Trusted X Window Systemprotocol extensions APIsTrusted X Window System label APIsTrusted X Window System This chapter describes the Trusted Extensions X Window System APIs. This chapter also includes a short Motif application that is used to describe the Trusted X Window System security policy and the Solaris Trusted Extensions interfaces.For examples of how the Trusted Extensions APIs are used in the Solaris OS, see the Solaris source code. Go to the OpenSolaris web site and click Source Browser in the left navigation bar. Use the Source Browser to search through the Solaris source code.This chapter covers the following topics:Trusted X Window System Environment Trusted X Window System Security Attributes Trusted X Window System Security Policy Privileged Operations and the Trusted X Window System Trusted Extensions X Window System APIs Using Trusted X Window System Interfaces DAC (discretionary access control)MAC (mandatory access control)A system that is configured with Solaris Trusted Extensions uses the Solaris Trusted Extensions CDE, which is an enhanced version of the Common Desktop Environment (CDE). The Solaris Trusted Extensions CDE uses the Trusted Extensions X Window System. The Trusted Extensions X Window System includes protocol extensions to support mandatory access control (MAC), discretionary access control (DAC), and the use of privileges.polyinstantiationdescription ofData transfer sessions are polyinstantiated, meaning that they are instantiated at different sensitivity labels and user IDs. Polyinstantiation ensures that data in an unprivileged client at one sensitivity label or user ID is not transferred to another client at another sensitivity label or user ID. Such a transfer might violate the Trusted X Window System DAC policies and the MAC policies of write-equal and read-down.The Trusted Extensions X Window System APIs enable you to obtain and set security-related attribute information. These APIs also enable you to translate labels to strings by using a font list and width to apply a style to the text string output. For example, the font might be 14-point, bold Helvetica. These interfaces are usually called by administrative applications that are written with Motif widgets, Xt Intrinsics, Xlib, and CDE interfaces.Obtaining security-related information – These interfaces operate at the Xlib level where X protocol requests are made. Use Xlib interfaces to obtain data for the input parameter values. Translating labels to strings – These interfaces operate at the Motif level. The input parameters are the label, a font list that specifies the appearance of the text string output, and the desired width. A compound string of the specified style and width is returned. For declarations of these routines, see Trusted Extensions X Window System APIs. Trusted X Window Systemsecurity attributesdescription of security attributesTrusted X Window Systemdescription of The Trusted X Window System interfaces manage security-related attribute information for various X Window System objects. You can choose to create a GUI application with Motif only. The Motif application should use XToolkit routines to retrieve the Xlib object IDs underlying the Motif widgets to handle security attribute information for an Xlib object.XlibobjectsGUIsXlib objectsThe X Window System objects for which security attribute information can be retrieved by the Trusted X Window System interfaces are window, property, X Window Server, and the connection between the client and the X Window Server. Xlib provides calls to retrieve the window, property, display, and client connection IDs.windowsdescription ofTrusted X Window SystemobjectsA window displays output to the user and accepts input from clients.propertiesdescription ofA property is an arbitrary collection of data that is accessed by the property name. Property names and property types can be referenced by an atom, which is a unique, 32-bit identifier and a character name string.connection requestssecurity attributesThe security attributes for windows, properties, and client connections consist of ownership IDs and sensitivity label information. For information about the structures for capturing some of these attributes, see Data Types for X11. For information about the interfaces that obtain and set security attribute information, see Trusted Extensions X Window System APIs. Trusted X Window Systemsecurity policy security policyTrusted X Window System Window, property, and pixmap objects have a user ID, a client ID, and a sensitivity label. Graphic contexts, fonts, and cursors have a client ID only. The connection between the client and the X Window Server has a user ID, an X Window Server ID, and a sensitivity label.The user ID is the ID of the client that created the object. The client ID is related to the connection number to which the client that creates the object is connected.The DAC policy requires a client to own an object to perform any operations on that object. A client owns an object when the client's user ID equals the object's ID. For a connection request, the user ID of the client must be in the access control list (ACL) of the owner of the X Window Server workstation. Or, the client must assert the Trusted Path attribute.windowssecurity policyaccesschecks forTrusted X Window SystemThe MAC policy is write-equal for windows and pixmaps, and read-equal for naming windows. The MAC policy is read-down for properties. The sensitivity label is set to the sensitivity label of the creating client. The following shows the MAC policy for these actions:Modify, create, or delete – The sensitivity label of the client must equal the object's sensitivity label. Name, read, or retrieve – The client's sensitivity label must dominate the object's sensitivity label. connection requestssecurity policyConnection request – The sensitivity label of the client must be dominated by the session clearance of the owner of the X Window Server workstation, or the client must assert the Trusted Path attribute. propertiesdescription ofTrusted X Window SystempropertiesWindows can have properties that contain information to be shared among clients. Window properties are created at the sensitivity label at which the application is running, so access to the property data is segregated by its sensitivity label. Clients can create properties, store data in a property on a window, and retrieve the data from a property subject to MAC and DAC restrictions. To specify properties that are not polyinstantiated, update the TrustedExtensionsPolicy file.The TrustedExtensionsPolicy file is supported for the Xsun server and the Xorg server:SPARC: For Xsun, the file is in /usr/openwin/server/etc. x86: For Xorg, the file is in /usr/X11/lib/X11/xserver. These sections describe the security policy for the following:Root window Client windows Override-redirect windows Keyboard, pointer, and server control Selection Manager Default window resources Moving data between windows Trusted X Window Systemroot window windowsroot, security policy The root window is at the top of the window hierarchy. The root window is a public object that does not belong to any client, but it has data that must be protected. The root window attributes are protected at ADMIN_LOW. windowsclient, security policy A client usually has at least one top-level client window that descends from the root window and additional windows nested within the top-level window. All windows that descend from the client's top-level window have the same sensitivity label. Trusted X Window Systemoverride-redirectwindowsoverride-redirect, security policyOverride-redirect windows, such as menus and certain dialog boxes, cannot take the input focus away from another client. This prevents the input focus from accepting input into a file at the wrong sensitivity label. Override-redirect windows are owned by the creating client and cannot be used by other clients to access data at another sensitivity label. Trusted X Window Systemserver control Trusted X Window Systeminput devices privilegeswin_devices A client needs MAC and DAC to gain control of the keyboard, pointer, and server. To reset the focus, a client must own the focus or have the win_devices privilege in its effective set.To warp a pointer, the client needs pointer control and MAC and DAC to the destination window. X and Y coordinate information can be obtained for events that involve explicit user action. Selection Managersecurity policyTrusted X Window SystemSelection ManagerThe Selection Manager application arbitrates user-level interwindow data moves, such as cut and paste or drag and drop, where information is transferred between untrusted windows. When a transfer is attempted, the Selection Manager captures the transfer, verifies the controlling user's authorization, and requests confirmation and labeling information from the user. Any time the user attempts a data move, the Selection Manager automatically appears. You do not need to update your application code to get the Selection Manager to appear.The administrator can set automatic confirmation for some transfer types, in which case the Selection Manager does not appear. If the transfer meets the MAC and DAC policies, the data transfer completes. The File Manager and Window Manager also act as selection agents for their private drop sites. See the /usr/openwin/server/etc/TrustedExtensionsPolicy file to specify selection targets that are polyinstantiated. See the /usr/dt/config/sel_config file to determine which selection targets are automatically confirmed. windowsdefaults Trusted X Window Systemdefaults Resources that are not created by clients are default resources that are protected at ADMIN_LOW. Only clients that run at ADMIN_LOW or with the appropriate privileges can modify default resources.The following are window resources:Root window attributes – All clients have read and create access, but only privileged clients have write or modify access. See Privileged Operations and the Trusted X Window System. Default cursor – Clients are free to reference the default cursor in protocol requests. atomspredefined in X Window SystemTrusted X Window Systempredefined atomsPredefined atoms – The TrustedExtensionsPolicy file contains a read-only list of predefined atoms. privilegeswin_selectionPAF_SELAGNT flagSelection Managerbypassing with flagA client needs the win_selection privilege in its effective set to move data between one window and another window without going through the Selection Manager. See Selection Manager. Trusted X Window Systemprivileged tasks privileged tasksTrusted X Window System Library routines that access a window, property, or atom name without user involvement require MAC and DAC. Library routines that access frame buffer graphic contexts, fonts, and cursors require discretionary access and might also require additional privileges for special tasks.privilegeswin_dac_readprivilegeswin_dac_writewin_dac_write privilegewin_dac_read privilegewin_mac_write privilegewin_mac_read privilegeThe client might need one or more of the following privileges in its effective set if access to the object is denied: win_dac_read, win_dac_write, win_mac_read, or win_mac_write. See the TrustedExtensionsPolicy file to enable or disable these privileges.This list shows the privileges needed to perform the following tasks:privilegeswin_configwin_config privilegepropertiesprivilegeswindowsprivilegesConfiguring and destroying window resources – A client process needs the win_config privilege in its effective set to configure or destroy windows or properties that are permanently retained by the X Window Server. The screen saver timeout is an example of such a resource. privilegeswin_deviceswin_devices privilegedevicesinput device privilegesUsing window input devices – A client process needs the win_devices privilege in its effective set to obtain and set keyboard and pointer controls, or to modify pointer button mappings and key mappings. privilegeswin_dgawin_dga privilegeDGA (direct graphics access)privilegesUsing direct graphics access – A client process needs the win_dga privilege in its effective set to use the direct graphics access (DGA) X protocol extension. privilegeswin_downgrade_slwin_downgrade_sl privilegedowngrading labelsTrusted X Window SystemDowngrading window labels – A client process needs the win_downgrade_sl privilege in its effective set to change the sensitivity label of a window, pixmap, or property to a new label that does not dominate the existing label. privilegeswin_upgrade_slwin_upgrade_sl privilegeupgrading labelsTrusted X Window SystemUpgrading window labels – A client process needs the win_upgrade_sl privilege in its effective set to change the sensitivity label of a window, pixmap, or property to a new label that dominates the existing label. privilegeswin_fontpathwin_fontpath privilegefontsfont path privilegesSetting a font path on a window – A client process needs the win_fontpath privilege in its effective set to modify the font path. APIsTrusted X Window System label APIsTrusted X Window System XlibAPI declarations Trusted X Window SystemAPI declarations compileTrusted X Window System librarieslibrariesTrusted X Window System APIsheader filesTrusted X Window System APIsdata typesTrusted X Window System APIsTo use the Trusted X11 APIs, you need the following header file:#include <X11/extensions/Xtsol.h>The Trusted X11 examples compile with the lXtsol and ltsol library options.To use the X11 label-clipping APIs, you need the following header file:#include <Dt/label_clipping.h>The label-clipping examples compile with the lDtTsol and ltsol library options.The following sections provide data types and declarations for the Trusted X11 interfaces and the X11 label-clipping interfaces:Data types for X11 Accessing attributes Accessing and setting a window label Accessing and setting a window user ID Accessing and setting a window property label Accessing and setting a window property user ID Accessing and setting a workstation owner ID Setting the X Window Server clearance and minimum label Working with the Trusted Path window Accessing and setting the screen stripe height Setting window polyinstantiation information Working with the X11 label-clipping interface The following data types are defined in X11/extensions/Xtsol.h and are used for the Trusted Extensions X Window System APIs:ResourceType structureTrusted X Window Systemobject type definitionObject type for X11 – The ResourceType definition indicates the type of resource to be handled. The value can be IsWindow, IsPixmap, or IsColormap.ResourceType is a type definition to represent a clearance. Interfaces accept a structure of type m_label_t as parameters and return clearances in a structure of the same type. XTsolResAttributes structureTrusted X Window Systemobject attribute structuresl fielduid fieldouid fieldObject attributes for X11 –The XTsolResAttributes structure contains these resource attributes:typedef struct _XTsolResAttributes { CARD32 ouid; /* owner uid */ CARD32 uid; /* uid of the window */ m_label_t *sl; /* sensitivity label */ } XTsolResAttributes; XTsolPropAttributes structureTrusted X Window Systemproperty attribute structuresl fielduid fieldProperty attributes for X11 – The XTsolPropAttributes structure contains these property attributes:typedef struct _XTsolPropAttributes { CARD32 uid; /* uid of the property */ m_label_t *sl; /* sensitivity label */ } XTsolPropAttributes; XTsolClientAttributes structureTrusted X Window Systemclient attributes structurepid fieldgid fielduid fieldiaddr fieldauditid fieldsessionid fielduid fieldClient attributes for X11 – The XTsolClientAttributes structure contains these client attributes:typedef struct _XTsolClientAttributes { int trustflag; /* true if client masked as trusted */ uid_t uid; /* owner uid who started the client */ gid_t gid; /* group id */ pid_t pid; /* process id */ u_long sessionid; /* session id */ au_id_t auditid; /* audit id */ u_long iaddr; /* internet addr of host where client is running */ } XTsolClientAttributes; The following routines are used to access resource, property, and client attributes:Status XTSOLgetResAttributes(Display *display, XID object, ResourceType type, XTSOLResAttributes *winattrp);XTSOLgetResAttributes routinedeclarationlibrary routinesXTSOLgetResAttributesThis routine returns the resource attributes for a window ID in winattrp. See the XTSOLgetResAttributes3XTSOL man page. Status XTSOLgetPropAttributes(Display *display, Window window, Atom property, XTSOLPropAttributes *propattrp);XTSOLgetPropAttributes routinedeclarationlibrary routinesXTSOLgetPropAttributesThis routine returns the property attributes for a property hanging on a window ID in propattrp. See the XTSOLgetPropAttributes3XTSOL man page. Status XTSOLgetClientAttributes(Display *display, XID windowid, XTsolClientAttributes *clientattrp);XTSOLgetClientAttributes routinedeclarationlibrary routinesXTSOLgetClientAttributesThis routine returns the client attributes in clientattrp. See the XTSOLgetClientAttributes3XTSOL man page. XTSOLgetResLabel routinedeclaration library routinesXTSOLgetResLabel XTSOLsetResLabel routinedeclaration library routinesXTSOLsetResLabel The XTSOLgetResLabel and XTSOLsetResLabel routines are used to obtain and set the sensitivity label of a window.Status XTSOLgetResLabel(Display *display, XID object, ResourceType type, m_label_t *sl);This routine obtains the sensitivity label of a window. See the XTSOLgetResLabel3XTSOL man page. Status XTSOLsetResLabel(Display *display, XID object, ResourceType type, m_label_t *sl);This routine sets the sensitivity label of a window. See the XTSOLsetResLabel3XTSOL man page. XTSOLgetResUID routinedeclaration library routinesXTSOLgetResUID XTSOLsetResUID routinedeclaration library routinesXTSOLsetResUID The XTSOLgetResUID and XTSOLsetResUID routines are used to obtain and set the user ID of a window.Status XTSOLgetResUID(Display *display, XID object, ResourceType type, uid_t *uidp);This routine obtains the user ID of a window. See the XTSOLgetResUID3XTSOL man page. Status XTSOLsetResUID(Display *display, XID object, ResourceType type, uid_t *uidp);This routine sets the user ID of a window. See the XTSOLsetResUID3XTSOL man page. XTSOLsetPropLabel routinedeclaration library routinesXTSOLsetPropLabel XTSOLgetPropLabel routinedeclaration library routinesXTSOLgetPropLabel The XTSOLgetPropLabel and XTSOLsetPropLabel routines are used to obtain and set the sensitivity label of a property hanging on a window ID.Status XTSOLgetPropLabel(Display *display, Window window, Atom property, m_label_t *sl);This routine obtains the sensitivity label of a property hanging on a window ID. See the XTSOLgetPropLabel3XTSOL man page. Status XTSOLsetPropLabel(Display *display, Window window, Atom property, m_label_t *sl);This routine sets the sensitivity label of a property hanging on a window ID. See the XTSOLsetPropLabel3XTSOL man page. XTSOLsetPropUID routinedeclaration library routinesXTSOLsetPropUID XTSOLgetPropUID routinedeclaration library routinesXTSOLgetPropUID The XTSOLgetPropUID and XTSOLsetPropUID routines are used to obtain and set the user ID of a property hanging on a window ID.Status XTSOLgetPropUID(Display *display, Window window, Atom property, uid_t *uidp);This routine obtains the user ID of a property hanging on a window ID. See the XTSOLgetPropUID3XTSOL man page. Status XTSOLsetPropUID(Display *display, Window window, Atom property, uid_t *uidp);This routine sets the user ID of a property hanging on a window ID. See the XTSOLsetPropUID3XTSOL man page. XTSOLsetWorkstationOwner routinedeclaration library routinesXTSOLsetWorkstationOwner XTSOLgetWorkstationOwner routinedeclaration library routinesXTSOLgetWorkstationOwner The XTSOLgetWorkstationOwner and XTSOLsetWorkstationOwner routines are used to obtain and set the user ID of the owner of the workstation server.The XTSOLsetWorkstationOwner routine should only be used by the Window Manager. Status XTSOLgetWorkstationOwner(Display *display, uid_t *uidp);This routine obtains the user ID of the owner of the workstation server. See the XTSOLgetWorkstationOwner3XTSOL man page Status XTSOLsetWorkstationOwner(Display *display, uid_t *uidp);This routine sets the user ID of the owner of the workstation server. See the XTSOLsetWorkstationOwner3XTSOL man page. XTSOLsetSessionLO routinedeclaration library routinesXTSOLsetSessionLO XTSOLsetSessionHI routinedeclaration library routinesXTSOLsetSessionHI The XTSOLsetSessionHI and XTSOLsetSessionLO routines are used to set the session high clearance and the session low minimum label for the X Window Server. Session high can be selected from the Label Builder GUI and must be within the user's range. Session low is the same as the user's minimum label for the multilevel session.These interfaces should only be used by the Window Manager. Status XTSOLsetSessionHI(Display *display, m_label_t *sl);The session high clearance is set from the workstation owner's clearance at login. The session high clearance must be dominated by the owner's clearance and by the upper bound of the machine monitor's label range. Once changed, connection requests from clients that run at a sensitivity label higher than the window server clearance are rejected unless they have privileges. See the XTSOLsetSessionHI3XTSOL man page. Status XTSOLsetSessionLO(Display *display, m_label_t *sl);The session low minimum label is set from the workstation owner's minimum label at login. The session low minimum label must be greater than the user's administratively set minimum label and the lower bound of the machine monitor's label range. When this setting is changed, connection requests from clients that run at a sensitivity label lower than the window server sensitivity label are rejected unless they have privileges. See the XTSOLsetSessionLO3XTSOL man page. XTSOLIsWindowTrusted routinedeclaration library routinesXTSOLIsWindowTrusted XTSOLmakeTPWindow routinedeclaration library routinesXTSOLmakeTPWindow The XTSOLMakeTPWindow and XTSOLIsWindowTrusted routines are used to make the specified window the Trusted Path window and to test whether the specified window is the Trusted Path window.Status XTSOLMakeTPWindow(Display *display, Window *w);This routine makes the specified window the Trusted Path window. See the XTSOLMakeTPWindow3XTSOL man page. Bool XTSOLIsWindowTrusted(Display *display, Window *window);This routine tests whether the specified window is the Trusted Path window. See the XTSOLIsWindowTrusted3XTSOL man page. XTSOLsetSSHeight routinedeclaration library routinesXTSOLsetSSHeight XTSOLgetSSHeight routinedeclaration library routinesXTSOLgetSSHeight The XTSOLgetSSHeight and XTSOLsetSSHeight routines are used to obtain and set the screen stripe height.These interfaces should only be used by the Window Manager. Status XTSOLgetSSHeight(Display *display, int screen_num, int *newHeight);This routine obtains the screen stripe height. See the XTSOLgetSSHeight3XTSOL man page. Status XTSOLsetSSHeight(Display *display, int screen_num, int newHeight);This routine sets the screen stripe height. Be careful that you do not end up without a screen stripe or with a very large screen stripe. See the XTSOLsetSSHeight3XTSOL man page. XTSOLsetPolyInstInfo routinedeclaration library routinesXTSOLsetPolyInstInfo Status XTSOLsetPolyInstInfo(Display *display, m_label_t sl, uid_t *uidp, int enabled);The XTSOLsetPolyInstInfo routine enables a client to obtain property information from a property at a different sensitivity label than the client. In the first call, you specify the desired sensitivity label and the user ID, and set the enabled property to True. Then, you call XTSOLgetPropAttributes, XTSOLgetPropLabel, or XTSOLgetPropUID. To finish, you call the XTSOLsetPolyInstInfo routine again with the enabled property set to False. See the XTSOLsetPolyInstInfo3XTSOL man page. label_to_str routinedeclaration label clippingAPI declaration library routineslabel_to_str int label_to_str(const m_label_t *label, char **string, const m_label_str_t conversion_type, uint_t flags);The label_to_str routine translates a sensitivity label or clearance to a string. See the label_to_str3TSOL man page. Trusted X Window Systemusing interfaces code examplesTrusted X Window System The following sections provide example code excerpts that use Trusted Extensions interface calls. These calls handle security attributes and translate a label to a string. The excerpts focus on handling window security attributes, the most commonly managed attributes in application programs. Often, a client retrieves security attributes by using the appropriate privileges for an object that was created by another application. The client then checks the attributes to determine whether an operation on the object is permitted by the system's security policy. The security policy covers DAC policies and the MAC write-equal and read-down policies. If access is denied, the application generates an error or uses privileges, as appropriate. See Privileged Operations and the Trusted X Window System for a discussion about when privileges are needed.You must create an object before you can retrieve its ID to pass to the Trusted Extensions APIs.code examplesTrusted X Window Systemobtaining window attributes XTSOLgetResAttributes routinecode example The XTSOLgetResAttributes routine returns security-related attributes for a window. You supply the following:Display ID Window ID Flag to indicate that the object for which you want security attributes is a window XtsolResAttributes structure to receive the returned attributes Because the client is obtaining the security attributes for a window that the client created, no privileges are required.Note that the example programs in this book focus on the APIs being shown and do not perform error checking. Your applications should perform the appropriate error checking./* Retrieve underlying window and display IDs with Xlib calls */ window = XtWindow(topLevel); display = XtDisplay(topLevel); /* Retrieve window security attributes */ retval = XTSOLgetResAttributes(display, window, IsWindow, &winattrs); /* Translate labels to strings */ retval = label_to_str(&winattrs.sl, &plabel, M_LABEL, LONG_NAMES); /* Print security attribute information */ printf(“Workstation Owner ID = %d\nUser ID = %d\nLabel = %s\n”, winattrs.ouid, winattrs.uid, string1);The printf statement prints the following:Workstation Owner ID = 29378 User ID = 29378 Label = CONFIDENTIAL translationlabels with font list fontsfont list translation label_to_str routinecode example label clippingtranslating with font list code examplesTrusted X Window Systemtranslating with font list This example shows how to obtain the process sensitivity label and translate it to a string by using a font list and the pixel width. A label widget is created with the string for its label. The process sensitivity label equals the window sensitivity label. Therefore, no privileges are required.When the final string is longer than the width, the string is clipped and the clipped indicator is used. Note that the X Window System label-translation interfaces clip to the specified number of pixels, while the label-clipping interfaces clip to the number of characters.label_encodings filenon-EnglishIf your site uses a label_encodings file in a language other than English, the translation might not work on accent characters in the ISO standard above 128. The following example does not work for the Asian character set. retval = getplabel(&senslabel); /* Create the font list and translate the label using it */ italic = XLoadQueryFont(XtDisplay(topLevel), “-adobe-times-medium-i-*-*-14-*-*-*-*-*-iso8859-1”); fontlist = XmFontListCreate(italic, “italic”); xmstr = Xbsltos(XtDisplay(topLevel), &senslabel, width, fontlist, LONG_WORDS); /* Create a label widget using the font list and label text*/ i=0; XtSetArg(args[i], XmNfontList, fontlist); i++; XtSetArg(args[i], XmNlabelString, xmstr); i++; label = XtCreateManagedWidget(“label”, xmLabelWidgetClass, form, args, i); code exampleslabelsobtaining on window code examplesTrusted X Window Systemobtaining window label XTSOLgetResLabel routinecode example This example shows how to obtain the sensitivity label for a window. The process sensitivity label equals the window sensitivity label. Therefore, no privileges are required./* Retrieve window label */ retval = XTSOLgetResLabel(display, window, IsWindow, &senslabel); /* Translate labels to string and print */ retval = label_to_str(label, &string, M_LABEL, LONG_NAMES); printf(“Label = %s\n”, string);The printf statement, for example, prints the following:Label = PUBLIC user IDsobtaining on window code exampleslabelssetting on window code examplesTrusted X Window Systemsetting window label XTSOLsetResLabel routinecode example privilegeswin_upgrade_slprivilegessys_trans_labelThis example shows how to set the sensitivity label on a window. The new sensitivity label dominates the sensitivity label of the window and the process. The client needs the sys_trans_label privilege in its effective set to translate a label that the client does not dominate. The client also needs the win_upgrade_sl privilege to change the window's sensitivity label.For more information about using privileges, see Solaris Security for Developers Guide./* Translate text string to sensitivity label */ retval = label_to_str(string4, &label, M_LABEL, L_NO_CORRECTION, &error); /* Set sensitivity label with new value */ retval = XTSOLsetResLabel(display, window, IsWindow, label); code examplesTrusted X Window Systemobtaining window user ID XTSOLgetResUID routinecode example This example shows how to obtain the window user ID. The process owns the window resource and is running at the same sensitivity label. Therefore, no privileges are required./* Get the user ID of the window */ retval = XTSOLgetResUID(display, window, IsWindow, &uid); user IDsobtaining on workstation code examplesTrusted X Window Systemobtaining workstation owner XTSOLgetWorkstationOwner routinecode example This example shows how to obtain the ID of the user who is logged in to the X Window Server. The process sensitivity label equals the window sensitivity label. Therefore, no privileges are required./* Get the user ID of the window */ retval = XTSOLgetWorkstationOwner(display, &uid);