FltBuildDefaultSecurityDescriptor function (fltkernel.h)
FltBuildDefaultSecurityDescriptor builds a default security descriptor for use with FltCreateCommunicationPort.
Syntax
NTSTATUS FLTAPI FltBuildDefaultSecurityDescriptor(
[out] PSECURITY_DESCRIPTOR *SecurityDescriptor,
[in] ACCESS_MASK DesiredAccess
);
Parameters
[out] SecurityDescriptor
Pointer to a caller-allocated variable that receives an opaque pointer to the newly created SECURITY_DESCRIPTOR.
[in] DesiredAccess
Bitmask of flags that specify the type of access that the caller requires to the port object. The set of system-defined DesiredAccess flags determines the following specific access rights for minifilter driver communication port objects.
| DesiredAccess Flags | Meaning |
|---|---|
| FLT_PORT_CONNECT | The caller can connect to the port. |
| FLT_PORT_ALL_ACCESS | FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL |
Return value
FltBuildDefaultSecurityDescriptor returns STATUS_SUCCESS or an appropriate NTSTATUS value such as one of the following:
| Return code | Description |
|---|---|
|
FltBuildDefaultSecurityDescriptor encountered a pool allocation failure. This is an error code. |
Remarks
When creating a minifilter driver communication port, a minifilter driver can call FltBuildDefaultSecurityDescriptor to create a default security descriptor for the port. The minifilter driver then creates the port by calling InitializeObjectAttributes and FltCreateCommunicationPort. The security descriptor is passed as a parameter to InitializeObjectAttributes.
FltBuildDefaultSecurityDescriptor causes the system to allocate a default security descriptor from paged pool. When this security descriptor is applied to an object, only users with system or administrator privileges have access to the object.
Minifilter drivers usually call FltBuildDefaultSecurityDescriptor immediately before calling FltCreateCommunicationPort and FltFreeSecurityDescriptor immediately after calling FltCreateCommunicationPort.
Requirements
| Requirement | Value |
|---|---|
| Target Platform | Universal |
| Header | fltkernel.h (include Fltkernel.h) |
| Library | FltMgr.lib |
| IRQL | <= APC_LEVEL |