dotnet · adamsitnik · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026
diff --git a/src/libraries/Common/src/Interop/Windows/Kernel32/Interop.SECURITY_ATTRIBUTES.cs b/src/libraries/Common/src/Interop/Windows/Kernel32/Interop.SECURITY_ATTRIBUTES.cs
@@ -1,7 +1,6 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
-using System;
 using System.Runtime.InteropServices;
 
 internal static partial class Interop
@@ -14,6 +13,26 @@ internal struct SECURITY_ATTRIBUTES
             internal uint nLength;
             internal unsafe void* lpSecurityDescriptor;
             internal BOOL bInheritHandle;
+
+            internal static unsafe SECURITY_ATTRIBUTES Create() =>
+                new SECURITY_ATTRIBUTES
+                {
+                    nLength = (uint)sizeof(SECURITY_ATTRIBUTES)
+                };
+
+            internal static unsafe SECURITY_ATTRIBUTES Create(void* securityDescriptor) =>
+                new SECURITY_ATTRIBUTES
+                {
+                    nLength = (uint)sizeof(SECURITY_ATTRIBUTES),
+                    lpSecurityDescriptor = securityDescriptor
+                };
+
+            internal static unsafe SECURITY_ATTRIBUTES Create(bool inheritable) =>
+                new SECURITY_ATTRIBUTES
+                {
+                    nLength = (uint)sizeof(SECURITY_ATTRIBUTES),
+                    bInheritHandle = inheritable ? BOOL.TRUE : BOOL.FALSE
+                };
         }
     }
 }
diff --git a/src/libraries/Common/src/System/IO/FileSystem.DirectoryCreation.Windows.cs b/src/libraries/Common/src/System/IO/FileSystem.DirectoryCreation.Windows.cs
@@ -77,11 +77,7 @@ public static unsafe void CreateDirectory(string fullPath, byte[]? securityDescr
 
             fixed (byte* pSecurityDescriptor = securityDescriptor)
             {
-                Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = new Interop.Kernel32.SECURITY_ATTRIBUTES
-                {
-                    nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES),
-                    lpSecurityDescriptor = pSecurityDescriptor
-                };
+                Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = Interop.Kernel32.SECURITY_ATTRIBUTES.Create(pSecurityDescriptor);
 
                 while (stackDir.Count > 0)
                 {

diff --git a/src/libraries/Microsoft.Win32.Registry/src/Microsoft/Win32/RegistryKey.cs b/src/libraries/Microsoft.Win32.Registry/src/Microsoft/Win32/RegistryKey.cs
@@ -215,19 +215,11 @@ public unsafe RegistryKey CreateSubKey(string subkey, RegistryKeyPermissionCheck
                 }
             }
 
-            Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = default;
             byte[]? securityDescriptor = registrySecurity?.GetSecurityDescriptorBinaryForm();
 
             fixed (void* pSecurityDescriptor = securityDescriptor)
             {
-                if (pSecurityDescriptor is not null)
-                {
-                    secAttrs = new()
-                    {
-                        nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES),
-                        lpSecurityDescriptor = pSecurityDescriptor
-                    };
-                }
+                Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = Interop.Kernel32.SECURITY_ATTRIBUTES.Create(pSecurityDescriptor);
 
                 // By default, the new key will be writable.
                 int ret = Interop.Advapi32.RegCreateKeyEx(_hkey,

diff --git a/src/libraries/System.IO.FileSystem.AccessControl/src/System/IO/FileSystemAclExtensions.cs b/src/libraries/System.IO.FileSystem.AccessControl/src/System/IO/FileSystemAclExtensions.cs
@@ -269,11 +269,7 @@ private static unsafe SafeFileHandle CreateFileHandle(string fullPath, FileMode
 
             SafeFileHandle handle;
 
-            var secAttrs = new Interop.Kernel32.SECURITY_ATTRIBUTES
-            {
-                nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES),
-                bInheritHandle = ((share & FileShare.Inheritable) != 0) ? Interop.BOOL.TRUE : Interop.BOOL.FALSE,
-            };
+            Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = Interop.Kernel32.SECURITY_ATTRIBUTES.Create((share & FileShare.Inheritable) != 0);
 
             if (security != null)
             {

diff --git a/...s/System.IO.MemoryMappedFiles/src/System/IO/MemoryMappedFiles/MemoryMappedFile.Windows.cs b/...s/System.IO.MemoryMappedFiles/src/System/IO/MemoryMappedFiles/MemoryMappedFile.Windows.cs
@@ -36,9 +36,9 @@ private static SafeMemoryMappedFileHandle CreateCore(
         {
             Debug.Assert(fileHandle is null || fileSize >= 0);
 
-            Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = GetSecAttrs(inheritability);
+            Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = Interop.Kernel32.SECURITY_ATTRIBUTES.Create((inheritability & HandleInheritability.Inheritable) != 0);
 
-            if (fileHandle != null)
+            if (fileHandle is not null)
             {
                 VerifyMemoryMappedFileAccess(access, capacity, fileSize);
             }
@@ -107,7 +107,7 @@ private static SafeMemoryMappedFileHandle CreateOrOpenCore(
             Debug.Assert(access != MemoryMappedFileAccess.Write, "Callers requesting write access shouldn't try to create a mmf");
 
             SafeMemoryMappedFileHandle? handle = null;
-            Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = GetSecAttrs(inheritability);
+            Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = Interop.Kernel32.SECURITY_ATTRIBUTES.Create((inheritability & HandleInheritability.Inheritable) != 0);
 
             int waitRetries = 14;   //((2^13)-1)*10ms == approximately 1.4mins
             int waitSleep = 0;
@@ -249,21 +249,5 @@ private static SafeMemoryMappedFileHandle OpenCore(
             }
             return handle;
         }
-
-        /// <summary>
-        /// Helper method used to extract the native binary security descriptor from the MemoryMappedFileSecurity
-        /// type. If pinningHandle is not null, caller must free it AFTER the call to CreateFile has returned.
-        /// </summary>
-        private static unsafe Interop.Kernel32.SECURITY_ATTRIBUTES GetSecAttrs(HandleInheritability inheritability)
-        {
-            Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = default(Interop.Kernel32.SECURITY_ATTRIBUTES);
-            if ((inheritability & HandleInheritability.Inheritable) != 0)
-            {
-                secAttrs = default;
-                secAttrs.nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES);
-                secAttrs.bInheritHandle = Interop.BOOL.TRUE;
-            }
-            return secAttrs;
-        }
     }
 }
diff --git a/src/libraries/System.IO.Pipes/src/System/IO/Pipes/PipeStream.Windows.cs b/src/libraries/System.IO.Pipes/src/System/IO/Pipes/PipeStream.Windows.cs
@@ -581,16 +581,8 @@ public virtual PipeTransmissionMode ReadMode
             }
         }
 
-        internal static unsafe Interop.Kernel32.SECURITY_ATTRIBUTES GetSecAttrs(HandleInheritability inheritability)
-        {
-            Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = new Interop.Kernel32.SECURITY_ATTRIBUTES
-            {
-                nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES),
-                bInheritHandle = ((inheritability & HandleInheritability.Inheritable) != 0) ? Interop.BOOL.TRUE : Interop.BOOL.FALSE
-            };
-
-            return secAttrs;
-        }
+        internal static Interop.Kernel32.SECURITY_ATTRIBUTES GetSecAttrs(HandleInheritability inheritability) =>
+            Interop.Kernel32.SECURITY_ATTRIBUTES.Create((inheritability & HandleInheritability.Inheritable) != 0);
 
         internal static unsafe Interop.Kernel32.SECURITY_ATTRIBUTES GetSecAttrs(HandleInheritability inheritability, PipeSecurity? pipeSecurity, ref GCHandle pinningHandle)
         {

diff --git a/...ibraries/System.Private.CoreLib/src/Microsoft/Win32/SafeHandles/SafeFileHandle.Windows.cs b/...ibraries/System.Private.CoreLib/src/Microsoft/Win32/SafeHandles/SafeFileHandle.Windows.cs
@@ -131,15 +131,7 @@ internal static SafeFileHandle Open(string fullPath, FileMode mode, FileAccess a
 
         private static unsafe SafeFileHandle CreateFile(string fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options)
         {
-            Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = default;
-            if ((share & FileShare.Inheritable) != 0)
-            {
-                secAttrs = new Interop.Kernel32.SECURITY_ATTRIBUTES
-                {
-                    nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES),
-                    bInheritHandle = Interop.BOOL.TRUE
-                };
-            }
+            Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = Interop.Kernel32.SECURITY_ATTRIBUTES.Create((share & FileShare.Inheritable) != 0);
 
             int fAccess =
                 ((access & FileAccess.Read) == FileAccess.Read ? Interop.Kernel32.GenericOperations.GENERIC_READ : 0) |

diff --git a/src/libraries/System.Private.CoreLib/src/System/Threading/EventWaitHandle.Windows.cs b/src/libraries/System.Private.CoreLib/src/System/Threading/EventWaitHandle.Windows.cs
@@ -51,15 +51,14 @@ private unsafe void CreateEventCore(
             SafeWaitHandle handle;
             int errorCode;
             Thread.CurrentUserSecurityDescriptorInfo securityDescriptorInfo = default;
-            Interop.Kernel32.SECURITY_ATTRIBUTES securityAttributes = default;
+            Interop.Kernel32.SECURITY_ATTRIBUTES securityAttributes;
             if (!string.IsNullOrEmpty(name) && options.WasSpecified)
             {
                 name = options.GetNameWithSessionPrefix(name);
                 if (options.CurrentUserOnly)
                 {
                     securityDescriptorInfo = new(CurrentUserOnlyAceRights);
-                    securityAttributes.nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES);
-                    securityAttributes.lpSecurityDescriptor = (void*)securityDescriptorInfo.SecurityDescriptor;
+                    securityAttributes = Interop.Kernel32.SECURITY_ATTRIBUTES.Create((void*)securityDescriptorInfo.SecurityDescriptor);
                     securityAttributesPtr = &securityAttributes;
                 }
             }

diff --git a/src/libraries/System.Private.CoreLib/src/System/Threading/Mutex.Windows.cs b/src/libraries/System.Private.CoreLib/src/System/Threading/Mutex.Windows.cs
@@ -40,16 +40,15 @@ private unsafe void CreateMutexCore(
             out bool createdNew)
         {
             Thread.CurrentUserSecurityDescriptorInfo securityDescriptorInfo = default;
-            Interop.Kernel32.SECURITY_ATTRIBUTES securityAttributes = default;
+            Interop.Kernel32.SECURITY_ATTRIBUTES securityAttributes;
             Interop.Kernel32.SECURITY_ATTRIBUTES* securityAttributesPtr = null;
             if (!string.IsNullOrEmpty(name) && options.WasSpecified)
             {
                 name = options.GetNameWithSessionPrefix(name);
                 if (options.CurrentUserOnly)
                 {
                     securityDescriptorInfo = new(CurrentUserOnlyAceRights);
-                    securityAttributes.nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES);
-                    securityAttributes.lpSecurityDescriptor = (void*)securityDescriptorInfo.SecurityDescriptor;
+                    securityAttributes = Interop.Kernel32.SECURITY_ATTRIBUTES.Create((void*)securityDescriptorInfo.SecurityDescriptor);
                     securityAttributesPtr = &securityAttributes;
                 }
             }

diff --git a/src/libraries/System.Private.CoreLib/src/System/Threading/Semaphore.Windows.cs b/src/libraries/System.Private.CoreLib/src/System/Threading/Semaphore.Windows.cs
@@ -55,15 +55,14 @@ private unsafe void CreateSemaphoreCore(
             SafeWaitHandle myHandle;
             int errorCode;
             Thread.CurrentUserSecurityDescriptorInfo securityDescriptorInfo = default;
-            Interop.Kernel32.SECURITY_ATTRIBUTES securityAttributes = default;
+            Interop.Kernel32.SECURITY_ATTRIBUTES securityAttributes;
             if (!string.IsNullOrEmpty(name) && options.WasSpecified)
             {
                 name = options.GetNameWithSessionPrefix(name);
                 if (options.CurrentUserOnly)
                 {
                     securityDescriptorInfo = new(CurrentUserOnlyAceRights);
-                    securityAttributes.nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES);
-                    securityAttributes.lpSecurityDescriptor = (void*)securityDescriptorInfo.SecurityDescriptor;
+                    securityAttributes = Interop.Kernel32.SECURITY_ATTRIBUTES.Create((void*)securityDescriptorInfo.SecurityDescriptor);
                     securityAttributesPtr = &securityAttributes;
                 }
             }

diff --git a/src/libraries/System.Threading.AccessControl/src/System/Threading/EventWaitHandleAcl.cs b/src/libraries/System.Threading.AccessControl/src/System/Threading/EventWaitHandleAcl.cs
@@ -46,11 +46,7 @@ public static unsafe EventWaitHandle Create(bool initialState, EventResetMode mo
 
             fixed (byte* pSecurityDescriptor = eventSecurity.GetSecurityDescriptorBinaryForm())
             {
-                var secAttrs = new Interop.Kernel32.SECURITY_ATTRIBUTES
-                {
-                    nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES),
-                    lpSecurityDescriptor = pSecurityDescriptor
-                };
+                Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = Interop.Kernel32.SECURITY_ATTRIBUTES.Create(pSecurityDescriptor);
 
                 SafeWaitHandle handle = Interop.Kernel32.CreateEventEx(
                     (IntPtr)(&secAttrs),

diff --git a/src/libraries/System.Threading.AccessControl/src/System/Threading/MutexAcl.cs b/src/libraries/System.Threading.AccessControl/src/System/Threading/MutexAcl.cs
@@ -31,11 +31,7 @@ public static unsafe Mutex Create(bool initiallyOwned, string? name, out bool cr
 
             fixed (byte* pSecurityDescriptor = mutexSecurity.GetSecurityDescriptorBinaryForm())
             {
-                var secAttrs = new Interop.Kernel32.SECURITY_ATTRIBUTES
-                {
-                    nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES),
-                    lpSecurityDescriptor = pSecurityDescriptor
-                };
+                Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = Interop.Kernel32.SECURITY_ATTRIBUTES.Create(pSecurityDescriptor);
 
                 SafeWaitHandle handle = Interop.Kernel32.CreateMutexEx(
                     (IntPtr)(&secAttrs),

diff --git a/src/libraries/System.Threading.AccessControl/src/System/Threading/SemaphoreAcl.cs b/src/libraries/System.Threading.AccessControl/src/System/Threading/SemaphoreAcl.cs
@@ -48,11 +48,7 @@ public static unsafe Semaphore Create(int initialCount, int maximumCount, string
 
             fixed (byte* pSecurityDescriptor = semaphoreSecurity.GetSecurityDescriptorBinaryForm())
             {
-                var secAttrs = new Interop.Kernel32.SECURITY_ATTRIBUTES
-                {
-                    nLength = (uint)sizeof(Interop.Kernel32.SECURITY_ATTRIBUTES),
-                    lpSecurityDescriptor = pSecurityDescriptor
-                };
+                Interop.Kernel32.SECURITY_ATTRIBUTES secAttrs = Interop.Kernel32.SECURITY_ATTRIBUTES.Create(pSecurityDescriptor);
 
                 SafeWaitHandle handle = Interop.Kernel32.CreateSemaphoreEx(
                     (IntPtr)(&secAttrs),