Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Solaris Trusted Extensions Developer's Guide
Previous Next

Using Trusted X Window System Interfaces

The following sections provide example code excerpts that use Trusted Extensions interface calls. These calls handle security attributes and translate a label to a string. The excerpts focus on handling window security attributes, the most commonly managed attributes in application programs. Often, a client retrieves security attributes by using the appropriate privileges for an object that was created by another application. The client then checks the attributes to determine whether an operation on the object is permitted by the system's security policy. The security policy covers DAC policies and the MAC write-equal and read-down policies. If access is denied, the application generates an error or uses privileges, as appropriate. See Privileged Operations and the Trusted X Window System for a discussion about when privileges are needed.

You must create an object before you can retrieve its ID to pass to the Trusted Extensions APIs.

Obtaining Window Attributes

The XTSOLgetResAttributes() routine returns security-related attributes for a window. You supply the following:

  • Display ID

  • Window ID

  • Flag to indicate that the object for which you want security attributes is a window

  • XtsolResAttributes structure to receive the returned attributes

Because the client is obtaining the security attributes for a window that the client created, no privileges are required.

Note that the example programs in this book focus on the APIs being shown and do not perform error checking. Your applications should perform the appropriate error checking.

/* Retrieve underlying window and display IDs with Xlib calls */
   window = XtWindow(topLevel);
   display = XtDisplay(topLevel);

/* Retrieve window security attributes */
   retval = XTSOLgetResAttributes(display, window, IsWindow, &winattrs);

/* Translate labels to strings */
   retval = label_to_str(&winattrs.sl, &plabel, M_LABEL, LONG_NAMES);

/* Print security attribute information */
   printf(“Workstation Owner ID = %d\nUser ID = %d\nLabel = %s\n”,
   winattrs.ouid, winattrs.uid, string1);

The printf statement prints the following:

Workstation Owner ID = 29378
User ID = 29378
Label = CONFIDENTIAL

Translating the Window Label With the Font List

This example shows how to obtain the process sensitivity label and translate it to a string by using a font list and the pixel width. A label widget is created with the string for its label. The process sensitivity label equals the window sensitivity label. Therefore, no privileges are required.

When the final string is longer than the width, the string is clipped and the clipped indicator is used. Note that the X Window System label-translation interfaces clip to the specified number of pixels, while the label-clipping interfaces clip to the number of characters.

Note - If your site uses a label_encodings file in a language other than English, the translation might not work on accent characters in the ISO standard above 128. The following example does not work for the Asian character set.

    retval = getplabel(&senslabel);

/* Create the font list and translate the label using it */
    italic = XLoadQueryFont(XtDisplay(topLevel),
        “-adobe-times-medium-i-*-*-14-*-*-*-*-*-iso8859-1”);
    fontlist = XmFontListCreate(italic, “italic”);
    xmstr = Xbsltos(XtDisplay(topLevel), &senslabel, width, fontlist, 
        LONG_WORDS);
/* Create a label widget using the font list and label text*/
    i=0;
    XtSetArg(args[i], XmNfontList, fontlist); i++;
    XtSetArg(args[i], XmNlabelString, xmstr); i++;
    label = XtCreateManagedWidget(“label”, xmLabelWidgetClass, 
        form, args, i);

Obtaining a Window Label

This example shows how to obtain the sensitivity label for a window. The process sensitivity label equals the window sensitivity label. Therefore, no privileges are required.

/* Retrieve window label */
    retval = XTSOLgetResLabel(display, window, IsWindow, &senslabel);

/* Translate labels to string and print */
    retval = label_to_str(label, &string, M_LABEL, LONG_NAMES);
    printf(“Label = %s\n”, string);

The printf statement, for example, prints the following:

Label = PUBLIC

Setting a Window Label

This example shows how to set the sensitivity label on a window. The new sensitivity label dominates the sensitivity label of the window and the process. The client needs the sys_trans_label privilege in its effective set to translate a label that the client does not dominate. The client also needs the win_upgrade_sl privilege to change the window's sensitivity label.

For more information about using privileges, see Solaris Security for Developers Guide.

/* Translate text string to sensitivity label */
   retval = label_to_str(string4, &label, M_LABEL, L_NO_CORRECTION, &error);

/* Set sensitivity label with new value */
   retval = XTSOLsetResLabel(display, window, IsWindow, label);

Obtaining the Window User ID

This example shows how to obtain the window user ID. The process owns the window resource and is running at the same sensitivity label. Therefore, no privileges are required.

/* Get the user ID of the window */
    retval = XTSOLgetResUID(display, window, IsWindow, &uid);

Obtaining the X Window Server Workstation Owner ID

This example shows how to obtain the ID of the user who is logged in to the X Window Server. The process sensitivity label equals the window sensitivity label. Therefore, no privileges are required.

/* Get the user ID of the window */
    retval = XTSOLgetWorkstationOwner(display, &uid);
Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire