WdfIoTargetOpen failed with NTSTATUS=80070005 (ACCESS_DENIED)

Hi,

I am facing NTSTATUS=80070005 (ACCESS_DENIED) while calling WdfIoTargetOpen with symbolic name. Calling this WdfIoTargetOpen from UMDF driver with the symbolic name of a KMDF driver. Does any permissions required through inf .??

Below is the code snip ,



cr = CM_Get_Device_Interface_List((LPGUID)&KMDF_driver_GUID,
NULL,
DeviceInterfaceList,
DeviceInterfaceListLength,
CM_GET_DEVICE_INTERFACE_LIST_PRESENT);

//obtained symbolic link
//create and open IO target

status = WdfIoTargetCreate(
device,
WDF_NO_OBJECT_ATTRIBUTES,
&iotarget
);
if (!NT_SUCCESS(status)) {
TraceInfo(DBG_INFO_HIGH, “%!FILE!::%!FUNC!:: WdfIoTargetCreate FAILED:%!status!”, status);
return FALSE;
}

TraceInfo(DBG_INFO_HIGH, “%!FILE!::%!FUNC!:: SymbolicLink:%ws”, PublisherSymbolicLinkName.Buffer);

WDF_IO_TARGET_OPEN_PARAMS_INIT_OPEN_BY_NAME(
&openParams,
&PublisherSymbolicLinkName,
STANDARD_RIGHTS_ALL
);

status = WdfIoTargetOpen(
iotarget,
&openParams
);
if (!NT_SUCCESS(status)) {
WdfObjectDelete(iotarget);
TraceInfo(DBG_INFO_HIGH, "%!FILE!::%!FUNC!:: WdfIoTargetOpen FAILED:%!STATUS! ", status);
return FALSE;
}

Please help me to identify what I am missing here.

xxxxx@gmail.com wrote:

I am facing NTSTATUS=80070005 (ACCESS_DENIED) while calling WdfIoTargetOpen with symbolic name. Calling this WdfIoTargetOpen from UMDF driver with the symbolic name of a KMDF driver. Does any permissions required through inf .??

Is the KMDF driver one you control?  Are you able to open it from a
regular user-mode application?  Remember that not every driver is
designed for file access.  The KMDF driver establishes its own security
via SDDLs.  If the SDDL doesn’t permit user-mode access, then UMDF can’t
access it.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

IIRC the KM driver must explicitly be configured to allow UMDF opens. There is an INF setting for this somewhere…

d

-----Original Message-----
From: xxxxx@lists.osr.com On Behalf Of xxxxx@probo.com
Sent: Monday, March 12, 2018 8:46 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WdfIoTargetOpen failed with NTSTATUS=80070005 (ACCESS_DENIED)

xxxxx@gmail.com wrote:
> I am facing NTSTATUS=80070005 (ACCESS_DENIED) while calling WdfIoTargetOpen with symbolic name. Calling this WdfIoTargetOpen from UMDF driver with the symbolic name of a KMDF driver. Does any permissions required through inf .??

Is the KMDF driver one you control? Are you able to open it from a regular user-mode application? Remember that not every driver is designed for file access. The KMDF driver establishes its own security via SDDLs. If the SDDL doesn’t permit user-mode access, then UMDF can’t access it.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.


NTDEV is sponsored by OSR

Visit the list online at: https:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:

To unsubscribe, visit the List Server section of OSR Online at https:</https:></https:></https:>

Hi Tim/Doran,

KMDF driver provided the permission to UMDF drivers through SDDL (L"D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;GA;;;UD)"), but this didn’t helped to solve this issue.

unfortunately I am unable to find out any other inf settings for kmdf drivers in wdf directives ( https://docs.microsoft.com/en-us/windows-hardware/drivers/wdf/specifying-wdf-directives-in-inf-files )

please suggest me how to fix this.

xxxxx@gmail.com wrote:

KMDF driver provided the permission to UMDF drivers through SDDL (L"D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;GA;;;UD)"), but this didn’t helped to solve this issue.

What kind of a device are you trying to open?  Some devices only allow
one open at a time.  Keyboard and mouse drivers, for example, only allow
one open, and the HID subsystem uses it up.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

My mistake in what the policy is. The policy is to control if a umdf driver can be opened by KM. See the section UmdfKernelModeClientPolicy in this page

https://docs.microsoft.com/en-us/windows-hardware/drivers/wdf/specifying-wdf-directives-in-inf-files

Can a normal um application open a handle to the km driver?

d

Bent from my phone


From: xxxxx@lists.osr.com on behalf of xxxxx@gmail.com
Sent: Tuesday, March 13, 2018 9:54:51 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] WdfIoTargetOpen failed with NTSTATUS=80070005 (ACCESS_DENIED)

Hi Tim/Doran,

KMDF driver provided the permission to UMDF drivers through SDDL (L"D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;GA;;;UD)"), but this didn’t helped to solve this issue.

unfortunately I am unable to find out any other inf settings for kmdf drivers in wdf directives ( https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-hardware%2Fdrivers%2Fwdf%2Fspecifying-wdf-directives-in-inf-files&amp;data=04|01|Doron.Holan%40microsoft.com|244b9d5386254cb2db2c08d5890323dd|72f988bf86f141af91ab2d7cd011db47|1|0|636565568933668077|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D|-1&amp;sdata=zOzH82PXk704Pg4zy%2FbIXTxsFeLkJeXNZHvoP9HWvIw%3D&amp;reserved=0 )

please suggest me how to fix this.


NTDEV is sponsored by OSR

Visit the list online at: https:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:

To unsubscribe, visit the List Server section of OSR Online at https:</https:></https:></https:>

Do you really want STANDARD_RIGHTS_ALL? Can you do with less… you’re calling from user-mode. I suggest you ask for something more reasonable like (ULONG)(GENERIC_READ | GENERIC_WRITE).

Can you show us the name of the device, the whole string please, that you’re trying to open?

Have you checked the effective protection on the device you’re trying to open with a utility like WinObj or our (venerable) GUI Obj Dir? Setting device object protection is *not* simple.

Peter
OSR
@OSRDrivers

Thank you Peter and Doron,

Using access mask as (ULONG)(GENERIC_READ | GENERIC_WRITE) solved the issue.

>Using access mask as (ULONG)(GENERIC_READ | GENERIC_WRITE) solved the issue.

Gooooooal!

Peter
OSR
@OSRDrivers