putobjattr Subroutine

Purpose

Modifies the object that are defined in the domain-assigned object database.

Library

Security Library (libc.a)

Syntax

#include <usersec.h>
int putobjattr ( Obj, Attribute, Value, Type )
char * Obj;
char *Attribute;
void * Value;
int Type;

Description

The putobjattr subroutine modifies the domain-assigned object database. New object can be added to the domain-assigned object database by calling the putobjattr subroutine with the SEC_NEW type and specifying the new object name. Deletion of an object or object attribute is done using the SEC_DELETE type for the putobjattr subroutine.

Data changed by the putobjattr subroutine must be explicitly committed by calling the putobjattr subroutine with a Type parameter specifying the SEC_COMMIT type. Until all the data is committed, only the getobjattr and getobjattrs subroutines within the process return the modified data. Changes that are made to the domain database do not impact security considerations until the entire database is sent to the Kernel Security Tables using the setkst command or until the system is rebooted.

Parameters

Item	Description
Obj	The object name. This parameter must be specified unless the Type parameter is SEC_COMMIT.
Attribute	Specifies the attribute to be written. The following possible attributes are defined in the usersec.h file: S_DOMAINS The list of domains to which the object belongs. The attribute type is SEC_LIST. S_CONFSETS The list of domains that are excluded from accessing the object. The attribute type is SEC_LIST. S_OBJTYPE The type of the object. Valid values are: S_NETINT For network interfaces S_FILE For file based objects. The object name should be the absolute path S_DEVICE For Devices. The absolute path should be specified. S_NETPORT For port and port ranges The attribute type is SEC_CHAR S_SECFLAGS The security flags for the object. The valid values are FSF_DOM_ALL and FSF_DOM_ANY. The attribute type is SEC_INT
Value	Specifies a buffer, a pointer to a buffer, or a pointer to a pointer according to the values of the Attribute and Type parameters. See the Type parameter for more details.
Type	Specifies the type of the attribute. The following valid types are defined in the usersec.h file: SEC_INT The format of the attribute is an integer. You should supply an integer value. SEC_CHAR The format of the attribute is a null-terminated character string. You should supply a character pointer. SEC_LIST The format of the attribute is a series of concatenated strings, each of which is null-terminated. The last string in the series is terminated by two successive null characters. You should supply a character pointer. SEC_COMMIT Specifies that the changes to the named objects that are to be committed to the permanent storage. The values of the Attribute and Value parameters are ignored. If no object is specified, the changes to all modified objects are committed to the permanent storage. SEC_DELETE If the Attribute parameter is specified, the corresponding attribute is deleted from the object database. If no Attribute parameter is specified, the entire object definition is deleted from the domain-assigned object database. SEC_NEW Creates a new object in the domain-assigned object database.

Security

Files Accessed:

Item	Description
File	Mode
`/etc/security/domobjs`	`rw`

Return Values

If successful, the putobjattr subroutine returns zero. Otherwise, a value of -1 is returned and the errno global value is set to indicate the error.

Error Codes

If the putobjattr subroutine fails, one of the following errno values is set:

Item	Description
EINVAL	The Obj parameter is NULL and the Type parameter is not SEC_COMMIT. The Obj parameter is default or ALL The Attribute parameter is NULL and the Type parameter is not SEC_NEW, SEC_DELETE or SEC_COMMIT. The Attribute parameter does not contain one of the defined attributes. The Type parameter does not contain one of the defined values. The Value parameter does not point to a valid buffer or to valid data for this type of attribute.
ENOENT	The object specified by the Obj parameter does not exist.
ENOMEM	Memory cannot be allocated.
EPERM	The operation is not permitted.