问题
I'm creating an FileSecurity for file creation that should have an write access also for low integrity processes.
FileSecurity fileAcl = new FileSecurity();
// add everyone
IdentityReference sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null);
FileSystemAccessRule rule = new FileSystemAccessRule(sid, FileSystemRights.FullControl, AccessControlType.Allow);
fileAcl.AddAccessRule(rule);
// add restricted
sid = new SecurityIdentifier(WellKnownSidType.RestrictedCodeSid, null);
rule = new FileSystemAccessRule(sid, FileSystemRights.FullControl, AccessControlType.Allow);
fileAcl.AddAccessRule(rule);
// add low integrity level rights
// ???
If someone knows how to do it without invoking C API I would appreciate it, otherwise I'll have to rework to use it entirely.
Thanks in advance
回答1:
I don't know if they are exposed in .NET, but the integrity levels themselves are also well-known SIDs. You should also read the Mandatory Integrity Control documentation to understand how to use them.
来源:https://stackoverflow.com/questions/3226886/adding-write-access-for-low-integrity-processes-under-net