Propagating the FILE_DEVICE_SECURE_OPEN Flag

After attaching a filter device object to a file system (but not to a volume), always be sure to set the FILE_DEVICE_SECURE_OPEN flag on the filter device object as needed to so that it matches the value of the next-lower device object on the driver stack. (For more information about this flag, see Specifying Device Characteristics in the Kernel Architecture Design Guide and DEVICE_OBJECT in the Kernel Reference.) An example of this follows:

if (FlagOn( DeviceObject->Characteristics, FILE_DEVICE_SECURE_OPEN )) {
    SetFlag(myLegacyFilterDeviceObject->Characteristics, FILE_DEVICE_SECURE_OPEN );

In the above code snippet, DeviceObject is a pointer to the device object to which the filter device object has just been attached; myLegacyFilter DeviceObject is a pointer to the filter device object itself.