NTSTATUS
SeAccessCheckByType(
      __in PSECURITY_DESCRIPTOR SecurityDescriptor,
      __in_opt PSID PrincipalSelfSid,
      __in HANDLE ClientToken,
      __in ACCESS_MASK DesiredAccess,
      __in_ecount_opt(ObjectTypeListLength 
  );

Routine Description:

    See module abstract.

Arguments:

    SecurityDescriptor - Supplies the security descriptor protecting the object
        being accessed

    PrincipalSelfSid - If the object being access checked is an object which
        represents a principal (e.g., a user object), this parameter should
        be the SID of the object.  Any ACE containing the constant
        PRINCIPAL_SELF_SID is replaced by this SID.

        The parameter should be NULL if the object does not represent a principal.

    ClientToken - Supplies the handle of the user's token.

    DesiredAccess - Supplies the desired access mask.

    ObjectTypeList - Supplies a list of GUIDs representing the object (and
        sub-objects) being accessed.  If no list is present, AccessCheckByType
        behaves identically to AccessCheck.

    ObjectTypeListLength - Specifies the number of elements in the ObjectTypeList.

    GenericMapping - Supplies the generic mapping associated with this
        object type.

    PrivilegeSet - A pointer to a buffer that upon return will contain
        any privileges that were used to perform the access validation.
        If no privileges were used, the buffer will contain a privilege
        set consisting of zero privileges.

    PrivilegeSetLength - The size of the PrivilegeSet buffer in bytes.

    GrantedAccess - Returns an access mask describing the granted access.

    AccessStatus - Status value that may be returned indicating the
         reason why access was denied.  Routines should avoid hardcoding a
         return value of STATUS_ACCESS_DENIED so that a different value can
         be returned when mandatory access control is implemented.

    ReturnResultList - If true, GrantedAccess and AccessStatus are actually
        arrays of entries ObjectTypeListLength elements long.

Return Value:

    STATUS_SUCCESS - The attempt proceeded normally.  This does not
        mean access was granted, rather that the parameters were
        correct.

    STATUS_GENERIC_NOT_MAPPED - The DesiredAccess mask contained
        an unmapped generic access.

    STATUS_BUFFER_TOO_SMALL - The passed buffer was not large enough
        to contain the information being returned.

    STATUS_NO_IMPERSONTAION_TOKEN - The passed Token was not an impersonation
        token.