To use the programming interfaces described in this chapter, you need the following header file.
#include <tsol/priv.h>
The examples in this chapter compile with the following library:
-ltsol |
One privilege is represented by the priv_t type definition. You initialize a variable of type priv_t with a privilege ID that can be either the constant name or numeric ID. The constant name is preferred because it makes your code easier to read.
priv_t priv_id = PRIV_FILE_DAC_WRITE;
Privilege sets are represented by the priv_set_t data structure. You initialize variables of type priv_set_t with the str_to_priv_set(3TSOL) routine or the PRIV_ASSERT macro depending on whether you want to assert one privilege at a time using its privilege ID (PRIV_ASSERT) or convert a string of one or more privileges into a privilege set using a single interface (str_to_priv_set).
The type of file privilege set to be worked on is represented by the priv_ftype_t type definition. Values are PRIV_ALLOWED and PRIV_FORCED.
The type of process privilege set to be worked on is represented by the priv_ptype_t type definition. Values are PRIV_EFFECTIVE, PRIV_INHERITABLE, PRIV_PERMITTED, and PRIV_SAVED.
The type of operation performed on a file or process privilege set is represented by the priv_op_t type definition. Not all operations are valid for every type of privilege set. Read the privilege set descriptions in "Privilege Sets" for details.
Values are the following:
PRIV_ON - Turn the privileges asserted in the priv_set_t structure on in the specified file or process privilege set.
PRIV_OFF - Turn the privileges asserted in the priv_set_t structure off in the specified file or process privilege set.
PRIV_SET - Set the privileges in the specified file or process privilege set to the privileges asserted in the priv_set_t structure. If the structure is initialized to empty, PRIV_SET clears (sets to none) the privilege set.