Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Trusted Extensions Developer's Guide Oracle Solaris 10 8/11 Information Library |
1. Trusted Extensions APIs and Security Policy
4. Printing and the Label APIs
Designing a Label-Aware Application
get_peer_label() Label-Aware Function
Determining Whether the Printing Service Is Running in a Labeled Environment
Understanding the Remote Host Credential
Obtaining the Credential and Remote Host Label
Using the label_to_str() Function
Using the Returned Label String
Validating the Label Request Against the Printer's Label Range
5. Interprocess Communications
8. Trusted Web Guard Prototype
9. Experimental Java Bindings for the Solaris Trusted Extensions Label APIs
Because the printing service accepts requests from processes that operate at different labels, printing must be label-aware. Ordinarily, MAC allows access only to resources that are at the same labels at which the user is operating. Even when print requests are issued only at the same label, printing should be label-aware to enable the printed output to display labels on the printed page.
To handle labels, the printing service must perform these essential functions:
Determine if the host on which the print process is running is labeled or unlabeled
If the printing process is running in a labeled environment, obtain the credential of the network connection from which the print request originates (the credential contains the label for that process)
Extract the label from the network credential
Obtain the printer's label range, that is, the range of labels for which the printer can accept requests
Determine if the user's label falls within the acceptable range of labels for the specified printer