From 0ded39bb6276739c758ddf5a9692bbc31c8c0dbc Mon Sep 17 00:00:00 2001
From: shreyamalviya <shreya.malviya@gmail.com>
Date: Fri, 18 Jun 2021 20:11:33 +0530
Subject: [PATCH] island: Add inheritance when setting Windows file or dir
 permissions

Add container and object inheritance to the ACE's security descriptor
when setting Windows permissions
---
 .../cc/server_utils/windows_permissions.py    | 25 +++++++++++++------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/monkey/monkey_island/cc/server_utils/windows_permissions.py b/monkey/monkey_island/cc/server_utils/windows_permissions.py
index f090083f6..0a5f6de8c 100644
--- a/monkey/monkey_island/cc/server_utils/windows_permissions.py
+++ b/monkey/monkey_island/cc/server_utils/windows_permissions.py
@@ -4,16 +4,25 @@ import win32con
 import win32security
 
 
-def get_security_descriptor_for_owner_only_perms() -> None:
-    user = get_user_pySID_object()
+def get_security_descriptor_for_owner_only_perms():
+    user_sid = get_user_pySID_object()
     security_descriptor = win32security.SECURITY_DESCRIPTOR()
-
     dacl = win32security.ACL()
-    dacl.AddAccessAllowedAce(
-        win32security.ACL_REVISION,
-        ntsecuritycon.FILE_ALL_ACCESS,
-        user,
-    )
+
+    entries = [
+        {
+            "AccessMode": win32security.GRANT_ACCESS,
+            "AccessPermissions": ntsecuritycon.FILE_ALL_ACCESS,
+            "Inheritance": win32security.CONTAINER_INHERIT_ACE | win32security.OBJECT_INHERIT_ACE,
+            "Trustee": {
+                "TrusteeType": win32security.TRUSTEE_IS_USER,
+                "TrusteeForm": win32security.TRUSTEE_IS_SID,
+                "Identifier": user_sid,
+            },
+        }
+    ]
+    dacl.SetEntriesInAcl(entries)
+
     security_descriptor.SetSecurityDescriptorDacl(1, dacl, 0)
 
     return security_descriptor