Appendix B Solaris Trusted Extensions API Reference

This appendix provides application programming interface (API) listings and cross-references to their use. Declarations are grouped by security topic.

This appendix covers the following topics:

Process Security Attribute Flags APIs

The following Solaris APIs accept Trusted Extensions parameters:

uint_t getpflags(uint_t flag);
int setpflags(uint_t flag, uint_t value);

Label APIs

The label APIs are introduced in Chapter 2, Labels and Clearances. Sample code is provided in Chapter 3, Label Code Examples. A fully described example is provided in Chapter 4, Printing and the Label APIs.

The following lists the types of label-related APIs and shows the prototype declarations of the routines and system calls for each type:

Accessing the label_encodings file
- m_label_t *m_label_alloc(const m_label_type_t label_type);
- int m_label_dup(m_label_t **dst, const m_label_t *src);
- void m_label_free(m_label_t *label);
- int label_to_str(const m_label_t *label, char **string, const m_label_str_t conversion_type, uint_t flags);
Comparing level relationships
- int blequal(const m_label_t *level1, const m_label_t *level2);
- int bldominates(const m_label_t *level1, const m_label_t *level2);
- int blstrictdom(const m_label_t *level1, const m_label_t *level2);
- int blinrange(const m_label_t *level, const brange_t *range);
- void blmaximum(m_label_t *maximum_label, const m_label_t *bounding_label);
- void blminimum(m_label_t *minimum_label, const m_label_t *bounding_label);
Accessing label ranges
- m_range_t *getuserrange(const char *username);
- blrange_t *getdevicerange(const char *device);
Accessing labels in zones
- char *getpathbylabel(const char *path, char *resolved_path, size_t bufsize, const m_label_t *sl);
- m_label_t *getzonelabelbyid(zoneid_t zoneid);
- m_label_t *getzonelabelbyname(const char *zonename);
- zoneid_t *getzoneidbylabel(const m_label_t *label);
- char *getzonerootbyid(zoneid_t zoneid);
- char *getzonerootbylabel(const m_label_t *label);
- char *getzonerootbyname(const char *zonename);
Obtaining the remote host type
- tsol_host_type_t tsol_getrhtype(char *hostname);
Accessing and modifying sensitivity labels
- int fgetlabel(int fd, m_label_t *label_p);
- int getlabel(const char *path, m_label_t *label_p);
- int setflabel(const char *path, const m_label_t *label_p);
- int getplabel(m_label_t *label_p);
- int label_to_str(const m_label_t *label, char **string, const m_label_str_t conversion_type, uint_t flags);
- int str_to_label(const char *string, m_label_t **label, const m_label_type_t label_type, uint_t flags, int *error);

Label-Clipping APIs

For information about this label-clipping API, see Chapter 6, Trusted X Window System.

int label_to_str(const m_label_t *label, char **string,
	const m_label_str_t conversion_type, uint_t flags);

RPC APIs

Trusted Extensions does not provide interfaces for remote procedure calls (RPC). RPC interfaces have been modified to work with Trusted Extensions. For conceptual information, see Chapter 5, Interprocess Communications. For an example that uses the getpeerucred() and ucred_getlabel() routines, see Chapter 4, Printing and the Label APIs.

Trusted X Window System APIs

For information about the Trusted X Window System APIs, see Chapter 6, Trusted X Window System.

Status XTSOLgetResAttributes(Display *display, XID object, ResourceType type, XTSOLResAttributes *winattrp);
Status XTSOLgetPropAttributes(Display *display, Window window, Atom property, XTSOLPropAttributes *propattrp);
Status XTSOLgetClientAttributes(Display *display, XID windowid, XTsolClientAttributes *clientattrp);
Status XTSOLgetResLabel(Display *display, XID object, ResourceType type, m_label_t *sl);
Status XTSOLsetResLabel(Display *display, XID object, ResourceType type, m_label_t *sl);
Status XTSOLgetResUID(Display *display, XID object, ResourceType type, uid_t *uidp);
Status XTSOLsetResUID(Display *display, XID object, ResourceType type, uid_t *uidp);
Status XTSOLgetPropLabel(Display *display, Window window, Atom property, m_label_t *sl);
Status XTSOLsetPropLabel(Display *display, Window window, Atom property, m_label_t *sl);
Status XTSOLgetPropUID(Display *display, Window window, Atom property, uid_t *uidp);
Status XTSOLsetPropUID(Display *display, Window window, Atom property, uid_t *uidp);
Status XTSOLgetWorkstationOwner(Display *display, uid_t *uidp);
Status XTSOLsetWorkstationOwner(Display *display, uid_t *uidp);
Status XTSOLsetSessionHI(Display *display, m_label_t *sl);
Status XTSOLsetSessionLO(Display *display, m_label_t *sl);
Status XTSOLMakeTPWindow(Display *display, Window *w);
Bool XTSOLIsWindowTrusted(Display *display, Window *window);
Status XTSOLgetSSHeight(Display *display, int screen_num, int *newheight);
Status XTSOLsetSSHeight(Display *display, int screen_num, int newheight);
Status XTSOLsetPolyInstInfo(Display *display, m_label_t sl, uid_t *uidp, int enabled);

Solaris Library Routines and System Calls That Use Trusted Extensions Parameters

The following Solaris interfaces either include Trusted Extensions parameters or are used in this guide with Trusted Extensions interfaces:

int auditon(int cmd, caddr_t data, int length);
void free(void *ptr);
int getpeerucred(int fd, ucred_t **ucred);
uint_t getpflags(uint_t flag);
int is_system_labeled(void);
int setpflags(uint_t flag, uint_t value);
int getsockopt(int s, int level, int optname, void *optval, int *optlen);
int setsockopt(int s, int level, int optname, const void *optval, int optlen);
int socket(int domain, int type, int protocol);
ucred_t *ucred_get(pid_t pid);
m_label_t *ucred_getlabel(const ucred_t *uc);

System Calls and Library Routines in Trusted Extensions

The following table lists the Trusted Extensions system calls and routines. The table also provides references to descriptions and declarations of the interface and to examples of the interface that appear in this guide. The man page section is included as part of the name of each system call and routine.

Table B–1 System Calls and Library Routines That Are Used in Trusted Extensions


System Call or Library Routine	Cross-Reference to Description	Cross-Reference to Example
bldominates(3TSOL)	Label Relationships Comparing Labels	Determining the Relationship Between Two Labels
blequal(3TSOL)	Comparing Labels	Determining the Relationship Between Two Labels
blinrange(3TSOL)	Label Relationships	Validating the Label Request Against the Printer's Label Range
blmaximum(3TSOL)	Comparing Labels
blminimum(3TSOL)	Comparing Labels
blstrictdom(3TSOL)	Comparing Labels
fgetlabel(2)	Labeled Zones Obtaining and Setting the Label of a File
free(3C)	Translating Between Labels and Strings
getdevicerange(3TSOL)	Obtaining Label Ranges	Validating the Label Request Against the Printer's Label Range
getlabel(2)	Labeled Zones Obtaining and Setting the Label of a File	Obtaining a File Label
getpathbylabel(3TSOL)	Accessing Labels in Zones
getpeerucred(3C)	`get_peer_label()` Label-Aware Function	Obtaining the Credential and Remote Host Label
getpflags(2)	MAC-Exempt Sockets
getplabel(3TSOL)	Accessing the Process Sensitivity Label	Translating the Window Label With the Font List
getuserrange(3TSOL)	Obtaining Label Ranges
getzoneidbylabel(3TSOL)	Accessing Labels in Zones
getzonelabelbyid(3TSOL)	Accessing Labels in Zones
getzonelabelbyname(3TSOL)	Accessing Labels in Zones
getzonerootbyid(3TSOL)	Accessing Labels in Zones
getzonerootbylabel(3TSOL)	Accessing Labels in Zones
getzonerootbyname(3TSOL)	Accessing Labels in Zones
is_system_labeled(3C)	`get_peer_label()` Label-Aware Function Detecting a Trusted Extensions System	Determining Whether the Printing Service Is Running in a Labeled Environment
label_to_str(3TSOL)	Translating Between Labels and Strings	Obtaining a Process Label
m_label_alloc(3TSOL)	Allocating and Freeing Memory for Labels	Obtaining a Process Label Obtaining a File Label
m_label_dup(3TSOL)	Allocating and Freeing Memory for Labels
m_label_free(3TSOL)	Allocating and Freeing Memory for Labels	Validating the Label Request Against the Printer's Label Range Obtaining a Process Label
setflabel(3TSOL)	Obtaining and Setting the Label of a File Obtaining and Setting the Label of a File
setpflags(2)	MAC-Exempt Sockets
str_to_label(3TSOL)	Translating Between Labels and Strings	Validating the Label Request Against the Printer's Label Range Obtaining a File Label
tsol_getrhtype(3TSOL)	Obtaining the Remote Host Type
ucred_get(3C)	Multilevel Ports
ucred_getlabel(3C)	Multilevel Ports
XTSOLgetClientAttributes(3XTSOL)	Accessing Attributes
XTSOLgetPropAttributes(3XTSOL)	Accessing Attributes
XTSOLgetPropLabel(3XTSOL)	Accessing and Setting a Window Property Label
XTSOLgetPropUID(3XTSOL)	Accessing and Setting a Window Property Label
XTSOLgetResAttributes(3XTSOL)	Obtaining Window Attributes
XTSOLgetResLabel(3XTSOL)	Obtaining a Window Label
XTSOLgetResUID(3XTSOL)	Obtaining the Window User ID Accessing and Setting a Window User ID
XTSOLgetSSHeight(3XTSOL)	Accessing and Setting the Screen Stripe Height
XTSOLgetWorkstationOwner(3XTSOL)	Accessing and Setting a Workstation Owner ID
XTSOLIsWindowTrusted(3XTSOL)	Working With the Trusted Path Window
XTSOLMakeTPWindow(3XTSOL)	Working With the Trusted Path Window
XTSOLsetPolyInstInfo(3XTSOL)	Chapter 6, Trusted X Window System
XTSOLsetPropLabel(3XTSOL)	Accessing and Setting a Window Property Label
XTSOLsetPropUID(3XTSOL)	Accessing and Setting a Window Property Label
XTSOLsetResLabel(3XTSOL)	Setting a Window Label
XTSOLsetResUID(3XTSOL)	Accessing and Setting a Window User ID
XTSOLsetSessionHI(3XTSOL)	Setting the X Window Server Clearance and Minimum Label
XTSOLsetSessionLO(3XTSOL)	Setting the X Window Server Clearance and Minimum Label
XTSOLsetSSHeight(3XTSOL)	Accessing and Setting the Screen Stripe Height
XTSOLsetWorkstationOwner(3XTSOL)	Accessing and Setting a Workstation Owner ID

Previous: Appendix??A Programmer's Reference