Trusted X Window System Environment

A system that is configured with Trusted Extensions uses the Trusted Extensions X Window System. The Trusted Extensions X Window System includes protocol extensions to support mandatory access control (MAC), discretionary access control (DAC), and the use of privileges.

Data transfer sessions are polyinstantiated, meaning that they are instantiated at different sensitivity labels and user IDs. Polyinstantiation ensures that data in an unprivileged client at one sensitivity label or user ID is not transferred to another client at another sensitivity label or user ID. Such a transfer might violate the Trusted X Window System DAC policies and the MAC policies of write-equal and read-down.

The Trusted Extensions X Window System APIs enable you to obtain and set security-related attribute information. These APIs also enable you to translate labels to strings by using a font list and width to apply a style to the text string output. For example, the font might be 14-point, bold Helvetica. These interfaces are usually called by administrative applications.

• Obtaining security-related information – These interfaces operate at the Xlib level where X protocol requests are made. Use Xlib interfaces to obtain data for the input parameter values.

• Translating labels to strings – These interfaces operate at the Motif level. The input parameters are the label, a font list that specifies the appearance of the text string output, and the desired width. A compound string of the specified style and width is returned.

For declarations of these routines, see Trusted Extensions X Window System APIs.