PyACL.AddMandatoryAce

AddMandatoryAce(AceRevision, AceFlags, MandatoryPolicy, LabelSid)

Adds a mandatory integrity level ACE to a SACL

Parameters

AceRevision : int

ACL_REVISION or ACL_REVISION_DS

AceFlags : int

Combination of ACE inheritance flags (CONTAINER_INHERIT_ACE,INHERIT_ONLY_ACE,INHERITED_ACE,NO_PROPAGATE_INHERIT_ACE, and OBJECT_INHERIT_ACE)

MandatoryPolicy : int

Access policy for processes with lower integrity level, combination of SYSTEM_MANDATORY_LABEL_* flags

LabelSid : PySID

Integrity level SID. This can be created using CreateWellKnownSid with Win*LabelSid.
Also can be constructed manually using SECURITY_MANDATORY_LABEL_AUTHORITY and a SECURITY_MANDATORY_*_RID