procmgr_set_type_id()

Updated: April 19, 2023

Allows a function to change its own type identifier

Synopsis:

#include <sys/procmgr.h>

int procmgr_set_type_id(uint32_t typeid);

Arguments:

typeid
The type identifier to switch the process to.

Library:

libc

Use the -l c option to qcc to link against this library. This library is usually included automatically.

Description:

This function is deprecated. Instead, use secpol_transition_type() (see “The libsecpol API” in the System Security Guide).

The privileges a server process requires are frequently different immediately upon start up and following its initialization, and type changing can provide security benefits.

The procmgr_set_type_id() function allows a process to change its own type identifier. When successful, a call to this function yields a change to the security context of the process, including its procmgr abilities and the paths the process may attach channels to.

Note: The procmgr abilities are entirely determined by the security policy and are unaffected by the abilities the process had prior to the call (even if you set the type identifier to the one that the process already had).

A process is only able to successfully make the call if a security policy has been loaded and if the process currently possesses the procmgr ability PROCMGR_AID_SETTYPEID with a range that covers the new type identifer. Even a call with a current type identifier (before the change occurs) requires that the process has the necessary ability.

Returns:

0
Success.
-1
Failure (errno is set).

Errors:

EINTR
The call was interrupted by a signal.
ENOTSUP
No security policy has been loaded. (You can't use this function unless a security policy is loaded.)
EPERM
The process lacks the PROCMGR_AID_SETTYPEID ability or does not have a subrange that includes typeid.
ESECTYPEINVAL
The type identifier either does not exist or has no abilities associated with it. A type must be the source type in at least one allow, allow_attach or allow_link rule for a process to have its type identifier set to it. (These rules are defined in the security policy).

Classification:

QNX Neutrino

Safety:  
Cancellation point No
Interrupt handler No
Signal handler No
Thread Yes