#ifndef _NTRTL_H
NTSYSAPI
NTSTATUS
NTAPI
RtlAddAccessAllowedAce(
_Inout_ PACL Acl,
_In_ ULONG AceRevision,
_In_ ACCESS_MASK AccessMask,
_In_ PSID Sid
);
View code on GitHub
// ntifs.h
NTSYSAPI NTSTATUS RtlAddAccessAllowedAce(
[in, out] PACL Acl,
[in] ULONG AceRevision,
[in] ACCESS_MASK AccessMask,
[in] PSID Sid
);
View the official Windows Driver Kit DDI reference
This function is documented in Windows Driver Kit.
The RtlAddAccessAllowedAce routine adds an access-allowed access control entry (ACE) to an access control list (ACL). The access is granted to the specified security identifier (SID).
Acl
[in, out]Pointer to a caller-allocated buffer containing the ACL to be modified. RtlAddAccessAllowedAce adds an access-allowed ACE to the end of this ACL. The ACE is in the form of an ACCESS_ALLOWED_ACE structure.
AceRevision
[in]ACL revision level of the ACE to be added. Windows version requirements are the following:
Value | Meaning |
---|---|
ACL_REVISION | The revision level valid on all Windows versions. |
ACL_REVISION_DS | The revision level valid starting with Windows 2000. Note AceRevision must be ACL_REVISION_DS if the ACL in Acl contains an object-specific ACE. |
AccessMask
[in]Bitmask of one or more ACCESS_MASK flags specifying the access rights to be granted to the specified SID. For more information, see the description of the DesiredAccess parameter of ZwCreateFile.
Sid
[in]Pointer to the SID structure representing a user, group, or logon account that is being granted access.
RtlAddAccessAllowedAce can return one of the following values:
Return code | Description |
---|---|
STATUS_SUCCESS | The ACE was successfully added. |
STATUS_ALLOTTED_SPACE_EXCEEDED | A new ACE does not fit into the ACL. A larger ACL buffer is required. See RtlCreateAcl for information about calculating the size of an ACL. |
STATUS_INVALID_ACL | The specified ACL is not properly formed. |
STATUS_INVALID_SID | The specified SID structure is not structurally valid. |
STATUS_REVISION_MISMATCH | The specified revision is not known or is not compatible with that of the ACL. |
For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.
RtlCreateSecurityDescriptorRelative