dg_access(2) DG/UX B2 Security R4.12MU02 dg_access(2)
NAME
dgaccess - check the access rights of a subject to an object.
SYNOPSIS
#include <sys/types.h>
#include <sys/dgtparms.h>
#include <sys/dgaccess.h>
int dg_access(pid, targ_type, targ, intent, attr_p)
pid_t pid;
int targ_type;
void *targ;
dg_access_type intent;
dg_attr_descriptor_type *attr_p;
where:
pid The process ID of a process on whose behalf an access
check is to be made. The attributes of this process will
be used to evaluate access to the object targ. As a
special case, when pid is 0 the calling process is
assumed.
targtype A token that identifies the type of object identified by
targ. The available tokens are defined in
sys/dgtparms.h, as follows:
TFILE The object is a file identified by a pathname
pointed to by targ.
TFIFO The object is a fifo or pipe. This class of
object is different from files in that reads
are destructive (the size of the object is
reduced by the number of bytes read.) Note
that a TFILE or TFD type that references a
fifo or pipe (named via fattach) will be
treated as a TFIFO type.
TFD The object is a file, pipe, or socket
identified by a file descriptor pointed to by
targ.
TPROC The object is a process identified by a process
ID pointed to by targ. By convention, process
ID 0 refers to the calling process.
TMSG The object is a message queue identified by a
message queue ID pointed to by targ.
TSHM The object is a shared memory region identified
by a shared memory ID pointed to by targ.
TSEM The object is a semaphore identified by a
semaphore ID pointed to by targ.
TSYMLINK The object is a symbolic link identified by a
pathname. The access check will be made on the
file named by the pathname pointed to by targ
and not the target of the symbolic link.
targ The address of the identifier of the object to which
access is to be checked. The value of targtype
determines the type of entity that targ points to, as
described above.
intent The type of access check being requested. This parameter
is any combination (logical OR) of one or more of the
following values defined in sys/dgaccess.h:
DGACEXIST Check whether the object exists and is
visible to the process, pid.
DGACREAD Check for read access to the data contained
in the object.
DGACWRITE Check for write access to the data contained
in the object.
DGACEXECUTE
Check for execute access. This request is
valid only when the object is a regular file
and is therefore mutually exclusive with
DGACSEARCH.
DGACSEARCH
Check for search access. This request is
valid only when the object is a directory
file and is therefore mutually exclusive with
DGACEXECUTE.
DGACATTRSET
Check for write access to the object's
attributes. This option determines whether
the process, pid, can access the object to
change an attribute of the object. The type
and value of the attribute are given in *
attrp. Note that in cases where the right
to change a particular attribute allows any
value of that attribute to be set, only the
type is needed in attrp, and the attribute
pointer must be set to NULL. Access to data
contained in an object is determined by
different access checks than is used to
determine access to the attributes of the
object. Therefore this check may produce
different results than DGACWRITE, even when
performed for the same object and subject.
DGACATTRGET
Check for read access to the object's
attributes. Since the access checks for
reading the object's data are different than
for reading attributes, this test may produce
different results than DGACREAD, even when
performed for the same object and subject.
The access types DGACEXECUTE and DGACSEARCH are
mutually exclusive.
attrp A pointer to a structure that identifies the type and,
optionally, the value of the attribute referred to when
DGACATTRSET or DGACATTRGET is enabled in intent.
This call will fail when either DGACATTRSET or
DGACATTRGET is enabled in intent and a type isn't given
or is invalid. The attribute types are defined in
sys/dgaccess.h.
DESCRIPTION
The dgaccess system call invokes the Reference Monitor to determine
whether a process, pid, has the access rights to the object targ; as
specified by the intent parameter.
For the DGACATTRSET queries that specify attributes for which
appropriate privilege is required, the privilege check will be made
in addition to the access check performed by the reference monitor.
ACCESS CONTROL
When MAC is configured, the calling process must have MAC read access
to the process identified by pid and to the object * targ; or the
caller must have appropriate privilege.
For systems supporting the DG/UX Capability Option, appropriate
privilege is defined as having one or more specific capabilities
enabled in the effective capability set of the calling process. See
capdefaults(5) for the default capability for this system call. On
systems without the DG/UX Capability Option, appropriate privilege
means that the process has an effective UID of 0.
RETURN VALUE
1 The call completed successfully, but only because the caller
has appropriate privilege.
0 The call completed successfully and the caller did not need,
or use, privilege.
-1 An error occurred. errno is set to indicate the error.
ERRORS
errno may be set to one of the following error codes:
EACCES The caller does not have read access to the process pid
and/or the object, * objp.
EACCES The process, pid, does not have an access right
specified in intent to target object.
ESRCH The target type is TPROC and the process does not
exist or the caller does not have MAC read access to
the object.
EPERM The process, pid, does not have appropriate privilege
to set the specified attribute.
ENOENT The object does not exist or the caller does not have
MAC read access to the object.
ENAMETOOLONG targtype is TFILE and a component of the pathname
pointed at by targ exceeds the length limit for file
names, or the total filename is too long.
EFAULT The parameter targ points to an area of memory not
accessible to the calling process.
ENOMEM The operating system was unable to allocate sufficient
internal memory to process the system call.
EINVAL One or more parameter(s) is/are set to an invalid
value, or DGACATTRSET or DGACATTRGET is enabled
in intent and attrp is NULL or does not contain a
valid attribute type.
SEE ALSO
dgrefmon(2), access(2), and capdefaults(5).
Licensed material--property of copyright holder(s)