private static void AllowFileAccess(AppContainerProfile container, string folder, FileAccessRights accessRights)
{
var securityInfo = Win32Security.GetSecurityInfo(
folder,
SeObjectType.File,
SecurityInformation.Dacl);
var existingAce = securityInfo.Dacl.FirstOrDefault(d => d.Sid == container.Sid);
if (existingAce is not null &&
existingAce.Type == AceType.Allowed &&
existingAce.Mask == accessRights &&
existingAce.Flags == (AceFlags.ContainerInherit | AceFlags.ObjectInherit))
{
// Ace already exists.
return;
}
var ace = new Ace(
AceType.Allowed,
AceFlags.ContainerInherit | AceFlags.ObjectInherit,
accessRights,
container.Sid);
securityInfo.AddAce(ace);
Win32Security.SetSecurityInfo(
folder,
SeObjectType.File,
SecurityInformation.Dacl,
securityInfo,
true);
}
private void SetNamedSecurityInfo()
{
bool do_callback = ShowProgress || PassThru;
if (Type == SeObjectType.Service)
{
SecurityInformation &= SecurityInformation.Owner |
SecurityInformation.Group | SecurityInformation.Dacl |
SecurityInformation.Label | SecurityInformation.Sacl;
}
string path = Name;
if (Type == SeObjectType.File)
{
path = PSUtils.ResolveWin32Path(SessionState, path, false);
}
if (do_callback || Action != TreeSecInfo.Set)
{
TreeProgressFunction fn = ProgressFunction;
NtStatus status = Win32Security.SetSecurityInfo(path, Type, SecurityInformation, SecurityDescriptor, Action, do_callback ? fn : null,
ShowProgress ? ProgressInvokeSetting.PrePostError : ProgressInvokeSetting.EveryObject, !PassThru);
if (!PassThru)
{
status.ToNtException();
}
}
else
{
Win32Security.SetSecurityInfo(path, Type, SecurityInformation, SecurityDescriptor);
}
}
/// <summary>
/// Process Record.
/// </summary>
protected override void ProcessRecord()
{
switch (ParameterSetName)
{
case "FromName":
SetNamedSecurityInfo();
break;
case "FromObject":
Win32Security.SetSecurityInfo(Object, Type, SecurityInformation, SecurityDescriptor);
break;
case "FromHandle":
Win32Security.SetSecurityInfo(Handle, Type, SecurityInformation, SecurityDescriptor);
break;
}
}
private void SetNamedSecurityInfo()
{
bool do_callback = ShowProgress || PassThru;
if (do_callback || Action != TreeSecInfo.Set)
{
TreeProgressFunction fn = ProgressFunction;
NtStatus status = Win32Security.SetSecurityInfo(Name, Type, SecurityInformation, SecurityDescriptor, Action, do_callback ? fn : null,
ShowProgress ? ProgressInvokeSetting.PrePostError : ProgressInvokeSetting.EveryObject, !PassThru);
if (!PassThru)
{
status.ToNtException();
}
}
else
{
Win32Security.SetSecurityInfo(Name, Type, SecurityInformation, SecurityDescriptor);
}
}
