Data Structures and the Interface Scheme

The different data structures that are defined by the POSIX.6 mechanisms (access control lists, privilege attributes, mandatory access control labels, etc.) are opaque to the applications that use them. The application knows only what types of information are contained in the structure (knows roughly the names of the fields), and not the physical placement or ordering of the structure. Given this, there is no need to standardize on the different structures themselves - only what is contained in them.

The following scheme is used by the different mechanisms to allow applications to manipulate the information contained within the data structures:

1. read in the information from permanent storage to an allocated working storage area.
2. update the information in the working storage area.
3. write the information back to permanent storage.
4. deallocate the working storage area.

• An interface to allocate a working storage area and to read the ACL from permanent storage into the working storage area,
• An interface(s) to update the ACL entry,
• An interface to write the ACL back out to permanent storage,
• An interface to deallocate working storage.

Once again this scheme provides application developers and programmers the advantage of having to know only the types of information contained in the structures, and not the specifics of the structures themselves. This idea of not being tied to the structures, only the information, certainly allows for application portability.

Each of the following sections that describe the POSIX.6 standard are structured in the following manner:

• Functionality Overview - a brief description of the functionality and its intended use,
• Mechanism Overview - a brief description of the mechanism used to provide the functionality, and how the mechanism works,
• Interface Descriptions - a general look at the specified interfaces.