SECURITY_DESCRIPTOR sdEventSecurityDesc;
SECURITY_ATTRIBUTES saEventSecurityAttr;
if(InitializeSecurityDescriptor(&sdEventSecurityDesc, SECURITY_DESCRIPTOR_REVISION)) //Revision level
{
if(SetSecurityDescriptorDacl(&sdEventSecurityDesc,
TRUE, // DACL presence
NULL, // DACL (NULL DACL means all access granted)
FALSE)) // default DACL
{
saEventSecurityAttr.nLength = sizeof(SECURITY_DESCRIPTOR);
saEventSecurityAttr.lpSecurityDescriptor = (LPVOID)&sdEventSecurityDesc;
saEventSecurityAttr.bInheritHandle = TRUE;
// now you can fill param LPSECURITY_ATTRIBUTES while &saEventSecurityAttr
}
}在vista及以上windows版本,如果要上低优先级的程序访问高优先级创建的对象,还必须通过下面代码来设置
#include
#include
#include
//LABEL_SECURITY_INFORMATION SDDL SACL被设为低完整性级别
LPCWSTR LOW_INTEGRITY_SDDL_SACL_W = L"S:(ML;;NW;;;LW)";
bool SetObjectToLowIntegrity(HANDLE hObject, SE_OBJECT_TYPE type)
{
bool bRet = false;
DWORD dwErr = ERROR_SUCCESS;
PSECURITY_DESCRIPTOR pSD = NULL;
PACL pSacl = NULL;
BOOL fSaclPresent = FALSE;
BOOL fSaclDefaulted = FALSE;
if (ConvertStringSecurityDescriptorToSecurityDescriptorW(
LOW_INTEGRITY_SDDL_SACL_W, SDDL_REVISION_1, &pSD, NULL))
{
if (GetSecurityDescriptorSacl(pSD, &fSaclPresent, &pSacl, &fSaclDefaulted))
{
dwErr = SetSecurityInfo (
hObject, type, LABEL_SECURITY_INFORMATION,
NULL, NULL, NULL, pSacl );
bRet = (ERROR_SUCCESS == dwErr);
}
LocalFree ( pSD );
}
return bRet;
}
