SYSTEM_MANDATORY_LABEL_ACE structure (winnt.h)
The SYSTEM_MANDATORY_LABEL_ACE structure defines an access control entry (ACE) for the system access control list (SACL) that specifies the mandatory access level and policy for a securable object.
typedef struct _SYSTEM_MANDATORY_LABEL_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
DWORD SidStart;
} SYSTEM_MANDATORY_LABEL_ACE, *PSYSTEM_MANDATORY_LABEL_ACE;
Header
An ACE_HEADER structure that specifies the size and type of the ACE. The structure also contains flags that control inheritance of the ACE by child objects. The AceType member of the ACE_HEADER structure must be set to SYSTEM_MANDATORY_LABEL_ACE_TYPE, and the AceSize member must be set to the total number of bytes allocated for the SYSTEM_MANDATORY_LABEL_ACE structure.
Mask
The access policy for principals with a mandatory integrity level lower than the object associated with the SACL that contains this ACE.
SidStart
Specifies the first DWORD of a SID. The remaining bytes of the SID are stored in contiguous memory after the SidStart member. The identifier authority of the SID must be SECURITY_MANDATORY_LABEL_AUTHORITY. The RID of the SID specifies the mandatory integrity level of the object associated with the SACL that contains this ACE. The RID must be one of the following values.
Value | Meaning |
---|---|
|
Low integrity level. |
|
Medium integrity level. |
|
High integrity level. |
Requirement | Value |
---|---|
Minimum supported client | Windows Vista [desktop apps only] |
Minimum supported server | Windows Server 2008 [desktop apps only] |
Header | winnt.h (include Windows.h) |