NAME | DESCRIPTION | SECURITY POLICY | DEFINITIONS | MT-Level of Libraries | FILES | SEE ALSO | DIAGNOSTICS | NOTES ON MULTITHREADED APPLICATIONS | REALTIME APPLICATIONS | NOTES |
This section describes functions found in various libraries in the Trusted Solaris environment, other than those functions that directly invoke UNIX system primitives, which are described in Section 2.
Functions that are unique to and originate in the Trusted Solaris environment, such as labelinfo(3). labelinfo() gets information about security labels from the label_encodings(4) file.
SunOS
5.7 functions and X windows functions that have been modified to work within the Trusted Solaris security policy, such as accept(3N). Man pages for modified functions have been rewritten to remove information that is not accurate for how the function behaves in the Trusted Solaris environment. Modified man pages,
such as accept(), also contain descriptions for any added features and arguments.
SunOS
5.7 functions that remain unchanged from the Solaris 7 release, such as connect(3N).
The printed Trusted Solaris 7 Reference Manual includes only those functions that have been modified or originate in the Trusted Solaris environment. This includes X Windows Library man pages, located in /usr/openwin/man/man3x11tsol.
Printed versions of unchanged SunOS
5.7 man pages are found in the SunOS 5.7 Reference Manual.
Function declarations can be obtained from the #include files indicated on each page. Certain major collections are identified by a letter after the section number:
These functions constitute the Source Compatibility (with BSD functions) library. It is implemented as a shared object, libucb.so, and as an archive, libucb.a, but is not automatically linked by the C compilation system. Specify -lucb on the cc command line to link with this library, which is located in the /usr/ucb subdirectory. Header files for this library are located within /usr/ucbinclude.
These functions, together with those of Section 2 and those marked (3S), constitute the standard C library, libc, which is automatically linked by the C compilation system. The standard C library is implemented as a shared object, libc.so, and as an archive, libc.a. C programs are linked with the shared object version of the standard C library by default. Specify -dn on the cc command line to link with the archive version. See libc(4), cc(1B) for other overrides, and the "C Compilation System" chapter of the ANSI C Programmer's Guide for a discussion. Some functions behave differently in standard-conforming environments. This behavior is noted on the individual manual pages. See standards(5).
Some functions in libc have been modified for the Trusted Solaris environment. Changes in behavior or requirements are noted on the individual man pages.
These functions constitute the ELF access library, libelf, (Extensible Linking Formats). This library provides the interface for the creation and analyses of "elf" files; executables, objects, and shared objects. libelf is implemented as a shared object, libelf.so, and as an archive, libelf.a, but is not automatically linked by the C compilation system. Specify -lelf on the cc command line to link with this library. See libelf(4).
These functions constitute the string pattern-matching & pathname manipulation library, libgen. This library is implemented as an archive, libgen.a, but not as a shared object, and is not automatically linked by the C compilation system. Specify -lgen on the cc command line to link with this library.
These functions allow access to the kernel's virtual memory library, which is implemented as a shared object, libkvm.so, and as an archive, libkvm.a, but is not automatically linked by the C compilation system. Specify -lkvm on the cc command line to link with this library. See libkvm(4).
The kstat_write() function in libkvm has been modified for the Trusted Solaris environment. Changes in behavior or requirements are noted on the man page.
These functions constitute the math library, libm. This library is implemented as a shared object, libm.so, and as an archive, libm.a, but is not automatically linked by the C compilation system. Specify -lm on the cc command line to link with this library. See libmp(4).
These functions constitute the Network Service Library, libnsl. See libnsl(4). The Trusted Solaris environment modifies some Network Service Library functions, and adds the Trusted Systems Interoperability Group (TSIG) TSIX [RE]1.1 library, libt6 to the section. See libt6(3).
libnsl.so and libt6.so are implemented as shared objects, and libnsl.a is also specified as an archive. Neither library is automatically linked by the C compilation system. Specify -lnsl on the cc command line to link with the libnsl. Specify -lt6 on the cc command line to link with the libt6 library.
Some of the functions documented in man3n incorporate other network libraries, including:
libsocket [see libsocket(4)],
libresolv [see libresolv(4)],
librpcsvc [see librpcsvc(4)],
libnisdb [see libnisdb(4)],
librac [see librac(4)],
libxfn [see libxfn(4)], and
libkrb [see libkrb(4)].
Many base networking functions are also available in the X/Open Networking Interfaces library, libxnet. See section (3XN) below for more information on the libxnet interfaces.
Under all circumstances, the use of the Sockets API is recommended over the XTI and TLI APIs. If portability to other XPGV4v2 systems is a requirement, the application must use the libxnet interfaces. If portability is not required, the sockets interfaces in libsocket and libnsl are recommended over those in libxnet. Between the XTI and TLI APIs, the XTI interfaces (available with libxnet) are recommended over the TLI interfaces (available with libnsl).
These functions constitute the POSIX.4 Realtime library, librt. It is implemented only as a shared object, librt.so, and is not automatically linked by the C compilation system. Specify -lrt on the cc command line to link with this library. Note that the former name for this library, libposix4, is maintained for backward compatibility but should be avoided. See librt(4).
The clock_settime() function in librt has been modified for the Trusted Solaris environment. Changes in behavior or requirements are noted on the man page.
These functions constitute the "standard I/O package" [see stdio(3S)]. They can be compiled using the the standard C library, libc, which is automatically linked by the C compilation system. The standard C library is implemented as a shared object, libc.so, and as an archive, libc.a. See libc(4).
These functions constitute the threads libraries, libpthread and libthread. These libraries are used for building multithreaded applications. libpthread implements the POSIX [see standards(5)] threads interface, whereas libthread implements the Solaris threads interface.
Both POSIX threads and Solaris threads can be used within the same application. Their implementations are completely compatible with each other; however, only POSIX threads guarantee portability to other POSIX-conforming environments.
When POSIX and Solaris threads are used in the same application, if there are calls with the same name but different semantics, the POSIX semantic supersedes the Solaris threads semantic. For example, the call to fork() will imply the fork1() semantic in a program linked with the POSIX threads library, whether or not it is also linked with -lthread (Solaris threads).
The libpthread and libthread libraries are implemented as shared objects, libpthread.so and libthread.so, respectively, but not as archived libraries. libpthread and libthread are not automatically linked by the C compilation system. Specify -lpthread or -lthread on the cc command line to link with these libraries. See libpthread(4) and libthread(4).
The following functions are optional under POSIX and are not supported in the current Solaris release.
int pthread_mutexattr_setprotocol(pthread_mutexattr_t *attr, int protocol);
int pthread_mutexattr_getprotocol(const pthread_mutexattr_t *attr, int *protocol);
int pthread_mutexattr_setprioceiling(pthread_mutexattr_t *attr, int prioceiling);
int pthread_mutexattr_getprioceiling(const pthread_mutexattr_t *attr, int *prioceiling);
These functions constitute the Trusted Solaris library libtsol. libtsol.so is implemented as a shared object but is not automatically linked by the C compilation system. To link with the libtsol library specify -ltsol on the cc command line.
Specialized libraries. These functions are contained in libraries including, but not limited to,
libadm [see libadm(4)],
libbsdmalloc [see libbsdmalloc(4)],
libcrypt [see libcrypt(4)],
libcurses [see libcurses(4)],
libdl [see libdl(4)],
libform [see libform(4)],
libmail ,
libmalloc [see libmalloc(4)],
libmapmalloc [see libmapmalloc(4)],
libmenu [see libmenu(4)], and
libpanel [see libpanel(4)].
These functions constitute the Trusted Solaris extension to the X windows library libXtsol. libXtsol.so is implemented as a shared object but is not automatically linked by the C compilation system. To link with the libXtsol library, specify -lXtsol after -lX11 on the cc command line (cc -lX11 -lXtsol).
These functions constitute the X/Open Curses library, located in /usr/xpg4/lib/libcurses.so.1. This library provides a set of internationalized functions and macros for creating and modifying input and output to a terminal screen. Included in this library are functions for creating windows, highlighting text, writing to the screen, reading from user input, and moving the cursor. X/Open Curses is designed to optimize screen update activities. The X/Open Curses library conforms fully with Issue 4 of the X/Open Extended Curses specification.
These functions constitute X/Open networking interfaces which comply with the X/Open CAE Specification, Networking Services, Issue 4 (September, 1994), and are located in /usr/lib/libxnet.so.1. See libxnet(4) and standards(5) for compilation information.
System calls enforce policy for library routines, and you should generally look to the system call man page for the to find out how policy is enforced for the system call. However, policy is sometimes explained on the library routine man pages, according to the following guidelines:
If the relationship between the library routine and the underlying system call is intuitively obvious, as is the relationship between fopen(3) and open(2), the related system call is mentioned in the SEE ALSO section, and the policy is not repeated on the library routine's man page.
If the relationship between the library routine and the underlying system call(s) is not obvious, the policy information appears on the library routine's man page.
If the system call man page has so much information that the developer may have trouble finding it, the relevant information is repeated on the library routine's man page. An example is t6peek_attr(3N), which relies on streamio(7I), whose man page is 21 pages.
If the library is the exposed interface, and if the system call is undocumented, the policy appears on the library man page. One example of this is in the TSIX library routines, some of which rely on undocumented system calls.
A character is any bit pattern able to fit into a byte on the machine. Exception: in some international languages, a "character" may require more than one byte, and is represented in multi-bytes.
The null character is a character with value 0, conventionally represented in the C language as \0. A character array is a sequence of characters. A null-terminated character array (a string) is a sequence of characters, the last of which is the null character. The null string is a character array containing only the terminating null character. A null pointer is the value that is obtained by casting 0 into a pointer. C guarantees that this value will not match that of any legitimate pointer, so many functions that return pointers return NULL to indicate an error. The macro NULL is defined in <stdio.h>. Types of the form size_t are defined in the appropriate headers.
See attributes(5) for descriptions of library MT-Levels.
usually /usr/include
usually /usr/ccs/lib
For assistance specific to Trusted Solaris libraries, see intro(2), specifically the DEFINITIONS section, and the Trusted Solaris Developer's Guide.
ar(1), cc(1B), ld(1), nm(1), , stdio(3S), pthread_atfork(3T), libadm(4), libbsdmalloc(4), libc(4), libcrypt(4), libcurses(4), libdl(4), libelf( 4), libform( 4), libkvm(4), libmalloc(4)libmapmalloc(4), libmenu(4), libmp(4), libnisdb(4), libnsl(4), libpanel(4), librac(4), libresolv(4), librpcsvc(4), libsocket(4), libpthread(4), libthread(4), libxfn(4), libxnet(4), attributes (5), standards(5)
Profiling Tools
ANSI C Programmer's Guide
For functions that return floating-point values, error handling varies according to compilation mode. Under the -Xt (default) option to cc, these functions return the conventional values 0, +-HUGE, or NaN when the function is undefined for the given arguments or when the value is not representable. In the -Xa and -Xc compilation modes, +-HUGE_VAL is returned in stead of +-HUGE. (HUGE_VAL and HUGE are defined in <math.h> to be infinity and the largest-magnitude single-precision number, respectively.)
When compiling a multithreaded application, either the _POSIX_C_SOURCE, _POSIX_PTHREAD_SEMANTICS, or _REENTRANT flag must be defined on the command line. This enables special definitions for functions only applicable to multithreaded applications. For POSIX.1c-conforming applications, define the _POSIX_C_SOURCE flag to be >= 199506L:
cc [flags] file... -D_POSIX_C_SOURCE=199506L -lpthread
For POSIX behavior with the Solaris fork() and fork1() distinction, compile as follows:
cc [flags] file... -D_POSIX_PTHREAD_SEMANTICS -lthread
For Solaris threads behavior, compile as follows:
cc [flags] file... -D_REENTRANT -lthread
When building a singlethreaded application, the above flags should be undefined. This generates a binary that is executable on previous Solaris releases, which do not support multithreading.
Unsafe interfaces should be called only from the main thread to ensure the application's safety.
MT-Safe interfaces are denoted in the ATTRIBUTES section of the functions and libraries manual pages [see attributes(5). If a manual page does not state explicitly that an interface is MT-Safe, the user should assume that the interface is unsafe.
Be sure to have set the environment variable LD_BIND_NOW to a non-null value to enable early binding. Refer to the "When Relocations are Processed" chapter inLinker and Libraries Guide for additional information.
None of the functions, external variables, or macros should be redefined in the user's programs. Any other name may be redefined without affecting the behavior of other library functions, but such redefinition may conflict with a declaration in an included header.
The headers in INCDIR provide function prototypes (function declarations including the types of arguments) for most of the functions listed in this manual. Function prototypes allow the compiler to check for correct usage of these functions in the user's program. The lint program checker may also be used and will report discrepancies even if the headers are not included with #include statements. Definitions for Sections 2, 3C, and 3S are checked automatically. Other definitions can be included by using the -l option to lint. (For example, -lm includes definitions for libm.) Use of lint is highly recommended. See the lint chapter in Performance Profiling Tools.
Users should carefully note the difference between STREAMS and stream. STREAMS is a set of kernel mechanisms that support the development of network services and data communication drivers. It is composed of utility routines, kernel facilities, and a set of data structures. A stream is a file with its associated buffering. It is declared to be a pointer to a type FILE defined in <stdio.h>.
In detailed definitions of components, it is sometimes necessary to refer to symbolic names that are implementation-specific, but which are not necessarily expected to be accessible to an application program. Many of these symbolic names describe boundary conditions and system limits.
In this section, for readability, these implementation-specific values are given symbolic names. These names always appear enclosed in curly brackets to distinguish them from symbolic names of other implementation-specific constants that are accessible to application programs by headers. These names are not necessarily accessible to an application program through a header, although they may be defined in the documentation for a particular system.
In general, a portable application program should not refer to these symbolic names in its code. For example, an application program would not be expected to test the length of an argument list given to a routine to determine if it was greater than ARG_MAX.
Description
Test if a window is created by a trusted client
Make this window a Trusted Path window
Shut down the system
Get all CMW attributes associated with a client
Get all CMW attributes associated with a property hanging on a window
Get the CMW label associated with a property hanging on a window
Get the UID associated with a property hanging on a window
Get all CMW attributes associated with a window or a pixmap
Get the CMW label associated with a window, a pixmap, or a colormap
Get the UID associated with a window, a pixmap
Get the height of screen stripe
Get the ownership of the workstation
Set polyinstantiation information
Set the CMW label associated with a property hanging on a window
Set the UID associated with a property hanging on a window
Set the CMW label associated with a window or a pixmap
Set the UID associated with a window, a pixmap, or a colormap
Set the height of screen stripe
Set the session high sensitivity label to the window server
Set the session low sensitivity label to the window server
Set the ownership of the workstation
See labelclipping(3)
See labelclipping(3)
See labelclipping(3)
See labelclipping(3)
Accept a connection on a socket
Adorn the final component of a pathname
Preselect an audit event
Get user's binary preselection mask
Construct and write user-level audit records
See auth_to_str(3)
Translate and verify user authorizations
See aw_strerror(3)
See aw_strerror(3)
Obtain and display error messages
See blmanifest(3)
See blmanifest(3)
See btohex(3)
See btohex(3)
See bltos(3)
See blmanifest(3)
See blvalid(3)
See blmanifest(3)
See blmanifest(3)
Translate binary CMW labels to character-coded labels for a printer banner page
See btohex(3)
See btohex(3)
See blportion(3)
See bltos(3)
See blportion(3)
See blmanifest(3)
Conjoin binary information labels
See blcompare(3)
See blcompare(3)
See blmanifest(3)
See blmanifest(3)
See btohex(3)
See btohex(3)
See blportion(3)
See bltos(3)
See blmanifest(3)
See blvalid(3)
See blcompare(3)
See blcompare(3)
Bind a name to a socket
Compare binary labels
See blcompare(3)
See blcompare(3)
See blcompare(3)
Check binary label for inclusion in set
Create manifest binary labels
See blminmax(3)
See blminmax(3)
Bound of two binary levels
Access binary label portions
See blcompare(3)
Get character-coded color name of label
See bltocolor(3)
Translate binary labels to character coded labels
Compare and set the type of binary label
Check validity of binary label
See blmanifest(3)
See blmanifest(3)
See btohex(3)
See btohex(3)
See bltos(3)
See blmanifest(3)
See blvalid(3)
Convert binary label to hexadecimal
See auth_to_str(3)
High-resolution clock operations
See resolver(3N)
See resolver(3N)
Create a door descriptor
Return the extended credential information associated with the client of the current door invocation
See getacinfo(3)
See getauclassent(3)
See getauevent(3)
See getauusernam(3)
See getprofent(3)
See getprofstr(3)
See getuserent(3)
See getutent(3C)
See getutxent(3C)
See auth_to_str(3)
See getprofent(3)
See getprofstr(3)
See getuserent(3)
Walk a file tree
See auth_to_str(3)
See priv_to_str(3)
See getacinfo(3)
See getacinfo(3)
Get audit control file information
See getacinfo(3)
See getacinfo(3)
get audit_class entry
See getauclassent(3)
See getauclassent(3)
See getauclassent(3)
Convert audit flag specifications
See getauditflags(3)
See getauditflags(3)
Get audit_event entry
See getauevent(3)
See getauevent(3)
See getauevent(3)
See getauevent(3)
See getauevent(3)
See getauevent(3)
See getauusernam(3)
Get audit_user entry
See blportion(3)
See blportion(3)
Generates the process audit state
Get peer's process characteristics.
Get Trusted Solaris user profile description
See getprofent(3)
Get Trusted Solaris user profile description
See getprofstr(3)
Get and set options on sockets
Get Trusted Solaris user security attributes
See getuserent(3)
See getuserent(3)
Access utmp file entry
See getutent(3C)
See getutent(3C)
See getutxent(3C)
See getutxent(3C)
Access utmpx file entry
See getutxent(3C)
See getutxent(3C)
Get vfstab_adjunct file entry
See getvfsaent(3)
See btohex(3)
See btohex(3)
Convert hexadecimal string to binary label
See hextob(3)
See hextob(3)
See hextob(3)
See hextob(3)
Initialize the supplementary group access list
Read or write kstat data
See kstat_read(3K)
Create a Motif-based user interface for interactively building a valid label or clearance
Translate a binary label and clip to the specified width
Get information about the label encodings
Get version of the label_encodings file
TSIX trusted IPC library
Listen for connections on a socket
Get pathname of current working directory
See mldstat(3)
Return the canonicalized absolute pathname, including any MLD adornments and SLD names
See mldrealpath(3)
Get file status in multilevel directory
Lock or unlock pages in memory
Lock or unlock address space
See mlock(3C)
See mlockall(3C)
See ftw(3C)
See nis_names(3N)
See nis_tables(3N)
See nis_groups(3N)
See nis_ping(3N)
See nis_groups(3N)
See nis_groups(3N)
See nis_tables(3N)
See nis_names(3N)
See nis_server(3N)
See nis_server(3N)
See nis_server(3N)
NIS+ group manipulation functions
See nis_groups(3N)
See nis_tables(3N)
See nis_names(3N)
See nis_server(3N)
See nis_names(3N)
See nis_tables(3N)
NIS+ namespace functions
See nis_tables(3N)
Misc NIS+ log administration functions
See nis_groups(3N)
See nis_names(3N)
See nis_tables(3N)
See nis_groups(3N)
See nis_server(3N)
Miscellaneous NIS+ functions
See nis_server(3N)
See nis_server(3N)
NIS+ table functions
See nis_groups(3N)
Lock or unlock into memory process, text, or data
See priv_to_str(3)
Convert a numeric privilege to its name or a privilege name to its number
See getprofstr(3)
See getutent(3C)
See getutxent(3C)
Generate random pronounceable password
See resolver(3N)
See resolver(3N)
See resolver(3N)
See resolver(3N)
See resolver(3N)
See resolver(3N)
See resolver(3N)
See resolver(3N)
Resolver routines
Library routines for remote procedure calls
Library routines for client side calls
Library routines for dealing with creation and manipulation of CLIENT handles
See rpc_svc_reg(3N)
Library routines for RPC servers
Library routines for the creation of server handles
Library routines for registering servers
See rpcbind(3N)
See rpcbind(3N)
See rpcbind(3N)
See rpcbind(3N)
See rpcbind(3N)
See rpcbind(3N)
See rpcbind(3N)
Library routines for RPC bind service
See sbltos(3)
See sbltos(3)
See sbltos(3)
Translate binary labels to canonical character-coded labels
See sbltos(3)
Send a message from a socket
See send(3N)
See send(3N)
Assign a privilege set for the current process
See getacinfo(3)
See getauclassent(3)
See getauevent(3)
See getauusernam(3)
See bltype(3)
See blportion(3)
See blportion(3)
See getprofent(3)
See getprofstr(3)
See getsockopt(3N)
See getuserent(3)
See getutent(3C)
See getutxent(3C)
See stobl(3)
See stobl(3)
See stobl(3)
Translate character-coded labels to binary labels
See stobl(3)
See auth_to_str(3)
See auth_to_str(3)
See priv_to_str(3)
See priv_to_str(3)
See rpc_svc_reg(3N)
See rpc_svc_reg(3N)
See rpc_svc_reg(3N)
Allocate and free security-attribute control structure and buffer
Get mask indicating which attributes came from templates
Clear security attributes
Compare security attributes
Copy security attributes
Duplicate security attributes
Manipulate network-endpoint security options
See t6alloc_blk(3N)
Get security attributes from or set security attributes in the security-attribute buffer handled by a control structure
Get and set endpoint mask, or get and set endpoint default attributes
See t6peek_attr(3N)
See t6ext_attr(3N)
Examine the security attributes on the next or the previous byte of data
Read security attributes and data from a trusted endpoint
Specify security attributes to send with data on a trusted endpoint
See t6get_attr(3N)
Get the size of a particular attribute from the control structure
Accept a connection request
Bind an address to a transport endpoint
Manage options for a transport endpoint
Send data or expedited data over a connection
Send a data unit
See labelbuilder(3)
See labelbuilder(3)
See labelbuilder(3)
See labelbuilder(3)
See getutxent(3C)
See getutxent(3C)
See getutent(3C)
See getutxent(3C)
See rpc_svc_reg(3N)
See rpc_svc_reg(3N)
NAME | DESCRIPTION | SECURITY POLICY | DEFINITIONS | MT-Level of Libraries | FILES | SEE ALSO | DIAGNOSTICS | NOTES ON MULTITHREADED APPLICATIONS | REALTIME APPLICATIONS | NOTES |