2.2.2.21.2.5 ComponentMandatoryLabelACE

The ComponentMandatoryLabelACE type represents a SYSTEM_MANDATORY_LABEL_ACE as specified in [MS-DTYP] section 2.4.4.13 that can be used in the System Access Control List (SACL) of a component-related security descriptor.

A packet of this type MUST be a SYSTEM_MANDATORY_LABEL_ACE ([MS-DTYP] section 2.4.4.13). The only access flag in the Mask field that is meaningful is SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP (0x00000004). For the purpose of access checks against a component-related security descriptor that includes an ACE of this type in its SACL, all Component Access Constants (section 2.2.2.21.1.1) are considered execute rights. Other access flags are not meaningful and SHOULD NOT be set. The AceFlags subfield of the Header field is not meaningful and SHOULD be zero.