Has anyone used the System.Security.AccessControl.CustomACE class to create a custom ACE? How do I go about doing this?
I am writing a BHO (Browser Helper Object) which in IE7/8 runs with Mandatory Integrity Low permissions. I am also going to launch a "helper object" that will run with medium (aka user) integrity that will communicate with all instances of the BHO, using remoting over a IpcChannel.
In order to do this, I need to open the resource with low integrity as well. There is a constructor for the IpcChannel that will take a CommonSecurityDescriptor, but there is no way explicit way to specify this ACE. From what I understand it should go into the SACL, but the SystemACL class only supports "Audit" type ACEs.
I can create a SystemACL from a RawACL, adding in a CustomAce. However there is virtually no information on how I translate the SID/RID for a Mandetory Integrity Low into the CustomAce. If I can get that figured out, I should be able to create the RawACL, and use that to create my SystemAcl, which I can then in turn apply to my IpcChannel.
So, if anyone knows how to do this and can describe, or post a snippet, that would be great.
Andreas M.