The Solaris Trusted Extensions Developer's Guide describes how to use the application programming interfaces (APIs) to write new trusted applications for systems that are configured with the SolarisTM Trusted Extensions software. Readers must be familiar with UNIX® programming and understand security policy concepts.
This Solaris release supports systems that use the SPARC® and x86 families of processor architectures: UltraSPARC®, SPARC64, AMD64, Pentium, and Xeon EM64T. The supported systems appear in the Solaris OS: Hardware Compatibility Lists at http://www.sun.com/bigadmin/hcl. This document cites any implementation differences between the platform types.
In this document these x86 related terms mean the following:
“x86” refers to the larger family of 64-bit and 32-bit x86 compatible products.
“x64” points out specific 64-bit information about AMD64 or EM64T systems.
“32-bit x86” points out specific 32-bit information about x86 based systems.
For supported systems, see the Solaris OS: Hardware Compatibility Lists.
Note that the example programs in this book focus on the APIs being shown and do not perform error checking. Your applications should perform the appropriate error checking.
The Solaris Trusted Extensions documentation set supplements the documentation for the Solaris release. Review both sets of documentation for a more complete understanding of Solaris Trusted Extensions. The Solaris Trusted Extensions documentation set consists of the following books.
Book Title |
Topics |
Audience |
---|---|---|
Solaris Trusted Extensions Transition Guide |
Obsolete. Provides an overview of the differences between Trusted Solaris 8 software, Solaris software, and Solaris Trusted Extensions software. For this release, the What's New document for the Solaris OS provides an overview of Trusted Extensions changes. |
All |
Solaris Trusted Extensions Reference Manual |
Obsolete. For this release, Trusted Extensions man pages are included with the Solaris man pages. |
All |
Describes the basic features of Solaris Trusted Extensions. This book contains a glossary. |
End users, administrators, developers |
|
Obsolete. Describes how to plan for, install, and configure Solaris Trusted Extensions for the Solaris 10 11/06 and Solaris 10 8/07 releases of Trusted Extensions. |
Administrators, developers |
|
For this release, Part I describes how to prepare for, enable, and initially configure Trusted Extensions. Part I replaces Solaris Trusted Extensions Installation and Configuration. Part II describes how to administer a Trusted Extensions system. This book contains a glossary. |
Administrators, developers |
|
Describes how to develop applications with Solaris Trusted Extensions. |
Developers, administrators |
|
Provides information about how to specify label components in the label encodings file. |
Administrators |
|
Describes the syntax used in the label encodings file. The syntax enforces the various rules for well-formed labels for a system. |
Administrators |
Chapter 1, Solaris Trusted Extensions APIs and Security Policy provides an overview of the Solaris Trusted Extensions APIs and describes how the security policy is enforced within the system.
Chapter 2, Labels and Clearances describes the data types and the APIs for managing labels on processes and on device objects. This chapter also describes clearances, how a process acquires a sensitivity label, and when label operations require privileges. Guidelines for handling labels are also provided.
Chapter 3, Label Code Examples provides sample code that uses the APIs for labels.
Chapter 4, Printing and the Label APIs uses the Trusted Extensions multilevel printing service as an example of using the label APIs.
Chapter 5, Interprocess Communications provides an overview of how the security policy is applied to process-to-process communications within the same workstation and across the network.
Chapter 6, Trusted X Window System describes the data types and the APIs that enable administrative applications to access and modify security-related X Window System information. This chapter has a section of code examples.
Chapter 7, Trusted Web Guard Prototype provides an example of a safe web browsing prototype that isolates a web server and its web content from an Internet attack.
Chapter 8, Experimental Java Bindings for the Solaris Trusted Extensions Label APIs describes an experimental set of JavaTM classes and methods that mirror the label APIs that are provided with the Solaris Trusted Extensions software. This chapter also includes a pointer to the source code and build instructions, so you can use these APIs to create label-aware applications.
Appendix A, Programmer's Reference provides information about Solaris Trusted Extensions man pages, shared libraries, header files, and abbreviations used in data type names and in interface names. This appendix also provides information about preparing an application for release.
Appendix B, Solaris Trusted Extensions API Reference provides programming interface listings, including parameter and return value declarations.
The Sun web site provides information about the following additional resources:
The following table describes the typographic conventions that are used in this book.
Table P–1 Typographic Conventions
Typeface |
Meaning |
Example |
---|---|---|
AaBbCc123 |
The names of commands, files, and directories, and onscreen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% you have mail. |
AaBbCc123 |
What you type, contrasted with onscreen computer output |
machine_name% su Password: |
aabbcc123 |
Placeholder: replace with a real name or value |
The command to remove a file is rm filename. |
AaBbCc123 |
Book titles, new terms, and terms to be emphasized |
Read Chapter 6 in the User's Guide. A cache is a copy that is stored locally. Do not save the file. Note: Some emphasized items appear bold online. |
The following table shows the default UNIX system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.
Table P–2 Shell Prompts
Shell |
Prompt |
---|---|
C shell |
machine_name% |
C shell for superuser |
machine_name# |
Bourne shell and Korn shell |
$ |
Bourne shell and Korn shell for superuser |
# |