The authorized program facility (APF) allows your installation
to identify system or user programs that can use sensitive system
functions.
APF:
- Restricts the use of sensitive system SVC routines (and sensitive
user SVC routines, if you need them) to APF-authorized programs
- Allows the system to fetch all modules in an authorized job step
task only from authorized libraries, to prevent programs from counterfeiting
a module in the module flow of an authorized job step task.
To authorize a program, the installation must first assign the
authorization code to the first load module of the program. APF prevents
authorized programs from accessing any load module that is not in
an authorized library. When the system attaches the first load module
of a program, the system considers the program
APF-authorized if
the module meets
both of the following criteria:
- The module is contained in an authorized library or resides in
the link pack area (pageable LPA, modified LPA, fixed LPA, or dynamic
LPA) (see APF-authorized libraries).
- The module is link-edited with authorization code AC=1 (to indicate
that you want to authorize the job step task). This code is contained
in a bit setting in the partitioned data set (PDS) directory entry
for the module. For more information about how to assign an authorization
code to a module, see Assigning APF authorization to a load module.
If the system does not consider a program
APF-authorized when
it attaches the first load module, the program cannot become authorized
for the life of the job step.
Note: This description applies
to batch jobs and started tasks, where the initiator attaches the
jobstep task and determines the APF authorization for that jobstep.
The TSO/E terminal monitor program (TMP), and UNIX System Services can also run programs with
APF authorization, as the initiator does. Other system environments
generally do not support running programs with APF authorization.
The authorization code (AC) is meaningful
only when the load module resides in an authorized library and runs
as the first module of a job step task, or when run by the TSO/E terminal
monitor program or UNIX System
Services with appropriate configuration parameters. When a program
is run with APF authorization, the system verifies that all subsequent
modules for that program are contained in authorized libraries or
the link pack area (pageable LPA, modified LPA, fixed LPA, or dynamic
LPA). If one or more of the programs are not contained in authorized
libraries or the link pack area, the system issues abend X'306'.