Solaris Trusted Extensions Developer's Guide
Previous Next

Document Information

Preface

1.  Solaris Trusted Extensions APIs and Security Policy

2.  Labels and Clearances

3.  Label Code Examples

4.  Printing and the Label APIs

5.  Interprocess Communications

Multilevel Port Information

Communication Endpoints

6.  Trusted X Window System

7.  Label Builder APIs

8.  Trusted Web Guard Prototype

9.  Experimental Java Bindings for the Solaris Trusted Extensions Label APIs

A.  Programmer's Reference

B.  Solaris Trusted Extensions API Reference

Index

Multilevel Port Information

A system that is configured with Solaris Trusted Extensions supports single-level and multilevel ports. These ports are used to create connections between applications. A multilevel port can receive data within the range of sensitivity labels that is defined for that port. A single-level port can receive data at a designated sensitivity label only.

  • Single-level port – A communication channel is established between two unprivileged applications. The sensitivity label of the communication endpoints must be equal.

  • Multilevel port – A communication channel is established between an application with the net_bindmlp privilege in its effective set and any number of unprivileged applications that run at different sensitivity labels. The application with the net_bindmlp privilege in the effective set of its process can receive all data from the applications, regardless of the receiving application's sensitivity label.

    A multilevel port is a server-side mechanism to establish a connection between two Trusted Extensions applications that are running at different labels. If you want a Trusted Extensions client application to communicate with a service that runs on an untrusted operating system at a different label, you might be able to use the SO_MAC_EXEMPT socket option. For more information, see MAC-Exempt Sockets.

Caution - If a connection is multilevel, ensure that the application does not make a connection at one sensitivity label, and then send or receive data at another sensitivity label. Such a configuration would cause data to reach an unauthorized destination.

The Trusted Network library provides an interface to retrieve the label from a packet. The programmatic manipulation of network packets is not needed. Specifically, you cannot change the security attributes of a message before it is sent. Also, you cannot change the security attributes on the communication endpoint over which the message is sent. You can read the label of a packet, just as you read other security information of a packet. The ucred_getlabel() function is used to retrieve label information.

If your application requires the use of a multilevel port, that port cannot be created programmatically. Rather, you must tell the system administrator to create a multilevel port for the application.

For more information about multilevel ports, see the following:
Previous Next