__writedown() — Query or change the setting of the write-down privilege of an ACEE.
Standards
Standards / Extensions | C or C++ | Dependencies |
---|---|---|
z/OS UNIX |
both | z/OS® V1R5 |
Format
#define _OPEN_SYS
#include <sys/stat.h>
int __writedown ( int writedownop, int writedownscope);
General description
The __writedown() function will enable callers to query or change the setting of the write-down privilege of an ACEE (access control environment element) at the address space level or task level. User's having write-down privilege can write data to a resource protected by a seclabel of lower authority then that of the seclabel represented in the address space level ACEE.
To activate the write-down privilege the userid in the target ACEE must be permitted to the the IRR.WRITEDOWN.BYUSER profile in the FACILITY class. The FACILITY class must be active and RACLISTed, and the SETROPTS MLS option must be active.
See z/OS V1R5 Planning for Multilevel Security for more details on the usage of this function.
- writedownop
- The operation to be performed
- __WD_QUERY
- Query the current setting of the write-down privelege
- __WD_ACTIVATE
- Activate the write-down privilege
- __WD_INACTIVATE
- Inactivate the write-down privilage
- __WD_RESET
- Reset the write-down privilage to the users original default value.
- writedownscope
- Scope of the write-down operation.
- __WD_SCOPE_AS
- Perform write-down operation on the address space level ACEE.
- __WD_SCOPE_THD
- Perform write-down operation on the task level ACEE.
Returned value
For the __writedown() activate, inactivate, and reset operations:
If successful, __writedown() returns 0.
For the __writedown() query operation:
- __WD_IS_ACTIVE
- The write-down privelege is active for the ACEE.
- __WD_IS_INACTIVE
- The write-down privelege is inactive for the ACEE.
For all __writedown() operations:
If unsuccessful, all __writedown() operations return -1 and sets errno to EINVAL.