| | | | |
| A |
| |
| | abbreviations in names (  ) |
| |
| | access |
| | | checks |
| | | | executing a file ( ) |
| | | | IPC files ( ) |
| | | | mapped memory ( ) |
| | | | MLDs ( ) |
| | | | network ( ) ( ) |
| | | | opening a file ( ) |
| | | | pipes ( ) ( ) |
| | | | process tracing ( ) |
| | | | processes ( ) |
| | | | PTYs ( ) |
| | | | signals ( ) |
| | | | SLDs ( ) |
| | | | sockets ( ) |
| | | | System V IPC ( ) ( ) |
| | | | TLI ( ) |
| | | | writing to a file ( ) |
| | | | X Window System ( ) |
| | | discretionary operations ( ) |
| | | file labels ( ) |
| | | file privileges ( ) |
| | | file systems |
| | | | code examples ( ) |
| | | | privileges ( ) |
| | | | security policy ( ) |
| | | guidelines for labels ( ) |
| | | mandatory operations ( ) |
| | | multilevel port connections ( ) |
| | | protection ( ) |
| |
| | accreditation ranges |
| | | checking ( ) ( ) |
| | | networks ( ) |
| | | structures ( ) |
| |
| | ACLs, information on ( ) |
| |
| | actions |
| | | assigning inheritable privileges ( ) |
| | | creating ( ) |
| |
| | ADMIN_HIGH label |
| | | defined ( ) |
| | | initialize to ( ) |
| | | running applications ( ) |
| |
| | ADMIN_LOW label |
| | | defined ( ) |
| | | initialize to ( ) |
| | | running applications ( ) |
| |
| | adorned pathnames |
| | | described ( ) |
| | | translating ( ) |
| |
| | adornfc routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | algorithms, process privileges ( ) |
| |
| | allowed privileges |
| | | defined ( ) |
| | | on file systems ( ) |
| | | set to none during write ( ) |
| | | turning off ( ) |
| |
| | APIs |
| | | declarations ( ) |
| | | list of types ( ) ( ) |
| | | security policy on man pages ( ) |
| |
| | application auditing |
| | | API declarations ( ) |
| | | argument information ( ) |
| | | audit trail ( ) |
| | | command line arguments ( ) |
| | | control commands ( ) |
| | | creating audit records ( ) |
| | | creating parallel audit records ( ) |
| | | described ( ) |
| | | event definition numbers ( ) |
| | | invalid call ( ) |
| | | IPC identifier ( ) |
| | | preselection mask ( ) |
| | | privilege sets ( ) |
| | | privileged tasks ( ) ( ) |
| | | process preselection mask ( ) |
| | | queueing record information ( ) |
| | | return token ( ) |
| | | return values ( ) |
| | | save area ( ) |
| | | sensitivity label ( ) |
| | | server area ( ) |
| | | subject token ( ) |
| | | terminator command ( ) |
| | | token commands ( ) |
| | | valid call ( ) |
| |
| | applications |
| | | administrative ( ) |
| | | integration ( ) |
| | | MLDs ( ) |
| | | testing and debugging ( ) |
| | | user ( ) |
| |
| | atoms, predefined ( ) |
| |
| | audit_class file |
| | | application auditing ( ) |
| | | creating class ( ) |
| |
| | audit classes |
| | | process preselection mask ( ) |
| | | third-party ( ) |
| |
| | audit_control file |
| | | application auditing ( ) |
| | | process preselection mask ( ) |
| |
| | audit_event file |
| | | application auditing ( ) |
| | | creating event ( ) |
| |
| | audit events |
| | | third-party ( ) |
| | | viewing ( ) |
| |
| | audit records |
| | | creating in an application ( ) |
| | | minimum ( ) |
| |
| | audit tokens |
| | | return token ( ) |
| | | subject token structure ( ) |
| |
| | auditid field ( ) |
| |
| | auditing |
| | | preselection mask |
| | | | classes on file systems ( ) |
| | | public files and directories ( ) |
| |
| | auditwrite routine |
| | | code examples ( ) ( ) ( ) |
| | | declaration ( ) |
| | | invalid call ( ) |
| | | valid call ( ) |
| |
| | authorizations |
| | | and privileges ( ) ( ) |
| | | Label builder ( ) |
| | | when to check ( ) |
| |
| | AW_ARG token command ( ) |
| |
| | AW_DEFAULTRD token command ( ) |
| |
| | AW_DISCARDRD token command ( ) |
| |
| | AW_END terminator command ( ) |
| |
| | AW_EVENT token command ( ) |
| |
| | AW_EXEC_ARGS token command ( ) |
| |
| | AW_FLUSH token command ( ) |
| |
| | AW_GETRD token command ( ) |
| |
| | AW_IPC token command ( ) |
| |
| | AW_NOPRESELECT token command ( ) |
| |
| | AW_NOQUEUE token command ( ) |
| |
| | AW_NOSAVE token command ( ) |
| |
| | AW_NOSERVER token command ( ) |
| |
| | AW_PATH token command ( ) |
| |
| | AW_PRESELECT token command ( ) |
| |
| | AW_PRIVILEGE token command ( ) |
| |
| | AW_QUEUE token command ( ) |
| |
| | AW_RETURN token command ( ) ( ) |
| |
| | AW_SAVERD token command ( ) |
| |
| | AW_SERVER token command ( ) |
| |
| | AW_SLABEL token command ( ) ( ) |
| |
| | AW_SUBJECT token command ( ) |
| |
| | AW_TEXT token command ( ) |
| |
| | AW_USERD token command ( ) |
| | | | |
| C |
| |
| | caveats field ( ) |
| |
| | caveats_len field ( ) ( ) |
| |
| | channels field ( ) |
| |
| | channels_len field ( ) ( ) |
| |
| | chkauth routine, code example ( ) |
| |
| | cl_tsol_incoming_attrsp field ( ) |
| |
| | cl_tsol_outgoing_attrsp field ( ) |
| |
| | clabel_len field ( ) |
| |
| | classifications |
| | | clearance component ( ) |
| | | dominate ( ) ( ) |
| | | equal ( ) ( ) |
| | | SL component ( ) |
| | | strictly dominate ( ) ( ) |
| |
| | clear_len field ( ) |
| |
| | clearances |
| | | checking clearances ( ) |
| | | session ( ) |
| | | user ( ) |
| |
| | CLIENT structure ( ) |
| |
| | CMW labels |
| | | API declarations ( ) |
| | | components ( ) |
| | | defined ( ) |
| | | file systems ( ) |
| | | objects ( ) |
| | | processes ( ) |
| |
| | code examples |
| | | accreditation range, checking ( ) |
| | | auditing |
| | | | adding a sensitivity label ( ) |
| | | | creating audit records ( ) |
| | | | creating mimimum record ( ) |
| | | | creating parallel records ( ) |
| | | | handling return values ( ) |
| | | | invalid call ( ) |
| | | | preliminary setup ( ) ( ) |
| | | | queueing information ( ) |
| | | | using preselection mask ( ) |
| | | | using save area ( ) |
| | | | using server area ( ) |
| | | | valid call ( ) |
| | | | writing arguments ( ) |
| | | | writing command line arguments ( ) |
| | | | writing IPC identifier ( ) |
| | | | writing privilege sets ( ) |
| | | authorizations |
| | | | and privileges ( ) |
| | | | checking ( ) |
| | | checking labels ( ) |
| | | clearances |
| | | | checking before file access ( ) |
| | | | checking if valid ( ) |
| | | | checking prior to access ( ) |
| | | | checking type ( ) |
| | | | finding lower bound ( ) |
| | | | finding upper bound ( ) |
| | | | getting ( ) |
| | | | initializing to ADMIN_LOW ( ) |
| | | | initializing to undefined ( ) |
| | | | setting ( ) |
| | | | testing relationships ( ) |
| | | | translating ( ) ( ) |
| | | | translating and clipping ( ) |
| | | | translating to hex ( ) ( ) ( ) |
| | | CMW labels |
| | | | getting on file system ( ) |
| | | | getting on window ( ) |
| | | | getting pointers to portions ( ) |
| | | | getting process label ( ) ( ) |
| | | | getting SL ( ) |
| | | | setting on file system ( ) |
| | | | setting on window ( ) |
| | | | setting process label ( ) |
| | | | translating to binary ( ) |
| | | | translating to hex ( ) |
| | | | translating to text ( ) |
| | | databases |
| | | | getting user entries ( ) |
| | | file systems |
| | | | accessing ( ) |
| | | | executing ( ) |
| | | | getting attribute flags ( ) |
| | | | getting attributes ( ) |
| | | | getting attributes (inode) ( ) |
| | | | getting CMW label ( ) |
| | | | getting label range ( ) |
| | | | opening a file ( ) |
| | | | setting CMW label ( ) |
| | | | writing to a file ( ) |
| | | Label builder ( ) |
| | | label_encodings file |
| | | | getting character-coded color names ( ) |
| | | | getting information on ( ) |
| | | | retrieving version string ( ) |
| | | | translating printer banner ( ) |
| | | labels |
| | | | checking accreditation ranges ( ) |
| | | | checking before file access ( ) |
| | | | checking if valid ( ) |
| | | | creating ( ) |
| | | | finding lower bound ( ) |
| | | | finding upper bound ( ) |
| | | | getting file system range ( ) |
| | | | initializing ( ) |
| | | | testing relationships ( ) |
| | | | translating to binary ( ) |
| | | | translating to text ( ) |
| | | | translating with font list ( ) |
| | | MLDs |
| | | | creating a file ( ) |
| | | | getting adorned name ( ) |
| | | | getting MLD name ( ) |
| | | | getting real path ( ) |
| | | | getting security attribute flags ( ) |
| | | | getting security attributes ( ) |
| | | | getting SLD name ( ) |
| | | | getting working directory ( ) |
| | | | opening a file ( ) |
| | | printer banner, translating ( ) |
| | | privilege sets |
| | | | bracketing effective set ( ) |
| | | | checking allowed set ( ) |
| | | | checking permitted set ( ) |
| | | | checking saved set ( ) |
| | | | clearing allowed set ( ) |
| | | | clearing effective set ( ) |
| | | | clearing inheritable set ( ) |
| | | | exec'ing a process ( ) |
| | | | forking a process ( ) |
| | | | removing permitted privs ( ) |
| | | | setting forced set on file ( ) |
| | | | setting inheritable set ( ) |
| | | | translating set to string ( ) |
| | | privileges |
| | | | after checking authorizations ( ) |
| | | | and authorizations ( ) |
| | | | asserting privileges in sets ( ) |
| | | | getting description text ( ) |
| | | | setting user ID ( ) |
| | | | translating ID to string ( ) |
| | | | translating string to ID ( ) |
| | | | when to use ( ) |
| | | processes, getting attribute flags ( ) |
| | | RPC |
| | | | example application ( ) ( ) |
| | | | header file ( ) |
| | | | running the application ( ) |
| | | security configuration variables ( ) |
| | | SLDs |
| | | | creating a file ( ) |
| | | | getting name ( ) |
| | | | getting security attributes ( ) |
| | | | getting SLD name ( ) |
| | | | getting working directory ( ) |
| | | | opening a file ( ) |
| | | System V IPC |
| | | | using shared memory labels ( ) |
| | | TSIX |
| | | | allocating space ( ) |
| | | | clearing attributes ( ) |
| | | | client application ( ) ( ) |
| | | | comparing attributes ( ) |
| | | | copying attribute structures ( ) |
| | | | creating attribute masks ( ) |
| | | | duplicating structures ( ) |
| | | | examining the last attribute ( ) |
| | | | example application ( ) ( ) |
| | | | freeing allocated space ( ) |
| | | | getting attribute size ( ) |
| | | | getting attributes ( ) |
| | | | getting endpoint defaults ( ) |
| | | | getting endpoint mask ( ) |
| | | | peeking at attributes ( ) |
| | | | receiving attributes ( ) |
| | | | receiving new attributess ( ) |
| | | | replying to request ( ) |
| | | | sending attributes ( ) |
| | | | server application ( ) |
| | | | setting attributes ( ) |
| | | | setting endpoint defaults ( ) |
| | | | setting enpoint mask ( ) |
| | | | using multilevel ports ( ) |
| | | vfstab_adjunct file ( ) |
| | | X Window System |
| | | | getting window attributes ( ) |
| | | | getting window CMW label ( ) |
| | | | getting window userID ( ) |
| | | | getting workstation owner ( ) |
| | | | Motif application ( ) |
| | | | setting window CMW label ( ) |
| | | | translating with font list ( ) |
| |
| | command arguments |
| | | control ( ) |
| | | terminator ( ) |
| | | token ( ) |
| |
| | communication endpoints |
| | | access checks ( ) ( ) |
| | | connections described ( ) |
| | | objects ( ) |
| | | security attributes (TSIX) ( ) |
| |
| | compartments |
| | | clearance component ( ) |
| | | dominate ( ) ( ) |
| | | equal ( ) ( ) |
| | | SL component ( ) |
| | | strictly dominate ( ) ( ) |
| |
| | compile |
| | | auditing libraries ( ) |
| | | clearance libraries ( ) |
| | | Label builder libraries ( ) |
| | | label libraries ( ) |
| | | MLD libraries ( ) |
| | | privilege libraries ( ) |
| | | profile database access libraries ( ) |
| | | RPC libraries ( ) |
| | | SLD libraries ( ) |
| | | System V IPC libraries ( ) |
| | | TSIX libraries ( ) |
| | | user database access libraries ( ) |
| | | X Window System libraries ( ) |
| |
| | config.privs file ( ) |
| |
| | connection requests |
| | | security attributes ( ) |
| | | security policy ( ) |
| |
| | control commands ( ) |
| |
| | core files ( ) |
| |
| | covert channels ( ) |
| | | | |
| F |
| |
| | FAF_ALL flag ( ) |
| |
| | FAF_MLD flag ( ) |
| |
| | FAF_PUBLIC flag ( ) |
| |
| | FAF_SLD flag ( ) |
| |
| | features, operating system ( ) |
| |
| | fgetcmwfsrange system call, declaration ( ) |
| |
| | fgetcmwlabel system call, declaration ( ) |
| |
| | fgetfattrflag function, declaration ( ) |
| |
| | fgetfpriv system call, declaration ( ) |
| |
| | fgetfsattr system call, declaration ( ) ( ) |
| |
| | fgetmldadorn system call, declaration ( ) |
| |
| | fgetsldname system call |
| | | creating SLDs ( ) |
| | | declaration ( ) |
| |
| | file_audit privilege ( ) ( ) ( ) |
| |
| | file_dac_execute privilege ( ) |
| |
| | file_dac_read privilege ( ) |
| |
| | file_dac_search privilege ( ) ( ) |
| |
| | file_dac_write privilege ( ) ( ) |
| |
| | file_downgrade_sl privilege ( ) ( ) |
| |
| | file_mac_read privilege ( ) ( ) |
| |
| | file_mac_search privilege ( ) |
| |
| | file_mac_write privilege ( ) |
| |
| | file_owner privilege ( ) ( ) |
| |
| | file_setfpriv privilege ( ) |
| |
| | file_setpriv privilege ( ) |
| |
| | file systems |
| | | access privileges ( ) |
| | | accessing MLDs ( ) |
| | | accessing SLDs ( ) |
| | | ACL information ( ) |
| | | hide upgraded names ( ) |
| | | IPC bind to file ( ) |
| | | objects ( ) |
| | | polyinstantiated ( ) |
| | | privileges, defined ( ) |
| | | security policy ( ) ( ) |
| |
| | files |
| | | allowed privileges ( ) |
| | | forced privileges ( ) |
| | | interpreted ( ) |
| | | label privileges ( ) |
| | | privilege sets ( ) |
| | | privileges for creating core files ( ) |
| | | when writing to executables ( ) |
| |
| | fonts |
| | | font list translation ( ) |
| | | font path privileges ( ) |
| |
| | forced privileges |
| | | clearing ( ) |
| | | defined ( ) |
| | | on file systems ( ) |
| | | set to none during write ( ) |
| | | when turning off allowed ( ) |
| |
| | fork system call |
| | | CMW label values ( ) |
| | | guidelines for changing labels ( ) |
| | | inheritable privileges ( ) |
| | | privileges in child ( ) |
| |
| | FSA_ACL value ( ) |
| |
| | FSA_ACLCNT value ( ) |
| |
| | FSA_AFLAGS value ( ) |
| |
| | FSA_APRIV value ( ) |
| |
| | FSA_APSA value ( ) |
| |
| | FSA_APSACNT value ( ) |
| |
| | FSA_FPRIV value ( ) |
| |
| | FSA_LABEL value ( ) |
| |
| | FSA_LBLRNG value ( ) |
| |
| | FSA_MLDPFX value ( ) |
| |
| | fsetcmwlabel system call, declaration ( ) |
| |
| | fsetfattrflag system call, declaration ( ) |
| |
| | fsetfpriv system call, declaration ( ) |
| | | | |
| L |
| |
| | Label builder |
| | | Cancel pushbutton ( ) |
| | | declarations ( ) |
| | | described ( ) |
| | | extended operations ( ) |
| | | functionality ( ) |
| | | Reset pushbutton ( ) |
| | | SL radio button ( ) |
| |
| | label clipping |
| | | API declarations ( ) ( ) |
| | | translating with font list ( ) |
| |
| | label data types |
| | | accreditation ranges ( ) |
| | | banner fields ( ) |
| | | CMW label structure ( ) |
| | | label information ( ) |
| | | levels ( ) |
| | | sensitivity labels ( ) |
| | | setting flags ( ) |
| | | SL ranges ( ) |
| |
| | label_encodings file |
| | | API declarations ( ) |
| | | color names ( ) |
| | | information on ( ) |
| | | Label builder ( ) |
| | | label translation flag ( ) |
| | | Non-English ( ) |
| | | retrieving version string ( ) |
| | | valid clearances ( ) |
| | | valid labels ( ) |
| | | view flag ( ) |
| |
| | label_info structure ( ) |
| |
| | label ranges |
| | | accreditation ( ) ( ) |
| | | assigning ( ) |
| | | checking ( ) |
| | | described ( ) |
| | | file systems |
| | | | API declarations ( ) |
| | | | data structure ( ) |
| |
| | labelinfo routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | labels |
| | | accreditation ranges ( ) |
| | | acquiring ( ) |
| | | administrative ( ) |
| | | adorned pathnames ( ) |
| | | API declarations ( ) |
| | | | CMW labels ( ) |
| | | | entire ( ) ( ) ( ) |
| | | | file systems ( ) |
| | | | label clipping with font list ( ) |
| | | | label_encodings file ( ) |
| | | | label types ( ) |
| | | | labels ( ) |
| | | | levels ( ) |
| | | | reentrant routines ( ) |
| | | changing on client ( ) |
| | | checking before file access ( ) |
| | | components ( ) |
| | | defined ( ) |
| | | dominate levels ( ) |
| | | equal levels ( ) |
| | | guidelines ( ) ( ) |
| | | | downgrading labels ( ) |
| | | | upgrading labels ( ) |
| | | in CMW label ( ) |
| | | Label builder ( ) |
| | | MAC checks ( ) |
| | | mandatory access ( ) |
| | | on file systems ( ) |
| | | privileged tasks ( ) |
| | | privileges |
| | | | changing process SL ( ) |
| | | | downgrading labels ( ) |
| | | | upgrading labels ( ) |
| | | purpose ( ) |
| | | reentrant routines ( ) ( ) |
| | | relationships ( ) |
| | | replying at equal SL ( ) |
| | | strictly dominate levels ( ) |
| | | System V IPC ( ) |
| | | translation flag ( ) |
| | | TSIX ( ) |
| | | undefined ( ) |
| | | user processes ( ) |
| | | valid ( ) |
| | | view ( ) |
| | | view flag ( ) |
| |
| | labelvers routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | LBUILD_CHECK_AR operation ( ) |
| |
| | LBUILD_LOWER_BOUND operation ( ) |
| |
| | LBUILD_MODE_CLR value ( ) |
| |
| | LBUILD_MODE_CMW value ( ) |
| |
| | LBUILD_MODE operation ( ) |
| |
| | LBUILD_MODE_SL value ( ) |
| |
| | LBUILD_SHOW operation ( ) |
| |
| | LBUILD_TITLE operation ( ) |
| |
| | LBUILD_UPPER_BOUND operation ( ) |
| |
| | LBUILD_USERFIELD operation ( ) |
| |
| | LBUILD_VALUE_CLR operation ( ) |
| |
| | LBUILD_VALUE_CMW operation ( ) |
| |
| | LBUILD_VALUE_SL operation ( ) |
| |
| | LBUILD_VIEW_EXTERNAL value ( ) |
| |
| | LBUILD_VIEW_INTERNAL value ( ) |
| |
| | LBUILD_VIEW operation ( ) |
| |
| | LBUILD_WORK_CMW operation ( ) |
| |
| | LBUILD_WORK_SL operation ( ) |
| |
| | LBUILD_WORKJ_CLR operation ( ) |
| |
| | LBUILD_X operation ( ) |
| |
| | LBUILD_Y operation ( ) |
| |
| | LD_LIBRARY_PATH ( ) |
| |
| | levels |
| | | defined ( ) ( ) |
| | | relationship ( ) |
| | | relationships ( ) |
| | | upper and lower bounds ( ) ( ) |
| |
| | lgetcmwlabel system call, declaration ( ) |
| |
| | libraries, compile |
| | | auditing APIs ( ) |
| | | clearance APIs ( ) |
| | | label APIs ( ) |
| | | Label builder APIs ( ) |
| | | MLD APIs ( ) |
| | | privilege APIs ( ) |
| | | profile database access APIs ( ) |
| | | RPC APIs ( ) |
| | | SLD APIs ( ) |
| | | System V IPC APIs ( ) |
| | | trusted shared libraries ( ) |
| | | TSIX APIs ( ) |
| | | user database access APIs ( ) |
| | | X Window System APIs ( ) |
| |
| | library routines |
| | | API declarations ( ) |
| | | security policy on man pages ( ) |
| |
| | LONG_CLASSIFICATION flag ( ) |
| |
| | LONG_WORDS flag ( ) |
| |
| | lsetcmwlabel system call, declaration ( ) |
| | | | |
| P |
| |
| | packets |
| | | location of security attributes ( ) |
| | | security attributes ( ) |
| |
| | PAF_DISKLESS_BOOT value ( ) |
| |
| | PAF_LABEL_VIEW value ( ) |
| |
| | PAF_LABEL_XLATE value ( ) |
| |
| | PAF_NO_TOKMAP value ( ) |
| |
| | PAF_PRINT_SYSTEM value ( ) |
| |
| | PAF_PRIV_DEBUG value ( ) |
| |
| | PAF_SELAGENT value ( ) |
| |
| | PAF_SELAGNT flag ( ) |
| |
| | PAF_TRUSTED_PATH value ( ) |
| |
| | pathnames |
| | | adorned names ( ) |
| | | translation ( ) |
| |
| | permitted privileges |
| | | checking ( ) |
| | | code example ( ) |
| | | defined ( ) |
| |
| | pfsh command |
| | | determining privilege origination ( ) |
| | | inheriting privileges ( ) |
| |
| | pid field ( ) |
| |
| | pipes, access checks ( ) |
| |
| | polyinstantiation |
| | | described ( ) |
| | | files and directories ( ) |
| | | network connections ( ) |
| |
| | ports, single-level ( ) |
| |
| | praudit command, audit trail ( ) |
| |
| | print server applications ( ) |
| |
| | printer banner page, label translation ( ) |
| |
| | printing flag ( ) |
| |
| | PRIV_ALLOWED value ( ) |
| |
| | PRIV_ASSERT macro |
| | | and str_to_priv routine ( ) |
| | | described ( ) |
| |
| | PRIV_CLEAR macro ( ) |
| |
| | PRIV_EFFECTIVE value ( ) |
| |
| | PRIV_EMPTY macro ( ) |
| |
| | PRIV_EQUAL macro ( ) |
| |
| | PRIV_FILL macro ( ) |
| |
| | PRIV_FORCED value ( ) |
| |
| | priv_ftype_t type ( ) |
| |
| | PRIV_INHERITABLE value ( ) |
| |
| | PRIV_INTERSECT macro ( ) |
| |
| | PRIV_ISASSERT macro |
| | | code example ( ) ( ) |
| | | described ( ) |
| |
| | PRIV_ISEMPTY macro ( ) |
| |
| | PRIV_ISFULL macro ( ) |
| |
| | PRIV_ISSUBSET macro |
| | | described ( ) |
| | | purpose ( ) |
| |
| | PRIV_OFF value ( ) |
| |
| | PRIV_ON value ( ) |
| |
| | priv_op_t type ( ) |
| |
| | PRIV_PERMITTED value ( ) |
| |
| | priv_ptype_t type ( ) |
| |
| | PRIV_SAVED value ( ) |
| |
| | priv_set_t structure ( ) |
| |
| | priv_set_to_str routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | PRIV_SET value ( ) |
| |
| | priv_t type ( ) |
| |
| | PRIV_TEST macro ( ) |
| |
| | priv_to_str routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | PRIV_UNION macro ( ) |
| |
| | PRIV_XOR macro ( ) |
| |
| | privilege APIs |
| | | declarations ( ) ( ) ( ) |
| | | macros ( ) |
| |
| | privilege bracketing |
| | | benefits ( ) |
| | | code example ( ) |
| | | procedure ( ) |
| |
| | privilege data types |
| | | file sets ( ) |
| | | operations on sets ( ) |
| | | privilege ID ( ) |
| | | process sets ( ) |
| | | structure ( ) |
| |
| | privilege debugging |
| | | enabling ( ) ( ) |
| | | flag ( ) |
| |
| | privilege macros |
| | | API declarations ( ) |
| | | asserting privilege example ( ) |
| | | described ( ) |
| | | initializing set example ( ) |
| |
| | privilege sets |
| | | after exec function ( ) |
| | | after fork function ( ) |
| | | algorithms ( ) |
| | | API declarations ( ) |
| | | file ( ) |
| | | on network messages ( ) |
| | | privileged tasks ( ) |
| | | privileges needed ( ) |
| | | process ( ) ( ) |
| | | turning off allowed sey ( ) |
| |
| | privileged process defined ( ) |
| |
| | privileged tasks |
| | | auditing ( ) |
| | | clearance ( ) |
| | | IPC ( ) |
| | | Label builder ( ) |
| | | labels ( ) |
| | | MLDs ( ) |
| | | multilevel port connections ( ) |
| | | privilege sets ( ) |
| | | RPC ( ) |
| | | SLDs ( ) |
| | | System V IPC ( ) |
| | | TSIX ( ) |
| | | X Window System ( ) |
| |
| | privileges |
| | | administrative applications ( ) |
| | | and authorizations ( ) |
| | | API declarations ( ) |
| | | applications, privileged ( ) |
| | | categories |
| | | | file system ( ) |
| | | | IPC ( ) |
| | | | process ( ) |
| | | | system ( ) |
| | | | System V IPC ( ) |
| | | | X Window System ( ) |
| | | contrast to superuser ( ) |
| | | defined ( ) |
| | | delimiters ( ) |
| | | description text API ( ) |
| | | development environment ( ) |
| | | errors ( ) |
| | | guidelines ( ) |
| | | on interpreted files ( ) |
| | | scripts ( ) |
| | | separators ( ) |
| | | TCB ( ) ( ) |
| | | UIDs, changed ( ) |
| | | upgraded names |
| | | | hide ( ) |
| | | user applications ( ) |
| | | when to use ( ) ( ) |
| | | when writing to executable ( ) |
| |
| | proc_audit_appl privilege ( ) |
| |
| | proc_audit_tcb privilege ( ) |
| |
| | proc_mac_owner privilege ( ) |
| |
| | proc_mac_read privilege ( ) |
| |
| | proc_set_sl privilege ( ) |
| |
| | proc_setclr privilege ( ) ( ) |
| |
| | proc_setid privilege ( ) |
| |
| | proc_setsl privilege ( ) |
| |
| | process clearances |
| | | acquiring ( ) |
| | | API declarations ( ) ( ) ( ) |
| | | checking before file access ( ) |
| | | components ( ) |
| | | data types |
| | | | clearance structure ( ) |
| | | | levels ( ) |
| | | described ( ) |
| | | dominate levels ( ) |
| | | equal levels ( ) |
| | | levels defined ( ) |
| | | MAC checks ( ) |
| | | mandatory access operations ( ) |
| | | privileged tasks ( ) |
| | | reentrant routines ( ) |
| | | strictly dominate levels ( ) |
| | | TSIX ( ) |
| | | valid ( ) |
| |
| | process preselection mask |
| | | application auditing ( ) |
| | | changing ( ) |
| | | return token ( ) |
| |
| | process tracing, access checks ( ) |
| |
| | processes |
| | | changing labels, guidelines ( ) |
| | | CMW label, inheriting values ( ) |
| | | effective privilege set ( ) |
| | | inheritable privilege set ( ) |
| | | label privileges ( ) |
| | | objects ( ) |
| | | permitted privilege set ( ) |
| | | privilege sets ( ) |
| | | privileged, defined ( ) |
| | | privileged tasks ( ) |
| | | privileges, defined ( ) |
| | | saved privilege set ( ) |
| |
| | properties |
| | | described ( ) ( ) |
| | | privileges ( ) |
| |
| | property.atoms file ( ) |
| |
| | protect_as field ( ) |
| |
| | protect_as_len field ( ) ( ) |
| |
| | PTYs, access checks ( ) |
| |
| | public.atoms file ( ) |
| | | | |
| S |
| |
| | saved privileges |
| | | change UID, GUID, or SGUID ( ) |
| | | checking ( ) |
| | | defined ( ) |
| | | purpose ( ) |
| |
| | sbcleartos routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | sbcltos routine, declaration ( ) |
| |
| | sbsltos routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | scripts, privileged ( ) |
| |
| | secconf system call |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | security attribute flags |
| | | API declarations ( ) ( ) |
| | | file systems |
| | | | API declarations ( ) |
| | | | contrast with Solaris ( ) |
| | | | manifest constants ( ) ( ) |
| | | processes |
| | | | API declarations ( ) |
| | | | contrast with Solaris ( ) |
| | | | getting and setting ( ) |
| | | | manifest constants ( ) |
| | | | when to use ( ) |
| |
| | security attributes |
| | | access checks ( ) |
| | | access to privileges ( ) |
| | | accessing labels ( ) |
| | | API declarations ( ) |
| | | file systems |
| | | | API declarations ( ) |
| | | | contrast with Solaris ( ) |
| | | | described ( ) |
| | | | manifest constants ( ) |
| | | | vfstab_adjunct file ( ) |
| | | | when to use ( ) |
| | | MLDs ( ) |
| | | on software packages ( ) |
| | | privileges ( ) |
| | | processes ( ) |
| | | RPC ( ) |
| | | TSIX |
| | | | changing ( ) |
| | | | changing procedure ( ) |
| | | | contrast with Solaris ( ) |
| | | | location on packet ( ) |
| | | | sending and receiving ( ) |
| | | X Window System |
| | | | contrast with Solaris ( ) |
| | | | described ( ) |
| |
| | security policy |
| | | accessing MLDs ( ) |
| | | accessing SLDs ( ) |
| | | administrative applications ( ) |
| | | auditing ( ) |
| | | CDE actions ( ) |
| | | clearances ( ) |
| | | command line execution ( ) ( ) |
| | | communication endpoints ( ) |
| | | covert channels ( ) |
| | | discretionary access operations ( ) |
| | | file system examples ( ) |
| | | file systems ( ) |
| | | file systems access ( ) |
| | | file systems privileges ( ) |
| | | IPC ( ) ( ) |
| | | label guidelines ( ) |
| | | labels ( ) |
| | | mandatory access operations ( ) |
| | | mapped memory ( ) |
| | | MLD access ( ) |
| | | multilevel ports ( ) |
| | | on man pages ( ) |
| | | pipes ( ) ( ) |
| | | privilege bracketing ( ) |
| | | privilege guidelines ( ) |
| | | privilege sets ( ) |
| | | privileges |
| | | | when to use ( ) |
| | | privileges, when to use ( ) |
| | | process tracing ( ) |
| | | PTYs ( ) |
| | | read access ( ) |
| | | reading man pages ( ) |
| | | signals ( ) |
| | | SLD access ( ) |
| | | sockets ( ) |
| | | System V IPC ( ) ( ) |
| | | TLI ( ) |
| | | translating labels ( ) ( ) |
| | | user applications ( ) |
| | | write access ( ) |
| | | X Window System ( ) |
| |
| | selection agent flag ( ) |
| |
| | selection.atoms file ( ) |
| |
| | Selection Manager |
| | | bypassing with flag ( ) |
| | | security policy ( ) |
| |
| | semaphore sets |
| | | API declarations ( ) ( ) |
| |
| | semgetl system call, declaration ( ) |
| |
| | sessionid field ( ) |
| |
| | set_effective_priv routine |
| | | code example ( ) ( ) ( ) |
| | | declaration ( ) |
| |
| | set_id structure ( ) |
| |
| | set_inheritable_priv routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | set_permitted_priv routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | setbltype routine |
| | | code example ( ) ( ) |
| | | declaration ( ) ( ) |
| |
| | SETCL_ALL flag ( ) |
| |
| | SETCL_SL flag ( ) |
| |
| | setclearance system call |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | setcmwlabel system call |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | setcmwplabel system call |
| | | code example ( ) |
| | | declaration ( ) |
| | | when to use ( ) |
| |
| | setcsl routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | seteuid system call, and privileges ( ) |
| |
| | setfattrflag system call |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | setfpriv command, scripts ( ) |
| |
| | setfpriv system call |
| | | code example ( ) ( ) |
| | | declaration ( ) |
| |
| | setpattr system call declaration ( ) |
| |
| | setppriv system call |
| | | declaration ( ) |
| | | privilege bracketing ( ) |
| |
| | setreuid system call, and privileges ( ) |
| |
| | setting_flag field ( ) |
| |
| | setuid system call, and privileges ( ) |
| |
| | SGIDs, privilege to change ( ) |
| |
| | shared libraries, trusted ( ) |
| |
| | shared memory regions |
| | | API declarations ( ) ( ) |
| |
| | shell escapes and privileges ( ) |
| |
| | shmgetl system call |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | SHORT_CLASSIFICATION flag ( ) |
| |
| | SHORT_WORDS flag ( ) |
| |
| | signals, access checks ( ) |
| |
| | single-label file systems ( ) |
| |
| | single-level mappings ( ) |
| |
| | single-level ports |
| | | changing client SL ( ) |
| | | described ( ) |
| |
| | sl field ( ) ( ) |
| |
| | slabel_len field ( ) |
| |
| | SLDs |
| | | accessing ( ) |
| | | adorned names ( ) |
| | | API declarations ( ) ( ) |
| | | creating ( ) |
| | | described ( ) |
| | | information structure ( ) |
| | | privileged tasks ( ) |
| | | sensitivity labels ( ) |
| | | structure ( ) |
| |
| | SLs |
| | | See labels | |
| |
| | sockets |
| | | access checks ( ) ( ) ( ) |
| |
| | software packages |
| | | adding new ( ) |
| | | creating ( ) |
| | | editing existing ( ) |
| | | MAC attributes on ( ) |
| | | prototype file ( ) |
| |
| | st_atime field ( ) |
| |
| | st_ctime field ( ) |
| |
| | st_gid field ( ) |
| |
| | st_mode field ( ) |
| |
| | st_mtime field ( ) |
| |
| | st_nlink field ( ) |
| |
| | st_uid field ( ) |
| |
| | stat structure ( ) ( ) ( ) |
| |
| | stobc routine, code example ( ) |
| |
| | stobcl routine, declaration ( ) |
| |
| | stobclear routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | stobsl routine |
| | | code example ( ) ( ) |
| | | declaration ( ) |
| |
| | str_to_priv routine |
| | | and PRIV_ASSERT macro ( ) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | str_to_priv_set routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | strictly dominate levels ( ) ( ) |
| |
| | SUN_CLR_ID value ( ) |
| |
| | SUN_CLR_UN value ( ) |
| |
| | SUN_CMW_ID value ( ) |
| |
| | SUN_SL_ID value ( ) |
| |
| | SUN_SL_UN value ( ) |
| |
| | SVCXPRT structure ( ) |
| |
| | symbolic links |
| | | information structure ( ) |
| | | MLDs ( ) |
| |
| | sys_trans_label privilege ( ) ( ) ( ) ( ) |
| |
| | system, privileges defined ( ) |
| |
| | SYSTEM_ACCREDITATION_RANGE value ( ) |
| |
| | system calls |
| | | API declarations ( ) |
| | | security policy in man pages ( ) |
| |
| | system security configuration |
| | | API declarations ( ) |
| | | variables described ( ) |
| | | when to check ( ) |
| |
| | System V IPC |
| | | access checks ( ) ( ) |
| | | API declarations ( ) ( ) ( ) ( ) |
| | | described ( ) |
| | | discretionary access ( ) |
| | | mandatory access ( ) |
| | | privileged tasks ( ) |
| | | privileges, defined ( ) |
| | | sensitivity label structure ( ) |
| | | | |
| T |
| |
| | T6_AUDIT_ID value ( ) |
| |
| | T6_AUDIT_INFO value ( ) |
| |
| | T6_CLEARANCE value ( ) |
| |
| | T6_GID value ( ) |
| |
| | T6_GROUPS value ( ) |
| |
| | T6_PID value ( ) |
| |
| | T6_PRIVILEGES value ( ) |
| |
| | T6_PROC_ATTR value ( ) |
| |
| | T6_SESSION_IC value ( ) |
| |
| | T6_SL value ( ) |
| |
| | T6_UID value ( ) |
| |
| | t6alloc_blk(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6allocated_attrs(3NSL), code example ( ) |
| |
| | t6allocated_attrs routine, declaration ( ) |
| |
| | t6attr_id_t structure ( ) |
| |
| | t6attr_t structure ( ) |
| |
| | t6clear_blk(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6cmp_blk(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6copy_blk(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6dup_blk(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6ext_attr(3NSL), declaration ( ) |
| |
| | t6free_blk(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6get_attr(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6get_endpt_default(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6get_endpt_mask(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6last_attr(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | T6M_ALL_ATTRS value ( ) |
| |
| | T6M_AUDIT_ID value ( ) |
| |
| | T6M_AUDIT_INFO value ( ) |
| |
| | T6M_CLEARANCE value ( ) |
| |
| | T6M_GID value ( ) |
| |
| | T6M_GROUPS value ( ) |
| |
| | T6M_NO_ATTRS value ( ) |
| |
| | T6M_PID value ( ) |
| |
| | T6M_PRIVILEGES value ( ) |
| |
| | T6M_SESSION_ID value ( ) |
| |
| | T6M_SL value ( ) |
| |
| | T6M_UID value ( ) |
| |
| | t6mask_t structure ( ) |
| |
| | t6new_attr(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6peek_attr(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6present_attrs(3NSL), code example ( ) |
| |
| | t6present_attrs routine, declaration ( ) |
| |
| | t6recvfrom(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6sendto(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6set_attr(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6set_endpt_default(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6set_endpt_mask(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6size_attr(3NSL) |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | t6supported_attrs(3NSL), code example ( ) |
| |
| | t6supported_attrs routine, declaration ( ) |
| |
| | TCB |
| | | network flag ( ) |
| | | privileged applications ( ) |
| |
| | terminator commands ( ) |
| |
| | testing and debugging applications ( ) |
| |
| | text, color names ( ) |
| |
| | TLI |
| | | access checks ( ) |
| | | objects ( ) |
| |
| | token commands ( ) |
| |
| | translation |
| | | adorned pathnames ( ) |
| | | clearances |
| | | | binary and hexadecimal ( ) |
| | | | binary to hex ( ) |
| | | | binary to text ( ) |
| | | | binary to text, clipped ( ) |
| | | | forms ( ) |
| | | | reentrant routines ( ) |
| | | | text to binary ( ) |
| | | CMW labels |
| | | | binary to hex ( ) |
| | | | binary to text ( ) |
| | | | input form ( ) |
| | | | output form ( ) |
| | | | text to binary ( ) |
| | | font list ( ) |
| | | labels |
| | | | binary and hexadecimal ( ) ( ) |
| | | | binary and text rules ( ) |
| | | | binary to text ( ) ( ) |
| | | | binary to text guidelines ( ) |
| | | | flag values ( ) |
| | | | font list ( ) |
| | | | forms ( ) |
| | | | input form ( ) |
| | | | output form ( ) |
| | | | reentrant routines ( ) |
| | | | text to binary correction ( ) |
| | | | view ( ) |
| | | privileges |
| | | | ID to string ( ) |
| | | | string to ID ( ) |
| | | privileges, binary and text ( ) |
| | | privileges needed ( ) ( ) |
| | | reentrant binary to hex ( ) |
| |
| | Trojan horse protection ( ) |
| |
| | trusted path, attribute flag ( ) |
| |
| | trusted shared libraries ( ) |
| |
| | trusted streams |
| | | API declarations ( ) ( ) |
| | | objects ( ) |
| |
| | TSIX library |
| | | API declarations ( ) ( ) ( ) |
| | | attribute enumerations ( ) |
| | | attribute masks ( ) |
| | | attribute structure ( ) |
| | | changing client SL ( ) |
| | | changing security attributes ( ) ( ) |
| | | client application ( ) ( ) |
| | | described ( ) |
| | | example application ( ) ( ) |
| | | network accreditation range ( ) |
| | | privileged tasks ( ) |
| | | replying at equal SL ( ) |
| | | security attributes ( ) |
| | | server application ( ) |
| |
| | TSOL_AUTH_FILE_DOWNGRADE authorization ( ) |
| |
| | TSOL_HIDE_UPGRADED_NAMES variable ( ) |
| |
| | tsol_lbuild_create routine |
| | | declaration ( ) |
| | | description ( ) |
| |
| | tsol_lbuild_destroy routine, declaration ( ) |
| |
| | tsol_lbuild_get routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | tsol_lbuild_set routine |
| | | code example ( ) |
| | | declaration ( ) |
| | | | |
| X |
| |
| | X Window System |
| | | API declarations ( ) ( ) ( ) |
| | | client attributes structure ( ) |
| | | defaults ( ) |
| | | input devices ( ) |
| | | label clipping API declarations ( ) |
| | | Motif source code ( ) |
| | | object attribute structure ( ) |
| | | object type definition ( ) |
| | | objects ( ) ( ) |
| | | override-redirect ( ) |
| | | predefined atoms ( ) |
| | | privileged tasks ( ) |
| | | privileges, defined ( ) |
| | | properties ( ) |
| | | property attribute structure ( ) |
| | | protocol extensions ( ) |
| | | resource file ( ) |
| | | root window ( ) |
| | | security attributes |
| | | | contrast with Solaris ( ) |
| | | | described ( ) |
| | | security policy ( ) |
| | | Selection Manager ( ) |
| | | server control ( ) |
| |
| | xbcleartos routine, declaration ( ) |
| |
| | xbcltos routine, declaration ( ) |
| |
| | xbsltos routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | Xlib |
| | | API declarations ( ) ( ) |
| | | described ( ) |
| | | objects ( ) |
| |
| | xp_tsol_incoming_attrsp field ( ) |
| |
| | xp_tsol_incoming_new_attrs field ( ) |
| |
| | xp_tsol_outgoing_attrsp field ( ) |
| |
| | Xsession file ( ) |
| |
| | XTsolClientAttributes structure ( ) |
| |
| | XTSOLgetClientAttributes routine, declaration ( ) |
| |
| | XTSOLgetPropAttributes routine, declaration ( ) |
| |
| | XTSOLgetPropLabel routine, declaration ( ) |
| |
| | XTSOLgetPropUID routine, declaration ( ) |
| |
| | XTSOLgetResAttributes routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | XTSOLgetResLabel routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | XTSOLgetResUID routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | XTSOLgetSSHeight routine, declaration ( ) |
| |
| | XTSOLgetWorkstationOwner routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | XTSOLIsWindowTrusted routine, declaration ( ) |
| |
| | XTSOLmakeTPWindow routine, declaration ( ) |
| |
| | XTsolPropAttributes structure ( ) |
| |
| | XTsolResAttributes structure ( ) |
| |
| | XTSOLsetPropLabel routine, declaration ( ) |
| |
| | XTSOLsetPropUID routine, declaration ( ) |
| |
| | XTSOLsetResLabel routine |
| | | code example ( ) |
| | | declaration ( ) |
| |
| | XTSOLsetSessionHI routine, declaration ( ) |
| |
| | XTSOLsetSessionLO routine, declaration ( ) |
| |
| | XTSOLsetSSHeight routine, declaration ( ) |
| |
| | XTSOLsetWorkstationOwner routine, declaration ( ) |
| |
| | Xtsolusersession file ( ) |
