Appendix B Trusted Solaris Interfaces Reference
This appendix has programming interface listings and chapter cross-references. Declaration listings are grouped by security topic. Name and section number listings are grouped by system calls, kernel functions, and library routines.
System Security Configuration
See Chapter 2, Getting Started.
long secconf(int name);
File System Security Attributes and Flags
See Chapter 2, Getting Started.
int fgetfsattr(int fd, u_long type, void *buf_P); int fgetfattrflag(const char *path, secflgs_t *flags); int fsetfattrflag(int fildes, secflgs_t *flags); int getfattrflag(int fildes, secflgs_t *flags); int getfsattr(char *path, u_long type, void *buf_P, int len); int setfattrflag(const char *path, secflgs_t which, secflgs_t flags); int mldgetfattrflag(const char *path, secflgs_t *flags) int mldsetfattrflag(const char * path, secflgs_t which, secflgs_t flags))
Process Security Attribute Flags
See Chapter 2, Getting Started.
int getpattr(pattr_type_t type, pattr_flag_t *value); int setpattr(pattr_type_t type, pattr_flag_t value);
Privileges
int fgetfpriv(int fd, priv_ftype_t type, priv_set_t *priv_set);
int fsetfpriv(int fd, priv_op_t op, priv_ftype_t type,
priv_set_t *priv_set);
int getfpriv(char *path, priv_ftype_t type, priv_set_t *priv_set);
int getppriv(priv_ptype_t type, priv_set_t *priv_set);
int setfpriv(char *path, priv_op_t op, priv_ftype_t type,
priv_set_t *priv_set);
int setppriv(priv_op_t op, priv_ptype_t type, priv_set_t *priv_set);
int setppriv(priv_op_t op, priv_ptype_t type, priv_set_t *priv_set);
char *get_priv_text(const priv_t priv_id);
char *priv_to_str(const priv_t priv_id);
char *priv_set_to_str(priv_set_t *priv_set, const char sep,
char *buf, int *blen);
priv_t str_to_priv(const char *priv_name);
char *str_to_priv_set(const char *priv_names, priv_set_t *priv_set,
const char *sep);
Privilege Macros
PRIV_ASSERT(priv_set, priv_id) PRIV_CLEAR(priv_set, priv_id) PRIV_EMPTY(priv_set) PRIV_EQUAL(priv_set_a, Priv_set_b) PRIV_FILL(priv_set) PRIV_INTERSECT(priv_set_a, priv_set_b) PRIV_INVERSE(priv_set) PRIV_ISASSERT(priv_set, priv_id) PRIV_ISEMPTY(priv_set) PRIV_ISFULL(priv_set) PRIV_ISSUBSET(priv_set_a, priv_set_b) PRIV_TEST(priv_id, errno) PRIV_UNION(priv_set_a, priv_set_b) PRIV_XOR(priv_set_a, priv_set_b,)
Labels
See Chapter 4, Labels.
File Systems
int getcmwfsrange(char *path, brange_t *range); int fgetcmwfsrange(int fd, brange_t *range);
Label Encodings File
char bltocolor(const blevel_t *label); char bltocolor_t(const blevel_t *label, const int size, char *color_name); int labelinfo(struct label_info *info); int labelvers(char **version, const int length);
Reentrant Routines
char halloc(const unsigned char id); void hfree(char *hex); char *bcltoh_r(const bclabel_t *label, char *hex); char *bsltoh_r(const bslabel_t *label, char *hex);
Levels
int blequal(const blevel_t *level1, const blevel_t *level2); int bldominates(const blevel_t *level1, const blevel_t *level2); int blstrictdom(const blevel_t *level1, const blevel_t *level2); int blinrange(const blevel_t *level, const brange_t *range); void blmaximum(blevel_t *maximum_label, const blevel_t *bounding_label); void blminimum(blevel_t *minimum_label, const blevel_t *bounding_label);
Label Types
int bltype(const void *label, const unsigned char type); void setbltype(void *label, const unsigned char type);
Sensitivity Labels
void bslhigh(bslabel_t *label);
void bsllow(bslabel_t *label);
void bslundef(bslabel_t *label);
int bslvalid(const bslabel_t *senslabel);
int blinset(const blevel_t *senslabel, const set_id *id);
int bsltos(const bslabel_t *label, char **string, const int length,
const int flags);
int stobsl(const char *string, bslabel_t *label, const int flags,
int *error);
char *sbsltos(const bslabel_t *label, const int length);
char *bsltoh(const bslabel_t *label);
int htobcl(const char *hex, bclabel_t *label);
CMW Labels
int getcmwlabel(const char *path, const bclabel_t *label);
int setcmwlabel(const char *path, const bclabel_t *label,
const setting_flag_t flag);
int fgetcmwlabel(const int fd, bclabel_t *label);
int fsetcmwlabel(const int fd, const bclabel_t *label,
const setting_flag_t flag);
int lgetcmwlabel(const int fd, bclabel_t *label);
int lsetcmwlabel(const int fd, const bclabel_t *label,
const setting_flag_t flag);
int getcmwplabel(const bclabel_t *label);
int setcmwplabel(const bclabel_t *label, const setting_flag_t flag);
void bclhigh(bclabel_t *label);
void bcllow(bclabel_t *label);
void bclundef(bclabel_t *label);
void getcsl(bslabel_t *destination_label, const bclabel_t *source_label);
void setcsl(bclabel_t *destination_label, const bslabel_t *source_label);
int bcltos(const bclabel_t *label, char **string, const int length,
const int flags);
int stobcl(const char *string, bclabel_t *label, const int flags,
int *error);
char *sbcltos(const bclabel_t *label, const int length);
char *bcltobanner(const bclabel_t *label, struct banner_fields *fields,
const int flags);
bslabel_t *bcltosl(bclabel_t *label);
char *bcltoh(const bclabel_t *label);
int htobcl(const char *hex, bclabel_t *label);
Label Clipping Interfaces
See Chapter 14, Trusted X Window System.
XmString Xbcltos(Display *display, const bclabel_t *cmwlabel, const Dimension width, const XmFontList fontlist, const int flags); XmString Xbsltos(Display *display, const bslabel_t *senslabel, const Dimension width, const XmFontList fontlist, const int flags); XmString Xbcleartos(Display *display, const bclear_t *clearance, const Dimension width, const XmFontList fontlist, const int flags);
Clearances
See Chapter 6, Process Clearance.
int getclearance(bclear_t *clearance);
int setclearance(bclear_t *clearance);
void bclearhigh(bclear_t *clearance);
void bclearlow(bclear_t *clearance);
void bclearundef(bclear_t *clearance);
int blequal(const blevel_t *level1, const blevel_t *level2);
int bldominates(const blevel_t *level1, const blevel_t *level2);
int blstrictdom(const blevel_t *level1, const blevel_t *level2);
int blinrange(const blevel_t *level, const brange_t *range);
void blmaximum(blevel_t *maximum_label, const blevel_t *bounding_label);
void blminimum(blevel_t *minimum_label, const blevel_t *bounding_label);
int bltype(const void *clearance, const unsigned char type);
void setbltype(void *clearance, const unsigned char type);
int bclearvalid(const bclear_t *clearance);
int bcleartos(const bclear_t *clearance, char **string, const int len,
const int flags);
int stobclear(const char *string, bclear_t *clearance, const int flags,
int *error);
char *sbcleartos(const bclear_t *clearance, const int len);
char *bcleartoh(const bclear_t *clearance);
int htobclear(const char *s, bclear_t *clearance);
char *h_alloc(const unsigned char id);
void h_free(char *hex);
char *bcleartoh_r(const bclear_t *clearance, char *hex);
Application Auditing
See Chapter 8, Application Auditing.
int auditwrite(..., AW_END);
Multilevel Directories
See Chapter 7, Multilevel Directories and Chapter 2, Getting Started.
int getsldname(const char *path_name, const bslabel_t *slabel,
char *name_buf, const int len);
int fgetsldname(const int fd, const bslabel_t *slabel_p,
char *name_buf, const int len);
int getmldadorn(const char *path_name, char *adorn_buf);
int fgetmldadorn(const int fd, char adorn_buf);
int mldstat(const char *path_name,struct stat *stat_buf);
int mldlstat(const char *path_name, struct stat *stat_buf);
char *mldgetcwd(char *buf, size_t size);
int adornfc(const char *path_namechar *adorned_name);
char *mldrealpath(const char *path_name, char *resolved_path);
char *mldrealpathl(const char *path_name, char *resolved_path,
const bslabel_t *senslabel);
/* These system calls are described in Chapter 2, Getting Started.
int mldgetfattrflag(const char *path, secflgs_t *flags)
int mldsetfattrflag(const char *path, secflgs_t which, secflgs_t flags))
Database Access
See Chapter 9, Accessing User and Rights Profile Data.
userattr_t *getuserattr(void); userattr_t *getusernam(const char *name); userattr_t *getuseruid(uid_t uid); void *free_userattr(userattr_t *userattr); void setuserattr(void); void enduserattr(void); profattr_t *getprofattr(void); profattr_t *getprofnam(const char *name); void free_profattr(profattr_t *pd); void setprofattr(void); void endprofattr(void); void getproflist(const char *profname, char **proflist, int*profcnt); void free_proflist(char **proflist, int profcnt); execattr_t *getexecattr(void); void free_execattr(execattr_t *ep); void setexecattr(void); void endexecattr(void); execattr_t *getexecuser(const char *username, const char *type, const char *id, int search_flag); execattr_t *getexecprof(const char *profname, const char *type, const char *id, int search_flag); execattr_t *match_execattr(execattr_t *ep, char *profname, char *type, char *id);
System V IPC
See Chapter 11, System V Interprocess Communication.
Message Queues
int getmsgqcmwlabel(int msqid, bclabel_t *cmwlabel); int msggetl(key_t key, int msgflg, bslabel_t *senslabel);
Semaphore Sets
int getsemcmwlabel(int semid, bclabel_t *cmwlabel); int semgetl(key_t key, int nsems, int semflg, bslabel_t *senslabel);
Shared Memory Regions
int getshmcmwlabel(int shmid, bclabel_t *cmwlabel); int shmgetl(key_t key, size_t size, int shmflg,bslabel_t *senslabel);
TSIX
See Chapter 12, Trusted Security Information Exchange Library
t6mask_t t6supported_attrs(void); t6mask_t t6allocated_attrs(t6attr_t t6ctl); t6mask_t t6present_attrs(t6attr_t t6ctl); t6attr_t t6alloc_blk(t6mask_t mask); void t6free_blk(t6attr_t t6ctl); int t6sendto(int sock, const char *msg, size_t len, int flags, const struct sockaddr *name, socklen_t namelen, const t6attr_t handle); int t6recvfrom(int sock, void *buffer, size_t len, int flags, struct sockaddr *name, Psocklen_t namelenp, t6attr_t handle, t6mask_t *new_mask); int t6new_attr(int fd, t6cmd_t cmd); void *t6get_attr(t6attr_id_t attr_type, const t6attr_t t6ctl); int t6set_attr(t6attr_id_t attr_type, const void *attr, t6attr_t t6ctl); int t6peek_attr(int fd, t6attr_t attr_ptr, t6mask_t *new_attrs); int t6last_attr(int fd, t6attr_t attr_ptr, t6mask_t *new_attrs); size_t t6size_attr(t6attr_id_t attr_type, const t6attr_t t6ctl); void t6copy_blk(const t6attr_t attr_src, t6attr_t attr_dest); t6attr_t t6dup_blk(const t6attr_t attr_src); int t6cmp_blk(t6attr_t t6ctl1, t6attr_t t6ctl2); void t6clear_blk(t6mask_t mask, t6attr_t t6ctl); int t6get_endpt_default(int fd, t6mask_t *mask, t6attr_t attr); int t6set_endpt_mask(int fd, t6mask_t mask); int t6set_endpt_default(int fd, t6mask_t mask,const t6attr_t attr_ptr); int t6get_endpt_mask(int fd, t6mask_t *mask); int t6ext_attr(int fd, t6cmd_t cmd);
RPC
There are no Trusted Solaris interfaces for remote procedure calls (RPC). RPC interfaces are modified to work in the Trusted Solaris operating environment. See Chapter 13, Remote Procedure Calls for conceptual information and a simple example application.
Label Builder
See Chapter 15, Label Builder.
ModLabelData *tsol_lbuild_create(Widget widget, void (*event_handler)() OK_callback, ..., NULL); void tsol_lbuild_destroy(ModLabelData *lbdata); XtPointer tsol_lbuild_get(ModLabelData *lbdata, ..., NULL); void tsol_lbuild_set(ModLabelData *lbdata, extended_operation, NULL);
X Window System
See Chapter 14, Trusted X Window System.
Status XTSOLgetResAttributes(Display *display, XID object, ResourceType resourceFlag, XTsolResAttributes *resattrp); Status XTSOLgetPropAttributes(Display *display, Window win, Atom property, XTsolPropAttributes *propattrp); Status XTSOLgetClientAttributes(Display *display, XID win, XTsolClientAttributes *clientattrp); Status XTSOLgetResLabel(Display *display, XID object, ResourceType resourceFlag, bclabel_t *cmwlabel); void XTSOLsetResLabel(Display *display, XID object, ResourceType resourceFlag, bclabel_t *cmwLabel, enum setting_flag labelFlag); Status XTSOLgetResUID(Display *display, XID object, ResourceType resourceFlag, uid_t *uidp); void XTSOLsetResUID(Display *display, XID object, ResourceType resourceFlag, uid_t *uidp); Status XTSOLgetPropLabel(Display *display, Window win, Atom property, bclabel_t *cmwlabel); void XTSOLsetPropLabel(Display *display, Window win, Atom property, bclabel_t *cmwLabel, enum setting_flag labelFlag); Status XTSOLgetPropUID(Display *display, Window winID, Atom property, uid_t *uidp); void XTSOLsetPropUID(Display *display, Window win, Atom property, uid_t *uidp); Status XTSOLgetWorkstationOwner(Display *display, uid_t *uidp); void XTSOLsetWorkstationOwner(Display *display, uid_t *uidp); void XTSOLsetSessionHI(Display *display, bclear_t *clearance); void XTSOLsetSessionLO(Display *display, bslabel_t *sl) void XTSOLMakeTPWindow(Display *dpy, Window win); Bool XTSOLIsWindowTrusted(Display *display, Window win); Status XTSOLgetSSHeight(Display *display, int screen_num, int *newHeight); void XTSOLsetSSHeight(Display *display, int screen_num, int newHeight); void XTSOLsetPolyInstInfo(Display *dpy, bslabel_t *senslabel, uid_t *userID, int enabled);
Trusted Streams
These interfaces are kernel interfaces for creating trusted streams. See the man pages for information on them. They may be documented in this guide at a later date.
tsol_strattr_t *tsol_get_strattr(mblk_t *mp); void tsol_set_strattr(mblk_t *mp, tsol_strattr_t *strattr);
System Calls
The system calls listing is organized alphabetically. It provides the chapter number where the interface is covered in this guide. You can also use the information to find the interface declaration in one of the previous topical lists.
Table B-1 System Calls|
Programming Interface |
Where Covered |
|---|---|
Trusted Kernel Functions for Drivers
The trusted kernel functions listing is organized alphabetically. See the man pages or "Trusted Streams" for information on them. They may be documented in this guide at a later date.
Library Routines
The library routines listing is organized alphabetically. It provides the chapter number where the interface is covered in this guide. You can also use the information to find the interface declaration in one of the previous topical lists.
Table B-2 Library Routines|
Library Routine |
Where Covered |
|---|---|
- © 2010, Oracle Corporation and/or its affiliates