putobjattrs Subroutine

Purpose

Modifies the multiple object security attributes in the domain-assigned object database.

Library

Security Library (libc.a)

Syntax

#include <usersec.h>
int putobjattrs ( Obj, Attributes,Count )
char * Dom;
dbattr_t *Attributes;
intCount;

Description

The putobjattrs subroutine modifies one or more attributes from the domain-assigned object database. The subroutine can be called only with an object that already exists in the domain-assigned object database.

To create or remove an object, use the putobjattr subroutine instead. Data changed by the putobjattrs subroutine must be explicitly committed by calling the putobjattr subroutine with a Type parameter specifying SEC_COMMIT. Until the data is committed, only the getobjattr and getobjattrs subroutines within the process return the modified data.

Changes that are made to the domain object database do not impact security considerations until the entire database is sent to the Kernel Security Tables using the setkst command.

The Attributes array contains information about each attribute that is to be updated. Each value specified in the Attributes array must be examined on a successful call to the putobjattrs subroutine to determine whether the value of the Attributes array was successfully written. The dbattr_t data structure contains the following fields:

Item Description
attr_name Specifies the name.
attr_idx This attribute is used internally by the putobjattrs subroutine.
attr_type The type of the attribute that is being updated.
attr _flag

The result of the request to update the target attribute. On successful completion, a value of zero is returned. Otherwise, a nonzero value is returned.

A union that contains the value to update the requested attribute with.

The following table lists the different vales for attr_name attribute:
Name Description Type
S_DOMAINS The list of domains to which the object belongs. SEC_LIST
S_CONFSETS The list of domains that are excluded from accessing the object. SEC_LIST
S_OBJTYPE The type of the object. Valid values are:
  • S_NETINT

    For network interfaces

  • S_FILE

    For file based objects. The object name should be the absolute path.

  • S_DEVICE

    For Devices. The absolute path should be specified.

  • S_NETPORT

    For port and port ranges

SEC_CHAR
S_SECFLAGS The security flags for the object. The valid values are FSF_DOM_ALL and FSF_DOM_ANY. SEC_INT
The following union members correspond to the definitions of the attr_char, attr_int, attr_long and the attr_long macros in the usersec.h file respectively.
Item Description
au_char A character pointer to the value that is to be written for attributes of SEC_CHAR and SEC_LIST types.
au_int Integer value that is to be written for attributes of the SEC_INT type.
au_long Long value that is to be written for attributes of the SEC_LONG type.
au_llong Long long value that is to be written for attributes of the SEC_LLONG type.

Parameters

Item Description
Obj Specifies the domain-assigned object name for which the attributes are to be updated.
Attributes A pointer to an array of zero or more attributes of the dbattr_t type. The list of domain-assigned object attributes is defined in the usersec.h header file.
Count The number of array elements in the Attributes parameter.

Security

Files Accessed:

Item Description
File Mode
/etc/security/domobjs
rw

Return Values

If the object specified by the Obj parameter exists in the domain-assigned object database, the putobjattrs subroutine returns zero, even in the case when no attributes in the Attributes array are successfully updated. On successful completion, the attr_flag attribute that is specified in the Attributes array must be examined to determine whether it was successfully updated. If the specified object does not exist, a value of -1 is returned and the errno value is set to indicate the error.

Error Codes

If the putobjattrs returns -1, one of the following errno values is set:

Item Description
EINVAL

The Obj parameter is NULL or default.

The Count parameter is less than zero.

The Attributes array is NULL and the Count parameter is greater than zero.

The Attributes array does not point to valid data for the requested attribute.

ENOENT The object specified by the Obj parameter does not exist.
ENOMEM Memory cannot be allocated.
EPERM The operation is not permitted.
EACCES Access permission is denied for the data request.

If the putobjattrs subroutine fails to update an attribute, one of the following errors is returned in the attr_flag field of the corresponding Attributes element:

Item Description
EINVAL

The attr_name field in the Attributes entry is not a recognized object attribute.

The attr_type field in the Attributes entry contains a type that is not valid.

The attr_un field in the Attributes entry does not point to a valid buffer or to valid data for this type of attribute.

EACCES The caller does not have write access to the domain database.