IN  ACCESS_MASK DesiredAccess,
  IN  PGENERIC_MAPPING GenericMapping,
  OUT PACCESS_MASK RemainingDesiredAccess

Routine Description:

    This routine implements privilege policy by examining the bits in
    a DesiredAccess mask and adjusting them based on privilege checks.

    Currently, a request for ACCESS_SYSTEM_SECURITY may only be satisfied
    by the caller having SeSecurityPrivilege.

    Note that this routine is only to be called when an object is being
    created.  When an object is being opened, it is expected that
    NtAccessCheck will be called, and that routine will implement
    another policy for substituting privileges for DACL access.


    DesiredAccess - Supplies the user's desired access mask

    Privileges - Supplies a pointer to an empty buffer in which will
        be returned a privilege set describing any privileges that were
        used to gain access.

        Note that this is not an optional parameter, that is, enough
        room for a single privilege must always be passed.

    Length - Supplies the length of the Privileges parameter in bytes.
        If the supplies length is not adequate to store the entire
        privilege set, this field will return the minimum length required.

    Token - (optionally) Supplies the token for the client on whose
        behalf the object is being accessed.  If this value is
        specified as null, then the token on the thread is opened and
        examined to see if it is an impersonation token.  If it is,
        then it must be at SecurityIdentification level or higher.  If
        it is not an impersonation token, the operation proceeds

    GenericMapping - Supplies the generic mapping associated with this
        object type.

    RemainingDesiredAccess - Returns the DesiredAccess mask after any bits
        have been masked off.  If no access types could be granted, this
        mask will be identical to the one passed in.

Return Value:

    STATUS_SUCCESS - The operation completed successfully.

    STATUS_BUFFER_TOO_SMALL - The passed buffer was not large enough
        to contain the information being returned.

    STATUS_BAD_IMPERSONATION_LEVEL - The caller or passed token was
        impersonating, but not at a high enough level.