AddIntegrityLabel
BOOL WINAPI AddIntegrityLabel(
_In_ HANDLE hFile,
_In_ DWORD dwIntegrityLevel
);
Applies an integrity label to a file. This function is used to enforce mandatory integrity control (MIC) on files.
Parameters
| Parameter | Description |
|---|---|
hFile |
A handle to the file to which the integrity label will be applied. The handle must have been opened with GENERIC_WRITE access. |
dwIntegrityLevel |
The integrity level to assign to the file. This can be one of the following values:
|
Return value
| Type | Description |
|---|---|
BOOL |
Returns TRUE if the function succeeds or FALSE if it fails. To get extended error information, call GetLastError. |
Remarks
| Category | Details |
|---|---|
| Mandatory Integrity Control (MIC) | This function is part of the Mandatory Integrity Control (MIC) feature in Windows. MIC provides a security mechanism that enforces access control based on integrity levels. Processes and objects are assigned integrity levels, and access is granted based on the relative integrity levels. Lower integrity processes have restricted access to higher integrity objects. |
| Integrity Levels | The integrity levels define a hierarchy:
|
| Usage | This function is typically called by processes that have the SeTcbPrivilege privilege or by a system process to set or modify the integrity level of a file. Applications may need to adjust integrity levels for security reasons, such as when handling untrusted content. |
| Error Handling | If the function fails, the return value is FALSE. Call GetLastError to retrieve the specific error code. Common error codes include:
|
Requirements
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Header | winbase.h (include windows.h) |
| Library | Kernel32.lib |
| DLL | Kernel32.dll |
See also
| CreateProcess |
| GetTokenInformation |
| Access Tokens |
| Security and Access Control |