Adding write access for low integrity processes under .Net_问答_开发者

Adding write access for low integrity processes under .Net

开发者 https://www.devze.com 2023-01-06 23:37 出处：网络

I\'m creating an FileSecurity for file creation that should have an write access also for low integrity processes.

I'm creating an FileSecurity for file creation that should have an write access also for low integrity processes.

FileSecurity fileAcl = new FileSecurity();

// add everyone
IdentityReference sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
FileSystemAccessRule rule = new FileSystemAccessRule(sid, FileSystemRights.FullControl, AccessControlType.Allow);
fileAcl.AddAccessRule(rule);

// add restricted
sid = new SecurityIdentifier(WellKnownSidType.RestrictedCodeSid, null);
rule = new FileSystemAccessRule(sid, FileSystemRights.FullControl, AccessControlTy开发者_运维知识库pe.Allow);
fileAcl.AddAccessRule(rule);

// add low integrity level rights

// ???

If someone knows how to do it without invoking C API I would appreciate it, otherwise I'll have to rework to use it entirely.

Thanks in advance

I don't know if they are exposed in .NET, but the integrity levels themselves are also well-known SIDs. You should also read the Mandatory Integrity Control documentation to understand how to use them.