Adding write access for low integrity processes under .Net
I'm creating an FileSecurity for file creation that should have an write access also for low integrity processes.
FileSecurity fileAcl = new FileSecurity();
// add everyone
IdentityReference sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
FileSystemAccessRule rule = new FileSystemAccessRule(sid, FileSystemRights.FullControl, AccessControlType.Allow);
fileAcl.AddAccessRule(rule);
// add restricted
sid = new SecurityIdentifier(WellKnownSidType.RestrictedCodeSid, null);
rule = new FileSystemAccessRule(sid, FileSystemRights.FullControl, AccessControlTy开发者_运维知识库pe.Allow);
fileAcl.AddAccessRule(rule);
// add low integrity level rights
// ???
If someone knows how to do it without invoking C API I would appreciate it, otherwise I'll have to rework to use it entirely.
Thanks in advance
I don't know if they are exposed in .NET, but the integrity levels themselves are also well-known SIDs. You should also read the Mandatory Integrity Control documentation to understand how to use them.
精彩评论