Solaris Trusted Extensions Developer's Guide

Trusted X Window System APIs

The Trusted X Window System, Version 11, server starts at login. The server handles the workstation windowing system by using a trusted interprocess communication (IPC) path. Windows, properties, selections, and ToolTalkTM sessions are created at multiple sensitivity labels as separate and distinct objects. The creation of distinct objects at multiple sensitivity labels is called polyinstantiation. Applications that are created with Motif widgets, Xt Intrinsics, Xlib, and desktop interfaces run within the constraints of the security policy. These constraints are enforced by extensions to the X11 protocols.

Chapter 6, Trusted X Window System describes the programming interfaces that can access the security attribute information described in Trusted Extensions Security Policy. These programming interfaces can also be used to translate the labels and clearances to text. The text can be constrained by a specified width and font list for display in the Trusted X Window System.

The Trusted X Window System stores the following security attributes:

Audit ID 

Trusted Path flag 

Group ID 

Trusted Path window 

Internet address 

User ID 

Process ID 

X Window Server owner ID 

Sensitivity label 

X Window Server clearance 

Session ID 

X Window Server minimum label 

The Trusted Path flag identifies a window as a Trusted Path window. The Trusted Path window protects the system from being accessed by untrusted programs. This window is always the topmost window, such as the screen stripe or login window.

Appendix B, Solaris Trusted Extensions API Reference lists the extensions that you can use to create an X11 trusted IPC path.