Appendix D: Getting the Integrity Level for an Access Token

  • Article

Use the GetTokenInformation API to retrieve the access token integrity level from the access token. GetTokenInformation has a parameter to indicate what access token information class to retrieve. The TOKEN_INFORMATION_CLASS parameter has a defined value for the integrity level, TokenIntegrityLevel. GetTokenInformation returns a TOKEN_MANDATORY_LABEL data structure.

To determine the integrity level of a process

  1. Open a handle to the access token of the current process.

  2. Get the integrity level of the access token.

  3. Compare the integrity level SID to the system-defined integrity level RIDs.

The following code sample shows how to do this.

void ShowProcessIntegrityLevel()
{
 HANDLE hToken;
 HANDLE hProcess;

 DWORD dwLengthNeeded;
 DWORD dwError = ERROR_SUCCESS;

 PTOKEN_MANDATORY_LABEL pTIL = NULL;
 LPWSTR pStringSid;
 DWORD dwIntegrityLevel;
 
 hProcess = GetCurrentProcess();
 if (OpenProcessToken(hProcess, TOKEN_QUERY, &hToken)) 
 {
  // Get the Integrity level.
  if (!GetTokenInformation(hToken, TokenIntegrityLevel, 
      NULL, 0, &dwLengthNeeded))
  {
   dwError = GetLastError();
   if (dwError == ERROR_INSUFFICIENT_BUFFER)
   {
    pTIL = (PTOKEN_MANDATORY_LABEL)LocalAlloc(0, 
         dwLengthNeeded);
    if (pTIL != NULL)
    {
     if (GetTokenInformation(hToken, TokenIntegrityLevel, 
         pTIL, dwLengthNeeded, &dwLengthNeeded))
     {
      dwIntegrityLevel = *GetSidSubAuthority(pTIL->Label.Sid, 
        (DWORD)(UCHAR)(*GetSidSubAuthorityCount(pTIL->Label.Sid)-1));
 
      if (dwIntegrityLevel == SECURITY_MANDATORY_LOW_RID)
      {
       // Low Integrity
       wprintf(L"Low Process");
      }
      else if (dwIntegrityLevel >= SECURITY_MANDATORY_MEDIUM_RID && 
           dwIntegrityLevel < SECURITY_MANDATORY_HIGH_RID)
      {
       // Medium Integrity
       wprintf(L"Medium Process");
      }
      else if (dwIntegrityLevel >= SECURITY_MANDATORY_HIGH_RID &&
           dwIntegrityLevel < SECURITY_MANDATORY_SYSTEM_RID)
      {
       // High Integrity
       wprintf(L"High Integrity Process");
      }
      else if (dwIntegrityLevel >= SECURITY_MANDATORY_SYSTEM_RID)
      {
       // System Integrity
       wprintf(L"System Integrity Process");
      }
     }
     LocalFree(pTIL);
    }
   }
  }
  CloseHandle(hToken);
 }
}