JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Trusted Extensions Developer's Guide     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Trusted Extensions APIs and Security Policy

2.  Labels and Clearances

Privileged Operations and Labels

Label APIs

Detecting a Trusted Extensions System

Accessing the Process Sensitivity Label

Allocating and Freeing Memory for Labels

Obtaining and Setting the Label of a File

Obtaining Label Ranges

Accessing Labels in Zones

Obtaining the Remote Host Type

Translating Between Labels and Strings

Readable Versions of Labels

Label Encodings File

Comparing Labels

Acquiring a Sensitivity Label

3.  Label Code Examples

4.  Interprocess Communications

5.  Trusted X Window System

6.  Label Builder GUI

7.  Trusted Web Guard Prototype

8.  Experimental Java Bindings for the Solaris Trusted Extensions Label APIs

A.  Programmer's Reference

B.  Trusted Extensions API Reference

Index

Privileged Operations and Labels

When an operation can bypass or override the security policy, the operation requires special privileges in its effective set.

Privileges are added to the effective set programmatically or administratively in these ways:

The operation needs special privileges when translating binary labels and when upgrading or downgrading sensitivity labels.

Users and roles can run operations with special privileges. These privileges can be specified by using rights profiles. Applications can be written to run certain functions with certain privileges, as well. When you write an application that must assume special privileges, make sure that you enable the privilege only while running the function that needs it and that you remove the privilege when the function completes. This practice is referred to as privilege bracketing. For more information, see Developer’s Guide to Oracle Solaris 11 Security.

Most applications do not use privileges to bypass access controls because the applications operate in one of the following ways:

If an application tries to access data at sensitivity labels other than the sensitivity label of its process and access is denied, the process needs privileges to gain access. Privileges enable an application to bypass MAC or DAC. For example, the file_dac_read, file_dac_write, and file_dac_search privileges bypass DAC. The file_upgrade_sl and file_downgrade_sl privileges bypass MAC. No matter how access is obtained, the application design must not compromise the classification of the data that is accessed.

When your application changes its own sensitivity label or the sensitivity label of another object, be sure to close all file descriptors. An open file descriptor might leak sensitive data to other processes.