FltBuildDefaultSecurityDescriptor function

FltBuildDefaultSecurityDescriptor builds a default security descriptor for use with FltCreateCommunicationPort.

Syntax

NTSTATUS FLTAPI FltBuildDefaultSecurityDescriptor(
  PSECURITY_DESCRIPTOR *SecurityDescriptor,
  ACCESS_MASK          DesiredAccess
);

Parameters

SecurityDescriptor

Pointer to a caller-allocated variable that receives an opaque pointer to the newly created SECURITY_DESCRIPTOR.

DesiredAccess

Bitmask of flags that specify the type of access that the caller requires to the port object. The set of system-defined DesiredAccess flags determines the following specific access rights for minifilter driver communication port objects.

DesiredAccess Flags Meaning
FLT_PORT_CONNECT The caller can connect to the port.
FLT_PORT_ALL_ACCESS FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL

Return value

FltBuildDefaultSecurityDescriptor returns STATUS_SUCCESS or an appropriate NTSTATUS value such as one of the following:

Return code Description
STATUS_INSUFFICIENT_RESOURCES
FltBuildDefaultSecurityDescriptor encountered a pool allocation failure. This is an error code.

Remarks

When creating a minifilter driver communication port, a minifilter driver can call FltBuildDefaultSecurityDescriptor to create a default security descriptor for the port. The minifilter driver then creates the port by calling InitializeObjectAttributes and FltCreateCommunicationPort. The security descriptor is passed as a parameter to InitializeObjectAttributes.

FltBuildDefaultSecurityDescriptor causes the system to allocate a default security descriptor from paged pool. When this security descriptor is applied to an object, only users with system or administrator privileges have access to the object.

Minifilter drivers usually call FltBuildDefaultSecurityDescriptor immediately before calling FltCreateCommunicationPort and FltFreeSecurityDescriptor immediately after calling FltCreateCommunicationPort.

Requirements

   
Target Platform Universal
Header fltkernel.h (include Fltkernel.h)
Library FltMgr.lib
IRQL <= APC_LEVEL

See also

ACCESS_MASK

FltCreateCommunicationPort

FltFreeSecurityDescriptor

InitializeObjectAttributes

RtlCreateSecurityDescriptor

RtlCreateSecurityDescriptorRelative

SECURITY_DESCRIPTOR