NAME | SYNOPSIS | DESCRIPTION | INCLUDE FILES | ATTRIBUTES | TRUSTED SOLARIS SECURITY ATTRIBUTES | NOTES
#include <tsix/t6attrs.h>
libt6() constitutes the TSIX Application Program Interface (API). It is a library of routines that an application uses to control attribute transport during trusted interprocess communication. The routines in the library are recommended over the underlying system call interfaces for portability because they shield the application from operating system, communication protocol, and IPC mechanism specifics.
The libt6() routines provide interfaces through which the trusted application:
Specifies the security attributes used to label outgoing IPC messages (on-message attributes) and reads the on-message attributes associated with a received message.
Controls the security options of the endpoint used to perform trusted IPC.
The security attributes associated with the sending process are called on-message attributes because they are independent of the contents of the message. The TCBs decide what to do with the message based on the on-message attributes. The security attributes associated with a process, and therefore those that are used to label IPC messages, vary with the configuration of the system but must be a subset of the following attributes:
Sensitivity Label Nationality Caveats Integrity Label TSIX Session ID Clearance Access Control List Effective Privileges Audit ID Process ID Additional Audit Information Process Attributes User ID Group ID Supplementary Group IDs
Some of these attributes imply component security policies that may not be available on some systems. Also, Information Labels (ILs) are now obsolete. See NOTES.
The TSIX application program interface allows trusted applications to change the on-message attributes associated with an outgoing message and retrieve the on-message attributes associated with an incoming message.
The on-message attribute routines affect the security attributes associated with outgoing messages or retrieve attributes associated with incoming messages. The caller specifies attributes to these routines through a t6attr_t control structure (defined in <tsix/t6attrs.h>), an opaque structure used to access sets of security attributes. The caller specifies the attributes applied to outbound messages or retrieved from incoming messages through TSIX routines. Specified attributes are copied from or written to the buffers accessible through the control structure. Any attributes not designated by the sender are supplied for outgoing messages by the underlying trusted kernel. The routines that send and retrieve on-message attributes operate on sockets or streams, generically referred to as endpoints.
Allocates space for a t6attr_t control structure.
Frees attribute control structure and buffers. This interface should be used in conjunction with t6alloc_blk(3NSL), which allocates the space.
Given one attribute control structure, this routine allocates enough storage to hold a duplicate control structure and all attributes it references, and creates a duplicate.
Copies a t6attr_t control structure and the security attributes to which it points into a second, previously allocated t6attr_t structure and its previously allocated buffers.
Clears attributes from a t6attr_t control structure.
Compares two t6attr_t control structures for equal attributes set.
Gets the size of an attribute from the control structure.
Gets an attribute handled by the control structure.
Sets an attribute handled by the control structure.
Sends data and a specified set of security attributes on a endpoint.
Reads a network message and retrieves the security attributes associated with the data.
Peeks ahead and returns the attributes associated with the next byte of data.
Returns the security attributes associated with the last byte of data read from the network endpoint.
Gets the endpoint mask.
Sets the endpoint mask.
Gets the endpoint default security attributes.
Sets the endpoint default security attributes.
Gets a mask that indicates which attributes came from templates.
A trusted application can manipulate a number of security options associated with the network endpoint via the following calls:
Turns on or off the security extensions to the network endpoint. This must be called before using any other libt6() routines.
Specifies to the network endpoint that the receiving process is only interested in receiving attributes if they have changed since the last time it received them. This saves the overhead created by passing attributes unnecessarily with each message.
Any programs that use routines in this library must include the header files containing declarations pertinent to the routine. The synopsis section of each manual page indicates the required header files. Most routines in the library contain references to declarations defined in <tsix/t6attrs.h>. This file defines constants for attribute types to be used by various TSIX attribute library access functions, as well as constants used as parameters to the library functions.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | Trusted Solaris systems and on all other TSIX(RE) 1.1 -API compliant systems |
MT-Level | MT-Safe |
The Trusted Solaris environment supports the following security attributes:
Sensitivity Label Clearance Effective Privileges Process Attributes Effective User ID Effective Group ID
Information Labels (ILs), however, are obsolete. See NOTES.
The Trusted Solaris environment also supports the following attributes as read only:
Session ID Access Control List Audit ID Process ID Additional Audit Information Supplemental Group IDs
This man page is based on the version from the TSIX(RE) 1.1 Application Programming Interface (API) document.
Information labels (ILs) are not supported in Trusted
Solaris 7 and later releases. Trusted Solaris software interprets any ILs on communications and files from systems running earlier releases
as ADMIN_LOW
.
Objects still have CMW labels, and CMW labels still include the IL component: IL[SL]; however, the IL component is fixed
at ADMIN_LOW
.
As a result, Trusted Solaris 7 and later releases have the following characteristics:
ILs do not display in window labels; SLs (Sensitivity Labels) display alone within brackets.
ILs do not float.
Setting an IL on an object has no effect.
Getting an object's IL will always return ADMIN_LOW
.
Although certain utilities, library functions, and system
calls can manipulate IL strings, the resulting ILs are always ADMIN_LOW
,
and cannot be set on any objects.
NAME | SYNOPSIS | DESCRIPTION | INCLUDE FILES | ATTRIBUTES | TRUSTED SOLARIS SECURITY ATTRIBUTES | NOTES