This appendix provides application programming interface (API) listings and cross-references to their use. Declarations are grouped by security topic.
This appendix covers the following topics:
The following Oracle Solaris APIs accept Trusted Extensions parameters:
uint_t getpflags(uint_t flag);
int setpflags(uint_t flag, uint_t value);
The label APIs are introduced in Chapter 2, Labels and Clearances. Sample code is provided in Chapter 3, Label Code Examples. A fully described example is provided in Chapter 4, Printing and the Label APIs.
The following lists the types of label-related APIs and shows the prototype declarations of the routines and system calls for each type:
Accessing the label_encodings file
m_label_t *m_label_alloc(const m_label_type_t label_type);
int m_label_dup(m_label_t **dst, const m_label_t *src);
void m_label_free(m_label_t *label);
int label_to_str(const m_label_t *label, char **string, const m_label_str_t conversion_type, uint_t flags);
int blequal(const m_label_t *level1, const m_label_t *level2);
int bldominates(const m_label_t *level1, const m_label_t *level2);
int blstrictdom(const m_label_t *level1, const m_label_t *level2);
int blinrange(const m_label_t *level, const brange_t *range);
void blmaximum(m_label_t *maximum_label, const m_label_t *bounding_label);
void blminimum(m_label_t *minimum_label, const m_label_t *bounding_label);
m_range_t *getuserrange(const char *username);
blrange_t *getdevicerange(const char *device);
char *getpathbylabel(const char *path, char *resolved_path, size_t bufsize, const m_label_t *sl);
m_label_t *getzonelabelbyid(zoneid_t zoneid);
m_label_t *getzonelabelbyname(const char *zonename);
zoneid_t *getzoneidbylabel(const m_label_t *label);
char *getzonerootbyid(zoneid_t zoneid);
char *getzonerootbylabel(const m_label_t *label);
char *getzonerootbyname(const char *zonename);
Obtaining the remote host type
tsol_host_type_t tsol_getrhtype(char *hostname);
Accessing and modifying sensitivity labels
int fgetlabel(int fd, m_label_t *label_p);
int getlabel(const char *path, m_label_t *label_p);
int setflabel(const char *path, const m_label_t *label_p);
int getplabel(m_label_t *label_p);
int label_to_str(const m_label_t *label, char **string, const m_label_str_t conversion_type, uint_t flags);
int str_to_label(const char *string, m_label_t **label, const m_label_type_t label_type, uint_t flags, int *error);
For information about this label-clipping API, see Chapter 6, Trusted X Window System.
int label_to_str(const m_label_t *label, char **string, const m_label_str_t conversion_type, uint_t flags);
Trusted Extensions does not provide interfaces for remote procedure calls (RPC). RPC interfaces have been modified to work with Trusted Extensions. For conceptual information, see Chapter 5, Interprocess Communications. For an example that uses the getpeerucred() and ucred_getlabel() routines, see Chapter 4, Printing and the Label APIs.
For information about the Label Builder user interface, see Chapter 7, Label Builder APIs.
ModLabelData *tsol_lbuild_create(Widget widget, void (*event_handler)() ok_callback, lbuild_attributes extended_operation, ..., NULL);
void tsol_lbuild_destroy(ModLabelData *lbdata);
void *tsol_lbuild_get(ModLabelData *lbdata, lbuild_attributes extended_operation);
void tsol_lbuild_set(ModLabelData *lbdata, lbuild_attributes extended_operation, ..., NULL);
For information about the Trusted X Window System APIs, see Chapter 6, Trusted X Window System.
Status XTSOLgetResAttributes(Display *display, XID object, ResourceType type, XTSOLResAttributes *winattrp);
Status XTSOLgetPropAttributes(Display *display, Window window, Atom property, XTSOLPropAttributes *propattrp);
Status XTSOLgetClientAttributes(Display *display, XID windowid, XTsolClientAttributes *clientattrp);
Status XTSOLgetResLabel(Display *display, XID object, ResourceType type, m_label_t *sl);
Status XTSOLsetResLabel(Display *display, XID object, ResourceType type, m_label_t *sl);
Status XTSOLgetResUID(Display *display, XID object, ResourceType type, uid_t *uidp);
Status XTSOLsetResUID(Display *display, XID object, ResourceType type, uid_t *uidp);
Status XTSOLgetPropLabel(Display *display, Window window, Atom property, m_label_t *sl);
Status XTSOLsetPropLabel(Display *display, Window window, Atom property, m_label_t *sl);
Status XTSOLgetPropUID(Display *display, Window window, Atom property, uid_t *uidp);
Status XTSOLsetPropUID(Display *display, Window window, Atom property, uid_t *uidp);
Status XTSOLgetWorkstationOwner(Display *display, uid_t *uidp);
Status XTSOLsetWorkstationOwner(Display *display, uid_t *uidp);
Status XTSOLsetSessionHI(Display *display, m_label_t *sl);
Status XTSOLsetSessionLO(Display *display, m_label_t *sl);
Status XTSOLMakeTPWindow(Display *display, Window *w);
Bool XTSOLIsWindowTrusted(Display *display, Window *window);
Status XTSOLgetSSHeight(Display *display, int screen_num, int *newheight);
Status XTSOLsetSSHeight(Display *display, int screen_num, int newheight);
Status XTSOLsetPolyInstInfo(Display *display, m_label_t sl, uid_t *uidp, int enabled);
The following Oracle Solaris interfaces either include Trusted Extensions parameters or are used in this guide with Trusted Extensions interfaces:
int auditon(int cmd, caddr_t data, int length);
void free(void *ptr);
int getpeerucred(int fd, ucred_t **ucred);
uint_t getpflags(uint_t flag);
int is_system_labeled(void);
int setpflags(uint_t flag, uint_t value);
int getsockopt(int s, int level, int optname, void *optval, int *optlen);
int setsockopt(int s, int level, int optname, const void *optval, int optlen);
int socket(int domain, int type, int protocol);
ucred_t *ucred_get(pid_t pid);
m_label_t *ucred_getlabel(const ucred_t *uc);
The following table lists the Trusted Extensions system calls and routines. The table also provides references to descriptions and declarations of the interface and to examples of the interface that appear in this guide. The man page section is included as part of the name of each system call and routine.
Table B–1 System Calls and Library Routines That Are Used in Trusted Extensions
System Call or Library Routine |
Cross-Reference to Description |
Cross-Reference to Example |
---|---|---|
Validating the Label Request Against the Printer's Label Range |
||
|
||
|
||
|
||
|
||
|
||
Validating the Label Request Against the Printer's Label Range |
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
Determining Whether the Printing Service Is Running in a Labeled Environment |
||
|
||
Validating the Label Request Against the Printer's Label Range |
||
|
||
|
||
Validating the Label Request Against the Printer's Label Range |
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|