Programming Interfaces

The programming interfaces and code examples to check system security configuration and security attribute information are provided here. Descriptions of the data handled by these calls are in the appropriate chapter. For example, Chapter 4, Labels covers labels and Chapter 3, Privileges covers privileges.

In cases where there is one set of interfaces to access a file using the pathname and another to access a file by the file descriptor, the examples that follow show the pathname only because the syntax is nearly identical.

All examples in this section compile with the -ltsol library.

System Security Configuration

This system call gets information on the system security configuration. Refer to the secconf(2) man page.

long secconf(int name);

File System Security Attributes

These system calls get information on file system security attributes using a path name or file descriptor. Refer to the getfsattr(2) man page.

int getfsattr(char *path, u_long type,
	void *buf_P, int len);
int fgetfsattr(int fd, u_long type, void *buf_P);

File System Security Attribute Flags

These system calls get information on file system security attribute flags using a path name or file descriptor. Refer to the getfattrflag(2) man page.

int fgetfattrflag(const char *path, secflgs_t *flags);
int setfattrflag(const char *path, secflgs_t which,
	secflgs_t flags);
int fsetfattrflag(int fildes, secflgs_t *flags);
int getfattrflag(int fildes, secflgs_t *flags);
int mldgetfattrflag(const char *path, secflgs_t *flags)
int mldsetfattrflag(const char * path, secflgs_t which,
	secflgs_t flags)

Process Security Attribute Flags

These system calls get and set process security attribute flags. Refer to the getpattr(2) man page.

int getpattr(pattr_type_t type, pattr_flag_t *value);
int setpattr(pattr_type_t type, pattr_flag_t value);