Data Objects

Applications use Solaris and Trusted Solaris APIs to work on data in the types of objects described here. The Trusted Solaris environment implements security policy by imposing constraints on security-related operations applications perform on these objects. "Security Policy" describes Trusted Solaris security policy as it applies to applications.

File System Objects

File system objects reside in a file system where they can be read, written to, searched, and executed according to file system security policy. File system objects are the following:

• Directories.

• Regular data files.

• Executable files.

• Symbolic links.

• Mapped memory.

• Device objects - Device special (character and block) files for device drivers to printers, workstations, tape drives, and floppy drives.

X11 Windows Objects

X Window System objects handle data input and output through a special file system interface. Although the data in these special files is not accessed the way the data in file system objects is accessed, these files are protected by file system security policy, while the X Window Server and the X Window System objects are protected by X Window System security policy.

Process Objects

A process can access data in another process or in lightweight processes (independently scheduled threads of execution). All process to process communications is protected by either process, network, or interprocess communications (IPC) security policy. If the communication involves a special file, the file is protected by file system security policy.

IPC Objects

Interprocess communication (IPC) objects are the following.

• Unnamed pipes.

• Named pipes (FIFOs).

• Mapped Memory.

• System V IPC objects (message queues, semaphore, and shared memory).

• Pseudo-Terminal Devices (PTYs).

• Signals.

• Process Tracing.

Network Communication Endpoints

Network communication endpoints are sockets and transport layer interface (TLI) endpoints.

• INET Domain Sockets bind to a port.

• UNIX Domain Socket Rendezvous bind to a file.

• INET Domain TLI bind to a port.

• UNIX Domain TLI bind to a file.

• Remote Procedure Calls (RPC) bind to a port.

STREAMS Objects

STREAMS objects form the basis for networking software and are protected by network security policy. Security attribute information carried on STREAMS is accessed through the IPC and networking APIs described in detail in this guide. "Trusted Streams" lists interfaces that let you access the security attribute information on a Stream directly; however, no conceptual information or code examples is currently provided for these interfaces.