Programming Interfaces for File Sets

The privilege macros and system calls described in this section get and set file privilege sets. The program below has the header files and variable declarations for the entire series of examples for this chapter. It also contains code to set and get the file privilege sets for execfile, which will be exec'd later to show what happens to process sets during an exec.

The setfpriv(1) system call sets the forced and allowed privilege sets on execfile and requires the file_setpriv privilege. The file_setpriv privilege is in the forced set for executable to make it available in the permitted set during execution. By default, the effective set equals the permitted set, and all effective privileges are on until explicitly turned off in preparation for privilege bracketing. The use of file_setpriv in this code does not follow security guidelines until privilege bracketing is put into effect as described in "Bracketing Effective Privileges".

/* cc priv.c -o executable -ltsol */

#include <tsol/priv.h>
#include <sys/types.h>
#include <errno.h>
#include <stdio.h>

/* Global Variables*/
extern int errno;
char buffer [3*1024];

main()
{
	char *priv_names = "file_mac_write,proc_setid";
	char *string;
	char *privilege;
	char *file = "/export/home/zelda/executable";
	char *execfile = "/export/home/zelda/execfile";
	priv_set_t priv_set, priv_get, permitted_privs, saved_privs;
	int length = sizeof(buffer);
	int retval;
	pid_t pid;

/* To use with exec() later */
	char *argv[8] = {"execfile"};

/* Initialize privilege set data structures */

	PRIV_EMPTY(&priv_get);
	PRIV_EMPTY(&priv_set);

/* Turn allowed privileges off. See text for discussion. */

	retval = setfpriv(execfile, PRIV_SET, PRIV_ALLOWED, &priv_get);

/* Assert the privileges in priv_names in a privilege set */
/* structure and assign to execfile. See text below for discussion */
/* on methods for asserting privileges */

	if((string = str_to_priv_set(priv_names, &priv_set, ",")) != NULL)
	printf("string = %s errno = %d\n", string, errno);
	retval = setfpriv(execfile,PRIV_ON, PRIV_ALLOWED, &priv_set);

/* Check that the allowed privilege set contains the privileges */

	retval = getfpriv(execfile, PRIV_ALLOWED, &priv_get);
	priv_set_to_str(&priv_get, ',', buffer, &length);
	printf("execfile Allowed = %s\n", buffer);

/* Initialize privilege set data structures */

	PRIV_EMPTY(&priv_set);
	PRIV_EMPTY(&priv_get);

/* Assert file_mac_write in a privilege set structure */

	PRIV_ASSERT(&priv_set, PRIV_FILE_MAC_WRITE);

/* Set the forced privilege set on execfile */

	retval = setfpriv(execfile, PRIV_ON, PRIV_FORCED, &priv_set);

/* Check that the forced privilege set contains the privilege */

	retval = getfpriv(execfile, PRIV_FORCED, &priv_get);
	priv_set_to_str(&priv_get, `,', buffer, &length);
	printf("execfile Forced =%s\n", buffer);
}

The printf statements print the file privilege sets for execfile as follows:

execfile Allowed = file_mac_write,proc_setid
execfile Forced = file_mac_write

The output uses a comma (",") to separate the allowed privileges. The separator is specified in the calls to priv_set_to_str(3TSOL). The separator is not used when there is only one privilege in the set.