test

Trusted Solaris Developer's Guide

Using the Server Area and Adding a Sensitivity Label

The AW_SERVER token turns on the trusted server option, which indicates the calling process is a server. When the trusted server is enabled, the auditwrite(3TSOL) routine automatically generates header and return tokens, but not the subject and slabel tokens automatically generated when the trusted server is not enabled (see "Creating a Minimum Audit Record"). When the trusted server is enabled, you must explicitly pass the AW_SUBJECT and AW_SLABEL tokens to include this information in the record.

This example turns on the trusted server option, writes a record, writes another record including the sensitivity label, then turns off the trusted server option and writes a final record so you can see the difference. The sys_trans_label privilege is needed to translate the Secret sensitivity label because the process running at Confidential does not dominate Secret.

bslabel_t senslabel;

/* Create a sensitivity label of Secret */`
	stobsl("Secret", &senslabel, NEW_LABEL, &error);

/* Turn on the trusted server option */
	auditwrite(AW_SERVER, AW_END);

/* Write a record to the audit trail */
	auditwrite(AW_EVENT, "AUE_second_signature",
		AW_TEXT, "Some text",
		AW_WRITE, AW_END);

/* Write a record to the audit trail with the sensitivity label */
	auditwrite(AW_EVENT, "AUE_second_signature",
		AW_TEXT, "Sensitivity label added",
		AW_SLABEL, &senslabel,
		AW_WRITE, AW_END);

/* Turn off the trusted server option */
	auditwrite(AW_NOSERVER, AW_END);

/* Write a final record to the audit trail */
	auditwrite(AW_EVENT, "AUE_second_signature",
		AW_TEXT, "Some more text",
		AW_WRITE, AW_END);

The viewing terminal shows these records:


header,38,2,second signature requested,,Wed Sep 11 12:46:41 1996
 + 710 msec
text,Some text
return,success,0

header,38,2,second signature requested,,Wed Sep 11 12:46:41 1996
 + 780 msec
text,Sensitivity label added 
slabel,S
return,success,0

header,112,2,second signature requested,,Wed Sep 11 12:46:41 1996
 + 799 msec
text,Some more text
return,success,0

subject,zelda,zelda,staff,zelda,staff,420,286,0 0 phoenix
slabel,C
return,success,0