summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Tribble <peter.tribble@gmail.com>2017-08-03 13:19:57 +0100
committerDan McDonald <danmcd@joyent.com>2017-08-07 13:33:17 -0400
commit01a009817ac98af8e944784cebf0afd690b7cae7 (patch)
treec96e67bce362fe1fb077b792cecdfbd8db20a587
parentc5b186dedd5ab03feb457a3205005f0e5833cfda (diff)
downloadillumos-joyent-01a009817ac98af8e944784cebf0afd690b7cae7.tar.gz
8557 remove trusted desktop remnants
Reviewed by: Toomas Soome <tsoome@me.com> Reviewed by: Igor Kozhukhov <igor@dilos.org> Approved by: Dan McDonald <danmcd@joyent.com>
-rw-r--r--usr/src/cmd/oamuser/user/funcs.c33
-rw-r--r--usr/src/cmd/passmgmt/passmgmt.c2
-rw-r--r--usr/src/head/auth_list.h3
-rw-r--r--usr/src/head/user_attr.h4
-rw-r--r--usr/src/lib/libsecdb/auth_attr.txt3
-rw-r--r--usr/src/lib/libsecdb/help/auths/LabelWinDowngrade.html37
-rw-r--r--usr/src/lib/libsecdb/help/auths/LabelWinNoView.html36
-rw-r--r--usr/src/lib/libsecdb/help/auths/LabelWinUpgrade.html37
-rw-r--r--usr/src/lib/libsecdb/help/auths/Makefile3
-rw-r--r--usr/src/lib/libsecdb/prof_attr.txt2
-rw-r--r--usr/src/man/man3/Intro.316
-rw-r--r--usr/src/man/man4/Makefile1
-rw-r--r--usr/src/man/man4/exec_attr.470
-rw-r--r--usr/src/man/man4/sel_config.4164
-rw-r--r--usr/src/man/man4/user_attr.432
-rw-r--r--usr/src/man/man5/trusted_extensions.524
-rw-r--r--usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf3
-rw-r--r--usr/src/pkg/manifests/system-trusted.mf4
18 files changed, 21 insertions, 453 deletions
diff --git a/usr/src/cmd/oamuser/user/funcs.c b/usr/src/cmd/oamuser/user/funcs.c
index 93f6b458d5..ac9cdfa580 100644
--- a/usr/src/cmd/oamuser/user/funcs.c
+++ b/usr/src/cmd/oamuser/user/funcs.c
@@ -59,8 +59,6 @@ static const char auth[] = "authorization";
static const char type[] = "user type";
static const char lock[] = "lock_after_retries value";
static const char label[] = "label";
-static const char idlecmd[] = "idlecmd value";
-static const char idletime[] = "idletime value";
static const char auditflags[] = "audit mask";
static char auditerr[256];
@@ -73,8 +71,6 @@ static const char *check_privset(const char *);
static const char *check_type(const char *);
static const char *check_lock_after_retries(const char *);
static const char *check_label(const char *);
-static const char *check_idlecmd(const char *);
-static const char *check_idletime(const char *);
static const char *check_auditflags(const char *);
int nkeys;
@@ -91,8 +87,6 @@ static ua_key_t keys[] = {
{ USERATTR_LOCK_AFTER_RETRIES_KW, check_lock_after_retries, lock },
{ USERATTR_CLEARANCE, check_label, label },
{ USERATTR_MINLABEL, check_label, label },
- { USERATTR_IDLECMD_KW, check_idlecmd, idlecmd },
- { USERATTR_IDLETIME_KW, check_idletime, idletime },
{ USERATTR_AUDIT_FLAGS_KW, check_auditflags, auditflags },
};
@@ -448,33 +442,6 @@ check_label(const char *labelstr)
}
static const char *
-check_idlecmd(const char *cmd)
-{
- if ((strcmp(cmd, USERATTR_IDLECMD_LOCK_KW) != 0) &&
- (strcmp(cmd, USERATTR_IDLECMD_LOGOUT_KW) != 0)) {
- return (cmd);
- }
-
- return (NULL);
-}
-
-static const char *
-check_idletime(const char *time)
-{
- int c;
- unsigned char *up = (unsigned char *)time;
-
- c = *up;
- while (c != '\0') {
- if (!isdigit(c))
- return (time);
- c = *++up;
- }
-
- return (NULL);
-}
-
-static const char *
check_auditflags(const char *auditflags)
{
au_mask_t mask;
diff --git a/usr/src/cmd/passmgmt/passmgmt.c b/usr/src/cmd/passmgmt/passmgmt.c
index d2eef294aa..2b4f34e8db 100644
--- a/usr/src/cmd/passmgmt/passmgmt.c
+++ b/usr/src/cmd/passmgmt/passmgmt.c
@@ -93,8 +93,6 @@ kvopts_t ua_opts[] = {
{ '\0', USERATTR_LABELVIEW },
{ '\0', USERATTR_CLEARANCE },
{ '\0', USERATTR_MINLABEL },
-{ '\0', USERATTR_IDLECMD_KW },
-{ '\0', USERATTR_IDLETIME_KW },
{ '\0', USERATTR_AUDIT_FLAGS_KW },
};
diff --git a/usr/src/head/auth_list.h b/usr/src/head/auth_list.h
index 8ca2a2e0ba..1554f80db8 100644
--- a/usr/src/head/auth_list.h
+++ b/usr/src/head/auth_list.h
@@ -67,7 +67,6 @@ extern "C" {
/*
* Authorizations used by Trusted Extensions.
*/
-#define BYPASS_FILE_VIEW_AUTH "solaris.label.win.noview"
#define DEVICE_CONFIG_AUTH "solaris.device.config"
#define FILE_CHOWN_AUTH "solaris.file.chown"
#define FILE_DOWNGRADE_SL_AUTH "solaris.label.file.downgrade"
@@ -85,8 +84,6 @@ extern "C" {
#define SYS_ACCRED_SET_AUTH "solaris.label.range"
#define SYSEVENT_READ_AUTH "solaris.system.sysevent.read"
#define SYSEVENT_WRITE_AUTH "solaris.system.sysevent.write"
-#define WIN_DOWNGRADE_SL_AUTH "solaris.label.win.downgrade"
-#define WIN_UPGRADE_SL_AUTH "solaris.label.win.upgrade"
#ifdef __cplusplus
}
diff --git a/usr/src/head/user_attr.h b/usr/src/head/user_attr.h
index d11694e5d7..4a65465c4b 100644
--- a/usr/src/head/user_attr.h
+++ b/usr/src/head/user_attr.h
@@ -78,10 +78,6 @@ struct __FILE; /* structure tag for type FILE defined in stdio.h */
#define USERATTR_ROLES_KW "roles"
#define USERATTR_ROLES_NONE_KW "none"
#define USERATTR_DEFAULTPROJ_KW "project"
-#define USERATTR_IDLETIME_KW "idletime"
-#define USERATTR_IDLECMD_KW "idlecmd"
-#define USERATTR_IDLECMD_LOCK_KW "lock"
-#define USERATTR_IDLECMD_LOGOUT_KW "logout"
#define USERATTR_TYPE_KW "type"
#define USERATTR_TYPE_NORMAL_KW "normal"
#define USERATTR_TYPE_ADMIN_KW "admin"
diff --git a/usr/src/lib/libsecdb/auth_attr.txt b/usr/src/lib/libsecdb/auth_attr.txt
index 677f17613f..a1a99aee82 100644
--- a/usr/src/lib/libsecdb/auth_attr.txt
+++ b/usr/src/lib/libsecdb/auth_attr.txt
@@ -71,9 +71,6 @@ solaris.label.file.downgrade:::Downgrade File Label::help=LabelFileDowngrade.htm
solaris.label.file.upgrade:::Upgrade File Label::help=LabelFileUpgrade.html
solaris.label.print:::View Printer Queue at All Labels::help=LabelPrint.html
solaris.label.range:::Set Label Outside User Accred Range::help=LabelRange.html
-solaris.label.win.downgrade:::Downgrade DragNDrop or CutPaste Info::help=LabelWinDowngrade.html
-solaris.label.win.noview:::DragNDrop or CutPaste without viewing contents::help=LabelWinNoView.html
-solaris.label.win.upgrade:::Upgrade DragNDrop or CutPaste Info::help=LabelWinUpgrade.html
#
solaris.login.:::Login Control::help=LoginHeader.html
solaris.login.enable:::Enable Logins::help=LoginEnable.html
diff --git a/usr/src/lib/libsecdb/help/auths/LabelWinDowngrade.html b/usr/src/lib/libsecdb/help/auths/LabelWinDowngrade.html
deleted file mode 100644
index 4f1167919a..0000000000
--- a/usr/src/lib/libsecdb/help/auths/LabelWinDowngrade.html
+++ /dev/null
@@ -1,37 +0,0 @@
-<HTML>
-<!--
- CDDL HEADER START
-
- The contents of this file are subject to the terms of the
- Common Development and Distribution License (the "License").
- You may not use this file except in compliance with the License.
-
- You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- or http://www.opensolaris.org/os/licensing.
- See the License for the specific language governing permissions
- and limitations under the License.
-
- When distributing Covered Code, include this CDDL HEADER in each
- file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- If applicable, add the following below this CDDL HEADER, with the
- fields enclosed by brackets "[]" replaced with your own identifying
- information: Portions Copyright [yyyy] [name of copyright owner]
-
- CDDL HEADER END
-
- Copyright 2007 Sun Microsystems, Inc. All rights reserved.
- Use is subject to license terms.
--->
-<HEAD>
- <TITLE> </TITLE>
-
-
-</HEAD>
-<BODY>
-
-<!-- ident "%Z%%M% %I% %E% SMI" -->
-Allows a user to downgrade information by dragging or pasting it
-to a window whose Sensitivity Label does
-not dominate the selected information's Sensitivity Label.
-</BODY>
-</HTML>
diff --git a/usr/src/lib/libsecdb/help/auths/LabelWinNoView.html b/usr/src/lib/libsecdb/help/auths/LabelWinNoView.html
deleted file mode 100644
index bf05df5f6c..0000000000
--- a/usr/src/lib/libsecdb/help/auths/LabelWinNoView.html
+++ /dev/null
@@ -1,36 +0,0 @@
-<HTML>
-<!--
- CDDL HEADER START
-
- The contents of this file are subject to the terms of the
- Common Development and Distribution License (the "License").
- You may not use this file except in compliance with the License.
-
- You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- or http://www.opensolaris.org/os/licensing.
- See the License for the specific language governing permissions
- and limitations under the License.
-
- When distributing Covered Code, include this CDDL HEADER in each
- file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- If applicable, add the following below this CDDL HEADER, with the
- fields enclosed by brackets "[]" replaced with your own identifying
- information: Portions Copyright [yyyy] [name of copyright owner]
-
- CDDL HEADER END
-
- Copyright 2007 Sun Microsystems, Inc. All rights reserved.
- Use is subject to license terms.
--->
-<HEAD>
- <TITLE> </TITLE>
-
-
-</HEAD>
-<BODY>
-
-<!-- ident "%Z%%M% %I% %E% SMI" -->
-Allows a user to drag and drop a file or cut and paste selected
-information without viewing the contents.
-</BODY>
-</HTML>
diff --git a/usr/src/lib/libsecdb/help/auths/LabelWinUpgrade.html b/usr/src/lib/libsecdb/help/auths/LabelWinUpgrade.html
deleted file mode 100644
index 47f08961e6..0000000000
--- a/usr/src/lib/libsecdb/help/auths/LabelWinUpgrade.html
+++ /dev/null
@@ -1,37 +0,0 @@
-<HTML>
-<!--
- CDDL HEADER START
-
- The contents of this file are subject to the terms of the
- Common Development and Distribution License (the "License").
- You may not use this file except in compliance with the License.
-
- You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- or http://www.opensolaris.org/os/licensing.
- See the License for the specific language governing permissions
- and limitations under the License.
-
- When distributing Covered Code, include this CDDL HEADER in each
- file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- If applicable, add the following below this CDDL HEADER, with the
- fields enclosed by brackets "[]" replaced with your own identifying
- information: Portions Copyright [yyyy] [name of copyright owner]
-
- CDDL HEADER END
-
- Copyright 2007 Sun Microsystems, Inc. All rights reserved.
- Use is subject to license terms.
--->
-<HEAD>
- <TITLE> </TITLE>
-
-
-</HEAD>
-<BODY>
-
-<!-- ident "%Z%%M% %I% %E% SMI" -->
-Allows a user to upgrade information by dragging or pasting it
-to a window whose Sensitivity Label dominates
-the the selected information's Sensitivity Label.
-</BODY>
-</HTML>
diff --git a/usr/src/lib/libsecdb/help/auths/Makefile b/usr/src/lib/libsecdb/help/auths/Makefile
index 7d69dec2a8..803c1870ce 100644
--- a/usr/src/lib/libsecdb/help/auths/Makefile
+++ b/usr/src/lib/libsecdb/help/auths/Makefile
@@ -148,9 +148,6 @@ HTMLENTS = \
LabelPrint.html \
LabelRange.html \
LabelServer.html \
- LabelWinDowngrade.html \
- LabelWinNoView.html \
- LabelWinUpgrade.html \
PrintAdmin.html \
PrintCancel.html \
PrintHeader.html \
diff --git a/usr/src/lib/libsecdb/prof_attr.txt b/usr/src/lib/libsecdb/prof_attr.txt
index c752659868..ec638b1732 100644
--- a/usr/src/lib/libsecdb/prof_attr.txt
+++ b/usr/src/lib/libsecdb/prof_attr.txt
@@ -107,7 +107,7 @@ Event Notification Agent Management:::Manage Event Notification Agents:auths=sol
# Trusted Extensions profiles:
#
Information Security:::Maintains MAC and DAC security policies:profiles=Device Security,File System Security,Name Service Security,Network Security,Object Access Management,Object Label Management;help=RtInfoSec.html
-Object Label Management:::Change labels on files.:auths=solaris.device.allocate,solaris.label.file.downgrade,solaris.label.win.downgrade,solaris.label.win.upgrade,solaris.label.file.upgrade,solaris.label.range,solaris.smf.manage.labels;help=RtObjectLabelMngmnt.html
+Object Label Management:::Change labels on files.:auths=solaris.device.allocate,solaris.label.file.downgrade,solaris.label.file.upgrade,solaris.label.range,solaris.smf.manage.labels;help=RtObjectLabelMngmnt.html
Outside Accred:::Allow a user to operate outside the user accreditation range.:auths=solaris.label.range;help=RtOutsideAccred.html
#
# Power Management profiles:
diff --git a/usr/src/man/man3/Intro.3 b/usr/src/man/man3/Intro.3
index def871c8d9..6c9c1e5f9f 100644
--- a/usr/src/man/man3/Intro.3
+++ b/usr/src/man/man3/Intro.3
@@ -5,7 +5,7 @@
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
.\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
.\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH INTRO 3 "May 13, 2017"
+.TH INTRO 3 "Aug 3, 2017"
.SH NAME
Intro, intro \- introduction to functions and libraries
.SH DESCRIPTION
@@ -964,20 +964,6 @@ automatically linked by the C compilation system. Specify \fB-lvolmgt\fR on the
\fBcc\fR command line to link with this library. See \fBlibvolmgt\fR(3LIB).
.RE
-.sp
-.ne 2
-.na
-\fB(3XTSOL)\fR
-.ad
-.sp .6
-.RS 4n
-These functions constitute the Trusted Extensions to the X windows library,
-\fBlibXtsol\fR. This library is implemented as a shared object,
-\fBlibXtsol.so\fR, but is not automatically linked by the C compilation system.
-Specify \fB-lX11\fR and then \fB-lXtsol\fR on the \fBcc\fR command line to link
-with this library. See \fBlibXtsol\fR(3LIB).
-.RE
-
.SH DEFINITIONS
.LP
A character is any bit pattern able to fit into a byte on the machine. In some
diff --git a/usr/src/man/man4/Makefile b/usr/src/man/man4/Makefile
index df6904fcfa..f4c4317405 100644
--- a/usr/src/man/man4/Makefile
+++ b/usr/src/man/man4/Makefile
@@ -166,7 +166,6 @@ _MANFILES= Intro.4 \
sasl_appname.conf.4 \
scsi.4 \
securenets.4 \
- sel_config.4 \
sendmail.4 \
service_bundle.4 \
service_provider.conf.4 \
diff --git a/usr/src/man/man4/exec_attr.4 b/usr/src/man/man4/exec_attr.4
index caa651720e..b15eb08cb6 100644
--- a/usr/src/man/man4/exec_attr.4
+++ b/usr/src/man/man4/exec_attr.4
@@ -1,9 +1,10 @@
'\" te
+.\" Copyright 2017 Peter Tribble
.\" Copyright (c) 2006 by Sun Microsystems, Inc. All rights reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH EXEC_ATTR 4 "Mar 6, 2017"
+.TH EXEC_ATTR 4 "Aug 3, 2017"
.SH NAME
exec_attr \- execution profiles database
.SH SYNOPSIS
@@ -76,12 +77,9 @@ release should use \fBsuser\fR.
\fB\fItype\fR\fR
.ad
.RS 10n
-The type of object defined in the profile. There are two valid types: \fBcmd\fR
-and \fBact\fR. The \fBcmd\fR type specifies that the \fBID\fR field is a
-command that would be executed by a shell. The \fBact\fR type is available only
-if the system is configured with Trusted Extensions. It specifies that the
-\fBID\fR field is a \fBCDE\fR action that should be executed by the Trusted
-Extensions \fBCDE\fR action mechanism.
+The type of object defined in the profile. The only valid type is
+\fBcmd\fR, which specifies that the \fBID\fR field is a
+command that would be executed by a shell.
.RE
.sp
@@ -108,11 +106,10 @@ Reserved for future use.
\fB\fIid\fR\fR
.ad
.RS 10n
-A string that uniquely identifies the object described by the profile. For a
-profile of type \fBcmd,\fR the id is either the full path to the command or the
-asterisk (\fB*\fR) symbol, which is used to allow all commands. An asterisk
-that replaces the filename component in a pathname indicates all files in a
-particular directory.
+A string that uniquely identifies the object described by the profile.
+The id is either the full path to the command or the asterisk (\fB*\fR) symbol,
+which is used to allow all commands. An asterisk that replaces the filename
+component in a pathname indicates all files in a particular directory.
.sp
To specify arguments, the pathname should point to a shell script that is
written to execute the command with the desired argument. In a Bourne shell,
@@ -128,53 +125,6 @@ can start the script with the \fB-p\fR option.
.fi
.in -2
.sp
-
-If the Trusted Extensions feature is configured and the profile entry type is
-\fBact\fR, the \fBid\fR is either the fully qualified name of a \fBCDE\fR
-action, or an asterisk (\fB*\fR) representing a wildcard. A fully qualified
-\fBCDE\fR action is specified using the action name and four additional
-semicolon-separated fields. These fields can be empty but the semicolons are
-required. The fields in a \fBCDE\fR action are as follows:
-.sp
-.ne 2
-.na
-\fB\fIargclass\fR\fR
-.ad
-.RS 12n
-Specifies the argument class (for example, \fBFILE\fR or \fBSESSION\fR.)
-Corresponds to \fBARG_CLASS\fR for \fBCDE\fR actions.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fIargtype\fR\fR
-.ad
-.RS 12n
-Specifies the data type for the argument. Corresponds to \fBARG_TYPE\fR for
-\fBCDE\fR actions.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fIargmode\fR\fR
-.ad
-.RS 12n
-Specifies the read or write mode for the argument. Corresponds to
-\fBARG_MODE\fR for \fBCDE\fR actions.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fIargcount\fR\fR
-.ad
-.RS 12n
-Specifies the number of arguments that the action can accept. Corresponds to
-\fBARG_COUNT\fR for \fBCDE\fR actions.
-.RE
-
.RE
.sp
@@ -271,7 +221,7 @@ escaped with a backslash if used as data: colon (\fB:\fR), semicolon (\fB;\fR),
equals (\fB=\fR), and backslash (\fB\\fR).
.SH SEE ALSO
.LP
-\fBauths\fR(1), \fBdtaction\fR(1), \fBprofiles\fR(1), \fBroles\fR(1),
+\fBauths\fR(1), \fBprofiles\fR(1), \fBroles\fR(1),
\fBsh\fR(1), \fBmakedbm\fR(1M), \fBgetauthattr\fR(3SECDB),
\fBgetexecattr\fR(3SECDB), \fBgetprofattr\fR(3SECDB),
\fBgetuserattr\fR(3SECDB), \fBkva_match\fR(3SECDB), \fBauth_attr\fR(4),
diff --git a/usr/src/man/man4/sel_config.4 b/usr/src/man/man4/sel_config.4
deleted file mode 100644
index 2062b714fa..0000000000
--- a/usr/src/man/man4/sel_config.4
+++ /dev/null
@@ -1,164 +0,0 @@
-'\" te
-.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
-.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
-.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
-.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH SEL_CONFIG 4 "Jul 20, 2007"
-.SH NAME
-sel_config \- selection rules for copy, cut, paste, drag and drop operations
-.SH SYNOPSIS
-.LP
-.nf
-\fB/usr/dt/config/sel_config\fR
-.fi
-
-.SH DESCRIPTION
-.sp
-.LP
-The \fBsel_config\fR file specifies how a system that is configured with
-Trusted Extensions behaves when a user transfers data between windows that have
-different labels. Transfer operations include cut-and-paste, copy-and-paste,
-and drag-and-drop. There are two types of entries in this file: automatic
-confirmation and automatic reply.
-.SS "Automatic Confirmation"
-.sp
-.LP
-This type of entry specifies whether a confirmation window, the selection
-confirmer, displays. Each entry has the form:
-.sp
-.in +2
-.nf
-\fIrelationship\fR: \fIconfirmation\fR
-.fi
-.in -2
-.sp
-
-.sp
-.LP
-\fIrelationship\fR identifies the result of comparing the selected data's
-source and destination windows' labels. There are three allowed values:
-.sp
-.ne 2
-.na
-\fB\fBupgradesl\fR\fR
-.ad
-.RS 20n
-The source window's label is less than the destination window's label.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBdowngradesl\fR\fR
-.ad
-.RS 20n
-The source window's label is higher than the destination window's label.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBdisjointsl\fR\fR
-.ad
-.RS 20n
-The source and destination windows' labels are disjoint. Neither label
-dominates the other.
-.RE
-
-.sp
-.LP
-\fIconfirmation\fR specifies whether to perform automatic confirmation. Allowed
-values are:
-.sp
-.ne 2
-.na
-\fB\fBn\fR\fR
-.ad
-.RS 5n
-Use manual confirmation, that is, display the selection confirmer window. This
-is the default.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBy\fR\fR
-.ad
-.RS 5n
-Use automatic confirmation, that is, do not display the selection confirmer
-window.
-.RE
-
-.SS "Automatic Reply"
-.sp
-.LP
-A single user operation can involve several flows of information between the
-source and destination windows. The automatic reply set of entries provides a
-means to reduce the number of confirmations that are required of the user.
-.sp
-.LP
-There must be one entry of this form:
-.sp
-.in +2
-.nf
-autoreply: \fIvalue\fR
-.fi
-.in -2
-.sp
-
-.sp
-.LP
-If \fIvalue\fR is \fBy\fR (for yes), then the remaining entries of the set are
-used as attributes for the selection data (rather than the actual contents) to
-complete the operation without confirmation. If \fIvalue\fR is \fBn\fR (for
-no), then the remaining entries are ignored.
-.sp
-.LP
-Defaults can be specified for any \fItype\fR field that appears in the
-Confirmer window. Below are some sample entries for defaults.
-.sp
-.in +2
-.nf
-replytype: TARGETS
-replytype: Pixel Sets
-replytype: LENGTH
-replytype: Type Of Monitor
-.fi
-.in -2
-.sp
-
-.sp
-.LP
-The \fBTARGETS\fR entry, when used, returns the list of target atoms that are
-supported by the source window. The \fBPixel Sets\fR and \fBType Of Monitor\fR
-entries are used for animation during a drag-and-drop operation. The
-\fBLENGTH\fR entry specifies the number of bytes in the selection.
-.SH ATTRIBUTES
-.sp
-.LP
-See \fBattributes\fR(5) for descriptions of the following attributes:
-.sp
-
-.sp
-.TS
-box;
-c | c
-l | l .
-ATTRIBUTE TYPE ATTRIBUTE VALUE
-_
-Interface Stability Committed
-.TE
-
-.SH SEE ALSO
-.sp
-.LP
-\fBattributes\fR(5)
-.sp
-.LP
-\fIRules When Changing the Level of Security for Data\fR in \fISolaris Trusted
-Extensions Administrator\&'s Procedures\fR
-.SH NOTES
-.sp
-.LP
-The functionality described on this manual page is available only if the system
-is configured with Trusted Extensions.
diff --git a/usr/src/man/man4/user_attr.4 b/usr/src/man/man4/user_attr.4
index 3de85c52f5..4f2872e7ed 100644
--- a/usr/src/man/man4/user_attr.4
+++ b/usr/src/man/man4/user_attr.4
@@ -3,7 +3,7 @@
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH USER_ATTR 4 "May 13, 2017"
+.TH USER_ATTR 4 "Aug 3, 2017"
.SH NAME
user_attr \- extended user attributes database
.SH SYNOPSIS
@@ -197,36 +197,6 @@ Trusted Extensions feature:
.sp
.ne 2
.na
-\fB\fBidletime\fR\fR
-.ad
-.sp .6
-.RS 4n
-Contains a number representing the maximum number of minutes a workstation can
-remain idle before the Trusted Extensions \fBCDE\fR window manager attempts the
-task specified in \fBidlecmd\fR. A zero in this field specifies that the
-\fBidlecmd\fR command is never executed. If unspecified, the default
-\fBidletime\fR of 30 minutes is in effect.
-.RE
-
-.sp
-.ne 2
-.na
-\fB\fBidlecmd\fR\fR
-.ad
-.sp .6
-.RS 4n
-Contains one of two keywords that the Trusted Extensions \fBCDE\fR window
-manager interprets when a workstation is idle for too long. The keyword
-\fBlock\fR specifies that the workstation is to be locked (thus requiring the
-user to re-authenticate to resume the session). The keyword \fBlogout\fR
-specifies that session is to be terminated (thus, killing the user's processes
-launched in the current session). If unspecified, the default value,
-\fBlock\fR, is in effect.
-.RE
-
-.sp
-.ne 2
-.na
\fB\fBclearance\fR\fR
.ad
.sp .6
diff --git a/usr/src/man/man5/trusted_extensions.5 b/usr/src/man/man5/trusted_extensions.5
index 58068cb1f5..8f6d5a97df 100644
--- a/usr/src/man/man5/trusted_extensions.5
+++ b/usr/src/man/man5/trusted_extensions.5
@@ -1,18 +1,18 @@
'\" te
+.\" Copyright 2017 Peter Tribble
.\" Copyright (c) 2007, Sun Microsystems Inc. All Rights Reserved.
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH TRUSTED_EXTENSIONS 5 "Nov 12, 2007"
+.TH TRUSTED_EXTENSIONS 5 "Aug 3, 2017"
.SH NAME
-trusted_extensions \- Solaris Trusted Extensions
+trusted_extensions \- Trusted Extensions
.SH DESCRIPTION
-.sp
.LP
-Solaris\u\s-2TM\s+2\d Trusted Extensions software is a specific configuration
-of the Solaris Operating System (Solaris OS). Solaris Trusted Extensions
-(Trusted Extensions) provides labels for local objects and processes, for the
-desktop and windowing system, for zones and file systems, and for network
+Trusted Extensions software is a specific configuration
+of the Operating System. Trusted Extensions
+provides labels for local objects and processes,
+for zones and file systems, and for network
communications. These labels are used to implement a Multilevel Security (MLS)
policy that restricts the flow of information based on label relationships. In
contrast to Discretionary Access Control (DAC) based on ownership, the MLS
@@ -32,17 +32,9 @@ svc:/system/labeld:default
.sp
.LP
-Refer to the Administrator's Guide listed below for the required configuration
-of Trusted Extensions software necessary before use. The system must be
+The system must be
rebooted after enabling or disabling \fBlabeld\fR to activate or deactivate
Trusted Extensions software.
.SH SEE ALSO
-.sp
.LP
\fBlabeld\fR(1M), \fBlabel_encodings\fR(4), \fBlabels\fR(5)
-.sp
-.LP
-\fISolaris Trusted Extensions Administrator\&'s Procedures\fR
-.sp
-.LP
-\fISolaris Trusted Extensions User\&'s Guide\fR
diff --git a/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf b/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf
index ed49e49d50..373721a966 100644
--- a/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf
+++ b/usr/src/pkg/manifests/consolidation-osnet-osnet-message-files.mf
@@ -93,9 +93,6 @@ file path=usr/lib/help/auths/locale/LabelHeader.html
file path=usr/lib/help/auths/locale/LabelPrint.html
file path=usr/lib/help/auths/locale/LabelRange.html
file path=usr/lib/help/auths/locale/LabelServer.html
-file path=usr/lib/help/auths/locale/LabelWinDowngrade.html
-file path=usr/lib/help/auths/locale/LabelWinNoView.html
-file path=usr/lib/help/auths/locale/LabelWinUpgrade.html
file path=usr/lib/help/auths/locale/LinkSecurity.html
file path=usr/lib/help/auths/locale/LoginEnable.html
file path=usr/lib/help/auths/locale/LoginHeader.html
diff --git a/usr/src/pkg/manifests/system-trusted.mf b/usr/src/pkg/manifests/system-trusted.mf
index a3dbebe5ae..75bf4191a7 100644
--- a/usr/src/pkg/manifests/system-trusted.mf
+++ b/usr/src/pkg/manifests/system-trusted.mf
@@ -85,9 +85,6 @@ file path=usr/lib/help/auths/locale/C/LabelHeader.html
file path=usr/lib/help/auths/locale/C/LabelPrint.html
file path=usr/lib/help/auths/locale/C/LabelRange.html
file path=usr/lib/help/auths/locale/C/LabelServer.html
-file path=usr/lib/help/auths/locale/C/LabelWinDowngrade.html
-file path=usr/lib/help/auths/locale/C/LabelWinNoView.html
-file path=usr/lib/help/auths/locale/C/LabelWinUpgrade.html
file path=usr/lib/help/auths/locale/C/PrintAdmin.html
file path=usr/lib/help/auths/locale/C/PrintCancel.html
file path=usr/lib/help/auths/locale/C/PrintHeader.html
@@ -137,7 +134,6 @@ file path=usr/share/man/man1m/tnd.1m
file path=usr/share/man/man1m/tninfo.1m
file path=usr/share/man/man1m/txzonemgr.1m
file path=usr/share/man/man1m/updatehome.1m
-file path=usr/share/man/man4/sel_config.4
file path=usr/share/man/man5/trusted_extensions.5
hardlink path=usr/sbin/remove_allocatable target=add_allocatable
legacy pkg=SUNWtsr desc="Solaris Trusted Extensions, (Root)" \