[NTOS:SE]

Add a missing ACE(SeAliasAdminsSid / GENERIC_ALL) to the SePublicDefaultDacl ACL. This fixes a kmtest:ObSecurity failure. svn path=/trunk/; revision=74050
2024-06-26 07:51:52 +00:00 · 2017-03-04 14:38:13 +00:00 · 2017-03-04 14:38:13 +00:00 · 81b072cc64
parent 4c03c1a55a
commit 81b072cc64
1 changed files with 7 additions and 1 deletions
--- a/reactos/ntoskrnl/se/acl.c
+++ b/reactos/ntoskrnl/se/acl.c
@ -38,7 +38,8 @@ SepInitDACLs(VOID)
    /* create PublicDefaultDacl */
    AclLength = sizeof(ACL) +
                (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +
-                (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid));
+                (sizeof(ACE) + RtlLengthSid(SeLocalSystemSid)) +
+                (sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid));

    SePublicDefaultDacl = ExAllocatePoolWithTag(PagedPool,
                                                AclLength,
@ -60,6 +61,11 @@ SepInitDACLs(VOID)
                           GENERIC_ALL,
                           SeLocalSystemSid);

+    RtlAddAccessAllowedAce(SePublicDefaultDacl,
+                           ACL_REVISION,
+                           GENERIC_ALL,
+                           SeAliasAdminsSid);
+
    /* create PublicDefaultUnrestrictedDacl */
    AclLength = sizeof(ACL) +
                (sizeof(ACE) + RtlLengthSid(SeWorldSid)) +