Go to main content
oracle home
Trusted Extensions Developer's Guide
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.4 Information Library
»
Trusted Extensions Developer's Guide
»
Index A
Updated: November 2020
Trusted Extensions Developer's Guide
Document Information
Using This Documentation
Product Documentation Library
Feedback
Chapter 1 Trusted Extensions APIs and Security Policy
Understanding Labels
Label Types
Sensitivity Labels
Clearance Labels
Label Ranges
Label Components
Label Relationships
Trusted Extensions APIs
Label APIs
How Labels Are Used in Access Control Decisions
Types of Label APIs
Trusted Extensions Security Policy
Multilevel Operations
Write-Down Policy in the Global Zone
Default Security Attributes
Default Network Policy
Multilevel Ports
MAC-Exempt Sockets
Zones and Labels
Labels in the Global Zone
Labeled Zones
Chapter 2 Labels and Clearances
Privileged Operations and Labels
Label APIs
Enabling and Disabling a Trusted Extensions System
Setting the Label Encodings File
Detecting a Trusted Extensions System
Accessing the Process Sensitivity Label
Allocating and Freeing Memory for Labels
Obtaining and Setting the Label of a File
Obtaining Label Ranges
Accessing Labels in Zones
Obtaining the Remote Host Type
Translating Between Labels and Strings
Readable Versions of Labels
Label Encodings File
Comparing Labels
Acquiring a Sensitivity Label
Chapter 3 Label Code Examples
Obtaining a Process Label
Obtaining a File Label
Setting a File Sensitivity Label
Determining the Relationship Between Two Labels
Obtaining the Color Names of Labels
Chapter 4 Interprocess Communications
Multilevel Port Information
Communication Endpoints
Berkeley Sockets and TLI
AF_UNIX Family
AF_INET Family
RPC Mechanism
Using Multilevel Ports With UDP
Appendix A Programmer's Reference
Header File Locations
Abbreviations Used in Interface Names and Data Structure Names
Developing, Testing, and Debugging an Application
Appendix B Trusted Extensions API Reference
Process Security Attribute Flags APIs
Label APIs
RPC APIs
Oracle Solaris Library Routines and System Calls That Use Trusted Extensions Parameters
System Calls and Library Routines in Trusted Extensions
Index
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index Z
Language:
English
Index
A
abbreviations used in interface names
Abbreviations Used in Interface Names and Data Structure Names
access
checks for
network
Communication Endpoints
sockets
AF_UNIX Family
file labels
Privileged Operations and Labels
guidelines for labels
Privileged Operations and Labels
multilevel port connections
Multilevel Port Information
ADMIN_HIGH
label
Labels in the Global Zone
ADMIN_LOW
label
Labels in the Global Zone
APIs
clearance label
Clearance Label APIs
declarations
Trusted Extensions API Reference
examples of Trusted Extensions in Oracle Solaris
Understanding Labels
for Oracle Solaris that use Trusted Extensions parameters
Oracle Solaris Library Routines and System Calls That Use Trusted Extensions Parameters
for zone labels and zone paths
Labeled Zones
introduction to
Sensitivity Labels
label range
Label Range APIs
labels
Label APIs
Label Code Examples
Label APIs
process security attribute flags
Process Security Attribute Flags APIs
RPC
RPC APIs
security APIs from Oracle Solaris OS
Trusted Extensions APIs
sensitivity label
Sensitivity Label APIs
applications
testing and debugging
Developing, Testing, and Debugging an Application
B
bldominates()
routine
code example
Determining the Relationship Between Two Labels
declaration
Comparing Labels
blequal()
routine
code example
Determining the Relationship Between Two Labels
declaration
Comparing Labels
blinrange()
routine
declaration
Comparing Labels
Comparing Labels
blmaximum()
routine
declaration
Comparing Labels
blminimum()
routine
declaration
Comparing Labels
blstrictdom()
routine
code example
Determining the Relationship Between Two Labels
declaration
Comparing Labels
brange_t type
Label APIs
C
classifications
clearance component
Clearance Labels
disjoint
Label Relationships
dominant
Label Relationships
equal
Label Relationships
label component
Sensitivity Labels
strictly dominant
Label Relationships
clearance labels
Clearance Labels
clearances
disjoint labels
Label Relationships
dominant labels
Label Relationships
equal labels
Label Relationships
session
Clearance Labels
strictly dominant labels
Label Relationships
user
Clearance Labels
code examples
file systems
obtaining label
Obtaining a File Label
label relationships
Determining the Relationship Between Two Labels
label_encodings
file
obtaining character-coded color names
Obtaining the Color Names of Labels
labels
obtaining on file system
Obtaining a File Label
obtaining process label
Obtaining a Process Label
set file sensitivity label
Setting a File Sensitivity Label
communication endpoints
access checks
Communication Endpoints
connections described
Berkeley Sockets and TLI
compartments
clearance component
Clearance Labels
disjoint
Label Relationships
dominant
Label Relationships
equal
Label Relationships
label component
Sensitivity Labels
strictly dominant
Label Relationships
compile
label libraries
Label APIs
D
DAC (discretionary access control)
Interprocess Communications
data types
label APIs
Label APIs
debugging
applications
Developing, Testing, and Debugging an Application
definitions of terms
Understanding Labels
determining whether a system is labeled
example
Detecting a Trusted Extensions System
disjoint labels
Label Relationships
dominant labels
Label Relationships
Label Relationships
downgrading labels
guidelines
Privileged Operations and Labels
privileges needed
Privileged Operations and Labels
E
equal labels
Label Relationships
examples of Trusted Extensions APIs in Oracle Solaris
Understanding Labels
F
fgetlabel()
system call
declaration
Obtaining and Setting the Label of a File
file_dac_search
privilege
overriding access to parent directory of zone's root directory
Write-Down Policy in the Global Zone
file_downgrade_sl
privilege
Privileged Operations and Labels
file_owner
privilege
Privileged Operations and Labels
files
label privileges
Privileged Operations and Labels
G
getdevicerange()
routine
declaration
Obtaining Label Ranges
getlabel()
system call
code example
Obtaining a File Label
declaration
Obtaining and Setting the Label of a File
getlabel
command
Setting a File Sensitivity Label
code example
Determining the Relationship Between Two Labels
getpathbylabel()
routine
declaration
Accessing Labels in Zones
getplabel()
routine
code example
Obtaining the Color Names of Labels
Determining the Relationship Between Two Labels
Obtaining a Process Label
declaration
Accessing the Process Sensitivity Label
getuserrange()
routine
declaration
Obtaining Label Ranges
getzoneidbylabel()
routine
declaration
Accessing Labels in Zones
getzonelabelbyid()
routine
declaration
Accessing Labels in Zones
getzonelabelbyname()
routine
declaration
Accessing Labels in Zones
getzonerootbyid()
routine
declaration
Accessing Labels in Zones
getzonerootbylabel()
routine
declaration
Accessing Labels in Zones
getzonerootbyname()
routine
declaration
Accessing Labels in Zones
global zone
controlling multilevel operations
Multilevel Operations
labels in
Labels in the Global Zone
mounts in
Write-Down Policy in the Global Zone
H
header files
label APIs
Label APIs
locations, list of
Header File Locations
I
interface names
abbreviations used in
Abbreviations Used in Interface Names and Data Structure Names
IPC (interprocess communication)
Interprocess Communications
is_system_labeled()
routine
declaration
Detecting a Trusted Extensions System
L
label APIs
descriptions
Label APIs
for zone labels and zone paths
Labeled Zones
introduction to
Sensitivity Labels
labels
code examples
Label Code Examples
list of
Label APIs
RPC
RPC APIs
label data types
label ranges
Label APIs
sensitivity labels
Label APIs
label ranges
Label Ranges
file systems
data structure
Label APIs
overview
Label APIs
label_encodings
file
API declarations
Label APIs
color names
Obtaining the Color Names of Labels
label_to_str()
routine
code example
Obtaining the Color Names of Labels
labeled zones
Labeled Zones
labeling_disable()
routine
declaration
Enabling and Disabling a Trusted Extensions System
labeling_enable()
routine
declaration
Enabling and Disabling a Trusted Extensions System
labeling_set_encodings()
routine
declaration
Setting the Label Encodings File
labels
acquiring
Acquiring a Sensitivity Label
ADMIN_HIGH
Labels in the Global Zone
ADMIN_LOW
Labels in the Global Zone
API declarations
Label APIs
disabling
Label APIs
enabling
Label APIs
label_encodings
file
Label APIs
labels
Label APIs
levels
Label APIs
network databases
Label APIs
ranges
Label APIs
zones
Label APIs
components of
Sensitivity Labels
definition of
Label Relationships
disjoint
Label Relationships
dominant
Label Relationships
downgrading guidelines
Privileged Operations and Labels
in global zone
Labels in the Global Zone
objects
Acquiring a Sensitivity Label
Obtaining and Setting the Label of a File
privileged tasks
Privileged Operations and Labels
privileges
downgrading labels
Privileged Operations and Labels
upgrading labels
Privileged Operations and Labels
ranges
Label APIs
Label Range APIs
relationships
Determining the Relationship Between Two Labels
Label Relationships
strictly dominant
Label Relationships
types
clearance
Clearance Labels
sensitivity
Sensitivity Labels
upgrading guidelines
Privileged Operations and Labels
user processes
Acquiring a Sensitivity Label
libraries, compile
label APIs
Label APIs
library routines
API declarations
System Calls and Library Routines in Trusted Extensions
bldominates()
Comparing Labels
blequal()
Comparing Labels
blinrange()
Comparing Labels
Comparing Labels
blmaximum()
Comparing Labels
blminimum()
Comparing Labels
blstrictdom()
Comparing Labels
getdevicerange()
Obtaining Label Ranges
getpathbylabel()
Accessing Labels in Zones
getplabel()
Accessing the Process Sensitivity Label
getuserrange()
Obtaining Label Ranges
getzoneidbylabel()
Accessing Labels in Zones
getzonelabelbyid()
Accessing Labels in Zones
getzonelabelbyname()
Accessing Labels in Zones
getzonerootbyid()
Accessing Labels in Zones
getzonerootbylabel()
Accessing Labels in Zones
getzonerootbyname()
Accessing Labels in Zones
is_system_labeled()
Detecting a Trusted Extensions System
label_to_str()
Label Encodings File
Readable Versions of Labels
Translating Between Labels and Strings
labeling_disable()
Enabling and Disabling a Trusted Extensions System
labeling_enable()
Enabling and Disabling a Trusted Extensions System
labeling_set_encodings()
Setting the Label Encodings File
m_label_alloc()
Allocating and Freeing Memory for Labels
m_label_dup()
Allocating and Freeing Memory for Labels
m_label_free()
Allocating and Freeing Memory for Labels
setflabel()
Obtaining and Setting the Label of a File
str_to_label()
Translating Between Labels and Strings
tsol_getrhtype()
Obtaining the Remote Host Type
ucred_getlabel()
Accessing the Process Sensitivity Label
M
m_label_alloc()
routine
code example
Determining the Relationship Between Two Labels
declaration
Allocating and Freeing Memory for Labels
m_label_dup()
routine
declaration
Allocating and Freeing Memory for Labels
m_label_free()
routine
declaration
Allocating and Freeing Memory for Labels
m_label_t type
Label APIs
MAC (mandatory access control)
Interprocess Communications
making socket exempt from
MAC-Exempt Sockets
multilevel operations
security policy for
Multilevel Operations
multilevel ports
description of
Multilevel Port Information
Multilevel Port Information
Multilevel Ports
using with UDP
Using Multilevel Ports With UDP
N
net_bindmlp
privilege
Multilevel Port Information
net_mac_aware
privilege
MAC-Exempt Sockets
network security policy
default
Default Network Policy
networks
security attributes
Multilevel Ports
non-global zones
Labeled Zones
O
Oracle Solaris
examples of Trusted Extensions APIs
Understanding Labels
interfaces, API declarations
Oracle Solaris Library Routines and System Calls That Use Trusted Extensions Parameters
P
PORTMAPPER
service
RPC Mechanism
ports
multilevel
Multilevel Port Information
single-level
Multilevel Port Information
privileged tasks
labels
Privileged Operations and Labels
multilevel port connections
Multilevel Port Information
privileges
file_dac_read
Privileged Operations and Labels
file_dac_search
Privileged Operations and Labels
Write-Down Policy in the Global Zone
file_dac_write
Privileged Operations and Labels
file_downgrade_sl
Privileged Operations and Labels
Labeled Zones
file_owner
Privileged Operations and Labels
file_upgrade_sl
Privileged Operations and Labels
Labeled Zones
net_bindmlp
AF_UNIX Family
Multilevel Port Information
Multilevel Ports
net_mac_aware
MAC-Exempt Sockets
MAC-Exempt Sockets
sys_trans_label
Privileged Operations and Labels
process clearances
labels defined
Label Relationships
processes
binding to multilevel ports
Multilevel Ports
in labeled zones
Labeled Zones
multilevel initiated in global zone
Multilevel Operations
writing down from global zone
Write-Down Policy in the Global Zone
R
relationships between labels
Label Relationships
remote host
type
Obtaining the Remote Host Type
RPC (remote procedure call)
RPC Mechanism
S
SCM_UCRED
Using Multilevel Ports With UDP
security attribute flags
API declarations
Process Security Attribute Flags APIs
security attributes
accessing labels
Privileged Operations and Labels
labels from remote hosts
Multilevel Ports
security policy
communication endpoints
Communication Endpoints
definition of
Understanding Labels
global zone
Labels in the Global Zone
label guidelines
Privileged Operations and Labels
labels
Privileged Operations and Labels
multilevel operations
Multilevel Operations
multilevel ports
Multilevel Port Information
network
Default Network Policy
sockets
AF_UNIX Family
translating labels
Privileged Operations and Labels
write-down in global zone
Write-Down Policy in the Global Zone
sensitivity labels
Sensitivity Labels
Sensitivity Labels
setflabel()
routine
code example
Setting a File Sensitivity Label
declaration
Obtaining and Setting the Label of a File
setpflags()
system call
MAC-Exempt Sockets
single-level ports
description of
Multilevel Port Information
SO_MAC_EXEMPT
option
MAC-Exempt Sockets
SO_RECVUCRED
option
Multilevel Ports
sockets
access checks
Communication Endpoints
exempt from MAC
MAC-Exempt Sockets
SOL_SOCKET
Using Multilevel Ports With UDP
str_to_label()
routine
code example
Setting a File Sensitivity Label
strictly dominant labels
Label Relationships
sys_trans_label
privilege
Privileged Operations and Labels
system calls
API declarations
System Calls and Library Routines in Trusted Extensions
fgetlabel()
routine
Obtaining and Setting the Label of a File
getlabel()
routine
Obtaining and Setting the Label of a File
T
terms
definitions of
Understanding Labels
testing and debugging applications
Developing, Testing, and Debugging an Application
text
color names
Obtaining the Color Names of Labels
tninfo
command
Detecting a Trusted Extensions System
translation
privileges needed
Privileged Operations and Labels
Trusted Extensions APIs
Oracle Solaris examples
Understanding Labels
tsol_getrhtype()
routine
declaration
Obtaining the Remote Host Type
U
ucred_getlabel()
routine
declaration
Accessing the Process Sensitivity Label
upgrading labels
guidelines
Privileged Operations and Labels
privileges needed
Privileged Operations and Labels
Z
zones
APIs for zone labels and zone paths
Labeled Zones
in Trusted Extensions
Zones and Labels
labeled
Zones and Labels
mounts and the global zone
Write-Down Policy in the Global Zone
multilevel ports
Multilevel Ports
Previous