Trusted Extensions X Window System APIs

To use the Trusted X11 APIs, you need the following header file:

#include <X11/extensions/Xtsol.h>

The Trusted X11 examples compile with the -lXtsol and -ltsol library options.

To use the X11 label-clipping APIs, you need the following header file:

#include <tsol/label.h>

The label-clipping examples compile with the -ltsol library option.

The following sections provide data types and declarations for the Trusted X11 interfaces and the X11 label-clipping interfaces:

• Data types for X11

• Accessing attributes

• Accessing and setting a window label

• Accessing and setting a window user ID

• Accessing and setting a window property label

• Accessing and setting a window property user ID

• Accessing and setting a workstation owner ID

• Setting the X Window Server clearance and minimum label

• Working with the Trusted Path window

• Accessing and setting the screen stripe height

• Setting window polyinstantiation information

• Working with the X11 label-clipping interface

Data Types for X11

The following data types are defined in X11/extensions/Xtsol.h and are used for the Trusted Extensions X Window System APIs:

• Object type for X11 – The ResourceType definition indicates the type of resource to be handled. The value can be IsWindow, IsPixmap, or IsColormap.

  ResourceType is a type definition to represent a clearance. Interfaces accept a structure of type m_label_t as parameters and return clearances in a structure of the same type.

• Object attributes for X11 –The XTsolResAttributes structure contains these resource attributes:

  typedef struct _XTsolResAttributes {
      CARD32     ouid;    /* owner uid */
      CARD32     uid;     /* uid of the window */
      m_label_t  *sl;     /* sensitivity label */
  } XTsolResAttributes;

• Property attributes for X11 – The XTsolPropAttributes structure contains these property attributes:

  typedef struct _XTsolPropAttributes {
      CARD32     uid;     /* uid of the property */
      m_label_t  *sl;     /* sensitivity label */
  } XTsolPropAttributes;

• Client attributes for X11 – The XTsolClientAttributes structure contains these client attributes:

  typedef struct _XTsolClientAttributes {
      int      trustflag; /* true if client masked as trusted */
      uid_t    uid;       /* owner uid who started the client */
      gid_t    gid;       /* group id */
      pid_t    pid;       /* process id */
      u_long   sessionid; /* session id */
      au_id_t  auditid;   /* audit id */
      u_long   iaddr;     /* internet addr of host where client is running */
  } XTsolClientAttributes;

Accessing Attributes

The following routines are used to access resource, property, and client attributes:

Status XTSOLgetResAttributes(Display *display, XID object, ResourceType type, XTSOLResAttributes *winattrp);

This routine returns the resource attributes for a window ID in winattrp. See the XTSOLgetResAttributes(3XTSOL) man page.

Status XTSOLgetPropAttributes(Display *display, Window window, Atom property, XTSOLPropAttributes *propattrp);

This routine returns the property attributes for a property hanging on a window ID in propattrp. See the XTSOLgetPropAttributes(3XTSOL) man page.

Status XTSOLgetClientAttributes(Display *display, XID windowid, XTsolClientAttributes *clientattrp);

This routine returns the client attributes in clientattrp. See the XTSOLgetClientAttributes(3XTSOL) man page.

Accessing and Setting a Window Label

The XTSOLgetResLabel() and XTSOLsetResLabel() routines are used to obtain and set the sensitivity label of a window.

Status XTSOLgetResLabel(Display *display, XID object, ResourceType type, m_label_t *sl);

This routine obtains the sensitivity label of a window. See the XTSOLgetResLabel(3XTSOL) man page.

Status XTSOLsetResLabel(Display *display, XID object, ResourceType type, m_label_t *sl);

This routine sets the sensitivity label of a window. See the XTSOLsetResLabel(3XTSOL) man page.

Accessing and Setting a Window User ID

The XTSOLgetResUID() and XTSOLsetResUID() routines are used to obtain and set the user ID of a window.

Status XTSOLgetResUID(Display *display, XID object, ResourceType type, uid_t *uidp);

This routine obtains the user ID of a window. See the XTSOLgetResUID(3XTSOL) man page.

Status XTSOLsetResUID(Display *display, XID object, ResourceType type, uid_t *uidp);

This routine sets the user ID of a window. See the XTSOLsetResUID(3XTSOL) man page.

Accessing and Setting a Window Property Label

The XTSOLgetPropLabel() and XTSOLsetPropLabel() routines are used to obtain and set the sensitivity label of a property hanging on a window ID.

Status XTSOLgetPropLabel(Display *display, Window window, Atom property, m_label_t *sl);

This routine obtains the sensitivity label of a property hanging on a window ID. See the XTSOLgetPropLabel(3XTSOL) man page.

Status XTSOLsetPropLabel(Display *display, Window window, Atom property, m_label_t *sl);

This routine sets the sensitivity label of a property hanging on a window ID. See the XTSOLsetPropLabel(3XTSOL) man page.

Accessing and Setting a Window Property User ID

The XTSOLgetPropUID() and XTSOLsetPropUID() routines are used to obtain and set the user ID of a property hanging on a window ID.

Status XTSOLgetPropUID(Display *display, Window window, Atom property, uid_t *uidp);

This routine obtains the user ID of a property hanging on a window ID. See the XTSOLgetPropUID(3XTSOL) man page.

Status XTSOLsetPropUID(Display *display, Window window, Atom property, uid_t *uidp);

This routine sets the user ID of a property hanging on a window ID. See the XTSOLsetPropUID(3XTSOL) man page.

Accessing and Setting a Workstation Owner ID

The XTSOLgetWorkstationOwner() and XTSOLsetWorkstationOwner() routines are used to obtain and set the user ID of the owner of the workstation server.

Status XTSOLgetWorkstationOwner(Display *display, uid_t *uidp);

This routine obtains the user ID of the owner of the workstation server. See the XTSOLgetWorkstationOwner(3XTSOL) man page

Status XTSOLsetWorkstationOwner(Display *display, uid_t *uidp);

This routine sets the user ID of the owner of the workstation server. See the XTSOLsetWorkstationOwner(3XTSOL) man page.

Setting the X Window Server Clearance and Minimum Label

The XTSOLsetSessionHI() and XTSOLsetSessionLO() routines are used to set the session high clearance and the session low minimum label for the X Window Server. Session high must be within the user's range. Session low is the same as the user's minimum label for the multilevel session.

Status XTSOLsetSessionHI(Display *display, m_label_t *sl);

The session high clearance is set from the workstation owner's clearance at login. The session high clearance must be dominated by the owner's clearance and by the upper bound of the machine monitor's label range. Once changed, connection requests from clients that run at a sensitivity label higher than the window server clearance are rejected unless they have privileges. See the XTSOLsetSessionHI(3XTSOL) man page.

Status XTSOLsetSessionLO(Display *display, m_label_t *sl);

The session low minimum label is set from the workstation owner's minimum label at login. The session low minimum label must be greater than the user's administratively set minimum label and the lower bound of the machine monitor's label range. When this setting is changed, connection requests from clients that run at a sensitivity label lower than the window server sensitivity label are rejected unless they have privileges. See the XTSOLsetSessionLO(3XTSOL) man page.

Working With the Trusted Path Window

The XTSOLMakeTPWindow() and XTSOLIsWindowTrusted() routines are used to make the specified window the Trusted Path window and to test whether the specified window is the Trusted Path window.

Status XTSOLMakeTPWindow(Display *display, Window *w);

This routine makes the specified window the Trusted Path window. See the XTSOLMakeTPWindow(3XTSOL) man page.

Bool XTSOLIsWindowTrusted(Display *display, Window *window);

This routine tests whether the specified window is the Trusted Path window. See the XTSOLIsWindowTrusted(3XTSOL) man page.

Accessing and Setting the Screen Stripe Height

The XTSOLgetSSHeight() and XTSOLsetSSHeight() routines are used to obtain and set the screen stripe height.

Status XTSOLgetSSHeight(Display *display, int screen_num, int *newHeight);

This routine obtains the screen stripe height. See the XTSOLgetSSHeight(3XTSOL) man page.

Status XTSOLsetSSHeight(Display *display, int screen_num, int newHeight);

This routine sets the screen stripe height. Be careful that you do not end up without a screen stripe or with a very large screen stripe. See the XTSOLsetSSHeight(3XTSOL) man page.

Setting Window Polyinstantiation Information

Status XTSOLsetPolyInstInfo(Display *display, m_label_t sl, uid_t *uidp, int enabled);

The XTSOLsetPolyInstInfo() routine enables a client to obtain property information from a property at a different sensitivity label than the client. In the first call, you specify the desired sensitivity label and the user ID, and set the enabled property to True. Then, you call XTSOLgetPropAttributes(), XTSOLgetPropLabel(), or XTSOLgetPropUID(). To finish, you call the XTSOLsetPolyInstInfo() routine again with the enabled property set to False. See the XTSOLsetPolyInstInfo(3XTSOL) man page.

Working With the X11 Label-Clipping Interface

int label_to_str(const m_label_t *label, char **string, const m_label_str_t conversion_type, uint_t flags);

The label_to_str() routine translates a sensitivity label or clearance to a string. See the label_to_str(3TSOL) man page.