Secure Context Creation

DPS contexts normally have access to global data. This allows a context to look into the activities of another context. For example, one context could intercept a document that another context is imaging. This section describes how to create secure contexts in the Solaris environment.

Section 7.1.1 “Creating Contexts” in the PostScript Language Reference Manual, Second Edition describes three ways that contexts can share VM:

1. “Local and global VM are completely private to the context.” This capability is new with Level 2, and a context created this way is called a secure context.

2. “Local VM is private to the context, but global VM is shared with some other context.” This is the normal situation for contexts created with XDPSCreateContext and XDPSCreateSimpleContext.

3. “Local and global VM are shared with some other context.” This is the situation for contexts created with XDPSCreateContext and XDPSCreateSimpleContext when the space parameter is not NULL.

   To create a secure context, use XDPSCreateSecureContext as shown below:

   XDPSCreateSecureContext
   
   DPSContext XDPSCreateSecureContext(dpy,    drawable, gc, x, y, eventmask,
   
   grayramp, ccube, actual,     textProc, errorProc, space)  Display *dpy;
   
     Drawable drawable;  GC gc;  int x;  int y;  unsigned int eventmask;
   
     XStandardColormap *grayramp;  XStandardColormap *ccube;  int actual;
   
     DPSTextProc textProc;  DPSErrorProc errorProc;   DPSSpace
   
   space;

All parameters have the identical meaning to those in XDPSCreateContext, but the context being created has its own private global VM. If the space parameter is not NULL, it must identify a space created with a secure context. A space created with a secure context cannot be used for the creation of a nonsecure context. Specifying a nonsecure space with a secure context or a secure space with a nonsecure context generates an access error.