The following sections provide example code excerpts that use Trusted Extensions interface calls. These calls handle security attributes and translate a label to a string. The excerpts focus on handling window security attributes, the most commonly managed attributes in application programs. Often, a client retrieves security attributes by using the appropriate privileges for an object that was created by another application. The client then checks the attributes to determine whether an operation on the object is permitted by the system's security policy. The security policy covers DAC policies and the MAC write-equal and read-down policies. If access is denied, the application generates an error or uses privileges, as appropriate. See Privileged Operations and the Trusted X Window System for a discussion about when privileges are needed.
You must create an object before you can retrieve its ID to pass to the Trusted Extensions APIs.
The XTSOLgetResAttributes() routine returns security-related attributes for a window. You supply the following:
Flag to indicate that the object for which you want security attributes is a window
XtsolResAttributes structure to receive the returned attributes
Because the client is obtaining the security attributes for a window that the client created, no privileges are required.
Note that the example programs in this book focus on the APIs being shown and do not perform error checking. Your applications should perform the appropriate error checking.
/* Retrieve underlying window and display IDs with Xlib calls */ window = XtWindow(topLevel); display = XtDisplay(topLevel); /* Retrieve window security attributes */ retval = XTSOLgetResAttributes(display, window, IsWindow, &winattrs); /* Translate labels to strings */ retval = label_to_str(&winattrs.sl, &plabel, M_LABEL, LONG_NAMES); /* Print security attribute information */ printf(“Workstation Owner ID = %d\nUser ID = %d\nLabel = %s\n”, winattrs.ouid, winattrs.uid, string1);
The printf statement prints the following:
Workstation Owner ID = 29378 User ID = 29378 Label = CONFIDENTIAL
This example shows how to obtain the process sensitivity label and translate it to a string by using a font list and the pixel width. A label widget is created with the string for its label. The process sensitivity label equals the window sensitivity label. Therefore, no privileges are required.
When the final string is longer than the width, the string is clipped and the clipped indicator is used. Note that the X Window System label-translation interfaces clip to the specified number of pixels, while the label-clipping interfaces clip to the number of characters.
If your site uses a label_encodings file in a language other than English, the translation might not work on accent characters in the ISO standard above 128. The following example does not work for the Asian character set.
retval = getplabel(&senslabel); /* Create the font list and translate the label using it */ italic = XLoadQueryFont(XtDisplay(topLevel), “-adobe-times-medium-i-*-*-14-*-*-*-*-*-iso8859-1”); fontlist = XmFontListCreate(italic, “italic”); xmstr = Xbsltos(XtDisplay(topLevel), &senslabel, width, fontlist, LONG_WORDS); /* Create a label widget using the font list and label text*/ i=0; XtSetArg(args[i], XmNfontList, fontlist); i++; XtSetArg(args[i], XmNlabelString, xmstr); i++; label = XtCreateManagedWidget(“label”, xmLabelWidgetClass, form, args, i);
This example shows how to obtain the sensitivity label for a window. The process sensitivity label equals the window sensitivity label. Therefore, no privileges are required.
/* Retrieve window label */ retval = XTSOLgetResLabel(display, window, IsWindow, &senslabel); /* Translate labels to string and print */ retval = label_to_str(label, &string, M_LABEL, LONG_NAMES); printf(“Label = %s\n”, string);
The printf statement, for example, prints the following:
Label = PUBLIC
This example shows how to set the sensitivity label on a window. The new sensitivity label dominates the sensitivity label of the window and the process. The client needs the sys_trans_label privilege in its effective set to translate a label that the client does not dominate. The client also needs the win_upgrade_sl privilege to change the window's sensitivity label.
For more information about using privileges, see Solaris Security for Developers Guide.
/* Translate text string to sensitivity label */ retval = label_to_str(string4, &label, M_LABEL, L_NO_CORRECTION, &error); /* Set sensitivity label with new value */ retval = XTSOLsetResLabel(display, window, IsWindow, label);
This example shows how to obtain the window user ID. The process owns the window resource and is running at the same sensitivity label. Therefore, no privileges are required.
/* Get the user ID of the window */ retval = XTSOLgetResUID(display, window, IsWindow, &uid);
This example shows how to obtain the ID of the user who is logged in to the X Window Server. The process sensitivity label equals the window sensitivity label. Therefore, no privileges are required.
/* Get the user ID of the window */ retval = XTSOLgetWorkstationOwner(display, &uid);