procmgr_set_type_id()
Allows a function to change its own type identifier
Synopsis:
#include <sys/procmgr.h>
int procmgr_set_type_id(uint32_t typeid);
Arguments:
- typeid
- The type identifier to switch the process to.
Library:
libc
Use the -l c option to qcc to link against this library. This library is usually included automatically.
Description:
This function is deprecated.
Instead, use
secpol_transition_type() (see The libsecpol API
in the System Security
Guide).
The privileges a server process requires are frequently different immediately upon start up and following its initialization, and type changing can provide security benefits.
The procmgr_set_type_id() function allows a process to change its own type identifier. When successful, a call to this function yields a change to the security context of the process, including its procmgr abilities and the paths the process may attach channels to.
A process is only able to successfully make the call if a security policy has been loaded and if the process currently possesses the procmgr ability PROCMGR_AID_SETTYPEID with a range that covers the new type identifer. Even a call with a current type identifier (before the change occurs) requires that the process has the necessary ability.
Returns:
- 0
- Success.
- -1
- Failure (errno is set).
Errors:
- EINTR
- The call was interrupted by a signal.
- ENOTSUP
- No security policy has been loaded. (You can't use this function unless a security policy is loaded.)
- EPERM
- The process lacks the PROCMGR_AID_SETTYPEID ability or does not have a subrange that includes typeid.
- ESECTYPEINVAL
- The type identifier either does not exist or has no abilities associated with it. A type must be the source type in at least one allow, allow_attach or allow_link rule for a process to have its type identifier set to it. (These rules are defined in the security policy).
Classification:
Safety: | |
---|---|
Cancellation point | No |
Signal handler | No |
Thread | Yes |