Accesses the TCB information in the user database.
Security Library (libc.a)
These subroutines access Trusted Computing Base (TCB) information.
The gettcbattr subroutine reads a specified attribute from the tcbck database. If the database is not already open, the subroutine will do an implicit open for reading.
Similarly, the puttcbattr subroutine writes a specified attribute into the tcbck database. If the database is not already open, the subroutine does an implicit open for reading and writing. Data changed by puttcbattr must be explicitly committed by calling the puttcbattr subroutine with a Type parameter specifying the SEC_COMMIT value. Until the data is committed, only get subroutine calls within the process will return the written data.
New entries in the tcbck databases must first be created by invoking puttcbattr with the SEC_NEW type.
The tcbck database usually defines all the files and programs that are part of the TCB, but the root user or a member of the security group can choose to define only those files considered to be security-relevant.
Item | Description |
---|---|
Attribute | Specifies which attribute is read. The following possible
values are defined in the sysck.h file:
Additional user-defined attributes may be used and will be stored in the format specified by the Type parameter. |
Entry | Specifies the name of the file for which an attribute is to be read or written. |
Type | Specifies the type of attribute expected. Valid values are
defined in the usersec.h file and include:
|
Value | Specifies the address of a pointer for the gettcbattr subroutine. The gettcbattr subroutine will return the address of a buffer in the pointer. For the puttcbattr subroutine, the Value parameter specifies the address of a buffer in which the attribute is stored. See the Type parameter for more details. |
Item | Description |
---|---|
Files Accessed: |
Mode | File |
---|---|
rw | /etc/security/sysck.cfg (write access for puttcbattr) |
The gettcbattr and puttcbattr subroutines, when successfully completed, return a value of 0. Otherwise, a value of -1 is returned and the errno global variable is set to indicate the error.
These subroutines fail if the following is true:
Item | Description |
---|---|
EACCES | Access permission is denied for the data request. |
The gettcbattr and puttcbattr subroutines fail if one or more of the following are true:
Item | Description |
---|---|
EINVAL | The Value parameter does not point to a valid buffer or to valid data for this type of attribute. Limited testing is possible and all errors may not be detected. |
EINVAL | The Entry parameter is null or contains a pointer to a null string. |
EINVAL | The Type parameter contains more than one of the SEC_BOOL, SEC_CHAR, SEC_LIST, or SEC_LONG attributes. |
EINVAL | The Type parameter specifies that an individual attribute is to be committed, and the Entry parameter is null. |
ENOENT | The specified Entry parameter does not exist or the attribute is not defined for this entry. |
EPERM | Operation is not permitted. |