Converts the access control information from one ACL type to another.
Security Library (libc.a)
The aclx_convert subroutine converts the access control information from the binary input given in from_acl of the ACL type from_type into a binary ACL of the type to_type and stores it in to_acl. Values from_type and to_type can be any ACL types supported in the system.
The ACL conversion takes place with the help of an ACL type-specific algorithm. Because the conversion is approximate, it can result in a potential loss of access control. Therefore, the user of this call must make sure that the converted ACL satisfies the required access controls. The user can manually review the access control information after the conversion for the file system object to ensure that the conversion was successful and satisfied the requirements of the intended access control.
Item | Description |
---|---|
from_acl | Points to the ACL that has to be converted. |
from_sz | Indicates the size of the ACL information pointed to by from_acl. |
from_type | Indicates the ACL type information of the ACL. The acl_type is
64 bits in size and is unique on the system. If the given acl_type is
not supported in the system, this function fails and errno is
set to EINVAL. The supported ACL types are ACLX and NFS4. |
to_acl | Points to a buffer in which the target binary ACL has to be stored. The amount of memory available in this buffer is indicated by the to_sz parameter. |
to_sz | Indicates the amount of memory, in bytes, available in to_acl. If to_sz contains less than the required amount of memory for storing the converted ACL, *to_sz is set to the required amount of memory and ENOSPC is returned by errno. |
to_type | Indicates the ACL type to which conversion needs to be done.
The ACL type is 64 bits in size and is unique on the system. If the
given acl_type is not supported in the system, this function
fails and errno is set to EINVAL The supported ACL types are ACLX and NFS4. |
fs_obj_path | File System Object Path for which the ACL conversion is being requested. Gets information about the object, such as whether it is file or directory. |
On successful completion, the aclx_convert subroutine returns a value of 0. Otherwise, -1 is returned and the errno global variable is set to indicate the error.
The aclx_convert subroutine fails if one or more of the following is true:
Item | Description |
---|---|
EINVAL | Invalid input parameter. The same error can be returned if an invalid acl_type is specified as input to this routine, either in from_type or in to_type. This errno could also be returned if the binary ACL given in from_acl is not the type specified by from_type. |
ENOSPC | Insufficient storage space is available in to_acl. |
Access Control: The invoker must have search permission for all components of the Path prefix.
Auditing Events: If the auditing subsystem has been properly configured and is enabled, the aclx_convert subroutine generates the following audit record (event) every time the command is executed:
Item | Description |
---|---|
Event | Information |
FILE_Acl | Lists access controls. |