dg_getorange(2) DG/UX B2 Security R4.12MU02 dg_getorange(2)
NAME
dggetorange - get the mandatory access control (MAC) range of an
object
SYNOPSIS
#include <sys/types.h>
#include <sys/dgtparms.h>
#include <sys/mac.h>
int dggetorange(targtype, targ, range, rangesize, textrange,
textrangesize)
int targtype;
const void *targ;
macrangestructt *range;
int *rangesize;
char *textrange;
int *textrangesize;
where:
targtype A token that identifies the type of object whose MAC
range is fetched. The available tokens are defined in
sys/dgtparms.h as follows:
TPROC The object is an existing process on the
system.
TFILE The object is a file identified by a
pathname.
TFD The object is a file, socket or pipe
identified by a descriptor.
TMSG The object is a message queue identified by
a message queue identifier.
TSHM The object is a shared memory segment
identified by a shared memory segment
identifier.
TSEM The object is a semaphore identified by a
semaphore set identifier.
targ The address of the identifier of the object whose MAC
range is to be fetched. The value of targtype
determines the type of entity that targ points to as
follows:
TPROC targ points to a process id (type pidt).
TFILE targ points to a pathname string.
TFD targ points to a file, socket or pipe
descriptor.
TMSG targ points to a message queue identifier.
TSHM targ points to shared memory segment
identifier.
TSEM targ points to a semaphore set identifier.
range The address of a macrangestructt structure into
which dggetorange copies the object's MAC range.
rangesize Pointer to an integer containing the size in bytes of
the MAC range structure pointed to by range.
textrange Currently unused. This should be a NULL pointer.
textrangesize Currently unused. This should be a NULL pointer.
DESCRIPTION
This interface is obsolete, but is retained for compatibility
purposes. New applications should use dggettuple instead. If the
object identified by targtype and targ has a MAC range, it is copied
to the macrangestructt structure pointed to by range. If the
object has a MAC range tuple, one of the ranges from that tuple is
returned if that range is non-empty. The user region MAC range is
returned if it is non-empty. If it is empty, then administrative
region MAC range is returned; otherwise the virus-prevention region
MAC range is returned if it is non-empty. If all three ranges are
empty, this call will fail.
ACCESS CONTROL
To get the MAC range of an object, a process must have MAC read
access to the object. When the object is a file name the process
must also have MAC read access to the file's parent directory, and
have search access to the file's parent directory path.
RETURN VALUE
0 Successful completion.
-1 An error occurred. errno is set to indicate the error.
ERRORS
Errno may be set to one of the following error codes:
EACCES The caller does not have the required access rights to
the object.
ENOENT The object does not exist.
ENAMETOOLONG A component of the pathname pointed at by targ exceeds
the length limit for filenames.
EFAULT The range parameter specified an area of memory not
accessible to the calling process.
ENOMEM The operating system was unable to allocate sufficient
internal memory to process the system call.
EINVAL Invalid parameter passed.
EOPNOTSUPP This operation is not supported for the targtype or
object passed.
ENOSYS MAC is not configured on the system.
EDGNOATTR The object has no explicit MAC range.
E2BIG The supplied buffer is too small. The required size is
stored in rangesize.
SEE ALSO
getrange(1), setrange(1M), dggetomac(2), dgsetomac(2),
dgsetorange(2), dgsettmpomac(2), dggettuple(2), dgsettuple(2),
capdefaults(5), macdefs(5).
Licensed material--property of copyright holder(s)