NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | RETURN VALUES | ERRORS | WARNINGS | SEE ALSO
#include <tsol/label.h>int getsldname(char *path_name, bslabel_t *slabel_p, char *name_buf, const int length);
getsldname() returns the SLD name associated with the sensitivity label to which slabel_p refers within the context of the file system on which path_name resides. path_name is the path name of any multilevel directory within the mounted filesystem. name_buf is a pointer to a buffer of at least SLD_NAME_MAX bytes.
fgetsldname() returns the SLD name associated with the sensitivity label to which slabel_p refers if the MLD to which descriptor fd refers was opened by the directory name (not by the fully adorned, multilevel directory name.) If the MLD to which descriptor fd refers was opened using the fully adorned, multilevel directory name, fgetsldname() returns the MLD and the SLD name associated with the sensitivity label to which slabel_p refers.
If it does not exist, the single-level directory that corresponds to slabel_p is created with the attributes of the parent multilevel directory, the specified sensitivity label, and an ADMIN_LOW
information label. If the sensitivity
label of the calling process is equal to slabel_p, no additional privileges are needed. If the sensitivity label of the calling process is strictly dominated by slabel_p, the calling process may assert the PRIV_FILE_UPGRADE_SL
privilege to create the directory. Otherwise, the calling process may assert the PRIV_FILE_DOWNGRADE_SL
privilege to create the directory.
See for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWtsu |
getsldname() and fgetsldname() return:
On success.
On failure and set errno to indicate the error.
getsldname() fails if any of these conditions is true:
Search permission is denied for a component of the path prefix of path_name. To override this restriction, the calling process may assert one or both of these privileges: PRIV_FILE_DAC_SEARCH
and PRIV_FILE_MAC_SEARCH
.
The single-level directory specified does not exist, the system is configured to require write access to create a single-level directory, and the calling process does not have discretionary write access to path_name. To override this restriction, the calling process may assert
the PRIV_FILE_DAC_WRITE
privilege.
name_buf, path_name, or slabel_p points to an invalid address.
An I/O error occurred while reading from or writing to the file system
Too many symbolic links were encountered in translating path_name.
The length of the path argument exceeds PATH_MAX.
A pathname component is longer than NAME_MAX [see sysconf(3C)] while _POSIX_NO_TRUNC is in effect. [See pathconf(2).]
The file to which path_name refers does not exist.
A component of the path prefix of path_name is not a directory.
The SLD that corresponds to slabel_p does not exist and one of these conditions is true: the sensitivity label of the calling process is strictly dominated by slabel_p
and the calling process has not asserted the PRIV_FILE_DOWNGRADE
privilege; the sensitivity label of the calling process is not dominated by slabel_p and the calling process has not asserted the PRIV_FILE_DOWNGRADE_SL
privilege.
fgetsldname() fails if any of these conditions is true:
fd is not a valid open file descriptor.
name_buf or slabel_p points to an invalid address.
fd does not refer to a multilevel directory.
An I/O error occurred while reading from the file system.
The SLD that corresponds to slabel_p does not exist and one of these conditions is true: the sensitivity label of the calling process is strictly dominated by slabel_p
and the calling process has not asserted the PRIV_FILE_UPGRADE_SL
privilege; the sensitivity label of the calling process is not dominated by slabel_p and the calling process has not asserted the PRIV_FILE_DOWNGRADE_SL
privilege.
If the file system that contains path_name or the object referred to by fd does not support MLDs, no error is returned and the first SLD_NAME_MAX bytes in the name_buf are cleared.
NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | RETURN VALUES | ERRORS | WARNINGS | SEE ALSO