Trusted Extensions extends Oracle Solaris security by enforcing a label-based mandatory access control (MAC) policy. Sensitivity labels are automatically applied to all sources of data (networks, file systems, and windows) and consumers of data (user and processes). Access to all data is restricted based on the relationship between the label of the data (object) and the consumer (subject). The layered functionality consists of a set of label-aware services.
A partial list of Trusted Extensions services includes:
Labeled networking
Label-aware file system mounting and sharing
Labeled desktop
Label configuration and translation
Label-aware system management tools
Label-aware device allocation
The system/trusted and system/trusted/trusted-global-zone packages are sufficient for a headless system or a server that does not require a multilevel desktop. The system/trusted/trusted-extensions package provides the Oracle Solaris multilevel, trusted desktop environment.