Oracle Solaris Trusted Extensions Developer's Guide


A

	abbreviations used in interface names ( )

	access
		checks for
			network ( )
			sockets ( )
			Trusted X Window System ( )
		file labels ( )
		guidelines for labels ( )
		multilevel port connections ( )

	`ADMIN_HIGH` label ( )

	`ADMIN_LOW` label ( )

	APIs
		clearance label ( )
		declarations ( )
		examples of Trusted Extensions in Oracle Solaris ( )
		introduction to ( )
		Label Builder ( ) ( )
		label clipping ( )
		label range ( )
		labels ( ) ( ) ( )
		for Oracle Solaris that use Trusted Extensions parameters ( )
		process security attribute flags ( )
		RPC ( )
		security APIs from Oracle Solaris OS ( )
		sensitivity label ( )
		Trusted X Window System ( ) ( ) ( ) ( )
		for zone labels and zone paths ( )

	applications
		integrating ( )
		releasing ( )
		testing and debugging ( )

	atoms, predefined in X Window System ( )

	`auditid` field ( )

	authorizations, Label Builder ( )


B

	`bldominates()` routine
		code example ( )
		declaration ( )

	`blequal()` routine
		code example ( )
		declaration ( )

	`blinrange()` routine
		declaration ( ) ( )

	`blmaximum()` routine, declaration ( )

	`blminimum()` routine, declaration ( )

	`blstrictdom()` routine
		code example ( )
		declaration ( )

	`brange_t` type ( )

	builders, API declarations for GUI ( )


C

	CDE actions
		assigning inheritable privileges ( )
		creating ( )

	classifications
		clearance component ( )
		disjoint ( )
		dominant ( )
		equal ( )
		label component ( )
		strictly dominant ( )

	clearance labels ( )

	`ClearanceLabel` subclass ( )

	clearances
		disjoint labels ( )
		dominant labels ( )
		equal labels ( )
		session ( )
		strictly dominant labels ( )
		user ( )

	code examples
		file systems
			obtaining label ( )
		`getSocketPeer` static factory
			obtaining socket peer label ( )
		Label Builder ( )
		`label_encodings` file
			creating printer banner ( ) ( )
			obtaining character-coded color names ( )
		label relationships ( )
		labels
			obtaining on file system ( )
			obtaining on window ( )
			obtaining process label ( )
			setting on window ( )
		obtain socket peer label ( )
		printer banner ( ) ( )
		set file sensitivity label ( )
		Trusted X Window System ( )
			obtaining window attributes ( )
			obtaining window label ( )
			obtaining window user ID ( )
			obtaining workstation owner ( )
			setting window label ( )
			translating with font list ( )

	communication endpoints
		access checks ( )
		connections described ( )

	compartments
		clearance component ( )
		disjoint ( )
		dominant ( )
		equal ( )
		label component ( )
		strictly dominant ( )

	compile
		Label Builder libraries ( )
		label libraries ( )
		Trusted X Window System libraries ( )

	connection requests
		security attributes ( )
		security policy ( )


D

	DAC (discretionary access control) ( ) ( )

	data types
		label APIs ( )
		Label Builder APIs
			`ModLabelData` structure ( )
			`tsol_lbuild_create()` routine ( )
		Trusted X Window System APIs ( )

	debugging, applications ( )

	definitions of terms ( )

	detecting a Trusted Extensions system ( )

	determining whether a system is labeled, example ( )

	devices, input device privileges ( )

	DGA (direct graphics access), privileges ( )

	disjoint labels ( )

	dominant labels ( ) ( )

	`dominates` method, declaration ( )

	downgrading labels
		guidelines ( )
		privileges needed ( )
		Trusted X Window System ( )


E

	equal labels ( )

	`equals` method, declaration ( )

	examples of Trusted Extensions APIs in Oracle Solaris ( )

	extended operations ( )


F

	`fgetlabel()` system call, declaration ( )

	`file_dac_search` privilege, overriding access to parent directory of zone's root directory ( )

	`file_downgrade_sl` privilege ( )

	`file_owner` privilege ( )

	files, label privileges ( )

	fonts
		font list translation ( )
		font path privileges ( )


G

	`get_peer_label()` function ( )

	`getClearanceLabel` static factory, declaration ( )

	`getdevicerange()` routine, declaration ( )

	`getDeviceRange` static factory, declaration ( )

	`getFileLabel` static factory
		declaration ( ) ( )

	`getlabel()` system call
		code example ( )
		declaration ( )

	`getlabel` command ( )
		code example ( )

	`getLabelRange` static factory, declaration ( )

	`getLower` method, declaration ( )

	`getMaximum` method
		declaration ( ) ( ) ( )

	`getMinimum` method
		declaration ( ) ( ) ( )

	`getpathbylabel()` routine, declaration ( )

	`getplabel()` routine
		code example ( ) ( ) ( )
		declaration ( )

	`getSensitivityLabel` static factory
		code example ( )
		declaration ( )

	`getSocketPeer` static factory
		code example ( )
		declaration ( )

	`getUpper` method, declaration ( )

	`getuserrange()` routine, declaration ( )

	`getUserRange` static factory, declaration ( )

	`getzoneidbylabel()` routine, declaration ( )

	`getzonelabelbyid()` routine, declaration ( )

	`getzonelabelbyname()` routine, declaration ( )

	`getzonerootbyid()` routine, declaration ( )

	`getzonerootbylabel()` routine, declaration ( )

	`getzonerootbyname()` routine, declaration ( )

	`gid` field ( )

	global zone
		controlling multilevel operations ( )
		labels in ( )
		mounts in ( )

	GUIs
		Label Builder ( )
		Xlib objects ( )


H

	header files
		label APIs ( )
		Label Builder APIs ( )
		locations, list of ( )
		Trusted X Window System APIs ( )


I

	`iaddr` field ( )

	`inRange` method
		declaration ( ) ( )

	integrating an application ( )

	interface names, abbreviations used in ( )

	IPC (interprocess communication) ( )

	`is_system_labeled()` routine
		declaration ( )
		example ( )


J

	Java bindings
		classes ( )
		`ClearanceLabel` subclass ( )
		`Range` class ( )
		`SensitivityLabel` subclass ( )
		`SolarisLabel` abstract class ( )

	Java methods
		`dominates` ( )
		`equals` ( )
		`getLower` ( )
		`getMaximum` ( ) ( ) ( )
		`getMinimum` ( ) ( ) ( )
		`getUpper` ( )
		`inRange` ( ) ( )
		`setFileLabel` ( )
		`strictlyDominates` ( )
		`toCaveats` ( )
		`toChannels` ( )
		`toColor` ( )
		`toFooter` ( )
		`toHeader` ( )
		`toInternal` ( )
		`toProtectAs` ( )
		`toRootPath` ( )
		`toString` ( )
		`toText` ( )
		`toTextLong` ( )
		`toTextShort` ( )

	Java static factories
		`getClearanceLabel` ( )
		`getDeviceRange` ( )
		`getFileLabel` ( ) ( )
		`getLabelRange` ( )
		`getSensitivityLabel` ( )
		`getSocketPeer` ( )
		`getUserRange` ( )


L

	label APIs ( )
		introduction to ( )
		Label Builder ( ) ( )
		label clipping ( )
		labels
			code examples ( )
		list of ( )
		RPC ( )
		Trusted X Window System ( ) ( ) ( )
		windows ( ) ( )
		for zone labels and zone paths ( )

	Label Builder
		APIs ( )
		authorizations ( )
		Cancel button ( )
		declarations ( )
		description of ( )
		functionality ( )
		header files ( )
		label radio buttons ( )
		libraries ( )
		`ModLabelData` structure ( )
		online help ( )
		privileged tasks ( )
		Reset button ( )
		`tsol_lbuild_create()` routine ( )
		Update button ( )

	label clipping
		API declaration ( ) ( )
		translating with font list ( )

	label data types
		label ranges ( )
		sensitivity labels ( )

	`label_encodings` file
		API declarations ( )
		color names ( )
		Label Builder ( )
		non-English ( )

	label ranges ( )
		file systems
			data structure ( )
		overview ( )

	`label_to_str()` routine
		code example ( ) ( ) ( )
		declaration ( )

	labeled zones ( )

	labels
		acquiring ( )
		`ADMIN_HIGH` ( )
		`ADMIN_LOW` ( )
		API declarations ( )
			label clipping ( )
			`label_encodings` file ( )
			labels ( )
			levels ( )
			network databases ( )
			ranges ( )
			zones ( )
		components of ( )
		definition of ( )
		disjoint ( )
		dominant ( )
		downgrading guidelines ( )
		in global zone ( )
		objects ( ) ( ) ( )
		privileged tasks ( )
		privileges
			downgrading labels ( )
			upgrading labels ( )
		ranges ( ) ( )
		relationships ( ) ( )
		strictly dominant ( )
		types
			clearance ( )
			sensitivity ( )
		upgrading guidelines ( )
		user processes ( )

	`LBUILD_CHECK_AR` operation ( )

	`LBUILD_LOWER_BOUND` operation ( )

	`LBUILD_MODE_CLR` value ( )

	`LBUILD_MODE` operation ( )

	`LBUILD_MODE_SL` value ( )

	`LBUILD_SHOW` operation ( )

	`LBUILD_TITLE` operation ( )

	`LBUILD_UPPER_BOUND` operation ( )

	`LBUILD_USERFIELD` operation ( )

	`LBUILD_VALUE_CLR` operation ( )

	`LBUILD_VALUE_SL` operation ( )

	`LBUILD_VIEW_EXTERNAL` value ( )

	`LBUILD_VIEW_INTERNAL` value ( )

	`LBUILD_VIEW` operation ( )

	`LBUILD_WORK_CLR` operation ( )

	`LBUILD_WORK_SL` operation ( )

	`LBUILD_X` operation ( )

	`LBUILD_Y` operation ( )

	libraries, Trusted X Window System APIs ( )

	libraries, compile
		label APIs ( )
		Label Builder APIs ( )

	library routines
		API declarations ( )
		`bldominates()` ( )
		`blequal()` ( )
		`blinrange()` ( ) ( )
		`blmaximum()` ( )
		`blminimum()` ( )
		`blstrictdom()` ( )
		`getdevicerange()` ( )
		`getpathbylabel()` ( )
		`getplabel()` ( )
		`getuserrange()` ( )
		`getzoneidbylabel()` ( )
		`getzonelabelbyid()` ( )
		`getzonelabelbyname()` ( )
		`getzonerootbyid()` ( )
		`getzonerootbylabel()` ( )
		`getzonerootbyname()` ( )
		`is_system_labeled()` ( )
		`label_to_str()` ( ) ( ) ( ) ( )
		`m_label_alloc()` ( )
		`m_label_dup()` ( )
		`m_label_free()` ( )
		`setflabel()` ( )
		`str_to_label()` ( )
		`tsol_getrhtype()` ( )
		`tsol_lbuild_create()` ( )
		`tsol_lbuild_destroy()` ( )
		`tsol_lbuild_get()` ( )
		`tsol_lbuild_set()` ( )
		`ucred_getlabel()` ( )
		`XQueryExtension()` ( )
		`XTSOLgetClientAttributes()` ( )
		`XTSOLgetPropAttributes()` ( )
		`XTSOLgetPropLabel()` ( )
		`XTSOLgetPropUID()` ( )
		`XTSOLgetResAttributes()` ( )
		`XTSOLgetResLabel()` ( )
		`XTSOLgetResUID()` ( )
		`XTSOLgetSSHeight()` ( )
		`XTSOLgetWorkstationOwner()` ( )
		`XTSOLIsWindowTrusted()` ( )
		`XTSOLmakeTPWindow()` ( )
		`XTSOLsetPolyInstInfo()` ( )
		`XTSOLsetPropLabel()` ( )
		`XTSOLsetPropUID()` ( )
		`XTSOLsetResLabel()` ( )
		`XTSOLsetResUID()` ( )
		`XTSOLsetSessionHI()` ( )
		`XTSOLsetSessionLO()` ( )
		`XTSOLsetSSHeight()` ( )
		`XTSOLsetWorkstationOwner()` ( )


M

	`m_label_alloc()` routine
		code example ( )
		declaration ( )

	`m_label_dup()` routine, declaration ( )

	`m_label_free()` routine, declaration ( )

	`m_label_t` type ( )

	MAC (mandatory access control) ( ) ( )
		making socket exempt from ( )

	`ModLabelData` structure ( )

	Motif application
		Label Builder widgets ( )
		online help ( )

	multilevel operations, security policy for ( )

	multilevel ports
		description of ( ) ( ) ( )
		using with UDP ( )


N

	`net_bindmlp` privilege ( )

	`net_mac_aware` privilege ( )

	network security policy, default ( )

	networks, security attributes ( )

	non-global zones ( )


O

	online help, Label Builder ( )

	operations, extended, See `LBUILD_CHECK_AR` operation

	Oracle Solaris
		examples of Trusted Extensions APIs ( )
		interfaces, API declarations ( )

	`ouid` field ( )


P

	`PAF_SELAGNT` flag ( )

	`pid` field ( )

	`plabel` command ( )

	polyinstantiation, description of ( )

	`PORTMAPPER` service ( )

	ports
		multilevel ( )
		single-level ( )

	printer banner page
		label translation ( ) ( )

	printing
		banner page ( )
		`get_peer_label()` function ( )
		label API and ( )
		labeled output ( )
		multilevel ( )

	privileged tasks
		Label Builder ( )
		labels ( )
		multilevel port connections ( )
		Trusted X Window System ( )

	privileges
		`file_dac_read` ( )
		`file_dac_search` ( ) ( )
		`file_dac_write` ( )
		`file_downgrade_sl` ( ) ( )
		`file_owner` ( )
		`file_upgrade_sl` ( ) ( )
		`net_bindmlp` ( ) ( ) ( )
		`net_mac_aware` ( ) ( )
		`sys_trans_label` ( ) ( ) ( ) ( )
		`win_config` ( )
		`win_dac_read` ( )
		`win_dac_write` ( )
		`win_devices` ( ) ( )
		`win_dga` ( )
		`win_downgrade_sl` ( )
		`win_fontpath` ( )
		`win_selection` ( )
		`win_upgrade_sl` ( ) ( )

	process clearances, labels defined ( )

	processes
		binding to multilevel ports ( )
		in labeled zones ( )
		multilevel initiated in global zone ( )
		writing down from global zone ( )

	properties
		description of ( ) ( )
		privileges ( )


R

	`Range` class
		description of ( )
		methods and static factories ( )

	relationships between labels ( )

	releasing an application ( )

	remote host
		credential ( ) ( )
		label ( )
		type ( )

	`ResourceType` structure ( )

	RPC (remote procedure call) ( )


S

	`SCM_UCRED` ( )

	security attribute flags, API declarations ( )

	security attributes
		accessing labels ( )
		labels from remote hosts ( )
		Trusted X Window System
			contrast with Oracle Solaris ( )
			description of ( )

	security policy
		CDE actions ( )
		communication endpoints ( )
		definition of ( )
		global zone ( )
		label guidelines ( )
		labels ( )
		multilevel operations ( )
		multilevel ports ( )
		network ( )
		sockets ( )
		translating labels ( )
		Trusted X Window System ( )
		write-down in global zone ( )

	Selection Manager
		bypassing with flag ( )
		security policy ( )

	sensitivity labels ( ) ( )

	`SensitivityLabel` subclass
		code example ( )
		description of ( )
		methods ( )

	`sessionid` field ( )

	`setFileLabel` method, declaration ( )

	`setflabel()` routine
		code example ( )
		declaration ( )

	`setpflags()` system call ( )

	single-level ports, description of ( )

	`sl` field ( ) ( )

	`SO_MAC_EXEMPT` option ( )

	`SO_RECVUCRED` option ( )

	sockets
		access checks ( ) ( )
		exempt from MAC ( )

	software packages, creating ( )

	`SOL_SOCKET` ( )

	`SolarisLabel` abstract class
		description of ( )
		methods and static factories ( )

	`str_to_label()` routine, code example ( )

	strictly dominant labels ( )

	`strictlyDominates` method, declaration ( )

	`sys_trans_label` privilege ( ) ( )

	system calls
		API declarations ( )
		`fgetlabel()` routine ( )
		`getlabel()` routine ( )


T

	terms, definitions of ( )

	testing and debugging applications ( )

	text, color names ( )

	`toCaveats` method
		code example ( )
		declaration ( )

	`toChannels` method
		code example ( )
		declaration ( )

	`toColor` method, declaration ( )

	`toFooter` method
		code example ( )
		declaration ( )

	`toHeader` method
		code example ( )
		declaration ( )

	`toInternal` method, declaration ( )

	`toProtectAs` method
		code example ( )
		declaration ( )

	`toRootPath` method, declaration ( )

	`toString` method, declaration ( )

	`toText` method, declaration ( )

	`toTextLong` method, declaration ( )

	`toTextShort` method, declaration ( )

	translation
		labels with font list ( )
		privileges needed ( )

	Trusted Extensions APIs, Oracle Solaris examples ( )

	Trusted Extensions system, detecting ( )

	Trusted Path window, definition of ( )

	Trusted X Window System
		API declarations ( ) ( )
		client attributes structure ( )
		defaults ( )
		description of ( )
		input devices ( )
		label-clipping API declaration ( )
		object attribute structure ( )
		object type definition ( )
		objects ( )
		override-redirect ( )
		predefined atoms ( )
		privileged tasks ( )
		properties ( )
		property attribute structure ( )
		protocol extensions ( )
		root window ( )
		security attributes
			contrast with Oracle Solaris ( )
			description of ( )
		security policy ( )
		Selection Manager ( )
		server control ( )
		Trusted Path window ( )
		using interfaces ( )

	`tsol_getrhtype()` routine, declaration ( )

	`tsol_lbuild_create()` routine
		code example ( )
		declaration ( )
		description of ( )

	`tsol_lbuild_destroy()` routine, declaration ( )

	`tsol_lbuild_get()` routine
		code example ( )
		declaration ( )

	`tsol_lbuild_set()` routine
		code example ( )
		declaration ( )


U

	`ucred_getlabel()` routine, declaration ( )

	`ucred_t` data structure ( ) ( )

	`uid` field ( ) ( ) ( ) ( )

	upgrading labels
		guidelines ( )
		privileges needed ( )
		Trusted X Window System ( )

	user IDs
		obtaining on window ( )
		obtaining on workstation ( )


W

	Web Guard prototype ( )

	`win_config` privilege ( )

	`win_dac_read` privilege ( )

	`win_dac_write` privilege ( )

	`win_devices` privilege ( )

	`win_dga` privilege ( )

	`win_downgrade_sl` privilege ( )

	`win_fontpath` privilege ( )

	`win_mac_read` privilege ( )

	`win_mac_write` privilege ( )

	`win_upgrade_sl` privilege ( )

	windows
		client, security policy ( )
		defaults ( )
		description of ( )
		override-redirect, security policy ( )
		privileges ( )
		root, security policy ( )
		security policy ( )


X

	X Window System, See Trusted X Window System

	Xlib
		API declarations ( )
		objects ( )

	`XTsolClientAttributes` structure ( )

	`XTSOLgetClientAttributes()` routine, declaration ( )

	`XTSOLgetPropAttributes()` routine, declaration ( )

	`XTSOLgetPropLabel()` routine, declaration ( )

	`XTSOLgetPropUID()` routine, declaration ( )

	`XTSOLgetResAttributes()` routine
		code example ( )
		declaration ( )

	`XTSOLgetResLabel()` routine
		code example ( )
		declaration ( )

	`XTSOLgetResUID()` routine
		code example ( )
		declaration ( )

	`XTSOLgetSSHeight()` routine, declaration ( )

	`XTSOLgetWorkstationOwner()` routine
		code example ( )
		declaration ( )

	`XTSOLIsWindowTrusted()` routine, declaration ( )

	`XTSOLmakeTPWindow()` routine, declaration ( )

	`XTsolPropAttributes` structure ( )

	`XTsolResAttributes` structure ( )

	`XTSOLsetPolyInstInfo()` routine, declaration ( )

	`XTSOLsetPropLabel()` routine, declaration ( )

	`XTSOLsetPropUID()` routine, declaration ( )

	`XTSOLsetResLabel()` routine
		code example ( )
		declaration ( )

	`XTSOLsetResUID()` routine, declaration ( )

	`XTSOLsetSessionHI()` routine, declaration ( )

	`XTSOLsetSessionLO()` routine, declaration ( )

	`XTSOLsetSSHeight()` routine, declaration ( )

	`XTSOLsetWorkstationOwner()` routine, declaration ( )


Z

	zones
		APIs for zone labels and zone paths ( )
		labeled ( )
		mounts and the global zone ( )
		multilevel ports ( )
		in Trusted Extensions ( )