Appendix D: Getting the Integrity Level for an Access Token
Use the GetTokenInformation API to retrieve the access token integrity level from the access token. GetTokenInformation has a parameter to indicate what access token information class to retrieve. The TOKEN_INFORMATION_CLASS parameter has a defined value for the integrity level, TokenIntegrityLevel. GetTokenInformation returns a TOKEN_MANDATORY_LABEL data structure.
To determine the integrity level of a process
Open a handle to the access token of the current process.
Get the integrity level of the access token.
Compare the integrity level SID to the system-defined integrity level RIDs.
The following code sample shows how to do this.
void ShowProcessIntegrityLevel()
{
HANDLE hToken;
HANDLE hProcess;
DWORD dwLengthNeeded;
DWORD dwError = ERROR_SUCCESS;
PTOKEN_MANDATORY_LABEL pTIL = NULL;
LPWSTR pStringSid;
DWORD dwIntegrityLevel;
hProcess = GetCurrentProcess();
if (OpenProcessToken(hProcess, TOKEN_QUERY, &hToken))
{
// Get the Integrity level.
if (!GetTokenInformation(hToken, TokenIntegrityLevel,
NULL, 0, &dwLengthNeeded))
{
dwError = GetLastError();
if (dwError == ERROR_INSUFFICIENT_BUFFER)
{
pTIL = (PTOKEN_MANDATORY_LABEL)LocalAlloc(0,
dwLengthNeeded);
if (pTIL != NULL)
{
if (GetTokenInformation(hToken, TokenIntegrityLevel,
pTIL, dwLengthNeeded, &dwLengthNeeded))
{
dwIntegrityLevel = *GetSidSubAuthority(pTIL->Label.Sid,
(DWORD)(UCHAR)(*GetSidSubAuthorityCount(pTIL->Label.Sid)-1));
if (dwIntegrityLevel == SECURITY_MANDATORY_LOW_RID)
{
// Low Integrity
wprintf(L"Low Process");
}
else if (dwIntegrityLevel >= SECURITY_MANDATORY_MEDIUM_RID &&
dwIntegrityLevel < SECURITY_MANDATORY_HIGH_RID)
{
// Medium Integrity
wprintf(L"Medium Process");
}
else if (dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID &&
dwIntegrityLevel < SECURITY_MANDATORY_SYSTEM_RID)
{
// High Integrity
wprintf(L"High Integrity Process");
}
else if (dwIntegrityLevel >= SECURITY_MANDATORY_SYSTEM_RID)
{
// System Integrity
wprintf(L"System Integrity Process");
}
}
LocalFree(pTIL);
}
}
}
CloseHandle(hToken);
}
}