- only deny access when requested rights can't be granted in IoCheckDesiredAccess()
svn path=/trunk/; revision=14222
IoCheckDesiredAccess(IN OUT PACCESS_MASK DesiredAccess,
IN ACCESS_MASK GrantedAccess)
{
+ PAGED_CODE();
+
RtlMapGenericMask(DesiredAccess,
IoFileObjectType->Mapping);
- if ((*DesiredAccess & GrantedAccess) != GrantedAccess)
- return(STATUS_ACCESS_DENIED);
- return(STATUS_SUCCESS);
+ if ((~(*DesiredAccess) & GrantedAccess) != 0)
+ return STATUS_ACCESS_DENIED;
+ else
+ return STATUS_SUCCESS;
}
if (*AccessMask & GENERIC_ALL)
*AccessMask |= GenericMapping->GenericAll;
- *AccessMask &= 0x0FFFFFFF;
+ *AccessMask &= ~(GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
}
/*