Linkage Classes
Every process and every exported library object has a linkage class. Whenever a process links to an exported library object the system compares the linkage classes of the importing process and the exporting library object. If the linkage classes are not compatible, the system prevents the object from being imported and returns a linkage error.
Library linkage classes provide a level of protection that goes beyond that provided by the SECURITYTYPE file attribute. Even if the SECURITYTYPE value is PUBLIC, the linkage class still prevents certain processes from importing objects from the library. Linkage classes control several layers of system software services. By applying linkage classes, less privileged applications and system software processes are prevented from linking to more privileged system library processes.
Trusted Libraries
A system library process can have a trusted status. This status allows the library to export library objects with a linkage class different from its own linkage class. Typically, this differing linkage class is less privileged and incompatible with its own linkage class. Only trusted library processes can export library objects into an incompatible linkage class, thus enabling them to offer their services to processes in otherwise incompatible linkage classes.
Determining the Importing Linkage Class
The system determines an importing linkage class for a program when the program is first initiated. The importing linkage class remains the same until the program terminates.
The system uses the following factors to determine the importing linkage class of a process:
-
LINKCLASS support library attribute
This attribute affects only library programs that are initiated by function. If an existing library instance is linked to by function, and the linkage class of the library instance is less privileged than the LINKCLASS of the function name, then the system displays the warning message “LIBRARY INITIATED IN INCOMPATIBLE LINKAGE CLASS.”
-
MCS status, tasking status, privileged program status, and compiler status
For information about how a process receives these types of security status, refer to Establishing Process Identity and Privileges.
-
Multiple linkage classes
If a process qualifies for two or more different linkage classes, the system grants the linkage class that affords the greatest privileges, except for compilers which only have compiler linkage class even if marked Tasking or PU. A process can inquire on its own importing linkage class through field [19:04] in the LIBRARYSTATE task attribute.
Determining the Trusted Status
The system determines the trusted status for each library program on the system when the program is first initiated. The trusted status remains the same until the program terminates.
The system uses the following factors to determine the trusted status of a library process:
-
The TRUSTED support library attribute. This attribute affects only library programs that are initiated by function.
-
MCS status, tasking status, privileged program status, or compiler status. These types of security status give trusted status to a process. Refer to Establishing Process Identity and Privileges for more information about how a process receives these types of security status.
A process can inquire on its own trusted status through field [26:01] in the LIBRARYSTATE task attribute.
Determining the Exporting Linkage Class
The system determines an exporting linkage class for an exported library object of a program when the program makes the library objects available for linkage. The exporting linkage class remains the same until the library object is no longer available. The system uses the following factors to determine the exporting linkage class of an exported library object:
-
The trusted status of the library process. If a library process does not have trusted status, the system treats all the library objects as having the same linkage class as the importing linkage class of the library process.
-
The LINKCLASS export list modifier. In ALGOL and NEWP libraries you can use the export list to specify the linkage class for each library object. If the export list does not specify a linkage class for a particular object, the object defaults to zero.
-
The importing linkage class of a program. As a performance optimization, if a process has an importing linkage class of zero, the process is implicitly trusted, since there is no security breach possible.
Programs That Contain Multiple Libraries
The linkage class value evaluations apply to all libraries in that program. For example, suppose a program is a server library program that also contains two connection libraries and a client library. Then,
-
If the program has no trusted status, all exported objects in these libraries receive the importing linkage class of the program.
-
If the program does have trusted status, all exported objects in the libraries have the same default linkage class value of zero, which can be overridden for individual exported library objects.
If a separate function name is associated with each library in the program, then you could assign a different LINKCLASS value to each function name. However, the only LINKCLASS value that has effect is the one used at initiation time. Therefore, the actual linkage class for the program will depend on which library is linked to first.
Descriptions of the Linkage Classes
Linkage Classes lists the linkage classes and indicates which linkage classes are compatible.
Table 20. Linkage Classes
|
Importing Linkage Class |
Type of Process |
Exporting Linkage Class |
|---|---|---|
|
0 |
Default |
0 |
|
1 |
The following processes belong to this class:
|
Any |
|
2 |
The following processes belong to this class:
|
0, 2, 3, 4 |
|
3 |
This class consists of libraries initiated BYFUNCTION, using a function name that has LINKCLASS = 3 |
0, 3, 4 |
|
4 |
The following processes belong to this class:
|
0, 4 |
|
5 |
The following processes belong to this class:
|
0, 5 |
|
6-7 |
Reserved for use by system software. |
|
|
8-15 |
Free for site-dependent definition and use. |
Any other site-defined linkage class of equal or lesser value |
Linkage Class Errors
A process might be able to link to a library even if that library is of an incompatible linkage class. The system evaluates the linkage classes only when the importing process attempts to use an import object. At this point, if the linkage classes are incompatible, the system discontinues the importing process and displays the following error message:
OBJECT <name> LINKAGE CLASS VIOLATION IN LIBRARY <name>
The importing process could avoid this error by checking the ISVALID function before using the import object. Refer to Matching Client and Server Library Objects and Matching Connection Library Objects earlier in this section.
For implicit linkages, the above error can occur at linkage time rather than later. This is possible because implicit linkages result when a process uses an import object from a library that is not yet linked. If this import is of a linkage class that is incompatible with the matching export object, then linkage fails.
System Libraries
Libraries with a linkage class other than 0 are referred to as system libraries. Much of the system software is provided in the form of system libraries. Examples of system libraries are GENERALSUPPORT, which provides intrinsic functions; MARCSUPPORT, which provides Menu-Assisted Resource Control (MARC); and DSSSUPPORT, which supports distributed system services (DSSs).
