putobjattr Subroutine

Purpose

Modifies the object that is defined in the domain-assigned object database.

Library

Security Library (libc.a)

Syntax

#include <usersec.h>
int putobjattr ( Obj, Attribute, Value, Type )
char * Obj;
char *Attribute;
void * Value;
int Type;

Description

The putobjattr subroutine modifies the domain-assigned object database. New object can be added to the domain-assigned object database by calling the putobjattr subroutine with the SEC_NEW type and specifying the new object name. Deletion of an object or object attribute is done by using the SEC_DELETE type for the putobjattr subroutine.

Data that is changed by the putobjattr subroutine must be explicitly committed by calling the putobjattr subroutine with a Type parameter specifying the SEC_COMMIT type. Until all the data is committed, only the getobjattr and getobjattrs subroutines within the process return the modified data. Changes that are made to the domain database do not impact security considerations until the entire database is sent to the Kernel Security Tables by using the setkst command or until the system is rebooted.

Parameters

Table 1. Parameters
Item	Description
`Obj`	The object name. This parameter must be specified unless the Type parameter is SEC_COMMIT.
`Attribute`	Specifies the attribute to be written. The following possible attributes are defined in the usersec.h file: S_DOMAINS The list of domains to which the object belongs. The attribute type is SEC_LIST. S_CONFSETS The list of domains that are excluded from accessing the object. The attribute type is SEC_LIST. S_OBJTYPE The type of the object. Valid values are: S_NETINT For network interfaces S_FILE For file based objects. The object name should be the absolute path S_DEVICE For Devices. The absolute path should be specified. S_NETPORT For port and port ranges The attribute type is SEC_CHAR `S_SECFLAGS` The security flags for the object. The valid values are FSF_DOM_ALL and FSF_DOM_ANY. The attribute type is SEC_INT
`Value`	Specifies a buffer, a pointer to a buffer, or a pointer to a pointer according to the values of the `Attribute` and `Type` parameters. See the `Type` parameter for more details.
`Type`	Specifies the type of the attribute. The following valid types are defined in the usersec.h file: SEC_INT The format of the attribute is an integer. Supply an integer value. SEC_CHAR The format of the attribute is a null-terminated character string. Supply a character pointer. SEC_LIST The format of the attribute is a series of concatenated strings, each of which is null-terminated. The last string in the series is terminated by two successive null characters. Supply a character pointer. SEC_COMMIT Specifies that the changes to the named objects that are to be committed to the permanent storage. The values of the `Attribute` and `Value` parameters are ignored. If no object is specified, the changes to all modified objects are committed to the permanent storage. SEC_DELETE If the `Attribute` parameter is specified, the corresponding attribute is deleted from the object database. If no `Attribute` parameter is specified, the entire object definition is deleted from the domain-assigned object database. SEC_NEW Creates a new object in the domain-assigned object database.

Security

Files Accessed

Table 2. Files Accessed
Item	Description
`File`	Mode
`/etc/security/domobjs`	`rw`

Return Values

If successful, the putobjattr subroutine returns zero. Otherwise, a value of -1 is returned and the errno global value is set to indicate the error.

Error Codes

If the putobjattr subroutine fails, one of the following errno values is set:

Table 3. Error Codes
Item	Description
`EINVAL`	The `Obj` parameter is NULL and the `Type` parameter is not SEC_COMMIT. The `Obj` parameter is default or ALL The `Attribute` parameter is NULL and the `Type` parameter is not SEC_NEW, SEC_DELETE or SEC_COMMIT. The `Attribute` parameter does not contain one of the defined attributes. The `Type` parameter does not contain one of the defined values. The `Value` parameter does not point to a valid buffer or to valid data for this type of attribute.
`ENOENT`	The object that is specified by the `Obj` parameter does not exist.
`ENOMEM`	Memory cannot be allocated.
`EPERM`	The operation is not permitted.