Updated: April 19, 2023 |
Allows a function to change its own type identifier
#include <sys/procmgr.h> int procmgr_set_type_id(uint32_t typeid);
libc
Use the -l c option to qcc to link against this library. This library is usually included automatically.
This function is deprecated. Instead, use secpol_transition_type() (see The libsecpol API in the System Security Guide).
The privileges a server process requires are frequently different immediately upon start up and following its initialization, and type changing can provide security benefits.
The procmgr_set_type_id() function allows a process to change its own type identifier. When successful, a call to this function yields a change to the security context of the process, including its procmgr abilities and the paths the process may attach channels to.
A process is only able to successfully make the call if a security policy has been loaded and if the process currently possesses the procmgr ability PROCMGR_AID_SETTYPEID with a range that covers the new type identifer. Even a call with a current type identifier (before the change occurs) requires that the process has the necessary ability.
Safety: | |
---|---|
Cancellation point | No |
Interrupt handler | No |
Signal handler | No |
Thread | Yes |