private static void AllowFileAccess(AppContainerProfile container, string folder, FileAccessRights accessRights)
{
var securityInfo = Win32Security.GetSecurityInfo(
folder,
SeObjectType.File,
SecurityInformation.Dacl);
var existingAce = securityInfo.Dacl.FirstOrDefault(d => d.Sid == container.Sid);
if (existingAce is not null &&
existingAce.Type == AceType.Allowed &&
existingAce.Mask == accessRights &&
existingAce.Flags == (AceFlags.ContainerInherit | AceFlags.ObjectInherit))
{
// Ace already exists.
return;
}
var ace = new Ace(
AceType.Allowed,
AceFlags.ContainerInherit | AceFlags.ObjectInherit,
accessRights,
container.Sid);
securityInfo.AddAce(ace);
Win32Security.SetSecurityInfo(
folder,
SeObjectType.File,
SecurityInformation.Dacl,
securityInfo,
true);
}
internal SecurityDescriptorInheritanceSource(
Ace ace, INHERITED_FROM inherited_from, SeObjectType type,
NtType native_type,
bool container,
bool query_security, bool sacl)
{
InheritedAce = ace;
if (native_type != null)
{
Access = NtSecurity.AccessMaskToString(ace.Mask, container
? native_type.ContainerAccessRightsType
: native_type.AccessRightsType,
native_type.GenericMapping, false);
GenericAccess = NtSecurity.AccessMaskToString(ace.Mask, container
? native_type.ContainerAccessRightsType
: native_type.AccessRightsType,
native_type.GenericMapping, true);
}
else
{
Access = NtSecurity.AccessMaskToString(ace.Mask.ToGenericAccess());
GenericAccess = NtSecurity.AccessMaskToString(ace.Mask.ToGenericAccess());
}
Depth = inherited_from.GenerationGap;
Name = Marshal.PtrToStringUni(inherited_from.AncestorName);
if (query_security && Name != null)
{
SecurityInformation sec_info = sacl ? SecurityInformation.All : SecurityInformation.AllNoSacl;
var sd = Win32Security.GetSecurityInfo(Name, type, sec_info, false);
if (sd.IsSuccess)
{
SecurityDescriptor = sd.Result;
}
}
}
/// <summary>
/// Process Record.
/// </summary>
protected override void ProcessRecord()
{
if (SecurityDescriptor == null)
{
SecurityDescriptor = Win32Security.GetSecurityInfo(Name, Type,
Sacl ? SecurityInformation.All : SecurityInformation.AllNoSacl);
}
WriteObject(Win32Security.GetInheritanceSource(Name, Type, IsContainer(), ObjectType,
SecurityDescriptor, Sacl, GetGenericMapping(), QuerySecurity), true);
}
/// <summary>
/// Abstract method to get the security descriptor for access checking.
/// </summary>
/// <returns>The security descriptor.</returns>
protected override SecurityDescriptor GetSecurityDescriptor()
{
SecurityInformation security_info = SecurityInformation.AllBasic;
if (Type == SeObjectType.Service)
{
security_info = SecurityInformation.Owner |
SecurityInformation.Group | SecurityInformation.Dacl |
SecurityInformation.Label | SecurityInformation.Sacl;
}
return(Win32Security.GetSecurityInfo(GetPath(), Type, security_info));
}
/// <summary>
/// Process Record.
/// </summary>
protected override void ProcessRecord()
{
SecurityDescriptor sd = null;
switch (ParameterSetName)
{
case "FromName":
string path = Name;
if (Type == SeObjectType.File)
{
path = PSUtils.ResolveWin32Path(SessionState, Name, false);
}
if (Type == SeObjectType.Service)
{
SecurityInformation &= SecurityInformation.Owner |
SecurityInformation.Group | SecurityInformation.Dacl | SecurityInformation.Label;
if (Name == ".")
{
sd = ServiceUtils.GetScmSecurityDescriptor(SecurityInformation);
break;
}
}
sd = Win32Security.GetSecurityInfo(path, Type, SecurityInformation);
break;
case "FromObject":
sd = Win32Security.GetSecurityInfo(Object.Handle, Type, SecurityInformation);
break;
case "FromHandle":
sd = Win32Security.GetSecurityInfo(Handle, Type, SecurityInformation);
break;
}
if (sd != null)
{
WriteObject(sd);
}
}
/// <summary>
/// Process Record.
/// </summary>
protected override void ProcessRecord()
{
SecurityDescriptor sd = null;
switch (ParameterSetName)
{
case "FromName":
sd = Win32Security.GetSecurityInfo(Name, Type, SecurityInformation);
break;
case "FromObject":
sd = Win32Security.GetSecurityInfo(Object.Handle, Type, SecurityInformation);
break;
case "FromHandle":
sd = Win32Security.GetSecurityInfo(Handle, Type, SecurityInformation);
break;
}
if (sd != null)
{
WriteObject(sd);
}
}
