secadvise(2)


secadvise -- get kernel advisory access information

Synopsis

   #include <sys/secsys.h>
   

int secadvise(struct obj_attr *obj, int cmd, struct sub_attr *sub);

Description

The secadvise system call is used to get advisory access information from the kernel.

The obj argument points to a structure containing the attributes for an object. This structure is defined with at least the following members:

   uid_t uid;
   gid_t gid;
   mode_t mode;
   level_t lid;

The level_t argument is currently unused.

The cmd argument determines the requested access. The sub argument points to a structure containing the attributes for a subject. The subject structure is retrieved through the I_S_RECVFD command of the ioctl system call.

secadvise recognizes the following commands:


SA_SUBSIZE
Returns the size of the subject attributes structure. The obj and sub arguments are ignored. This command is provided so that future changes to the kernel can happen without recompilation of the application program.

SA_READ
Determines whether sub has read access to obj. If this command succeeds, it returns 0 to the calling process.

This call will fail, returning -1, if one or more of the following is true:


EACCES
if sub does not have read access to obj.

EFAULT
if obj or sub points outside the allocated address space for the process.

SA_WRITE
Determines whether sub has write access to obj. If this command succeeds, it returns 0 to the calling process.

This call will fail, returning -1, if one or more of the following is true:


EACCES
if sub does not have write access to obj.

EFAULT
if obj or sub points outside the allocated address space for the process.

SA_EXEC
Determines whether sub has execute access to obj. If this command succeeds, it returns 0 to the calling process.

This call will fail, returning -1, if one or more of the following is true:


EACCES
if sub does not have execute access to obj.

EFAULT
if obj or sub points outside the allocated address space for the process.

Return values

Return values for secadvise depend on cmd and are described above.

Errors for secadvise depend on cmd and are described above.

References

ioctl(2), streamio(7)
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004