putdevattr Subroutine

Purpose

Modifies the device security information in the privileged device database.

Library

Security Library (libc.a)

Syntax

#include <usersec.h>

int putdevattr (Device, Attribute, Value, Type)
    char *Device;
    char *Attribute;
    void *Value;
    int Type;

Description

The putdevattr subroutine writes a specified attribute into the device database. If the database is not open, this subroutine does an implicit open for reading and writing. Data changed by the putdevattr and putdevattrs subroutines must be explicitly committed by calling the putdevattr subroutine with a Type parameter specifying SEC_COMMIT. Until all the data is committed, only the subroutines within the process return written data.

New entries in the device databases must first be created by invoking the putdevattr subroutine with the SEC_NEW type.

Changes that are made to the privileged device database do not impact security considerations until the entire database is sent to the Kernel Security Tables through the setkst device or until the system is rebooted.

Parameters

Item Description
Device The device name. The value should be the full path to the device on the system. This parameter must be specified unless the Type parameter is SEC_COMMIT.
Attribute Specifies that attribute is written. The following possible attributes are defined in the usersec.h file:
S_READPRIVS
Privileges required to read from the device. Eight privileges can be defined. A process with any of the read privileges is allowed to read from the device. The attribute type is SEC_LIST.
S_WRITEPRIVS
Privileges required to write to the device. Eight privileges can be defined. A process with any of the write privileges is allowed to write to the device. The attribute type is SEC_LIST.
Value Specifies a buffer, a pointer to a buffer, or a pointer to a pointer depending on the Attribute and Type parameters. See the Type parameter for more details.
Type Specifies the type of attribute expected. Valid types are defined in the usersec.h file and include:
SEC_INT
The format of the attribute is an integer. The user should supply an integer.
SEC_CHAR
The format of the attribute is a null-terminated character string. The user should supply a character pointer.
SEC_LIST
The format of the attribute is a series of concatenated strings, each null-terminated. The last string in the series is terminated by two successive null characters. The user should supply a character pointer.
SEC_COMMIT
Specified that changes to the named device are to be committed to permanent storage. The Attribute and Value parameters are ignored. If no device is specified, the changes to all modified devices are committed to permanent storage.
SEC_DELETE
If the Attribute parameter is specified, the corresponding attribute is deleted from the privileged device database. If no Attribute parameter is specified, the entire device definition is deleted from the privileged device database.
SEC_NEW
Creates a new device in the privileged device database when it is specified with the putdevattr subroutine.

Security

Files Accessed:
File Mode
/etc/security/privdevs rw

Return Values

If successful, the putdevattr subroutine returns zero. Otherwise, a value of -1 is returned and the errno global value is set to indicate the error.

Error Codes

If the putdevattr subroutine fails, one of the following errno values can be set:

Item Description
EINVAL The Device parameter is NULL and the Type parameter is not SEC_COMMIT.
EINVAL The Device parameter is default or ALL.
EINVAL The Attribute parameter does not contain one of the defined attributes or is NULL.
EINVAL The Type parameter does not contain one of the defined values.
EINVAL The Value parameter does not point to a valid buffer or to valid data for this type of attribute.
ENOENT The device specified by the Device parameter does not exist.
EPERM The operation is not permitted.