File Access Control Lists

An access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. A filesystem ACL is a data structure (usually a table) containing entries that specify individual user or group rights to specific system objects such as programs, processes, or files. These entries are known as access-control entries (ACEs) in the Microsoft Windows NT.

EaseFilter File Access Control SDK allows you to develop the Windows file security application to configure the file access control lists on the fly. It provides you a simple solution to control the file access, it allows you to authorize the file access by setting up up the whitelisting and blacklisting for the processes or users.

EaseFilter File Access Control SDK is a kernel-mode component that runs as part of the Windows executive above the file system. The EaseFilter file system filter driver can intercept requests targeted at a file system or another file system filter driver. By intercepting the request before it reaches its intended target, the filter driver can monitor or control the file I/O. It allows you to log, observe, modify, or prevent the I/O operations for one or more file systems or file system volumes.

control file access rights

To implement the file access control lists with the control the file access rights of the EaseFilter File Access Control SDK, you just need to add the filter rule with the AccessFlag, by setting or unsetting the bit, it will add or remove the associated access rights as below:

  1. ALLOW_OPEN_WITH_CREATE_OR_OVERWRITE_ACCESS: allow or block the new file creation.
  2. ALLOW_READ_ACCESS:  allow or block the file being read.
  3. ALLOW_WRITE_ACCESS: allow or block the file being written.
  4. ALLOW_FILE_RENAME:  allow or block the file being renamed.
  5. ALLOW_FILE_DELETE: allow or block the file being deleted.
  6. ALLOW_SET_SECURITY_ACCESS: allow or block the file’s security being changed.
  7. ALLOW_SET_INFORMATION: allow or block the file’s attributes, file size being changed.
  8. ALLOW_FILE_ACCESS_FROM_NETWORK: allow or block the file being read from the network via SMB share path.
  9. ALLOW_COPY_PROTECTED_FILES_OUT: allow or block the sensitive files being copied out.
/// <summary>
/// Add the new filter rule to the filter driver.
/// </summary>
/// <param name="accessFlag">access control rights of the file IO to the files which match the filter mask</param>
/// <param name="filterMask">the filter rule file filter mask, it must be unique.</param>
/// <param name="isResident">if it is true, the filter rule will be added to the registry, get protection in boot time.</param>
/// <param name="filterRuleId">the id to identify the filter rule, it will show up in messageId field of messageSend structure if the callback is registered</param>
/// <returns></returns>
[DllImport("FilterAPI.dll", SetLastError = true)]
public static extern bool AddFileFilterRule(
uint accessFlag,
[MarshalAs(UnmanagedType.LPWStr)]string filterMask,
bool isResident,
uint filterRuleId );