[reactos] 01/10: [NTOS:SE] Update the NT access check syscalls SAL2 annotations - Ros-diffs

22 Aug 2023

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=edcf3f5363cbaf212654f7...
commit edcf3f5363cbaf212654f78eda5542b1d7cea4be
Author:     George Bișoc george.bisoc@reactos.org
AuthorDate: Tue Jun 20 10:42:08 2023 +0200
Commit:     unknown george.bisoc@reactos.org
CommitDate: Tue Aug 22 17:53:45 2023 +0200
[NTOS:SE] Update the NT access check syscalls SAL2 annotations
The newly updated SAL2 annotations reflect those from Process Hacker.
    Also these syscalls must have their function's status code checked, as
    most of other Native syscalls have them checked.
---
 sdk/include/ndk/sefuncs.h | 35 +++++++++++++++++++++--------------
 1 file changed, 21 insertions(+), 14 deletions(-)

diff --git a/sdk/include/ndk/sefuncs.h b/sdk/include/ndk/sefuncs.h
index b0227a223d0..3c24177cb16 100644
--- a/sdk/include/ndk/sefuncs.h
+++ b/sdk/include/ndk/sefuncs.h
@@ -13,6 +13,7 @@ Abstract:
 Author:
Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
+    George Bișoc (george.bisoc@reactos.org) - Updated - 23-Apr-2023
--*/
@@ -79,6 +80,8 @@ SeTokenImpersonationLevel(
 //
 // Native Calls
 //
+_Must_inspect_result_
+__kernel_entry
 NTSYSCALLAPI
 NTSTATUS
 NTAPI
@@ -87,40 +90,44 @@ NtAccessCheck(
     _In_ HANDLE ClientToken,
     _In_ ACCESS_MASK DesiredAccess,
     _In_ PGENERIC_MAPPING GenericMapping,
-    _Out_ PPRIVILEGE_SET PrivilegeSet,
-    _Out_ PULONG ReturnLength,
+    _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
+    _Inout_ PULONG PrivilegeSetLength,
     _Out_ PACCESS_MASK GrantedAccess,
     _Out_ PNTSTATUS AccessStatus);
+_Must_inspect_result_
+NTSYSCALLAPI
 NTSTATUS
 NTAPI
 NtAccessCheckByType(
     _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
-    _In_ PSID PrincipalSelfSid,
+    _In_opt_ PSID PrincipalSelfSid,
     _In_ HANDLE ClientToken,
     _In_ ACCESS_MASK DesiredAccess,
-    _In_ POBJECT_TYPE_LIST ObjectTypeList,
-    _In_ ULONG ObjectTypeLength,
+    _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
+    _In_ ULONG ObjectTypeListLength,
     _In_ PGENERIC_MAPPING GenericMapping,
-    _In_ PPRIVILEGE_SET PrivilegeSet,
+    _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
     _Inout_ PULONG PrivilegeSetLength,
     _Out_ PACCESS_MASK GrantedAccess,
     _Out_ PNTSTATUS AccessStatus);
+_Must_inspect_result_
+NTSYSCALLAPI
 NTSTATUS
 NTAPI
 NtAccessCheckByTypeResultList(
     _In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
-    _In_ PSID PrincipalSelfSid,
+    _In_opt_ PSID PrincipalSelfSid,
     _In_ HANDLE ClientToken,
     _In_ ACCESS_MASK DesiredAccess,
-    _In_ POBJECT_TYPE_LIST ObjectTypeList,
-    _In_ ULONG ObjectTypeLength,
+    _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList,
+    _In_ ULONG ObjectTypeListLength,
     _In_ PGENERIC_MAPPING GenericMapping,
-    _In_ PPRIVILEGE_SET PrivilegeSet,
+    _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
     _Inout_ PULONG PrivilegeSetLength,
-    _Out_ PACCESS_MASK GrantedAccess,
-    _Out_ PNTSTATUS AccessStatus);
+    _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess,
+    _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus);
_Must_inspect_result_
 __kernel_entry NTSYSCALLAPI
@@ -331,8 +338,8 @@ ZwAccessCheck(
     _In_ HANDLE ClientToken,
     _In_ ACCESS_MASK DesiredAccess,
     _In_ PGENERIC_MAPPING GenericMapping,
-    _Out_ PPRIVILEGE_SET PrivilegeSet,
-    _Out_ PULONG ReturnLength,
+    _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet,
+    _Out_ PULONG PrivilegeSetLength,
     _Out_ PACCESS_MASK GrantedAccess,
     _Out_ PNTSTATUS AccessStatus);

    