| | | |
A |
|
| abbreviations in names ( ) |
|
| access |
| | checks |
| | | executing a file ( ) |
| | | IPC files ( ) |
| | | mapped memory ( ) |
| | | MLDs ( ) |
| | | network ( ) ( ) |
| | | opening a file ( ) |
| | | pipes ( ) ( ) |
| | | process tracing ( ) |
| | | processes ( ) |
| | | PTYs ( ) |
| | | signals ( ) |
| | | SLDs ( ) |
| | | sockets ( ) |
| | | System V IPC ( ) ( ) |
| | | TLI ( ) |
| | | writing to a file ( ) |
| | | X Window System ( ) |
| | discretionary operations ( ) |
| | file labels ( ) |
| | file privileges ( ) |
| | file systems |
| | | code examples ( ) |
| | | privileges ( ) |
| | | security policy ( ) |
| | guidelines for labels ( ) |
| | mandatory operations ( ) |
| | multilevel port connections ( ) |
| | protection ( ) |
|
| accreditation ranges |
| | checking ( ) ( ) |
| | networks ( ) |
| | structures ( ) |
|
| ACLs, information on ( ) |
|
| actions |
| | assigning inheritable privileges ( ) |
| | creating ( ) |
|
| ADMIN_HIGH label |
| | defined ( ) |
| | initialize to ( ) |
| | running applications ( ) |
|
| ADMIN_LOW label |
| | defined ( ) |
| | initialize to ( ) |
| | running applications ( ) |
|
| adorned pathnames |
| | described ( ) |
| | translating ( ) |
|
| adornfc routine |
| | code example ( ) |
| | declaration ( ) |
|
| algorithms, process privileges ( ) |
|
| allowed privileges |
| | defined ( ) |
| | on file systems ( ) |
| | set to none during write ( ) |
| | turning off ( ) |
|
| APIs |
| | declarations ( ) |
| | list of types ( ) ( ) |
| | security policy on man pages ( ) |
|
| application auditing |
| | API declarations ( ) |
| | argument information ( ) |
| | audit trail ( ) |
| | command line arguments ( ) |
| | control commands ( ) |
| | creating audit records ( ) |
| | creating parallel audit records ( ) |
| | described ( ) |
| | event definition numbers ( ) |
| | invalid call ( ) |
| | IPC identifier ( ) |
| | preselection mask ( ) |
| | privilege sets ( ) |
| | privileged tasks ( ) ( ) |
| | process preselection mask ( ) |
| | queueing record information ( ) |
| | return token ( ) |
| | return values ( ) |
| | save area ( ) |
| | sensitivity label ( ) |
| | server area ( ) |
| | subject token ( ) |
| | terminator command ( ) |
| | token commands ( ) |
| | valid call ( ) |
|
| applications |
| | administrative ( ) |
| | integration ( ) |
| | MLDs ( ) |
| | testing and debugging ( ) |
| | user ( ) |
|
| atoms, predefined ( ) |
|
| audit_class file |
| | application auditing ( ) |
| | creating class ( ) |
|
| audit classes |
| | process preselection mask ( ) |
| | third-party ( ) |
|
| audit_control file |
| | application auditing ( ) |
| | process preselection mask ( ) |
|
| audit_event file |
| | application auditing ( ) |
| | creating event ( ) |
|
| audit events |
| | third-party ( ) |
| | viewing ( ) |
|
| audit records |
| | creating in an application ( ) |
| | minimum ( ) |
|
| audit tokens |
| | return token ( ) |
| | subject token structure ( ) |
|
| auditid field ( ) |
|
| auditing |
| | preselection mask |
| | | classes on file systems ( ) |
| | public files and directories ( ) |
|
| auditwrite routine |
| | code examples ( ) ( ) ( ) |
| | declaration ( ) |
| | invalid call ( ) |
| | valid call ( ) |
|
| authorizations |
| | and privileges ( ) ( ) |
| | Label builder ( ) |
| | when to check ( ) |
|
| AW_ARG token command ( ) |
|
| AW_DEFAULTRD token command ( ) |
|
| AW_DISCARDRD token command ( ) |
|
| AW_END terminator command ( ) |
|
| AW_EVENT token command ( ) |
|
| AW_EXEC_ARGS token command ( ) |
|
| AW_FLUSH token command ( ) |
|
| AW_GETRD token command ( ) |
|
| AW_IPC token command ( ) |
|
| AW_NOPRESELECT token command ( ) |
|
| AW_NOQUEUE token command ( ) |
|
| AW_NOSAVE token command ( ) |
|
| AW_NOSERVER token command ( ) |
|
| AW_PATH token command ( ) |
|
| AW_PRESELECT token command ( ) |
|
| AW_PRIVILEGE token command ( ) |
|
| AW_QUEUE token command ( ) |
|
| AW_RETURN token command ( ) ( ) |
|
| AW_SAVERD token command ( ) |
|
| AW_SERVER token command ( ) |
|
| AW_SLABEL token command ( ) ( ) |
|
| AW_SUBJECT token command ( ) |
|
| AW_TEXT token command ( ) |
|
| AW_USERD token command ( ) |
| | | |
C |
|
| caveats field ( ) |
|
| caveats_len field ( ) ( ) |
|
| channels field ( ) |
|
| channels_len field ( ) ( ) |
|
| chkauth routine, code example ( ) |
|
| cl_tsol_incoming_attrsp field ( ) |
|
| cl_tsol_outgoing_attrsp field ( ) |
|
| clabel_len field ( ) |
|
| classifications |
| | clearance component ( ) |
| | dominate ( ) ( ) |
| | equal ( ) ( ) |
| | SL component ( ) |
| | strictly dominate ( ) ( ) |
|
| clear_len field ( ) |
|
| clearances |
| | checking clearances ( ) |
| | session ( ) |
| | user ( ) |
|
| CLIENT structure ( ) |
|
| CMW labels |
| | API declarations ( ) |
| | components ( ) |
| | defined ( ) |
| | file systems ( ) |
| | objects ( ) |
| | processes ( ) |
|
| code examples |
| | accreditation range, checking ( ) |
| | auditing |
| | | adding a sensitivity label ( ) |
| | | creating audit records ( ) |
| | | creating mimimum record ( ) |
| | | creating parallel records ( ) |
| | | handling return values ( ) |
| | | invalid call ( ) |
| | | preliminary setup ( ) ( ) |
| | | queueing information ( ) |
| | | using preselection mask ( ) |
| | | using save area ( ) |
| | | using server area ( ) |
| | | valid call ( ) |
| | | writing arguments ( ) |
| | | writing command line arguments ( ) |
| | | writing IPC identifier ( ) |
| | | writing privilege sets ( ) |
| | authorizations |
| | | and privileges ( ) |
| | | checking ( ) |
| | checking labels ( ) |
| | clearances |
| | | checking before file access ( ) |
| | | checking if valid ( ) |
| | | checking prior to access ( ) |
| | | checking type ( ) |
| | | finding lower bound ( ) |
| | | finding upper bound ( ) |
| | | getting ( ) |
| | | initializing to ADMIN_LOW ( ) |
| | | initializing to undefined ( ) |
| | | setting ( ) |
| | | testing relationships ( ) |
| | | translating ( ) ( ) |
| | | translating and clipping ( ) |
| | | translating to hex ( ) ( ) ( ) |
| | CMW labels |
| | | getting on file system ( ) |
| | | getting on window ( ) |
| | | getting pointers to portions ( ) |
| | | getting process label ( ) ( ) |
| | | getting SL ( ) |
| | | setting on file system ( ) |
| | | setting on window ( ) |
| | | setting process label ( ) |
| | | translating to binary ( ) |
| | | translating to hex ( ) |
| | | translating to text ( ) |
| | databases |
| | | getting user entries ( ) |
| | file systems |
| | | accessing ( ) |
| | | executing ( ) |
| | | getting attribute flags ( ) |
| | | getting attributes ( ) |
| | | getting attributes (inode) ( ) |
| | | getting CMW label ( ) |
| | | getting label range ( ) |
| | | opening a file ( ) |
| | | setting CMW label ( ) |
| | | writing to a file ( ) |
| | Label builder ( ) |
| | label_encodings file |
| | | getting character-coded color names ( ) |
| | | getting information on ( ) |
| | | retrieving version string ( ) |
| | | translating printer banner ( ) |
| | labels |
| | | checking accreditation ranges ( ) |
| | | checking before file access ( ) |
| | | checking if valid ( ) |
| | | creating ( ) |
| | | finding lower bound ( ) |
| | | finding upper bound ( ) |
| | | getting file system range ( ) |
| | | initializing ( ) |
| | | testing relationships ( ) |
| | | translating to binary ( ) |
| | | translating to text ( ) |
| | | translating with font list ( ) |
| | MLDs |
| | | creating a file ( ) |
| | | getting adorned name ( ) |
| | | getting MLD name ( ) |
| | | getting real path ( ) |
| | | getting security attribute flags ( ) |
| | | getting security attributes ( ) |
| | | getting SLD name ( ) |
| | | getting working directory ( ) |
| | | opening a file ( ) |
| | printer banner, translating ( ) |
| | privilege sets |
| | | bracketing effective set ( ) |
| | | checking allowed set ( ) |
| | | checking permitted set ( ) |
| | | checking saved set ( ) |
| | | clearing allowed set ( ) |
| | | clearing effective set ( ) |
| | | clearing inheritable set ( ) |
| | | exec'ing a process ( ) |
| | | forking a process ( ) |
| | | removing permitted privs ( ) |
| | | setting forced set on file ( ) |
| | | setting inheritable set ( ) |
| | | translating set to string ( ) |
| | privileges |
| | | after checking authorizations ( ) |
| | | and authorizations ( ) |
| | | asserting privileges in sets ( ) |
| | | getting description text ( ) |
| | | setting user ID ( ) |
| | | translating ID to string ( ) |
| | | translating string to ID ( ) |
| | | when to use ( ) |
| | processes, getting attribute flags ( ) |
| | RPC |
| | | example application ( ) ( ) |
| | | header file ( ) |
| | | running the application ( ) |
| | security configuration variables ( ) |
| | SLDs |
| | | creating a file ( ) |
| | | getting name ( ) |
| | | getting security attributes ( ) |
| | | getting SLD name ( ) |
| | | getting working directory ( ) |
| | | opening a file ( ) |
| | System V IPC |
| | | using shared memory labels ( ) |
| | TSIX |
| | | allocating space ( ) |
| | | clearing attributes ( ) |
| | | client application ( ) ( ) |
| | | comparing attributes ( ) |
| | | copying attribute structures ( ) |
| | | creating attribute masks ( ) |
| | | duplicating structures ( ) |
| | | examining the last attribute ( ) |
| | | example application ( ) ( ) |
| | | freeing allocated space ( ) |
| | | getting attribute size ( ) |
| | | getting attributes ( ) |
| | | getting endpoint defaults ( ) |
| | | getting endpoint mask ( ) |
| | | peeking at attributes ( ) |
| | | receiving attributes ( ) |
| | | receiving new attributess ( ) |
| | | replying to request ( ) |
| | | sending attributes ( ) |
| | | server application ( ) |
| | | setting attributes ( ) |
| | | setting endpoint defaults ( ) |
| | | setting enpoint mask ( ) |
| | | using multilevel ports ( ) |
| | vfstab_adjunct file ( ) |
| | X Window System |
| | | getting window attributes ( ) |
| | | getting window CMW label ( ) |
| | | getting window userID ( ) |
| | | getting workstation owner ( ) |
| | | Motif application ( ) |
| | | setting window CMW label ( ) |
| | | translating with font list ( ) |
|
| command arguments |
| | control ( ) |
| | terminator ( ) |
| | token ( ) |
|
| communication endpoints |
| | access checks ( ) ( ) |
| | connections described ( ) |
| | objects ( ) |
| | security attributes (TSIX) ( ) |
|
| compartments |
| | clearance component ( ) |
| | dominate ( ) ( ) |
| | equal ( ) ( ) |
| | SL component ( ) |
| | strictly dominate ( ) ( ) |
|
| compile |
| | auditing libraries ( ) |
| | clearance libraries ( ) |
| | Label builder libraries ( ) |
| | label libraries ( ) |
| | MLD libraries ( ) |
| | privilege libraries ( ) |
| | profile database access libraries ( ) |
| | RPC libraries ( ) |
| | SLD libraries ( ) |
| | System V IPC libraries ( ) |
| | TSIX libraries ( ) |
| | user database access libraries ( ) |
| | X Window System libraries ( ) |
|
| config.privs file ( ) |
|
| connection requests |
| | security attributes ( ) |
| | security policy ( ) |
|
| control commands ( ) |
|
| core files ( ) |
|
| covert channels ( ) |
| | | |
F |
|
| FAF_ALL flag ( ) |
|
| FAF_MLD flag ( ) |
|
| FAF_PUBLIC flag ( ) |
|
| FAF_SLD flag ( ) |
|
| features, operating system ( ) |
|
| fgetcmwfsrange system call, declaration ( ) |
|
| fgetcmwlabel system call, declaration ( ) |
|
| fgetfattrflag function, declaration ( ) |
|
| fgetfpriv system call, declaration ( ) |
|
| fgetfsattr system call, declaration ( ) ( ) |
|
| fgetmldadorn system call, declaration ( ) |
|
| fgetsldname system call |
| | creating SLDs ( ) |
| | declaration ( ) |
|
| file_audit privilege ( ) ( ) ( ) |
|
| file_dac_execute privilege ( ) |
|
| file_dac_read privilege ( ) |
|
| file_dac_search privilege ( ) ( ) |
|
| file_dac_write privilege ( ) ( ) |
|
| file_downgrade_sl privilege ( ) ( ) |
|
| file_mac_read privilege ( ) ( ) |
|
| file_mac_search privilege ( ) |
|
| file_mac_write privilege ( ) |
|
| file_owner privilege ( ) ( ) |
|
| file_setfpriv privilege ( ) |
|
| file_setpriv privilege ( ) |
|
| file systems |
| | access privileges ( ) |
| | accessing MLDs ( ) |
| | accessing SLDs ( ) |
| | ACL information ( ) |
| | hide upgraded names ( ) |
| | IPC bind to file ( ) |
| | objects ( ) |
| | polyinstantiated ( ) |
| | privileges, defined ( ) |
| | security policy ( ) ( ) |
|
| files |
| | allowed privileges ( ) |
| | forced privileges ( ) |
| | interpreted ( ) |
| | label privileges ( ) |
| | privilege sets ( ) |
| | privileges for creating core files ( ) |
| | when writing to executables ( ) |
|
| fonts |
| | font list translation ( ) |
| | font path privileges ( ) |
|
| forced privileges |
| | clearing ( ) |
| | defined ( ) |
| | on file systems ( ) |
| | set to none during write ( ) |
| | when turning off allowed ( ) |
|
| fork system call |
| | CMW label values ( ) |
| | guidelines for changing labels ( ) |
| | inheritable privileges ( ) |
| | privileges in child ( ) |
|
| FSA_ACL value ( ) |
|
| FSA_ACLCNT value ( ) |
|
| FSA_AFLAGS value ( ) |
|
| FSA_APRIV value ( ) |
|
| FSA_APSA value ( ) |
|
| FSA_APSACNT value ( ) |
|
| FSA_FPRIV value ( ) |
|
| FSA_LABEL value ( ) |
|
| FSA_LBLRNG value ( ) |
|
| FSA_MLDPFX value ( ) |
|
| fsetcmwlabel system call, declaration ( ) |
|
| fsetfattrflag system call, declaration ( ) |
|
| fsetfpriv system call, declaration ( ) |
| | | |
L |
|
| Label builder |
| | Cancel pushbutton ( ) |
| | declarations ( ) |
| | described ( ) |
| | extended operations ( ) |
| | functionality ( ) |
| | Reset pushbutton ( ) |
| | SL radio button ( ) |
|
| label clipping |
| | API declarations ( ) ( ) |
| | translating with font list ( ) |
|
| label data types |
| | accreditation ranges ( ) |
| | banner fields ( ) |
| | CMW label structure ( ) |
| | label information ( ) |
| | levels ( ) |
| | sensitivity labels ( ) |
| | setting flags ( ) |
| | SL ranges ( ) |
|
| label_encodings file |
| | API declarations ( ) |
| | color names ( ) |
| | information on ( ) |
| | Label builder ( ) |
| | label translation flag ( ) |
| | Non-English ( ) |
| | retrieving version string ( ) |
| | valid clearances ( ) |
| | valid labels ( ) |
| | view flag ( ) |
|
| label_info structure ( ) |
|
| label ranges |
| | accreditation ( ) ( ) |
| | assigning ( ) |
| | checking ( ) |
| | described ( ) |
| | file systems |
| | | API declarations ( ) |
| | | data structure ( ) |
|
| labelinfo routine |
| | code example ( ) |
| | declaration ( ) |
|
| labels |
| | accreditation ranges ( ) |
| | acquiring ( ) |
| | administrative ( ) |
| | adorned pathnames ( ) |
| | API declarations ( ) |
| | | CMW labels ( ) |
| | | entire ( ) ( ) ( ) |
| | | file systems ( ) |
| | | label clipping with font list ( ) |
| | | label_encodings file ( ) |
| | | label types ( ) |
| | | labels ( ) |
| | | levels ( ) |
| | | reentrant routines ( ) |
| | changing on client ( ) |
| | checking before file access ( ) |
| | components ( ) |
| | defined ( ) |
| | dominate levels ( ) |
| | equal levels ( ) |
| | guidelines ( ) ( ) |
| | | downgrading labels ( ) |
| | | upgrading labels ( ) |
| | in CMW label ( ) |
| | Label builder ( ) |
| | MAC checks ( ) |
| | mandatory access ( ) |
| | on file systems ( ) |
| | privileged tasks ( ) |
| | privileges |
| | | changing process SL ( ) |
| | | downgrading labels ( ) |
| | | upgrading labels ( ) |
| | purpose ( ) |
| | reentrant routines ( ) ( ) |
| | relationships ( ) |
| | replying at equal SL ( ) |
| | strictly dominate levels ( ) |
| | System V IPC ( ) |
| | translation flag ( ) |
| | TSIX ( ) |
| | undefined ( ) |
| | user processes ( ) |
| | valid ( ) |
| | view ( ) |
| | view flag ( ) |
|
| labelvers routine |
| | code example ( ) |
| | declaration ( ) |
|
| LBUILD_CHECK_AR operation ( ) |
|
| LBUILD_LOWER_BOUND operation ( ) |
|
| LBUILD_MODE_CLR value ( ) |
|
| LBUILD_MODE_CMW value ( ) |
|
| LBUILD_MODE operation ( ) |
|
| LBUILD_MODE_SL value ( ) |
|
| LBUILD_SHOW operation ( ) |
|
| LBUILD_TITLE operation ( ) |
|
| LBUILD_UPPER_BOUND operation ( ) |
|
| LBUILD_USERFIELD operation ( ) |
|
| LBUILD_VALUE_CLR operation ( ) |
|
| LBUILD_VALUE_CMW operation ( ) |
|
| LBUILD_VALUE_SL operation ( ) |
|
| LBUILD_VIEW_EXTERNAL value ( ) |
|
| LBUILD_VIEW_INTERNAL value ( ) |
|
| LBUILD_VIEW operation ( ) |
|
| LBUILD_WORK_CMW operation ( ) |
|
| LBUILD_WORK_SL operation ( ) |
|
| LBUILD_WORKJ_CLR operation ( ) |
|
| LBUILD_X operation ( ) |
|
| LBUILD_Y operation ( ) |
|
| LD_LIBRARY_PATH ( ) |
|
| levels |
| | defined ( ) ( ) |
| | relationship ( ) |
| | relationships ( ) |
| | upper and lower bounds ( ) ( ) |
|
| lgetcmwlabel system call, declaration ( ) |
|
| libraries, compile |
| | auditing APIs ( ) |
| | clearance APIs ( ) |
| | label APIs ( ) |
| | Label builder APIs ( ) |
| | MLD APIs ( ) |
| | privilege APIs ( ) |
| | profile database access APIs ( ) |
| | RPC APIs ( ) |
| | SLD APIs ( ) |
| | System V IPC APIs ( ) |
| | trusted shared libraries ( ) |
| | TSIX APIs ( ) |
| | user database access APIs ( ) |
| | X Window System APIs ( ) |
|
| library routines |
| | API declarations ( ) |
| | security policy on man pages ( ) |
|
| LONG_CLASSIFICATION flag ( ) |
|
| LONG_WORDS flag ( ) |
|
| lsetcmwlabel system call, declaration ( ) |
| | | |
P |
|
| packets |
| | location of security attributes ( ) |
| | security attributes ( ) |
|
| PAF_DISKLESS_BOOT value ( ) |
|
| PAF_LABEL_VIEW value ( ) |
|
| PAF_LABEL_XLATE value ( ) |
|
| PAF_NO_TOKMAP value ( ) |
|
| PAF_PRINT_SYSTEM value ( ) |
|
| PAF_PRIV_DEBUG value ( ) |
|
| PAF_SELAGENT value ( ) |
|
| PAF_SELAGNT flag ( ) |
|
| PAF_TRUSTED_PATH value ( ) |
|
| pathnames |
| | adorned names ( ) |
| | translation ( ) |
|
| permitted privileges |
| | checking ( ) |
| | code example ( ) |
| | defined ( ) |
|
| pfsh command |
| | determining privilege origination ( ) |
| | inheriting privileges ( ) |
|
| pid field ( ) |
|
| pipes, access checks ( ) |
|
| polyinstantiation |
| | described ( ) |
| | files and directories ( ) |
| | network connections ( ) |
|
| ports, single-level ( ) |
|
| praudit command, audit trail ( ) |
|
| print server applications ( ) |
|
| printer banner page, label translation ( ) |
|
| printing flag ( ) |
|
| PRIV_ALLOWED value ( ) |
|
| PRIV_ASSERT macro |
| | and str_to_priv routine ( ) |
| | described ( ) |
|
| PRIV_CLEAR macro ( ) |
|
| PRIV_EFFECTIVE value ( ) |
|
| PRIV_EMPTY macro ( ) |
|
| PRIV_EQUAL macro ( ) |
|
| PRIV_FILL macro ( ) |
|
| PRIV_FORCED value ( ) |
|
| priv_ftype_t type ( ) |
|
| PRIV_INHERITABLE value ( ) |
|
| PRIV_INTERSECT macro ( ) |
|
| PRIV_ISASSERT macro |
| | code example ( ) ( ) |
| | described ( ) |
|
| PRIV_ISEMPTY macro ( ) |
|
| PRIV_ISFULL macro ( ) |
|
| PRIV_ISSUBSET macro |
| | described ( ) |
| | purpose ( ) |
|
| PRIV_OFF value ( ) |
|
| PRIV_ON value ( ) |
|
| priv_op_t type ( ) |
|
| PRIV_PERMITTED value ( ) |
|
| priv_ptype_t type ( ) |
|
| PRIV_SAVED value ( ) |
|
| priv_set_t structure ( ) |
|
| priv_set_to_str routine |
| | code example ( ) |
| | declaration ( ) |
|
| PRIV_SET value ( ) |
|
| priv_t type ( ) |
|
| PRIV_TEST macro ( ) |
|
| priv_to_str routine |
| | code example ( ) |
| | declaration ( ) |
|
| PRIV_UNION macro ( ) |
|
| PRIV_XOR macro ( ) |
|
| privilege APIs |
| | declarations ( ) ( ) ( ) |
| | macros ( ) |
|
| privilege bracketing |
| | benefits ( ) |
| | code example ( ) |
| | procedure ( ) |
|
| privilege data types |
| | file sets ( ) |
| | operations on sets ( ) |
| | privilege ID ( ) |
| | process sets ( ) |
| | structure ( ) |
|
| privilege debugging |
| | enabling ( ) ( ) |
| | flag ( ) |
|
| privilege macros |
| | API declarations ( ) |
| | asserting privilege example ( ) |
| | described ( ) |
| | initializing set example ( ) |
|
| privilege sets |
| | after exec function ( ) |
| | after fork function ( ) |
| | algorithms ( ) |
| | API declarations ( ) |
| | file ( ) |
| | on network messages ( ) |
| | privileged tasks ( ) |
| | privileges needed ( ) |
| | process ( ) ( ) |
| | turning off allowed sey ( ) |
|
| privileged process defined ( ) |
|
| privileged tasks |
| | auditing ( ) |
| | clearance ( ) |
| | IPC ( ) |
| | Label builder ( ) |
| | labels ( ) |
| | MLDs ( ) |
| | multilevel port connections ( ) |
| | privilege sets ( ) |
| | RPC ( ) |
| | SLDs ( ) |
| | System V IPC ( ) |
| | TSIX ( ) |
| | X Window System ( ) |
|
| privileges |
| | administrative applications ( ) |
| | and authorizations ( ) |
| | API declarations ( ) |
| | applications, privileged ( ) |
| | categories |
| | | file system ( ) |
| | | IPC ( ) |
| | | process ( ) |
| | | system ( ) |
| | | System V IPC ( ) |
| | | X Window System ( ) |
| | contrast to superuser ( ) |
| | defined ( ) |
| | delimiters ( ) |
| | description text API ( ) |
| | development environment ( ) |
| | errors ( ) |
| | guidelines ( ) |
| | on interpreted files ( ) |
| | scripts ( ) |
| | separators ( ) |
| | TCB ( ) ( ) |
| | UIDs, changed ( ) |
| | upgraded names |
| | | hide ( ) |
| | user applications ( ) |
| | when to use ( ) ( ) |
| | when writing to executable ( ) |
|
| proc_audit_appl privilege ( ) |
|
| proc_audit_tcb privilege ( ) |
|
| proc_mac_owner privilege ( ) |
|
| proc_mac_read privilege ( ) |
|
| proc_set_sl privilege ( ) |
|
| proc_setclr privilege ( ) ( ) |
|
| proc_setid privilege ( ) |
|
| proc_setsl privilege ( ) |
|
| process clearances |
| | acquiring ( ) |
| | API declarations ( ) ( ) ( ) |
| | checking before file access ( ) |
| | components ( ) |
| | data types |
| | | clearance structure ( ) |
| | | levels ( ) |
| | described ( ) |
| | dominate levels ( ) |
| | equal levels ( ) |
| | levels defined ( ) |
| | MAC checks ( ) |
| | mandatory access operations ( ) |
| | privileged tasks ( ) |
| | reentrant routines ( ) |
| | strictly dominate levels ( ) |
| | TSIX ( ) |
| | valid ( ) |
|
| process preselection mask |
| | application auditing ( ) |
| | changing ( ) |
| | return token ( ) |
|
| process tracing, access checks ( ) |
|
| processes |
| | changing labels, guidelines ( ) |
| | CMW label, inheriting values ( ) |
| | effective privilege set ( ) |
| | inheritable privilege set ( ) |
| | label privileges ( ) |
| | objects ( ) |
| | permitted privilege set ( ) |
| | privilege sets ( ) |
| | privileged, defined ( ) |
| | privileged tasks ( ) |
| | privileges, defined ( ) |
| | saved privilege set ( ) |
|
| properties |
| | described ( ) ( ) |
| | privileges ( ) |
|
| property.atoms file ( ) |
|
| protect_as field ( ) |
|
| protect_as_len field ( ) ( ) |
|
| PTYs, access checks ( ) |
|
| public.atoms file ( ) |
| | | |
S |
|
| saved privileges |
| | change UID, GUID, or SGUID ( ) |
| | checking ( ) |
| | defined ( ) |
| | purpose ( ) |
|
| sbcleartos routine |
| | code example ( ) |
| | declaration ( ) |
|
| sbcltos routine, declaration ( ) |
|
| sbsltos routine |
| | code example ( ) |
| | declaration ( ) |
|
| scripts, privileged ( ) |
|
| secconf system call |
| | code example ( ) |
| | declaration ( ) |
|
| security attribute flags |
| | API declarations ( ) ( ) |
| | file systems |
| | | API declarations ( ) |
| | | contrast with Solaris ( ) |
| | | manifest constants ( ) ( ) |
| | processes |
| | | API declarations ( ) |
| | | contrast with Solaris ( ) |
| | | getting and setting ( ) |
| | | manifest constants ( ) |
| | | when to use ( ) |
|
| security attributes |
| | access checks ( ) |
| | access to privileges ( ) |
| | accessing labels ( ) |
| | API declarations ( ) |
| | file systems |
| | | API declarations ( ) |
| | | contrast with Solaris ( ) |
| | | described ( ) |
| | | manifest constants ( ) |
| | | vfstab_adjunct file ( ) |
| | | when to use ( ) |
| | MLDs ( ) |
| | on software packages ( ) |
| | privileges ( ) |
| | processes ( ) |
| | RPC ( ) |
| | TSIX |
| | | changing ( ) |
| | | changing procedure ( ) |
| | | contrast with Solaris ( ) |
| | | location on packet ( ) |
| | | sending and receiving ( ) |
| | X Window System |
| | | contrast with Solaris ( ) |
| | | described ( ) |
|
| security policy |
| | accessing MLDs ( ) |
| | accessing SLDs ( ) |
| | administrative applications ( ) |
| | auditing ( ) |
| | CDE actions ( ) |
| | clearances ( ) |
| | command line execution ( ) ( ) |
| | communication endpoints ( ) |
| | covert channels ( ) |
| | discretionary access operations ( ) |
| | file system examples ( ) |
| | file systems ( ) |
| | file systems access ( ) |
| | file systems privileges ( ) |
| | IPC ( ) ( ) |
| | label guidelines ( ) |
| | labels ( ) |
| | mandatory access operations ( ) |
| | mapped memory ( ) |
| | MLD access ( ) |
| | multilevel ports ( ) |
| | on man pages ( ) |
| | pipes ( ) ( ) |
| | privilege bracketing ( ) |
| | privilege guidelines ( ) |
| | privilege sets ( ) |
| | privileges |
| | | when to use ( ) |
| | privileges, when to use ( ) |
| | process tracing ( ) |
| | PTYs ( ) |
| | read access ( ) |
| | reading man pages ( ) |
| | signals ( ) |
| | SLD access ( ) |
| | sockets ( ) |
| | System V IPC ( ) ( ) |
| | TLI ( ) |
| | translating labels ( ) ( ) |
| | user applications ( ) |
| | write access ( ) |
| | X Window System ( ) |
|
| selection agent flag ( ) |
|
| selection.atoms file ( ) |
|
| Selection Manager |
| | bypassing with flag ( ) |
| | security policy ( ) |
|
| semaphore sets |
| | API declarations ( ) ( ) |
|
| semgetl system call, declaration ( ) |
|
| sessionid field ( ) |
|
| set_effective_priv routine |
| | code example ( ) ( ) ( ) |
| | declaration ( ) |
|
| set_id structure ( ) |
|
| set_inheritable_priv routine |
| | code example ( ) |
| | declaration ( ) |
|
| set_permitted_priv routine |
| | code example ( ) |
| | declaration ( ) |
|
| setbltype routine |
| | code example ( ) ( ) |
| | declaration ( ) ( ) |
|
| SETCL_ALL flag ( ) |
|
| SETCL_SL flag ( ) |
|
| setclearance system call |
| | code example ( ) |
| | declaration ( ) |
|
| setcmwlabel system call |
| | code example ( ) |
| | declaration ( ) |
|
| setcmwplabel system call |
| | code example ( ) |
| | declaration ( ) |
| | when to use ( ) |
|
| setcsl routine |
| | code example ( ) |
| | declaration ( ) |
|
| seteuid system call, and privileges ( ) |
|
| setfattrflag system call |
| | code example ( ) |
| | declaration ( ) |
|
| setfpriv command, scripts ( ) |
|
| setfpriv system call |
| | code example ( ) ( ) |
| | declaration ( ) |
|
| setpattr system call declaration ( ) |
|
| setppriv system call |
| | declaration ( ) |
| | privilege bracketing ( ) |
|
| setreuid system call, and privileges ( ) |
|
| setting_flag field ( ) |
|
| setuid system call, and privileges ( ) |
|
| SGIDs, privilege to change ( ) |
|
| shared libraries, trusted ( ) |
|
| shared memory regions |
| | API declarations ( ) ( ) |
|
| shell escapes and privileges ( ) |
|
| shmgetl system call |
| | code example ( ) |
| | declaration ( ) |
|
| SHORT_CLASSIFICATION flag ( ) |
|
| SHORT_WORDS flag ( ) |
|
| signals, access checks ( ) |
|
| single-label file systems ( ) |
|
| single-level mappings ( ) |
|
| single-level ports |
| | changing client SL ( ) |
| | described ( ) |
|
| sl field ( ) ( ) |
|
| slabel_len field ( ) |
|
| SLDs |
| | accessing ( ) |
| | adorned names ( ) |
| | API declarations ( ) ( ) |
| | creating ( ) |
| | described ( ) |
| | information structure ( ) |
| | privileged tasks ( ) |
| | sensitivity labels ( ) |
| | structure ( ) |
|
| SLs |
| | See labels | |
|
| sockets |
| | access checks ( ) ( ) ( ) |
|
| software packages |
| | adding new ( ) |
| | creating ( ) |
| | editing existing ( ) |
| | MAC attributes on ( ) |
| | prototype file ( ) |
|
| st_atime field ( ) |
|
| st_ctime field ( ) |
|
| st_gid field ( ) |
|
| st_mode field ( ) |
|
| st_mtime field ( ) |
|
| st_nlink field ( ) |
|
| st_uid field ( ) |
|
| stat structure ( ) ( ) ( ) |
|
| stobc routine, code example ( ) |
|
| stobcl routine, declaration ( ) |
|
| stobclear routine |
| | code example ( ) |
| | declaration ( ) |
|
| stobsl routine |
| | code example ( ) ( ) |
| | declaration ( ) |
|
| str_to_priv routine |
| | and PRIV_ASSERT macro ( ) |
| | code example ( ) |
| | declaration ( ) |
|
| str_to_priv_set routine |
| | code example ( ) |
| | declaration ( ) |
|
| strictly dominate levels ( ) ( ) |
|
| SUN_CLR_ID value ( ) |
|
| SUN_CLR_UN value ( ) |
|
| SUN_CMW_ID value ( ) |
|
| SUN_SL_ID value ( ) |
|
| SUN_SL_UN value ( ) |
|
| SVCXPRT structure ( ) |
|
| symbolic links |
| | information structure ( ) |
| | MLDs ( ) |
|
| sys_trans_label privilege ( ) ( ) ( ) ( ) |
|
| system, privileges defined ( ) |
|
| SYSTEM_ACCREDITATION_RANGE value ( ) |
|
| system calls |
| | API declarations ( ) |
| | security policy in man pages ( ) |
|
| system security configuration |
| | API declarations ( ) |
| | variables described ( ) |
| | when to check ( ) |
|
| System V IPC |
| | access checks ( ) ( ) |
| | API declarations ( ) ( ) ( ) ( ) |
| | described ( ) |
| | discretionary access ( ) |
| | mandatory access ( ) |
| | privileged tasks ( ) |
| | privileges, defined ( ) |
| | sensitivity label structure ( ) |
| | | |
T |
|
| T6_AUDIT_ID value ( ) |
|
| T6_AUDIT_INFO value ( ) |
|
| T6_CLEARANCE value ( ) |
|
| T6_GID value ( ) |
|
| T6_GROUPS value ( ) |
|
| T6_PID value ( ) |
|
| T6_PRIVILEGES value ( ) |
|
| T6_PROC_ATTR value ( ) |
|
| T6_SESSION_IC value ( ) |
|
| T6_SL value ( ) |
|
| T6_UID value ( ) |
|
| t6alloc_blk(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6allocated_attrs(3NSL), code example ( ) |
|
| t6allocated_attrs routine, declaration ( ) |
|
| t6attr_id_t structure ( ) |
|
| t6attr_t structure ( ) |
|
| t6clear_blk(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6cmp_blk(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6copy_blk(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6dup_blk(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6ext_attr(3NSL), declaration ( ) |
|
| t6free_blk(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6get_attr(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6get_endpt_default(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6get_endpt_mask(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6last_attr(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| T6M_ALL_ATTRS value ( ) |
|
| T6M_AUDIT_ID value ( ) |
|
| T6M_AUDIT_INFO value ( ) |
|
| T6M_CLEARANCE value ( ) |
|
| T6M_GID value ( ) |
|
| T6M_GROUPS value ( ) |
|
| T6M_NO_ATTRS value ( ) |
|
| T6M_PID value ( ) |
|
| T6M_PRIVILEGES value ( ) |
|
| T6M_SESSION_ID value ( ) |
|
| T6M_SL value ( ) |
|
| T6M_UID value ( ) |
|
| t6mask_t structure ( ) |
|
| t6new_attr(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6peek_attr(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6present_attrs(3NSL), code example ( ) |
|
| t6present_attrs routine, declaration ( ) |
|
| t6recvfrom(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6sendto(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6set_attr(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6set_endpt_default(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6set_endpt_mask(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6size_attr(3NSL) |
| | code example ( ) |
| | declaration ( ) |
|
| t6supported_attrs(3NSL), code example ( ) |
|
| t6supported_attrs routine, declaration ( ) |
|
| TCB |
| | network flag ( ) |
| | privileged applications ( ) |
|
| terminator commands ( ) |
|
| testing and debugging applications ( ) |
|
| text, color names ( ) |
|
| TLI |
| | access checks ( ) |
| | objects ( ) |
|
| token commands ( ) |
|
| translation |
| | adorned pathnames ( ) |
| | clearances |
| | | binary and hexadecimal ( ) |
| | | binary to hex ( ) |
| | | binary to text ( ) |
| | | binary to text, clipped ( ) |
| | | forms ( ) |
| | | reentrant routines ( ) |
| | | text to binary ( ) |
| | CMW labels |
| | | binary to hex ( ) |
| | | binary to text ( ) |
| | | input form ( ) |
| | | output form ( ) |
| | | text to binary ( ) |
| | font list ( ) |
| | labels |
| | | binary and hexadecimal ( ) ( ) |
| | | binary and text rules ( ) |
| | | binary to text ( ) ( ) |
| | | binary to text guidelines ( ) |
| | | flag values ( ) |
| | | font list ( ) |
| | | forms ( ) |
| | | input form ( ) |
| | | output form ( ) |
| | | reentrant routines ( ) |
| | | text to binary correction ( ) |
| | | view ( ) |
| | privileges |
| | | ID to string ( ) |
| | | string to ID ( ) |
| | privileges, binary and text ( ) |
| | privileges needed ( ) ( ) |
| | reentrant binary to hex ( ) |
|
| Trojan horse protection ( ) |
|
| trusted path, attribute flag ( ) |
|
| trusted shared libraries ( ) |
|
| trusted streams |
| | API declarations ( ) ( ) |
| | objects ( ) |
|
| TSIX library |
| | API declarations ( ) ( ) ( ) |
| | attribute enumerations ( ) |
| | attribute masks ( ) |
| | attribute structure ( ) |
| | changing client SL ( ) |
| | changing security attributes ( ) ( ) |
| | client application ( ) ( ) |
| | described ( ) |
| | example application ( ) ( ) |
| | network accreditation range ( ) |
| | privileged tasks ( ) |
| | replying at equal SL ( ) |
| | security attributes ( ) |
| | server application ( ) |
|
| TSOL_AUTH_FILE_DOWNGRADE authorization ( ) |
|
| TSOL_HIDE_UPGRADED_NAMES variable ( ) |
|
| tsol_lbuild_create routine |
| | declaration ( ) |
| | description ( ) |
|
| tsol_lbuild_destroy routine, declaration ( ) |
|
| tsol_lbuild_get routine |
| | code example ( ) |
| | declaration ( ) |
|
| tsol_lbuild_set routine |
| | code example ( ) |
| | declaration ( ) |
| | | |
X |
|
| X Window System |
| | API declarations ( ) ( ) ( ) |
| | client attributes structure ( ) |
| | defaults ( ) |
| | input devices ( ) |
| | label clipping API declarations ( ) |
| | Motif source code ( ) |
| | object attribute structure ( ) |
| | object type definition ( ) |
| | objects ( ) ( ) |
| | override-redirect ( ) |
| | predefined atoms ( ) |
| | privileged tasks ( ) |
| | privileges, defined ( ) |
| | properties ( ) |
| | property attribute structure ( ) |
| | protocol extensions ( ) |
| | resource file ( ) |
| | root window ( ) |
| | security attributes |
| | | contrast with Solaris ( ) |
| | | described ( ) |
| | security policy ( ) |
| | Selection Manager ( ) |
| | server control ( ) |
|
| xbcleartos routine, declaration ( ) |
|
| xbcltos routine, declaration ( ) |
|
| xbsltos routine |
| | code example ( ) |
| | declaration ( ) |
|
| Xlib |
| | API declarations ( ) ( ) |
| | described ( ) |
| | objects ( ) |
|
| xp_tsol_incoming_attrsp field ( ) |
|
| xp_tsol_incoming_new_attrs field ( ) |
|
| xp_tsol_outgoing_attrsp field ( ) |
|
| Xsession file ( ) |
|
| XTsolClientAttributes structure ( ) |
|
| XTSOLgetClientAttributes routine, declaration ( ) |
|
| XTSOLgetPropAttributes routine, declaration ( ) |
|
| XTSOLgetPropLabel routine, declaration ( ) |
|
| XTSOLgetPropUID routine, declaration ( ) |
|
| XTSOLgetResAttributes routine |
| | code example ( ) |
| | declaration ( ) |
|
| XTSOLgetResLabel routine |
| | code example ( ) |
| | declaration ( ) |
|
| XTSOLgetResUID routine |
| | code example ( ) |
| | declaration ( ) |
|
| XTSOLgetSSHeight routine, declaration ( ) |
|
| XTSOLgetWorkstationOwner routine |
| | code example ( ) |
| | declaration ( ) |
|
| XTSOLIsWindowTrusted routine, declaration ( ) |
|
| XTSOLmakeTPWindow routine, declaration ( ) |
|
| XTsolPropAttributes structure ( ) |
|
| XTsolResAttributes structure ( ) |
|
| XTSOLsetPropLabel routine, declaration ( ) |
|
| XTSOLsetPropUID routine, declaration ( ) |
|
| XTSOLsetResLabel routine |
| | code example ( ) |
| | declaration ( ) |
|
| XTSOLsetSessionHI routine, declaration ( ) |
|
| XTSOLsetSessionLO routine, declaration ( ) |
|
| XTSOLsetSSHeight routine, declaration ( ) |
|
| XTSOLsetWorkstationOwner routine, declaration ( ) |
|
| Xtsolusersession file ( ) |