2.4.4.17.4 Conditional ACE Binary Formats
Conditional expressions are stored in the ApplicationData member of certain CALLBACK ACE types (section 2.4.4.17) where each operator ID and operand is persisted in postfix notation.
A CALLBACK ACE contains a conditional expression if the ApplicationData member is prefixed by 0x61, 0x72, 0x74, 0x78 (the ACE_CONDITION_SIGNATURE) and the remainder of the data in the ApplicationData member immediately following the conditional ACE signature specifies a conditional expression (section 2.4.4.17.1).
Conditional expressions are encoded in contiguous memory as a series of tokens. The first byte of each token must be a byte-code identifying the token type. The token type determines the format of the token in memory. Tokens take one of three formats:
Operator: A single byte-code, which identifies a logical or relational operator.
Literal: A token byte-code that identifies a built-in data type and implies a token type of "literal", followed by the encoded representation of the literal. Literal tokens can be single values or multivalued. A multivalued literal is encoded as a composite byte-code followed by each contained literal value.
Attribute Name: A byte-code identifying an attribute type and name.
The following tables provide the set of valid tokens and each token's syntax. The first byte of a token is the byte-code and the remainder of the token is the token-data and is formatted according the token's syntax. All multibyte integers, including any Unicode characters, MUST be stored least-significant byte (LSB) first.
Conditional expressions are at the end of the ACE in contiguous memory; the ending of the ACEs MUST align on a DWORD boundary. Any additional bytes needed to achieve DWORD boundary alignment MUST be set to 0x00.
For tokens representing literal values, the base and sign MUST be specified from the possible values specified in the following tables.