putdevattr Subroutine

Purpose

Modifies the device security information in the privileged device database.

Library

Security Library (libc.a)

Syntax

#include <usersec.h>

int putdevattr (Device, Attribute, Value, Type)
    char *Device;
    char *Attribute;
    void *Value;
    int Type;

Description

The putdevattr subroutine writes a specified attribute into the device database. If the database is not open, this subroutine does an implicit open for reading and writing. Data changed by the putdevattr and putdevattrs subroutines must be explicitly committed by calling the putdevattr subroutine with a Type parameter specifying SEC_COMMIT. Until all the data is committed, only the subroutines within the process return written data.

New entries in the device databases must first be created by invoking the putdevattr subroutine with the SEC_NEW type.

Changes that are made to the privileged device database do not impact security considerations until the entire database is sent to the Kernel Security Tables through the setkst device or until the system is rebooted.

Parameters

Item	Description
Device	The device name. The value should be the full path to the device on the system. This parameter must be specified unless the Type parameter is SEC_COMMIT.
Attribute	Specifies that attribute is written. The following possible attributes are defined in the usersec.h file: S_READPRIVS Privileges required to read from the device. Eight privileges can be defined. A process with any of the read privileges is allowed to read from the device. The attribute type is SEC_LIST. S_WRITEPRIVS Privileges required to write to the device. Eight privileges can be defined. A process with any of the write privileges is allowed to write to the device. The attribute type is SEC_LIST.
Value	Specifies a buffer, a pointer to a buffer, or a pointer to a pointer depending on the Attribute and Type parameters. See the Type parameter for more details.
Type	Specifies the type of attribute expected. Valid types are defined in the usersec.h file and include: SEC_INT The format of the attribute is an integer. The user should supply an integer. SEC_CHAR The format of the attribute is a null-terminated character string. The user should supply a character pointer. SEC_LIST The format of the attribute is a series of concatenated strings, each null-terminated. The last string in the series is terminated by two successive null characters. The user should supply a character pointer. SEC_COMMIT Specified that changes to the named device are to be committed to permanent storage. The Attribute and Value parameters are ignored. If no device is specified, the changes to all modified devices are committed to permanent storage. SEC_DELETE If the Attribute parameter is specified, the corresponding attribute is deleted from the privileged device database. If no Attribute parameter is specified, the entire device definition is deleted from the privileged device database. SEC_NEW Creates a new device in the privileged device database when it is specified with the putdevattr subroutine.

Security

Files Accessed:

File	Mode
/etc/security/privdevs	rw

Return Values

If successful, the putdevattr subroutine returns zero. Otherwise, a value of -1 is returned and the errno global value is set to indicate the error.

Error Codes

If the putdevattr subroutine fails, one of the following errno values can be set:

Item	Description
EINVAL	The Device parameter is NULL and the Type parameter is not SEC_COMMIT.
EINVAL	The Device parameter is default or ALL.
EINVAL	The Attribute parameter does not contain one of the defined attributes or is NULL.
EINVAL	The Type parameter does not contain one of the defined values.
EINVAL	The Value parameter does not point to a valid buffer or to valid data for this type of attribute.
ENOENT	The device specified by the Device parameter does not exist.
EPERM	The operation is not permitted.