/* PRIVATE FUNCTIONS *********************************************************/
+static
+NTSTATUS
+NTAPI
+INIT_FUNCTION
+ObpCreateKernelObjectsSD(OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
+{
+ ULONG AclLength;
+ PACL Dacl;
+ NTSTATUS Status;
+
+ /* Initialize the SD */
+ Status = RtlCreateSecurityDescriptor(SecurityDescriptor,
+ SECURITY_DESCRIPTOR_REVISION);
+ if (!NT_SUCCESS(Status))
+ return Status;
+
+ /* Allocate the DACL */
+ AclLength = sizeof(ACL) +
+ sizeof(ACE) + RtlLengthSid(SeWorldSid) +
+ sizeof(ACE) + RtlLengthSid(SeAliasAdminsSid) +
+ sizeof(ACE) + RtlLengthSid(SeLocalSystemSid);
+
+ Dacl = ExAllocatePoolWithTag(PagedPool, AclLength, TAG_OB_DIR_SD);
+ if (Dacl == NULL)
+ {
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ /* Initialize the DACL */
+ RtlCreateAcl(Dacl, AclLength, ACL_REVISION);
+
+ /* Add the ACEs */
+ RtlAddAccessAllowedAce(Dacl,
+ ACL_REVISION,
+ GENERIC_READ,
+ SeWorldSid);
+
+ RtlAddAccessAllowedAce(Dacl,
+ ACL_REVISION,
+ GENERIC_ALL,
+ SeAliasAdminsSid);
+
+ RtlAddAccessAllowedAce(Dacl,
+ ACL_REVISION,
+ GENERIC_ALL,
+ SeLocalSystemSid);
+
+ /* Attach the DACL to the SD */
+ Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor,
+ TRUE,
+ Dacl,
+ FALSE);
+
+ return Status;
+}
+
+static
+VOID
+NTAPI
+INIT_FUNCTION
+ObpFreeKernelObjectsSD(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor)
+{
+ PACL Dacl = NULL;
+ BOOLEAN DaclPresent, Defaulted;
+ NTSTATUS Status;
+
+ Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
+ &DaclPresent,
+ &Dacl,
+ &Defaulted);
+ if (NT_SUCCESS(Status) && Dacl != NULL)
+ {
+ ExFreePool(Dacl);
+ }
+}
+
BOOLEAN
INIT_FUNCTION
NTAPI
POBJECT_HEADER Header;
POBJECT_HEADER_CREATOR_INFO CreatorInfo;
POBJECT_HEADER_NAME_INFO NameInfo;
+ SECURITY_DESCRIPTOR KernelObjectsSD;
NTSTATUS Status;
/* Check if this is actually Phase 1 initialization */
Status = NtClose(Handle);
if (!NT_SUCCESS(Status)) return FALSE;
- /* Initialize Object Types directory attributes */
+ /* Create a custom security descriptor for the KernelObjects directory */
+ Status = ObpCreateKernelObjectsSD(&KernelObjectsSD);
+ if (!NT_SUCCESS(Status))
+ return FALSE;
+
+ /* Initialize the KernelObjects directory attributes */
RtlInitUnicodeString(&Name, L"\\KernelObjects");
InitializeObjectAttributes(&ObjectAttributes,
&Name,
OBJ_CASE_INSENSITIVE | OBJ_PERMANENT,
NULL,
- NULL);
-
+ &KernelObjectsSD);
+
/* Create the directory */
Status = NtCreateDirectoryObject(&Handle,
DIRECTORY_ALL_ACCESS,
&ObjectAttributes);
+ ObpFreeKernelObjectsSD(&KernelObjectsSD);
if (!NT_SUCCESS(Status)) return FALSE;
-
+
/* Close the extra handle */
Status = NtClose(Handle);
if (!NT_SUCCESS(Status)) return FALSE;
- /* Initialize Object Types directory attributes */
+ /* Initialize ObjectTypes directory attributes */
RtlInitUnicodeString(&Name, L"\\ObjectTypes");
InitializeObjectAttributes(&ObjectAttributes,
&Name,