In_reads_bytes_(AclSource->AclSize) PACL | AclSource, | ||
| _In_ PSID | Owner, | ||
| _In_ PSID | Group, | ||
| _In_ BOOLEAN | IsInherited, | ||
| _In_ BOOLEAN | IsDirectoryObject, | ||
| _In_ PGENERIC_MAPPING | GenericMapping | ||
| ) |
Propagates (copies) an access control list.
- Parameters
-
[out] AclDest The destination parameter with propagated ACL. [in,out] AclLength The length of the ACL that we propagate. [in] AclSource The source instance of a valid ACL. [in] Owner A SID that represents the main user that identifies the ACL. [in] Group A SID that represents a group that identifies the ACL. [in] IsInherited If set to TRUE, that means the ACL is directly inherited. [in] IsDirectoryObject If set to TRUE, that means the ACL is directly inherited because of the object that inherits it. [in] GenericMapping Generic mapping of access rights to map only certain effective ACEs.
- Returns
- Returns STATUS_SUCCESS if ACL has been propagated successfully. STATUS_BUFFER_TOO_SMALL is returned if the ACL length is not greater than the maximum written size of the buffer for ACL propagation otherwise.
Definition at line 587 of file acl.c.
596{
598 PACCESS_ALLOWED_ACE AceSource;
599 PACCESS_ALLOWED_ACE AceDest;
600 PUCHAR CurrentDest;
601 PUCHAR CurrentSource;
603 ULONG Written;
605 USHORT AceSize;
606 USHORT AceCount = 0;
608 BOOLEAN WriteTwoAces;
609
612 ASSERT(AclSource->Sbz1 == 0);
613 ASSERT(AclSource->Sbz2 == 0);
614
615 Written = 0;
617 {
618 RtlCopyMemory(AclDest,
619 AclSource,
621 }
623
624 CurrentDest = (PUCHAR)(AclDest + 1);
625 CurrentSource = (PUCHAR)(AclSource + 1);
627 {
630 AceDest = (PACCESS_ALLOWED_ACE)CurrentDest;
631 AceSource = (PACCESS_ALLOWED_ACE)CurrentSource;
632
634 {
635 /* FIXME: handle object & compound ACEs */
637
639 {
640 RtlCopyMemory(AceDest, AceSource, AceSize);
641 }
642 CurrentDest += AceSize;
643 CurrentSource += AceSize;
644 Written += AceSize;
645 AceCount++;
646 continue;
647 }
648
649 /* These all have the same structure */
654
658 &AceFlags,
659 IsInherited,
660 IsDirectoryObject))
661 {
663 continue;
664 }
665
666 /* FIXME: filter out duplicate ACEs */
671
672 WriteTwoAces = FALSE;
673 /* Map effective ACE to specific rights */
675 {
678
679 if (IsInherited)
680 {
686
687 /*
688 * A generic container ACE becomes two ACEs:
689 * - a specific effective ACE with no inheritance flags
690 * - an inherit-only ACE that keeps the generic rights
691 */
695 {
696 WriteTwoAces = TRUE;
697 }
698 }
699 }
700
701 while (1)
702 {
704 {
707 : AceFlags;
712 Sid);
713 }
714 Written += AceSize;
715
716 AceCount++;
717 CurrentDest += AceSize;
718
719 if (!WriteTwoAces)
720 break;
721
722 /* Second ACE keeps all the generics from the source ACE */
723 WriteTwoAces = FALSE;
724 AceDest = (PACCESS_ALLOWED_ACE)CurrentDest;
729 }
730
732 }
733
735 {
736 AclDest->AceCount = AceCount;
737 AclDest->AclSize = Written;
738 }
739
741 {
742 *AclLength = Written;
744 }
745 *AclLength = Written;
747}
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
struct _ACCESS_ALLOWED_ACE * PACCESS_ALLOWED_ACE
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1597
NTSYSAPI VOID NTAPI RtlMapGenericMask(PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping)
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
BOOLEAN SepShouldPropagateAce(_In_ UCHAR AceFlags, _Out_ PUCHAR NewAceFlags, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject)
Determines if a certain ACE can or cannot be propagated based on ACE inheritation flags and whatnot.
Definition: acl.c:503
Definition: ms-dtyp.idl:215
Definition: ms-dtyp.idl:198
_In_opt_ PSECURITY_DESCRIPTOR _Out_ PSECURITY_DESCRIPTOR _In_ BOOLEAN IsDirectoryObject
Definition: sefuncs.h:31
Referenced by SepSelectAcl().
◆ SepReleaseAcl()
| VOID NTAPI SepReleaseAcl | ( | _In_ PACL | CapturedAcl, |
| _In_ KPROCESSOR_MODE | AccessMode, | ||
| _In_ BOOLEAN | CaptureIfKernel | ||
| ) |
Releases (frees) a captured ACL from the memory pool.
- Parameters
-
[in] CapturedAcl A valid captured ACL to free. [in] AccessMode Processor level access mode. [in] CaptureIfKernel If set to TRUE and the processor access mode being KernelMode, we're releasing an ACL directly in the kernel. Otherwise we're releasing within a kernel mode driver.
- Returns
- Nothing.
Definition at line 464 of file acl.c.
Referenced by NtCreateToken(), and NtSetInformationToken().
◆ SepSelectAcl()
| PACL SepSelectAcl | ( | _In_opt_ PACL | ExplicitAcl, |
| _In_ BOOLEAN | ExplicitPresent, | ||
| _In_ BOOLEAN | ExplicitDefaulted, | ||
| _In_opt_ PACL | ParentAcl, | ||
| _In_opt_ PACL | DefaultAcl, | ||
| _Out_ PULONG | AclLength, | ||
| _In_ PSID | Owner, | ||
| _In_ PSID | Group, | ||
| _Out_ PBOOLEAN | AclPresent, | ||
| _Out_ PBOOLEAN | IsInherited, | ||
| _In_ BOOLEAN | IsDirectoryObject, | ||
| _In_ PGENERIC_MAPPING | GenericMapping | ||
| ) |
Selects an ACL and returns it to the caller.
- Parameters
-
[in] ExplicitAcl If specified, the specified ACL to the call will be the selected ACL for the caller. [in] ExplicitPresent If set to TRUE and with specific ACL filled to the call, the function will immediately return the specific ACL as the selected ACL for the caller. [in] ExplicitDefaulted If set to FALSE and with specific ACL filled to the call, the ACL is not a default ACL. Otherwise it's a default ACL that we cannot select it as is. [in] ParentAcl If specified, the parent ACL will be used to determine the exact ACL length to check if the ACL in question is not empty. If the list is not empty then the function will select such ACL to the caller. [in] DefaultAcl If specified, the default ACL will be the selected one for the caller. [out] AclLength The size length of an ACL. [in] Owner A SID that represents the main user that identifies the ACL. [in] Group A SID that represents a group that identifies the ACL. [out] AclPresent The returned boolean value, indicating if the ACL that we want to select does actually exist. [out] IsInherited The returned boolean value, indicating if the ACL we want to select it is actually inherited or not. [in] IsDirectoryObject If set to TRUE, the object inherits this ACL. [in] GenericMapping Generic mapping of access rights to map only certain effective ACEs of an ACL that we want to select it.
- Returns
- Returns the selected access control list (ACL) to the caller, NULL otherwise.
Definition at line 804 of file acl.c.
817{
818 PACL Acl;
820
821 *AclPresent = TRUE;
822 if (ExplicitPresent && !ExplicitDefaulted)
823 {
824 Acl = ExplicitAcl;
825 }
826 else
827 {
828 if (ParentAcl)
829 {
830 *IsInherited = TRUE;
831 *AclLength = 0;
833 AclLength,
834 ParentAcl,
835 Owner,
836 Group,
837 *IsInherited,
838 IsDirectoryObject,
839 GenericMapping);
841
842 /* Use the parent ACL only if it's not empty */
844 return ParentAcl;
845 }
846
847 if (ExplicitPresent)
848 {
849 Acl = ExplicitAcl;
850 }
851 else if (DefaultAcl)
852 {
853 Acl = DefaultAcl;
854 }
855 else
856 {
857 *AclPresent = FALSE;
858 Acl = NULL;
859 }
860 }
861
862 *IsInherited = FALSE;
863 *AclLength = 0;
864 if (Acl)
865 {
866 /* Get the length */
868 AclLength,
869 Acl,
870 Owner,
871 Group,
872 *IsInherited,
873 IsDirectoryObject,
874 GenericMapping);
876 }
877 return Acl;
878}
NTSTATUS SepPropagateAcl(_Out_writes_bytes_opt_(AclLength) PACL AclDest, _Inout_ PULONG AclLength, _In_reads_bytes_(AclSource->AclSize) PACL AclSource, _In_ PSID Owner, _In_ PSID Group, _In_ BOOLEAN IsInherited, _In_ BOOLEAN IsDirectoryObject, _In_ PGENERIC_MAPPING GenericMapping)
Propagates (copies) an access control list.
Definition: acl.c:587
◆ SepShouldPropagateAce()
| BOOLEAN SepShouldPropagateAce | ( | _In_ UCHAR | AceFlags, |
| _Out_ PUCHAR | NewAceFlags, | ||
| _In_ BOOLEAN | IsInherited, | ||
| _In_ BOOLEAN | IsDirectoryObject | ||
| ) |
Determines if a certain ACE can or cannot be propagated based on ACE inheritation flags and whatnot.
- Parameters
-
[in] AceFlags Bit flags of an ACE to perform propagation checks. [out] NewAceFlags New ACE bit blags based on the specific ACE flags of the first argument parameter. [in] IsInherited If set to TRUE, an ACE is deemed as directly inherited from another instance. In that case we're allowed to propagate. [in] IsDirectoryObject If set to TRUE, an object directly inherits this ACE so we can propagate it.
- Returns
- Returns TRUE if an ACE can be propagated, FALSE otherwise.
Definition at line 503 of file acl.c.
508{
509 if (!IsInherited)
510 {
511 *NewAceFlags = AceFlags;
513 }
514
516 {
518 {
519 *NewAceFlags = AceFlags & ~VALID_INHERIT_FLAGS;
521 }
523 }
524
526 {
528 {
529 *NewAceFlags = AceFlags & ~VALID_INHERIT_FLAGS;
531 }
533 }
534
536 {
537 *NewAceFlags = CONTAINER_INHERIT_ACE | (AceFlags & OBJECT_INHERIT_ACE) | (AceFlags & ~VALID_INHERIT_FLAGS);
539 }
540
542 {
545 }
546
548}
Referenced by SepPropagateAcl().
Variable Documentation
◆ SePublicDefaultDacl
Definition at line 16 of file acl.c.
Referenced by IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().
◆ SePublicDefaultUnrestrictedDacl
Definition at line 18 of file acl.c.
Referenced by IopCreateDefaultDeviceSecurityDescriptor(), IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().
◆ SePublicOpenDacl
Definition at line 19 of file acl.c.
Referenced by IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().
◆ SePublicOpenUnrestrictedDacl
Definition at line 20 of file acl.c.
Referenced by IopCreateSecurityDescriptorPerType(), SepInitDACLs(), and SepInitSDs().
◆ SeSystemAnonymousLogonDacl
Definition at line 22 of file acl.c.
Referenced by SepCreateSystemAnonymousLogonToken(), SepCreateSystemAnonymousLogonTokenNoEveryone(), SepInitDACLs(), and SepInitSDs().
◆ SeSystemDefaultDacl
Definition at line 17 of file acl.c.
Referenced by IopCreateSecurityDescriptorPerType(), SepCreateSystemProcessToken(), SepInitDACLs(), and SepInitSDs().
◆ SeUnrestrictedDacl
Definition at line 21 of file acl.c.
Referenced by SepInitDACLs(), and SepInitSDs().
