The priv_attr_trig_query( ) call is used by the privilege service to retrieve trigger attributes and add them to a principal's EPAC. The privilege service executes this call when it receives a request to add a principal and its extended attribute instances to an EPAC and the attributes are associated with a trigger server. The call passes an array of sec_attr_t values to the attribute trigger and receives the attribute values back from the trigger server in another array of sec_attr_t values. If the principal is being added to a delegation chain, the call also passes the UUIDs of all of the current members of the delegation chain to the trigger server. The trigger server can then evaluate all identities to determine access rights to the requested attributes.
Like the sec_rgy_attr_trig_query( ) and sec_rgy_attr_trig_update( ) calls, you will not call priv_attr_trig_query( ) directly. However, if you are implementing a trigger server, it will receive input from these call and the attribute trigger's output should be passed back to the call. The data received must be in a form accessible to the call.