.H 1 "Terms" FD: file descriptor. A name for a file system object. A private matter between a client and a file system service provider, a FD has no meaning outside this particular context. FSO: file system object. An instance of any of the file system objects defined in P1003.1. FSOID: file system object identifier. The true name of a file system object which the file system service provider uses for access to the object. Subject: An active entity. In this context, either a client or a service provider. .H 1 "Services" Services are described in terms of what information they require from the client, what other services they require, and what state changes are made to the state of the service provider. .H 2 "Reference Monitor" The reference monitor ( Does this make ITSEC people uncomfortable? It's really handy in this description. ) maintains access control policy. The reference monitor does not actually change access control information, it only provides information about the policy. The policies enforced include, but are not necessarily limited to, discretionary access control ( DAC ), mandatory access control ( MAC ), and privilege. .H 3 "HasFSOAccess" The HasFSOAccess sponsor requires the SubjectAttr of a subject, the FSOAttr of a FSO, and the type of access desired. It returns a boolean result to the client, indicating whether or not the specified subject has the desired access to the specified FSO. .H 3 "HasSubjectAccess" The HasSubjectAccess sponsor requires the SubjectAttr of a subject subject, the SubjectAttr of an object subject, and the type of access desired. It returns a boolean result to the client, indicating whether or not the subject subject has the desired access to the object subject. .H 2 "Time Service" The time service maintains two resources, the system clock ( SystemClock ) and a time driven event queue ( TimeEventQueue ). The system clock contains the current time, which is updated is some implementation defined manner. The time driven event queue is checked regularly for events which are to be initiated for specific values of the system clock. The only event which may be requested is that described in the discussion of the .I alarm request. .H 3 "GetTime" The GetTime sponsor requires no information from the client. It returns the current value of SystemClock. .H 3 "DoAtTime" The DoAtTime sponsor requires the PID of the client and the action requested. ( As of this writing, the .I alarm request is the only request allowed. ) The request is added to TimeEventQueue. .H 2 "Process Management Service" The process management service maintains the resources associated with subjects. There is a subject attribute entry ( SubjectAttr ) for each subject which contains a list of open FDs, a list of pending signals, the run state of the subject, the real and effective user IDs, the real and effective group IDs, the group access list, the session ID, and any other information used to make access control decisions reguarding this subject. There is also a subject data entry ( SubjectData ) for each subject which describes and includes the address space of the subject. The run queue ( RunQueue ) contains a list of all subjects. Subjects are scheduled for execution based on their run states. .H 3 "CreateSubject" The CreateSubject sponsor requires no information from the client. It creates a SubjectAttr and SubjectData for the new subject. It adds the subject, in an unrunnable state, to RunQueue. The PID of the new subject is returned to the client. .H 3 "DeleteSubject" The DeleteSubject sponsor requires the PID of the subject to be deleted and the PID of the client. ( Is there any real possibility these will be different? ) It uses HasSubjectAccess to verify the client has the required access to the subject to be deleted. It removes the specified subject from RunQueue. It destroys the SubjectAttr and SubjectData of the specified subject. .H 3 "GetSubjectAttr" The GetSubjectAttr sponsor requires the PID of the client and the PID of the subject about which information is requested. It uses HasSubjectAccess to verify the client has the required access to the object subject. It reads the requested information from the appropriate SubjectAttr and returns it to the client. .H 3 "SetSubjectAttr" The SetSubjectAttr sponsor requires the PID of the client and the PID of the subject to be modified. It uses HasSubjectAccess to verify the client has the required access to the object subject. It sets the requested information in the appropriate SubjectAttr. .\".H 2 "Interprocess Communication Service" .\" .\".H 3 "SendSignal" .\" .H 2 "File System Service" The file system service maintains the resources associated with FSOs. There is a file system object attribute ( FSOAttr ) entry for each FSO which contains its object type, owning user ID, owning group ID, file permission bits, size, access times, and any other access control information. There is a file system object data ( FSOData ) entry for each FSO which contains the contents of the FSO. The file system object ID ( FSOID ) is the name by which the object is known within the file system service. There is a one-to-one mapping of FSOIDs to FSOs. The mapping of FDs and paths to FSOs need not be one-to-one. .H 3 "MapPathToFSOID" The MapPathToFSOID sponsor requires the PID of the client and a path. It uses GetFSOAttrs and HasFSOAccess to verify that the client has access to each component of the requested path. It returns the FSOID of the object named by path to the client. .H 3 "MapFDToFSOID" The MapFDToFSOID sponsor requires the PID of the client and a FD. It uses GetSubjectAttr to obtain the FSOID from the PID. It returns the FSOID of the object named by FD to the client. .H 3 "AttachFD" The AttachFD sponsor requires the PID of the client and an FSOID. It uses GetSubjectAttr to determine an appropriate value for the new FD. It uses SetSubjectAttr to add the FD and its mapping to the SubjectAttr. It uses SetFSOAttr to update the FSOs open file count. .H 3 "DetachFD" The DetachFD sponsor requires the PID of the client and an FD. It uses GetSubjectAttr to determine the FSOID associated with the FD. It uses SetSubjectAttr to remove the FD and its mapping from the SubjectAttr. It uses SetFSOAttr to update the FSOs open file count. .H 3 "GetFSOAttrs" The GetFSOAttrs sponsor requires the PID of a subject and an FSOID. It uses HasFSOAccess to verify that the subject is allowed to read the FSOs attributes. It returns the requested information from the FSOAttr to the client. .H 3 "SetFSOAttrs" The SetFSOAttrs sponsor requires the PID of a subject and an FSOID. It uses HasFSOAccess to verify that the subject is allowed to write the FSOs attributes. It changes the requested information in the FSOAttr. .H 3 "GetFSOData" The GetFSOData sponsor requires the PID of a subject and an FSOID. It uses HasFSOAccess to verify that the subject is allowed to read the FSOs data and the FSOs attributes. It returns the requested information from the FSOData to the client. .H 3 "SetFSOData" The SetFSOData sponsor requires the PID of a subject and an FSOID. It uses HasFSOAccess to verify that the subject is allowed to write the FSOs data and the FSOs attributes. It changes the requested information in the FSOData and updates the attributes. .H 3 "CreateFSO" The CreateFSO sponsor requires the PID of a subject and the FSOID of a directory which will contain new the FSO. It uses HasFSOAccess to verify that the subject is allowed to write the directory's data and attributes. It returns the FSOID of the new object. .H 3 "DeleteFSO" The DeleteFSO sponsor requires the FSOID to be deleted. It checks the link and open file count attributes of the FSO and removes the FSOAttr and FSOData entries for the FSO if there and neither paths ( link count is zero ) nor FDs ( open file count is zero ) which specify the FSO. .H 1 "POSIX Interfaces" .H 2 "access" Uses MapPathToFSOID to obtain a FSOID from the passed pathname. Uses GetFSOAttrs to obtain the security attributes of the FSO. Uses GetSubjectAttr to obtain the calling subject's group IDs. .H 2 "alarm" Uses GetSubjectAttr to obtain the calling subject's process ID. Uses DoAtTime to schedule a use of SetSubjectAttr to deliver a signal. .H 2 "chdir" Uses MapPathToFSOID to obtain a FSOID from the passed pathname. Uses SetSubjectAttr to set the working directory attribute to correspond to the FSOID thus obtained. .H 2 "chmod" Uses MapPathToFSOID to obtain a FSOID from the passed pathname. Uses SetFSOAttrs to change the file permission bits of the FSO. .H 2 "chown" Uses MapPathToFSOID to obtain a FSOID from the passed pathname. Uses SetFSOAttrs to change the ownership information of the FSO. .H 2 "close" Uses MapFDToFSOID to obtain a FSOID from the FD. Uses DetachFD to disassociate the object from the subject. Uses GetFSOAttrs to obtain the link count of the object. Uses DeleteFSO if the link count and open file count of the FSO are zero. .H 2 "creat" .H 3 "File Exists" Uses MapPathToFSOID to obtain a FSOID for the requested path. Uses SetFSOAttrs to truncate the file. .H 3 "File Does Not Exist" Uses MapPathToFSOID to obtain a FSOID for the containing directory. Uses CreateFSO to create the file. Uses SetFSOAttrs to specify the initial state of the file. Uses SetFSOData to update the containing directory. .H 3 "Common" Uses AttachFD to associate a FD with the file and the subject. .H 2 "dup" Uses MapFDToFSOID to obtain the FSOID from the existing FD. Uses AttachFD to associate a new FD with the FSO and the subject. .H 2 "exec" Uses MapPathToFSOID to obtain a FSOID for the requested path. Uses GetFSOData to read the new program text. Uses MapFDToFSOID to obtain the FSOIDs of any FD_CLOEXEC FDs. Uses DetachFD to disassociate FD_CLOEXEC FDs from the subject. Uses GetFSOAttrs to obtain the link counts of the objects. Uses DeleteFSO to delete any FSOs with link count and open file count of zero. .H 2 "exit" Uses MapFDToFSOID to obtain the FSOIDs of the FDs. Uses DetachFD to disassociate FDs from the subject. Uses GetFSOAttrs to obtain the link counts of the objects. Uses DeleteFSO to delete any FSOs with link count and open file count of zero. Uses GetSubjectAttr to obtain the parent subject ID. Uses SetSubjectAttr to deliver a signal to notify the parent subject. Uses DeleteSubject to destroy the subject. .H 2 "fcntl" Uses MapFDToFSOID to obtain the FSOID of the FD. Uses SetFSOAttrs to make the requested changes, if appropriate. Uses SetFSOData to make the requested changes, if appropriate. .H 2 "fork" Uses CreateSubject to obtain a new subject. Uses GetSubjectAttr to obtain the parent subject attributes. Uses SetSubjectAttr to associate the the new subject as a child. Uses SetSubjectAttr to set the new subject attributes. Uses AttachFD to associate FDs with their objects and the new subject. .H 2 "fstat" Uses MapFDToFSOID to obtain the FSOID of the FD. Uses GetFSOAttrs to obtain the requested data. .H 2 "getgid" Uses GetSubjectAttr to obtain the subject attribute. .H 2 "getpgrp" Uses GetSubjectAttr to obtain the subject attribute. .H 2 "getpid" Uses GetSubjectAttr to obtain the subject attribute. .H 2 "getuid" Uses GetSubjectAttr to obtain the subject attribute. .H 2 "kill" Uses SetSubjectAttr to deliver a signal to the destination subject. .H 2 "link" Uses MapPathToFSOID to obtain a FSOID for requested path. Uses MapPathToFSOID to obtain a FSOID for the containing directory. Uses SetFSOData to update the containing directory. Note: Does not use CreateFSO, as no new object is created, just a new name for an existing object. .H 2 "lseek" Uses MapFDToFSOID to obtain the FSOID of the FD. Uses GetFSOAttrs to obtain the current file pointer. Uses SetFSOAttrs to modify the current file pointer. .H 2 "mkdir" Uses MapPathToFSOID to obtain a FSOID for the containing directory. Uses CreateFSO to create the directory. Uses SetFSOAttrs to specify the initial state of the directory. Uses SetFSOData to update the containing directory. .H 2 "mkfifo" Uses MapPathToFSOID to obtain a FSOID for the containing directory. Uses CreateFSO to create the FIFO. Uses SetFSOAttrs to specify the initial state of the FIFO. Uses SetFSOData to update the containing directory. .H 2 "open" .H 3 "File Exists" Uses MapPathToFSOID to obtain a FSOID for the requested path. Uses GetFSOAttrs to obtain the state of the file. Uses SetFSOAttrs to update the state of the file. .H 3 "File Does Not Exist" Uses MapPathToFSOID to obtain a FSOID for the containing directory. Uses CreateFSO to create the file. Uses SetFSOAttrs to specify the initial state of the file. Uses SetFSOData to update the containing directory. .H 3 "Common" Uses AttachFD to associate a FD with the file and subject. .H 2 "pause" Uses SetSubjectAttr to disable execution of the subject. .H 2 "pipe" Uses CreateFSO to create the unnamed pipe. Uses AttachFD to associate the two FDs with the pipe and subject. .H 2 "read" Uses MapFDToFSOID to obtain the FSOID of the FD. Uses ReadFSOData to obtain data from the FSO. Uses SetFSOAttrs to modify the FSO attributes, as appropriate. .H 2 "rename" Uses MapPathToFSOID to obtain a FSOID for the requested paths and their containing directories. Uses WriteFSOData to update the containing directories. .H 2 "rmdir" Uses MapPathToFSOID to obtain the FSOID of the requested path. Uses DeleteFSO to destroy the directory. Uses WriteFSOData to update the containing directory. .H 2 "setgid" Uses SetSubjectAttr to assign the subject attribute. .H 2 "setpgid" Uses SetSubjectAttr to assign the subject attribute. .H 2 "setuid" Uses SetSubjectAttr to assign the subject attribute. .H 2 "stat" Uses MapPathToFSOID to obtain a FSOID from the passed pathname. Uses GetFSOAttrs to obtain the attributes of the FSO. .H 2 "time" Uses GetTime to obtain the current time. time(2) NACDAM. .H 2 "times" Uses GetSubjectAttr to obtain process accounting information. .H 2 "umask" Uses SetSubjectAttr to assign the subject attribute. .H 2 "unlink" Uses MapPathToFSOID to obtain the FSOID of the requested path. Uses WriteFSOData to update the containing directory. Uses SetFSOAttrs to decrement the link count of the FSO. Uses DeleteFSO if the link count and open file count of the FSO are zero. .H 2 "utime" Uses MapPathToFSOID to obtain the FSOID of the requested path. Uses SetFSOAttrs to update the access times of the FSO. .H 2 "wait" Uses SetSubjectAttr to disable execution of the subject. Uses GetSubjectAttr to obtain information about the terminated child. .H 2 "write" Uses MapFDToFSOID to obtain the FSOID of the FD. Uses WRiteFSOData to change data in the FSO. Uses SetFSOAttrs to modify the FSO attributes, as appropriate.