| Platform SDK: Access Control |
The following pseudocode creates a mutex with a null DACL.
If you are creating one of these objects in an application and the object will be shared with a service, you could also use a null DACL to grant everyone access. As an alternative, you could add an access-control entry (ACE) to the DACL that grants access to the user account that the service is running under. This would restrict access to the object to the service.
PSECURITY_DESCRIPTOR pSD;
SECURITY_ATTRIBUTES sa;
pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR,
SECURITY_DESCRIPTOR_MIN_LENGTH);
if (pSD == NULL)
Error(...);
if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))
Error(...);
// Add a null DACL to the security descriptor.
if (!SetSecurityDescriptorDacl(pSD, TRUE, (PACL) NULL, FALSE))
Error(...);
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = pSD;
sa.bInheritHandle = TRUE;
mutex = CreateMutex(&sa, FALSE, "SOMENAME");