AddDefaultRule Method

Adds a default rule.

Syntax

ANSI (Cross Platform)
int AddDefaultRule(const char* lpszMask, int iAccessFlags, const char* lpszProductGUID);

Unicode (Windows)
INT AddDefaultRule(LPCWSTR lpszMask, INT iAccessFlags, LPCWSTR lpszProductGUID);
#define MID_CBFILTER_ADDDEFAULTRULE 3

CBFSFILTER_EXTERNAL int CBFSFILTER_CALL CBFSFilter_CBFilter_Do(void *lpObj, int methid, int cparam, void *param[], int cbparam[], int64 *lpllVal);

Remarks

This method adds a default rule for the files and directories that match the specified Mask. Each rule in a ruleset is uniquely identified by its mask; if a rule with the specified mask already exists, the new rule's parameters are merged into it.

If the rule is added successfully, this method returns true; otherwise, it returns false.

Default rules, like access rules, instruct the class's system driver to apply certain access restrictions to matching files and directories. However, unlike access rules, default rules are managed by the driver directly; they are activated as soon as the driver loads at boot time, and then continue to be enforced at all times, regardless of whether the application that added them is open.

The Mask parameter must be a valid file mask according to the File Masks topic. Only the files and directories which match the specified mask will be covered by the rule.

The AccessFlags parameter specifies which access restrictions the class's system driver should apply to matching files and directories. The value passed for this parameter should be constructed by OR'ing together zero or more of the following flags:

ACCESS_NONE0x00No access restrictions.

ACCESS_READ_ONLY0x01Read-only access; writing and deleting is prohibited.

ACCESS_WRITE_ONLY0x02Write-only access; reading and deleting is prohibited.

ACCESS_DELETE_PROTECT0x04Deletion and renaming is prohibited.

ACCESS_EXECUTE_PROTECT0x08Execution is prohibited.

ACCESS_NO_CHANGE_DAC0x10Change of security attributes is prohibited.

ACCESS_NO_CHANGE_OWNER0x20Change of owner is prohibited.

ACCESS_RENAME_PROTECT0x40Renaming is prohibited.

ACCESS_DELETE_ONLY_PROTECT0x80Deletion is prohibited (renaming is not affected).

ACCESS_REMOTE_ACCESS_PROTECT0x100Access from other systems is prohibited.

ACCESS_DENY_ALL0x200All access is denied.

ACCESS_ALL_FLAGS-1Used to denote all currently set access restriction flags.

The ProductGUID parameter identifies the application that the rule should be associated with in the registry. In most cases, the value passed for this parameter should be the same one that was used to call the Initialize method.

This method requires administrative rights to execute successfully. If the user account of the process that calls this method doesn't have such rights, the call will fail with an ERROR_PRIVILEGE_NOT_HELD (0x0522) error. Please refer to the Default Rules topic for more information.

Note: The methods and properties related to rule management are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads (such as, e.g., during the AfterFilterAttachToVolume and AfterFilterDetachFromVolume events) are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of the rule lists occurs in a thread-safe manner.

Error Handling (C++)

This method returns a Boolean value; after it returns, call the GetLastErrorCode() method to obtain its result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.

Copyright (c) 2022 Callback Technologies, Inc. - All rights reserved.
CBFS Filter 2020 C++ Edition - Version 20.0 [Build 8317]