243 system manual pages should live with the software

Reviewed by: garrett@nexenta.com
Reviewed by: gwr@nexenta.com
Reviewed by: trisk@opensolaris.org
Approved by: gwr@nexenta.com

--HG--
extra : rebase_source : 0c599d0bec0dc8865fbba67721a7a6cd6b1feefb

22 files changed, 3787 insertions, 0 deletions

diff --git a/usr/src/man/man3tsol/Makefile b/usr/src/man/man3tsol/Makefile
new file mode 100644
index 0000000000..c3b65d9194
--- /dev/null
+++ b/usr/src/man/man3tsol/Makefile
@@ -0,0 +1,119 @@
+#
+# This file and its contents are supplied under the terms of the
+# Common Development and Distribution License ("CDDL"), version 1.0.
+# You may only use this file in accordance with the terms of version
+# 1.0 of the CDDL.
+#
+# A full copy of the text of the CDDL should have accompanied this
+# source.  A copy of the CDDL is also available via the Internet
+# at http://www.illumos.org/license/CDDL.
+#
+
+# Copyright 2011, Richard Lowe
+
+include ../../Makefile.master
+
+MANSECT = 	3tsol
+
+MANFILES = blcompare.3tsol		\
+	 	blminmax.3tsol		\
+	 	bltocolor.3tsol		\
+	 	bltos.3tsol		\
+	 	btohex.3tsol		\
+	 	getdevicerange.3tsol	\
+	 	getpathbylabel.3tsol	\
+	 	getplabel.3tsol		\
+	 	getuserrange.3tsol	\
+	 	getzonelabelbyid.3tsol	\
+	 	getzonerootbyid.3tsol	\
+	 	hextob.3tsol		\
+	 	label_to_str.3tsol	\
+	 	labelbuilder.3tsol	\
+	 	labelclipping.3tsol	\
+	 	m_label.3tsol		\
+	 	sbltos.3tsol		\
+	 	setflabel.3tsol		\
+	 	stobl.3tsol		\
+	 	str_to_label.3tsol	\
+	 	tsol_getrhtype.3tsol
+
+MANSOFILES =	Xbcleartos.3tsol		\
+		Xbsltos.3tsol			\
+		bcleartoh.3tsol			\
+		bcleartoh_r.3tsol		\
+		bcleartos.3tsol			\
+		bldominates.3tsol		\
+		blequal.3tsol			\
+		blinrange.3tsol			\
+		blmaximum.3tsol			\
+		blminimum.3tsol			\
+		blstrictdom.3tsol		\
+		bltocolor_r.3tsol		\
+		bsltoh.3tsol			\
+		bsltoh_r.3tsol			\
+		bsltos.3tsol			\
+		getzoneidbylabel.3tsol		\
+		getzonelabelbyname.3tsol	\
+		getzonerootbylabel.3tsol	\
+		getzonerootbyname.3tsol		\
+		h_alloc.3tsol			\
+		h_free.3tsol			\
+		htobclear.3tsol			\
+		htobsl.3tsol			\
+		m_label_alloc.3tsol		\
+		m_label_dup.3tsol		\
+		m_label_free.3tsol		\
+		sbcleartos.3tsol		\
+		sbsltos.3tsol			\
+		stobclear.3tsol			\
+		stobsl.3tsol
+
+MANFILES +=	$(MANSOFILES)
+
+bldominates.3tsol		:= SOSRC = man3tsol/blcompare.3tsol
+blequal.3tsol			:= SOSRC = man3tsol/blcompare.3tsol
+blinrange.3tsol			:= SOSRC = man3tsol/blcompare.3tsol
+blstrictdom.3tsol		:= SOSRC = man3tsol/blcompare.3tsol
+
+blmaximum.3tsol			:= SOSRC = man3tsol/blminmax.3tsol
+blminimum.3tsol			:= SOSRC = man3tsol/blminmax.3tsol
+
+bltocolor_r.3tsol		:= SOSRC = man3tsol/bltocolor.3tsol
+
+bcleartos.3tsol			:= SOSRC = man3tsol/bltos.3tsol
+bsltos.3tsol			:= SOSRC = man3tsol/bltos.3tsol
+
+bcleartoh.3tsol			:= SOSRC = man3tsol/btohex.3tsol
+bcleartoh_r.3tsol		:= SOSRC = man3tsol/btohex.3tsol
+bsltoh.3tsol			:= SOSRC = man3tsol/btohex.3tsol
+bsltoh_r.3tsol			:= SOSRC = man3tsol/btohex.3tsol
+h_alloc.3tsol			:= SOSRC = man3tsol/btohex.3tsol
+h_free.3tsol			:= SOSRC = man3tsol/btohex.3tsol
+
+getzoneidbylabel.3tsol		:= SOSRC = man3tsol/getzonelabelbyid.3tsol
+getzonelabelbyname.3tsol	:= SOSRC = man3tsol/getzonelabelbyid.3tsol
+
+getzonerootbylabel.3tsol	:= SOSRC = man3tsol/getzonerootbyid.3tsol
+getzonerootbyname.3tsol		:= SOSRC = man3tsol/getzonerootbyid.3tsol
+
+htobclear.3tsol			:= SOSRC = man3tsol/hextob.3tsol
+htobsl.3tsol			:= SOSRC = man3tsol/hextob.3tsol
+
+Xbcleartos.3tsol		:= SOSRC = man3tsol/labelclipping.3tsol
+Xbsltos.3tsol			:= SOSRC = man3tsol/labelclipping.3tsol
+
+m_label_alloc.3tsol		:= SOSRC = man3tsol/m_label.3tsol
+m_label_dup.3tsol		:= SOSRC = man3tsol/m_label.3tsol
+m_label_free.3tsol		:= SOSRC = man3tsol/m_label.3tsol
+
+sbcleartos.3tsol		:= SOSRC = man3tsol/sbltos.3tsol
+sbsltos.3tsol			:= SOSRC = man3tsol/sbltos.3tsol
+
+stobclear.3tsol			:= SOSRC = man3tsol/stobl.3tsol
+stobsl.3tsol			:= SOSRC = man3tsol/stobl.3tsol
+
+.KEEP_STATE:
+
+include ../Makefile.man
+
+install: $(ROOTMANFILES)
diff --git a/usr/src/man/man3tsol/blcompare.3tsol b/usr/src/man/man3tsol/blcompare.3tsol
new file mode 100644
index 0000000000..00d8e3f421
--- /dev/null
+++ b/usr/src/man/man3tsol/blcompare.3tsol
@@ -0,0 +1,92 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH blcompare 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+blcompare, blequal, bldominates, blstrictdom, blinrange \- compare binary
+labels
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+#include <tsol/label.h>
+
+\fBint\fR \fBblequal\fR(\fBconst m_label_t *\fR\fIlabel1\fR, \fBconst m_label_t *\fR\fIlabel2\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBbldominates\fR(\fBconst m_label_t *\fR\fIlabel1\fR, \fBconst m_label_t *\fR\fIlabel2\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBblstrictdom\fR(\fBconst m_label_t *\fR\fIlabel1\fR, \fBconst m_label_t *\fR\fIlabel2\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBblinrange\fR(\fBconst m_label_t *\fR\fIlabel\fR, \fBconst brange_t *\fR\fIrange\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+These functions compare binary labels for meeting a particular condition.
+.sp
+.LP
+The \fBblequal()\fR function compares two labels for equality.
+.sp
+.LP
+The \fBbldominates()\fR  function compares label \fIlabel1\fR for dominance
+over label \fIlabel2\fR.
+.sp
+.LP
+The \fBblstrictdom()\fR  function compares label \fIlabel1\fR for strict
+dominance over label \fIlabel2\fR.
+.sp
+.LP
+The \fBblinrange()\fR  function compares label \fIlabel\fR for dominance over
+\fIrange\fR\(->\fIlower_bound\fR and \fIrange\fR\(->\fIupper_bound\fR for
+dominance over level \fIlabel\fR.
+.SH RETURN VALUES
+.sp
+.LP
+These functions return non-zero if their respective conditions are met,
+otherwise zero is returned.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBgetplabel\fR(3TSOL), \fBlabel_to_str\fR(3TSOL), \fBlibtsol\fR(3LIB),
+\fBucred_getlabel\fR(3C), \fBlabel_encodings\fR(4), \fBattributes\fR(5),
+\fBlabels\fR(5)
+.sp
+.LP
+\fIDetermining the Relationship Between Two Labels\fR in \fISolaris Trusted
+Extensions Developer\&'s Guide\fR
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/blminmax.3tsol b/usr/src/man/man3tsol/blminmax.3tsol
new file mode 100644
index 0000000000..79871922bf
--- /dev/null
+++ b/usr/src/man/man3tsol/blminmax.3tsol
@@ -0,0 +1,73 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH blminmax 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+blminmax, blmaximum, blminimum \- bound of two labels
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBvoid\fR \fBblmaximum\fR(\fBm_label_t *\fR\fImaximum_label\fR,
+     \fBconst m_label_t *\fR\fIbounding_label\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBblminimum\fR(\fBm_label_t *\fR\fIminimum_label\fR,
+     \fBconst m_label_t *\fR\fIbounding_label\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBblmaximum()\fR function replaces the contents of label
+\fImaximum_label\fR with the least upper bound of the labels
+\fImaximum_label\fR and \fIbounding_label\fR. The least upper bound is the
+greater of the classifications and all of the compartments of the two labels.
+This is the least label that dominates both of the original labels.
+.sp
+.LP
+The \fBblminimum()\fR function replaces the contents of label
+\fIminimum_label\fR with the greatest lower bound of the labels
+\fIminimum_label\fR and \fIbounding_label\fR. The greatest lower bound is the
+lower of the classifications and only the compartments that are contained in
+both labels. This is the greatest label that is dominated by both of the
+original labels.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBlabel_to_str\fR(3TSOL), \fBlibtsol\fR(3LIB), \fBsbltos\fR(3TSOL),
+\fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/bltocolor.3tsol b/usr/src/man/man3tsol/bltocolor.3tsol
new file mode 100644
index 0000000000..1bd837d99c
--- /dev/null
+++ b/usr/src/man/man3tsol/bltocolor.3tsol
@@ -0,0 +1,110 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH bltocolor 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+bltocolor, bltocolor_r \- get character-coded color name of label
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBchar *\fR\fBbltocolor\fR(\fBconst m_label_t *\fR\fIlabel\fR);
+.fi
+
+.LP
+.nf
+\fBchar *\fR\fBbltocolor_r\fR(\fBconst m_label_t *\fR\fIlabel\fR, \fBconst int\fR \fIsize\fR,
+     \fBchar *\fR\fIcolor_name\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBbltocolor()\fR and \fBbltocolor_r()\fR functions get the character-coded
+color name associated with the binary label \fIlabel\fR.
+.sp
+.LP
+The calling process must have \fBPRIV_SYS_TRANS_LABEL\fR in its set of
+effective privileges to get color names of labels that dominate the current
+process's sensitivity label.
+.SH RETURN VALUES
+.sp
+.LP
+The \fBbltocolor()\fR function returns a pointer to a statically allocated
+string that contains the character-coded color name specified for the
+\fIlabel\fR or returns \fB(char *)0\fR if, for any reason, no character-coded
+color name is available for this binary label.
+.sp
+.LP
+The \fBbltocolor_r()\fR function returns a pointer to the \fIcolor_name\fR
+string which contains the character-coded color name specified for the
+\fIlabel\fR or returns \fB(char *)0\fR if, for any reason, no character-coded
+color name is available for this binary label. \fIcolor_name\fR must provide
+for a string of at least \fIsize\fR characters.
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/tsol/\fR\fBlabel_encodings\fR\fR
+.ad
+.sp .6
+.RS 4n
+The label encodings file contains the classification names, words, constraints,
+and values for the defined labels of this system.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityObsolete
+_
+MT-LevelMT-Safe with exceptions
+.TE
+
+.sp
+.LP
+These functions are obsolete and retained for ease of porting. They might be
+removed in a future Solaris Trusted Extensions release. Use the
+\fBlabel_to_str\fR(3TSOL) function instead.
+.sp
+.LP
+The \fBbltocolor()\fR function returns a pointer to a statically allocated
+string. Subsequent calls to it will overwrite that string with a new
+character-coded color name. It is not MT-Safe. The \fBbltocolor_r()\fR function
+should be used in multithreaded applications.
+.SH SEE ALSO
+.sp
+.LP
+\fBlabel_to_str\fR(3TSOL), \fBlibtsol\fR(3LIB), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
+.sp
+.LP
+If \fIlabel\fR includes a specified word or words, the character-coded color
+name associated with the first word specified in the label encodings file is
+returned. Otherwise, if no character-coded color name is specified for
+\fIlabel\fR, the first character-coded color name specified in the label
+encodings file with the same classification as the binary label is returned.
diff --git a/usr/src/man/man3tsol/bltos.3tsol b/usr/src/man/man3tsol/bltos.3tsol
new file mode 100644
index 0000000000..be16297ad4
--- /dev/null
+++ b/usr/src/man/man3tsol/bltos.3tsol
@@ -0,0 +1,263 @@
+'\" te
+.\" Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH bltos 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+bltos, bsltos, bcleartos \- translate binary labels to character coded labels
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBint\fR \fBbsltos\fR(\fBconst m_label_t *\fR\fIlabel\fR, char **\fIstring\fR,
+     const int \fIstr_len\fR, const int \fIflags\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBbcleartos\fR(\fBconst m_label_t *\fR\fIlabel\fR, char **\fIstring\fR,
+     const int \fIstr_len\fR, const int \fIflags\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+These functions translate binary labels into strings controlled by the value of
+the \fIflags\fR parameter.
+.sp
+.LP
+The \fBbsltos()\fR function translates a binary sensitivity label into a
+string. The applicable \fIflags\fR are \fBLONG_CLASSIFICATION\fR or
+\fBSHORT_CLASSIFICATION\fR, \fBLONG_WORDS\fR or \fBSHORT_WORDS\fR,
+\fBVIEW_EXTERNAL\fR or \fBVIEW_INTERNAL\fR, and \fBNO_CLASSIFICATION\fR. A
+\fIflags\fR value \fB0\fR is equivalent to (\fBSHORT_CLASSIFICATION\fR |
+\fBLONG_WORDS\fR).
+.sp
+.LP
+The \fBbcleartos()\fR function translates a binary clearance into a string. The
+applicable \fIflags\fR are \fBLONG_CLASSIFICATION\fR or
+\fBSHORT_CLASSIFICATION\fR, \fBLONG_WORDS\fR or \fBSHORT_WORDS\fR,
+\fBVIEW_EXTERNAL\fR or \fBVIEW_INTERNAL\fR, and \fBNO_CLASSIFICATION\fR. A
+\fIflags\fR value 0 is equivalent to (\fBSHORT_CLASSIFICATION\fR |
+\fBLONG_WORDS\fR). The translation of a clearance might not be the same as the
+translation of a sensitivity label. These functions use different
+\fBlabel_encodings\fR file tables that might contain different words and
+constraints.
+.sp
+.LP
+The calling process must have \fBPRIV_SYS_TRANS_LABEL\fR in its set of
+effective privileges to perform label translation on labels that dominate the
+current process's sensitivity label.
+.sp
+.LP
+The generic form of an output character-coded label is:
+.sp
+.in +2
+.nf
+CLASSIFICATION WORD1 WORD2 WORD3/WORD4 SUFFIX PREFIX WORD5/WORD6
+.fi
+.in -2
+.sp
+
+.sp
+.LP
+Capital letters are used to display all \fBCLASSIFICATION\fR names and
+\fBWORD\fRs. The ` ' (space) character separates classifications and words from
+other words in all character-coded labels except where multiple words that
+require the same \fBPREFIX\fR or \fBSUFFIX\fR are present, in which case the
+multiple words are separated from each other by the `\fB/\fR' (slash)
+character.
+.sp
+.LP
+The \fIstring\fR argument can point to either a pointer to pre-allocated
+memory, or the value \fB(char *)0\fR. If \fIstring\fR points to a pointer to
+pre-allocated memory, then \fIstr_len\fR indicates the size of that memory. If
+\fIstring\fR points to the value \fB(char\ *)0\fR, memory is allocated using
+\fBmalloc()\fR to contain the translated character-coded labels. The translated
+\fIlabel\fR is copied into allocated or pre-allocated memory.
+.sp
+.LP
+The \fIflags\fR argument is \fB0\fR or the logical sum of the following:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLONG_WORDS\fR\fR
+.ad
+.RS 24n
+.rt  
+Translate using long names of words defined in \fIlabel\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSHORT_WORDS\fR\fR
+.ad
+.RS 24n
+.rt  
+Translate using short names of words defined in \fIlabel\fR. If no short name
+is defined in the \fBlabel_encodings\fR file for a word, the long name is used.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLONG_CLASSIFICATION\fR\fR
+.ad
+.RS 24n
+.rt  
+Translate using long name of classification defined in \fIlabel\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSHORT_CLASSIFICATION\fR\fR
+.ad
+.RS 24n
+.rt  
+Translate using short name of classification defined in \fIlabel\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBACCESS_RELATED\fR\fR
+.ad
+.RS 24n
+.rt  
+Translate only \fBaccess-related\fR entries defined in information label
+\fIlabel\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBVIEW_EXTERNAL\fR\fR
+.ad
+.RS 24n
+.rt  
+Translate \fBADMIN_LOW\fR and \fBADMIN_HIGH\fR labels to the lowest and highest
+labels defined in the \fBlabel_encodings\fR file.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBVIEW_INTERNAL\fR\fR
+.ad
+.RS 24n
+.rt  
+Translate \fBADMIN_LOW\fR and \fBADMIN_HIGH\fR labels to the \fBadmin low\fR
+\fBname\fR and \fBadmin high\fR \fBname\fR strings specified in the
+\fBlabel_encodings\fR file. If no strings are specified, the strings
+"\fBADMIN_LOW\fR" and "\fBADMIN_HIGH\fR" are used.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBNO_CLASSIFICATION\fR\fR
+.ad
+.RS 24n
+.rt  
+Do not translate classification defined in \fIlabel\fR.
+.RE
+
+.SS "Process Attributes"
+.sp
+.LP
+If the \fBVIEW_EXTERNAL\fR or \fBVIEW_INTERNAL\fR flags are not specified,
+translation of \fBADMIN_LOW\fR and \fBADMIN_HIGH\fR labels is controlled by the
+label view process attribute flags. If no label view process attribute flags
+are defined, their translation is controlled by the label view configured in
+the \fBlabel_encodings\fR file. A value of \fBExternal\fR specifies that
+\fBADMIN_LOW\fR and \fBADMIN_HIGH\fR labels are mapped to the lowest and
+highest labels defined in the \fBlabel_encodings\fR file. A value of
+\fBInternal\fR specifies that the \fBADMIN_LOW\fR and \fBADMIN_HIGH\fR labels
+are translated to the \fBadmin low\fR and \fBadmin high\fR name strings
+specified in the \fBlabel_encodings\fR file. If no such names are specified,
+the strings "\fBADMIN_LOW\fR" and "\fBADMIN_HIGH\fR" are used.
+.SH RETURN VALUES
+.sp
+.LP
+Upon successful completion, the \fBbsltos()\fR and \fBbcleartos()\fR functions
+return the length of the character-coded label, including the \fINULL\fR
+terminator.
+.sp
+.LP
+If the label is not of the valid defined required type, if the label is not
+dominated by the process sensitivity label and the process does not have
+\fBPRIV_SYS_TRANS_LABEL\fR in its set of effective privileges, or if the
+\fBlabel_encodings\fR file is inaccessible, these functions return \(mi1.
+.sp
+.LP
+If memory cannot be allocated for the return string or if the pre-allocated
+return string memory is insufficient to hold the string, these functions return
+0. The value of the pre-allocated string is set to the \fINULL\fR string
+(\fB*string[0]='\00';\fR).
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/tsol/label_encodings\fR\fR
+.ad
+.sp .6
+.RS 4n
+The label encodings file contains the classification names, words, constraints,
+and values for the defined labels of this system.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityObsolete
+_
+MT-LevelMT-Safe with exceptions
+.TE
+
+.sp
+.LP
+The \fBbsltos()\fR and \fBbcleartos()\fR functions are Obsolete. Use the
+\fBlabel_to_str\fR(3TSOL) function instead.
+.SH SEE ALSO
+.sp
+.LP
+\fBfree\fR(3C), \fBlabel_to_str\fR(3TSOL), \fBlibtsol\fR(3LIB),
+\fBmalloc\fR(3C), \fBlabel_encodings\fR(4), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
+.sp
+.LP
+If memory is allocated by these functions, the caller must free the memory with
+\fBfree\fR(3C) when the memory is no longer in use.
diff --git a/usr/src/man/man3tsol/btohex.3tsol b/usr/src/man/man3tsol/btohex.3tsol
new file mode 100644
index 0000000000..9185193c8f
--- /dev/null
+++ b/usr/src/man/man3tsol/btohex.3tsol
@@ -0,0 +1,154 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH btohex 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+btohex, bsltoh, bcleartoh, bsltoh_r, bcleartoh_r, h_alloc, h_free \- convert
+binary label to hexadecimal
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBchar *\fR\fBbsltoh\fR(\fBconst m_label_t *\fR\fIlabel\fR);
+.fi
+
+.LP
+.nf
+\fBchar *\fR\fBbcleartoh\fR(\fBconst m_label_t *\fR\fIclearance\fR);
+.fi
+
+.LP
+.nf
+\fBchar *\fR\fBbsltoh_r\fR(\fBconst m_label_t *\fR\fIlabel\fR, char *\fIhex\fR);
+.fi
+
+.LP
+.nf
+\fBchar *\fR\fBbcleartoh_r\fR(\fBconst m_label_t *\fR\fIclearance\fR, char *\fIhex\fR);
+.fi
+
+.LP
+.nf
+\fBchar *\fR\fBh_alloc\fR(\fBconst unsigned char\fR \fItype\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBh_free\fR(\fBchar *\fR\fIhex\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+These functions convert binary labels into hexadecimal strings that represent
+the internal value.
+.sp
+.LP
+The \fBbsltoh()\fR and \fBbsltoh_r()\fR functions convert a binary sensitivity
+label into a string of the form:
+.sp
+.in +2
+.nf
+[0x\fIsensitivity_label_hexadecimal_value\fR]
+.fi
+.in -2
+.sp
+
+.sp
+.LP
+The \fBbcleartoh()\fR and \fBbcleartoh_r()\fR functions convert a binary
+clearance into a string of the form:
+.sp
+.in +2
+.nf
+0x\fIclearance_hexadecimal_value\fR
+.fi
+.in -2
+.sp
+
+.sp
+.LP
+The \fBh_alloc()\fR function allocates memory for the hexadecimal value
+\fItype\fR for use by \fBbsltoh_r()\fR and \fBbcleartoh_r()\fR.
+.sp
+.LP
+Valid values for \fItype\fR are:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSUN_SL_ID\fR\fR
+.ad
+.RS 14n
+.rt  
+\fIlabel\fR is a binary sensitivity label.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSUN_CLR_ID\fR\fR
+.ad
+.RS 14n
+.rt  
+\fIlabel\fR is a binary clearance.
+.RE
+
+.sp
+.LP
+The \fBh_free()\fR function frees memory allocated by \fBh_alloc()\fR.
+.SH RETURN VALUES
+.sp
+.LP
+These functions return a pointer to a string that contains the result of the
+translation, or \fB(char *)0\fR if the parameter is not of the required type.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityObsolete
+_
+MT-LevelMT-Safe with exceptions
+.TE
+
+.sp
+.LP
+The \fBbsltoh()\fR, \fBbcleartoh()\fR, \fBbsltoh_r()\fR, \fBbcleartoh_r()\fR,
+\fBh_alloc()\fR, and \fBh_free()\fR functions are Obsolete. Use the
+\fBlabel_to_str\fR(3TSOL) function instead.
+.sp
+.LP
+The \fBbsltoh()\fR and \fBbcleartoh()\fR functions share the same statically
+allocated string storage. They are not MT-Safe. Subsequent calls to any of
+these functions will overwrite that string with the newly translated string.
+The \fBbsltoh_r()\fR and \fBbcleartoh_r()\fR functions should be used in
+multithreaded applications.
+.SH SEE ALSO
+.sp
+.LP
+\fBatohexlabel\fR(1M), \fBhextoalabel\fR(1M),\fBlabel_to_str\fR(3TSOL),
+\fBlibtsol\fR(3LIB), \fBattributes\fR(5), \fBlabels\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/getdevicerange.3tsol b/usr/src/man/man3tsol/getdevicerange.3tsol
new file mode 100644
index 0000000000..4a5e613f86
--- /dev/null
+++ b/usr/src/man/man3tsol/getdevicerange.3tsol
@@ -0,0 +1,125 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getdevicerange 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+getdevicerange \- get the label range of a device
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-lbsm\fR \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBblrange_t *\fR\fBgetdevicerange\fR(\fBconst char *\fR\fIdevice\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBgetdevicerange()\fR function returns the label range of a
+user-allocatable device.
+.sp
+.LP
+If the label range is not specified for \fIdevice\fR, \fBgetdevicerange()\fR
+returns the default values of \fBADMIN_LOW\fR for the lower bound and
+\fBADMIN_HIGH\fR for the upper bound of \fIdevice\fR.
+.sp
+.LP
+From the command line, \fBlist_devices\fR(1) can be used to see the label range
+of \fIdevice\fR.
+.SH RETURN VALUES
+.sp
+.LP
+The \fBgetdevicerange()\fR function returns \fINULL\fR on failure and sets
+\fIerrno\fR. On successful completion, it returns a pointer to a
+\fBblrange_t\fR structure which must be freed by the caller, as follows:
+.sp
+.in +2
+.nf
+blrange_t *range;
+      ...
+      m_label_free(range->lower_bound);
+      m_label_free(range->upper_bound);
+      free(range);
+.fi
+.in -2
+.sp
+
+.SH ERRORS
+.sp
+.LP
+The \fBgetdevicerange()\fR function will fail if:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEAGAIN\fR\fR
+.ad
+.RS 11n
+.rt  
+There is not enough memory available to allocate the required bytes. The
+application could try later.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOMEM\fR\fR
+.ad
+.RS 11n
+.rt  
+The physical limits of the system are exceeded by size bytes of memory which
+cannot be allocated.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOTSUP\fR\fR
+.ad
+.RS 11n
+.rt  
+Invalid upper or lower bound for device.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.16i) |cw(3.34i) 
+lw(2.16i) |lw(3.34i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBlist_devices\fR(1), \fBfree\fR(3C), \fBlibtsol\fR(3LIB),
+\fBm_label_free\fR(3TSOL), \fBattributes\fR(5)
+.sp
+.LP
+\fIValidating the Label Request Against the Printer\&'s Label Range\fR in
+\fISolaris Trusted Extensions Developer\&'s Guide\fR
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/getpathbylabel.3tsol b/usr/src/man/man3tsol/getpathbylabel.3tsol
new file mode 100644
index 0000000000..01669d0bfc
--- /dev/null
+++ b/usr/src/man/man3tsol/getpathbylabel.3tsol
@@ -0,0 +1,164 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getpathbylabel 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+getpathbylabel \- return the zone pathname
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflags\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBchar *\fR\fBgetpathbylabel\fR(\fBconst char *\fR\fIpath\fR, \fBchar *\fR\fIresolved_path\fR,
+     \fBsize_t\fR \fIbufsize\fR, \fBconst m_label_t *\fR\fIsl\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBgetpathbylabel()\fR function expands all symbolic links and resolves
+references to '/./', '/../', extra '/' characters, and stores the zone pathname
+in the buffer named by \fIresolved_path\fR. The \fIbufsize\fR argument
+specifies the size in bytes of this buffer. The resulting path will have no
+symbolic links components, nor any '/./', '/.\|./'. This function can only be
+called from the global zone.
+.sp
+.LP
+The zone pathname is relative to the sensitivity label \fIsl\fR. To specify a
+sensitivity label for a zone name which does not exist, the process must assert
+either the \fBPRIV_FILE_UPGRADE_SL\fR or \fBPRIV_FILE_DOWNGRADE_SL\fR privilege
+depending on whether the specified sensitivity label dominates or does not
+dominate the process sensitivity label.
+.SH RETURN VALUES
+.sp
+.LP
+The \fBgetpathbylabel()\fR function returns a pointer to the
+\fIresolved_path\fR on success. Otherwise it returns \fINULL\fR and sets
+\fIerrno\fR to indicate the error.
+.SH ERRORS
+.sp
+.LP
+The \fBgetpathbylabel()\fR function will fail if:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEACCES\fR\fR
+.ad
+.RS 16n
+.rt  
+Search permission is denied for a component of the path prefix of \fIpath\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEFAULT\fR\fR
+.ad
+.RS 16n
+.rt  
+\fIresolved_path\fR extends outside the process's allocated address space or
+beyond \fIbufsize\fR bytes.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEINVAL\fR\fR
+.ad
+.RS 16n
+.rt  
+\fIpath\fR or \fIresolved_path\fR was \fINULL\fR, current zone is not the
+global zone, or \fIsl\fR is invalid.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEIO\fR\fR
+.ad
+.RS 16n
+.rt  
+An \fBI/O\fR error occurred while reading from or writing to the file system.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBELOOP\fR\fR
+.ad
+.RS 16n
+.rt  
+Too many symbolic links were encountered in translating \fIpath\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENAMETOOLONG\fR\fR
+.ad
+.RS 16n
+.rt  
+The length of the path argument exceeds \fIPATH_MAX\fR, or a pathname component
+is longer than \fINAME_MAX\fR (see \fBsysconf\fR(3C)) while
+\fB_POSIX_NO_TRUNC\fR is in effect (see \fBpathconf\fR(2)).
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOENT\fR\fR
+.ad
+.RS 16n
+.rt  
+The named file does not exist.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBreadlink\fR(2), \fBgetzonerootbyid\fR(3TSOL), \fBlibtsol\fR(3LIB),
+\fBattributes\fR(5), \fBlabels\fR(5)
+.SH WARNINGS
+.sp
+.LP
+The \fBgetpathbylabel()\fR function indirectly invokes the \fBreadlink\fR(2)
+system call, and hence inherits the possibility of hanging due to inaccessible
+file system resources.
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/getplabel.3tsol b/usr/src/man/man3tsol/getplabel.3tsol
new file mode 100644
index 0000000000..a6c18ba960
--- /dev/null
+++ b/usr/src/man/man3tsol/getplabel.3tsol
@@ -0,0 +1,84 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getplabel 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+getplabel \- get process label
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBint\fR \fBgetplabel\fR(\fBm_label_t *\fR\fIlabel_p\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBgetplabel()\fR function obtains the sensitivity label of the calling
+process.
+.SH RETURN VALUES
+.sp
+.LP
+Upon successful completion, \fBgetplabel()\fR returns 0. Otherwise it returns
+-1, \fIlabel_p\fR is unchanged, and \fIerrno\fR is set to indicate the error.
+.SH ERRORS
+.sp
+.LP
+The \fBgetplabel()\fR function fails and \fIlabel_p\fR does not refer to a
+valid sensitivity label if:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEFAULT\fR\fR
+.ad
+.RS 10n
+.rt  
+\fIlabel_p\fR points to an invalid address.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBucred_getlabel\fR(3C), \fBlibtsol\fR(3LIB), \fBm_label_alloc\fR(3TSOL),
+\fBm_label_free\fR(3TSOL), \fBattributes\fR(5)
+.sp
+.LP
+\fIObtaining a Process Label\fR in \fISolaris Trusted Extensions Developer\&'s
+Guide\fR
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
+.sp
+.LP
+This function returns different values for system processes than
+\fBucred_getlabel\fR(3C) returns.
diff --git a/usr/src/man/man3tsol/getuserrange.3tsol b/usr/src/man/man3tsol/getuserrange.3tsol
new file mode 100644
index 0000000000..1b404d4caa
--- /dev/null
+++ b/usr/src/man/man3tsol/getuserrange.3tsol
@@ -0,0 +1,103 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getuserrange 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+getuserrange \- get the label range of a user
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflags\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBm_range_t *\fR\fBgetuserrange\fR(\fBconst char *\fR\fIusername\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBgetuserrange()\fR function returns the label range of \fIusername\fR.
+The lower bound in the range is used as the initial workspace label when a user
+logs into a multilevel desktop. The upper bound, or clearance, is used as an
+upper limit to the available labels that a user can assign to labeled
+workspaces.
+.sp
+.LP
+The default value for a user's label range is specified in
+\fBlabel_encodings\fR(4). Overriding values for individual users are specified
+in \fBuser_attr\fR(4).
+.SH RETURN VALUES
+.sp
+.LP
+The \fBgetuserrange()\fR function returns \fBNULL\fR if the memory allocation
+fails. Otherwise, the function returns a structure which must be freed by the
+caller, as follows:
+.sp
+.in +2
+.nf
+m_range_t  *range;
+    ...
+    m_label_free(range->lower_bound);
+    m_label_free(range->upper_bound);
+    free(range);
+.fi
+.in -2
+.sp
+
+.SH ERRORS
+.sp
+.LP
+The \fBgetuserrange()\fR function will fail if:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOMEM\fR\fR
+.ad
+.RS 10n
+.rt  
+The physical limits of the system are exceeded by size bytes of memory which
+cannot be allocated.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.16i) |cw(3.34i) 
+lw(2.16i) |lw(3.34i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilitySee below.
+_
+MT-LevelMT-Safe
+.TE
+
+.sp
+.LP
+The \fBgetuserrange()\fR function is Committed for systems that implement the
+Defense Intelligence Agency (DIA) MAC policy of \fBlabel_encodings\fR(4). Other
+policies might exist in a future release of Trusted Extensions that might make
+obsolete or supplement \fBlabel_encodings\fR.
+.SH SEE ALSO
+.sp
+.LP
+\fBfree\fR(3C), \fBlibtsol\fR(3LIB), \fBm_label_free\fR(3TSOL),
+\fBlabel_encodings\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/getzonelabelbyid.3tsol b/usr/src/man/man3tsol/getzonelabelbyid.3tsol
new file mode 100644
index 0000000000..e6d748d395
--- /dev/null
+++ b/usr/src/man/man3tsol/getzonelabelbyid.3tsol
@@ -0,0 +1,122 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getzonelabelbyid 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+getzonelabelbyid, getzonelabelbyname, getzoneidbylabel \- map between zones and
+labels
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflags\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBm_label_t *\fR\fBgetzonelabelbyid\fR(\fBzoneid_t\fR \fIzoneid\fR);
+.fi
+
+.LP
+.nf
+\fBm_label_t *\fR\fBgetzonelabelbyname\fR(\fBconst char *\fR\fIzonename\fR);
+.fi
+
+.LP
+.nf
+\fBzoneid_t *\fR\fBgetzoneidbylabel\fR(\fBconst m_label_t *\fR\fIlabel\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBgetzonelabelbyid()\fR function returns the mandatory access control
+(MAC) label of \fIzoneid\fR.
+.sp
+.LP
+The \fBgetzonelabelbyname()\fR function returns the MAC label of the zone whose
+name is \fIzonename\fR.
+.sp
+.LP
+The \fBgetzoneidbylabel()\fR function returns the zone ID of the zone whose
+label is \fIlabel\fR.
+.sp
+.LP
+All of these functions require that the specified zone's state is at least
+\fBZONE_IS_READY\fR. The zone of the calling process must dominate the
+specified zone's label, or the calling process must be in the global zone.
+.SH RETURN VALUES
+.sp
+.LP
+On successful completion, the \fBgetzonelabelbyid()\fR and
+\fBgetzonelabelbyname()\fR functions return a pointer to a sensitivity label
+that is allocated within these functions. To free the storage, use
+\fBm_label_free\fR(3TSOL). If the zone does not exist, \fBNULL\fR is returned.
+.sp
+.LP
+On successful completion, the \fBgetzoneidbylabel()\fR function returns the
+zone ID with the matching label. If there is no matching zone, the function
+returns \fB-1\fR.
+.SH ERRORS
+.sp
+.LP
+The \fBgetzonelabelbyid()\fR and \fBgetzonelabelbyname()\fR functions will fail
+if:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOENT\fR\fR
+.ad
+.RS 10n
+.rt  
+The specified zone does not exist.
+.RE
+
+.sp
+.LP
+The \fBgetzonelabelbyid()\fR function will fail if:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOENT\fR\fR
+.ad
+.RS 10n
+.rt  
+No zone corresponds to the specified label.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBIntro\fR(2), \fBgetzonenamebyid\fR(3C), \fBgetzoneidbyname\fR(3C),
+\fBlibtsol\fR(3LIB), \fBm_label_free\fR(3TSOL), \fBattributes\fR(5),
+\fBlabels\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/getzonerootbyid.3tsol b/usr/src/man/man3tsol/getzonerootbyid.3tsol
new file mode 100644
index 0000000000..9b40d76d6d
--- /dev/null
+++ b/usr/src/man/man3tsol/getzonerootbyid.3tsol
@@ -0,0 +1,135 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH getzonerootbyid 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+getzonerootbyid, getzonerootbylabel, getzonerootbyname \- map between zone root
+pathnames and labels
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflags\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBchar *\fR\fBgetzonerootbyid\fR(\fBzoneid_t\fR \fIzoneid\fR);
+.fi
+
+.LP
+.nf
+\fBchar *\fR\fBgetzonerootbylabel\fR(\fBconst m_label_t *\fR\fIlabel\fR);
+.fi
+
+.LP
+.nf
+\fBchar *\fR\fBgetzonerootbyname\fR(\fBconst char *\fR\fIzonename\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBgetzonerootbyid()\fR function returns the root pathname of \fIzoneid\fR.
+.sp
+.LP
+The \fBgetzonerootbylabel()\fR function returns the root pathname of the zone
+whose label is \fIlabel\fR.
+.sp
+.LP
+The \fBgetzonerootbyname()\fR function returns the root pathname of
+\fIzonename\fR.
+.sp
+.LP
+All of these functions require that the specified zone's state is at least
+\fBZONE_IS_READY\fR. The zone of the calling process must dominate the
+specified zone's label, or the calling process must be in the global zone. The
+returned pathname is relative to the root path of the caller's zone.
+.SH RETURN VALUES
+.sp
+.LP
+On successful completion, the \fBgetzonerootbyid()\fR,
+\fBgetzonerootbylabel()\fR, and \fBgetzonerootbyname()\fR functions return a
+pointer to a pathname that is allocated within these functions. To free the
+storage, use \fBfree\fR(3C). On failure, these functions return \fBNULL\fR and
+set \fIerrno\fR to indicate the error.
+.SH ERRORS
+.sp
+.LP
+These functions will fail if:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEFAULT\fR\fR
+.ad
+.RS 10n
+.rt  
+Invalid argument; pointer location is invalid.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEINVAL\fR\fR
+.ad
+.RS 10n
+.rt  
+\fIzoneid\fR invalid, or zone not found or not ready.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOENT\fR\fR
+.ad
+.RS 10n
+.rt  
+Zone does not exist.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOMEM\fR\fR
+.ad
+.RS 10n
+.rt  
+Unable to allocate pathname.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.16i) |cw(3.34i) 
+lw(2.16i) |lw(3.34i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBIntro\fR(2), \fBfree\fR(3C), \fBgetzonenamebyid\fR(3C), \fBlibtsol\fR(3LIB),
+\fBattributes\fR(5), \fBlabels\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/hextob.3tsol b/usr/src/man/man3tsol/hextob.3tsol
new file mode 100644
index 0000000000..c259cf8995
--- /dev/null
+++ b/usr/src/man/man3tsol/hextob.3tsol
@@ -0,0 +1,94 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH hextob 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+hextob, htobsl, htobclear \- convert hexadecimal string to binary label
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBint htobsl\fR(\fBconst char *\fR\fIs\fR, \fBm_label_t *\fR\fIlabel\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBhtobclear\fR(\fBconst char *\fR\fIs\fR, \fBm_label_t *\fR\fIclearance\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+These functions convert hexadecimal string representations of internal label
+values into binary labels.
+.sp
+.LP
+The \fBhtobsl()\fR function converts into a binary sensitivity label, a
+hexadecimal string of the form:
+.sp
+.in +2
+.nf
+0x\fIsensitivity_label_hexadecimal_value\fR
+.fi
+.in -2
+.sp
+
+.sp
+.LP
+The \fBhtobclear()\fR function converts into a binary clearance, a hexadecimal
+string of the form:
+.sp
+.in +2
+.nf
+0x\fIclearance_hexadecimal_value\fR
+.fi
+.in -2
+.sp
+
+.SH RETURN VALUES
+.sp
+.LP
+These functions return non-zero if the conversion was successful, otherwise
+zero is returned.
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityObsolete
+_
+MT-LevelMT-Safe
+.TE
+
+.sp
+.LP
+These functions are obsolete and retained for ease of porting. They might be
+removed in a future Solaris Trusted Extensions release. Use the
+\fBstr_to_label\fR(3TSOL) function instead.
+.SH SEE ALSO
+.sp
+.LP
+\fBlibtsol\fR(3LIB), \fBstr_to_label\fR(3TSOL), \fBattributes\fR(5),
+\fBlabels\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/label_to_str.3tsol b/usr/src/man/man3tsol/label_to_str.3tsol
new file mode 100644
index 0000000000..c8d7090bcf
--- /dev/null
+++ b/usr/src/man/man3tsol/label_to_str.3tsol
@@ -0,0 +1,256 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH label_to_str 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+label_to_str \- convert labels to human readable strings
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBint\fR \fBlabel_to_str\fR(\fBconst m_label_t *\fR\fIlabel\fR, \fBchar **\fR\fIstring\fR, 
+    \fBconst m_label_str_t\fR \fIconversion_type\fR, \fBuint_t\fR \fIflags\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+\fBlabel_to_str()\fR is a simple function to convert various mandatory label
+types to human readable strings.
+.sp
+.LP
+\fIlabel\fR is the mandatory label to convert. \fIstring\fR points to memory
+that is allocated by \fBlabel_to_str()\fR that contains the converted string.
+The caller is responsible for calling \fBfree\fR(3C) to free allocated memory.
+.sp
+.LP
+The calling process must have mandatory read access to the resulting human
+readable string. Or the calling process must have the \fBsys_trans_label\fR
+privilege.
+.sp
+.LP
+The \fIconversion_type\fR parameter controls the type of label conversion. Not
+all types of conversion are valid for all types of label:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBM_LABEL\fR\fR
+.ad
+.RS 22n
+.rt  
+Converts \fIlabel\fR to a human readable string based on its type.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBM_INTERNAL\fR\fR
+.ad
+.RS 22n
+.rt  
+Converts \fIlabel\fR to an internal text representation that is safe for
+storing in a public object. Internal conversions can later be parsed to their
+same value.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBM_COLOR\fR\fR
+.ad
+.RS 22n
+.rt  
+Converts \fIlabel\fR to a string that represents the color name that the
+administrator has associated with the label.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBPRINTER_TOP_BOTTOM\fR\fR
+.ad
+.RS 22n
+.rt  
+Converts \fIlabel\fR to a human readable string that is appropriate for use as
+the top and bottom label of banner and trailer pages in the Defense
+Intelligence Agency (DIA) encodings printed output schema.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBPRINTER_LABEL\fR\fR
+.ad
+.RS 22n
+.rt  
+Converts \fIlabel\fR to a human readable string that is appropriate for use as
+the banner page downgrade warning in the DIA encodings printed output schema.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBPRINTER_CAVEATS\fR\fR
+.ad
+.RS 22n
+.rt  
+Converts \fIlabel\fR to a human readable string that is appropriate for use as
+the banner page caveats section in the DIA encodings printed output schema.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBPRINTER_CHANNELS\fR\fR
+.ad
+.RS 22n
+.rt  
+Converts \fIlabel\fR to a human readable string that is appropriate for use as
+the banner page handling channels in the DIA encodings printed output schema.
+.RE
+
+.sp
+.LP
+The \fIflags\fR parameter provides a hint to the label conversion:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBDEF_NAMES\fR\fR
+.ad
+.RS 15n
+.rt  
+The default names are preferred.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBSHORT_NAMES\fR\fR
+.ad
+.RS 15n
+.rt  
+Short names are preferred where defined.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLONG_NAMES\fR\fR
+.ad
+.RS 15n
+.rt  
+Long names are preferred.
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+Upon successful completion, the \fBlabel_to_str()\fR function returns 0.
+Otherwise, -1 is returned, \fIerrno\fR is set to indicate the error and the
+string pointer is set to \fINULL\fR.
+.SH ERRORS
+.sp
+.LP
+The \fBlabel_to_str()\fR function will fail if:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEINVAL\fR\fR
+.ad
+.RS 11n
+.rt  
+Invalid parameter.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOTSUP\fR\fR
+.ad
+.RS 11n
+.rt  
+The system does not support label translations.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOMEM\fR\fR
+.ad
+.RS 11n
+.rt  
+The physical limits of the system are exceeded by size bytes of memory which
+cannot be allocated.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilitySee below.
+_
+MT-LevelMT-Safe
+_
+StandardSee below.
+.TE
+
+.sp
+.LP
+The \fBlabel_to_str()\fR function is Committed. The returned string is
+Not-an-Interface and is dependent on the specific \fBlabel_encodings\fR file.
+The conversion type \fBINTERNAL\fR is Uncommitted, but is always accepted as
+input to \fBstr_to_label\fR(3TSOL).
+.sp
+.LP
+Conversion types that are relative to the DIA encodings schema are Standard.
+Standard is specified in \fBlabel_encodings\fR(4).
+.SH SEE ALSO
+.sp
+.LP
+\fBfree\fR(3C), \fBlibtsol\fR(3LIB), \fBstr_to_label\fR(3TSOL),
+\fBlabel_encodings\fR(4), \fBattributes\fR(5), \fBlabels\fR(5)
+.sp
+.LP
+\fIUsing the label_to_str Function\fR in \fISolaris Trusted Extensions
+Developer\&'s Guide\fR
+.SH WARNINGS
+.sp
+.LP
+A number of these conversions rely on the DIA label encodings schema. They
+might not be valid for other label schemata.
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/labelbuilder.3tsol b/usr/src/man/man3tsol/labelbuilder.3tsol
new file mode 100644
index 0000000000..7a55c8a250
--- /dev/null
+++ b/usr/src/man/man3tsol/labelbuilder.3tsol
@@ -0,0 +1,562 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH labelbuilder 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+labelbuilder, tsol_lbuild_create, tsol_lbuild_get, tsol_lbuild_set,
+tsol_lbuild_destroy \- create a Motif-based user interface for interactively
+building a valid label or clearance
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR \fB-lDtTsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <Dt/ModLabel.h>
+
+\fBModLabelData *tsol_lbuild_create\fR(\fBWidget\fR \fIwidget\fR,
+     void \fI(*event_handler)\fR() \fIok_callback\fR,
+     \fBlbuild_attributes\fR \fIextended_operation\fR, ..., \fBNULL\fR);
+.fi
+
+.LP
+.nf
+\fBvoid *tsol_lbuild_get\fR(\fBModLabelData *\fR\fIdata\fR,
+     \fBlbuild_attributes\fR \fIextended_operation\fR);
+.fi
+
+.LP
+.nf
+\fBvoid tsol_lbuild_set\fR(\fBModLabelData *\fR\fIdata\fR,
+     \fBlbuild_attributes\fR \fIextended_operation\fR, ..., \fBNULL\fR);
+.fi
+
+.LP
+.nf
+\fBvoid tsol_lbuild_destroy\fR(\fBModLabelData *\fR\fIdata\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The label builder user interface prompts the end user for information and
+generates a valid sensitivity label or clearance from the user input based on
+specifications in the \fBlabel_encodings\fR(4) file on the system where the
+application runs. The end user can build the label or clearance by typing a
+text value or by interactively choosing options.
+.sp
+.LP
+Application-specific functionality is implemented in the callback for the OK
+pushbutton. This callback is passed to the \fBtsol_lbuild_create()\fR call
+where it is mapped to the OK pushbutton widget.
+.sp
+.LP
+When choosing options, the label builder shows the user only those
+classifications (and related compartments and markings) dominated by the
+workspace sensitivity label unless the executable has the
+\fBPRIV_SYS_TRANS_LABEL\fR privilege in its effective set.
+.sp
+.LP
+If the end user does not have the authorization to upgrade or downgrade labels,
+or if the user-built label is out of the user's accreditation range, the OK and
+Reset pushbuttons are grayed. There are no privileges to override these
+restrictions.
+.sp
+.LP
+\fBtsol_lbuild_create()\fR creates the graphical user interface and returns a
+pointer variable of type \fBModLabeldata*\fR that contains information on the
+user interface. This information is a combination of values passed in the
+\fBtsol_lbuild_create()\fR input parameter list, default values for information
+not provided, and information on the widgets used by the label builder to
+create the user interface. All information except the widget information should
+be accessed with the \fBtsol_lbuild_get()\fR and \fBtsol_lbuild_set()\fR
+routines.
+.sp
+.LP
+The widget information is accessed directly by referencing the following fields
+of the \fBModLabelData\fR structure.
+.sp
+.ne 2
+.mk
+.na
+\fB\fBlbuild_dialog\fR\fR
+.ad
+.RS 17n
+.rt  
+The label builder dialog box.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBok\fR\fR
+.ad
+.RS 17n
+.rt  
+The OK pushbutton.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBcancel\fR\fR
+.ad
+.RS 17n
+.rt  
+The Cancel pushbutton.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBreset\fR\fR
+.ad
+.RS 17n
+.rt  
+The Reset pushbutton.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBhelp\fR\fR
+.ad
+.RS 17n
+.rt  
+The Help pushbutton.
+.RE
+
+.sp
+.LP
+The \fBtsol_lbuild_create()\fR parameter list takes the following values:
+.sp
+.ne 2
+.mk
+.na
+\fBwidget\fR
+.ad
+.RS 15n
+.rt  
+The widget from which the dialog box is created. Any Motif widget can be
+passed.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fBok_callback\fR
+.ad
+.RS 15n
+.rt  
+A callback function that implements the behavior of the OK pushbutton on the
+dialog box.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB\&..., NULL\fR\fR
+.ad
+.RS 15n
+.rt  
+A \fINULL\fR terminated list of extended operations and value pairs that define
+the characteristics and behavior of the label builder dialog box.
+.RE
+
+.sp
+.LP
+\fBtsol_lbuild_destroy()\fR destroys the \fBModLabelData\fR structure returned
+by \fBtsol_lbuild_create()\fR.
+.sp
+.LP
+\fBtsol_lbuild_get()\fR and \fBtsol_lbuild_set()\fR access the information
+stored in the \fBModLabelData\fR structure returned by
+\fBtsol_lbuild_create()\fR.
+.sp
+.LP
+The following extended operations can be passed to \fBtsol_lbuild_create()\fR
+to build the user interface, to \fBtsol_lbuild_get()\fR to retrieve information
+on the user interface, and to \fBtsol_lbuild_set()\fR to change the user
+interface information. All extended operations are valid for
+\fBtsol_lbuild_get()\fR, but the \fB*WORK*\fR operations are not valid for
+\fBtsol_lbuild_set()\fR or \fBtsol_lbuild_create()\fR because these values are
+set from input supplied by the end user. These exceptions are noted in the
+descriptions.
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_MODE\fR\fR
+.ad
+.RS 22n
+.rt  
+Create a user interface to build a sensitivity label or a clearance. Value is
+\fBLBUILD_MODE_SL\fR by default.
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_MODE_SL\fR\fR
+.ad
+.RS 19n
+.rt  
+Build a sensitivity label.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_MODE_CLR\fR\fR
+.ad
+.RS 19n
+.rt  
+Build a clearance.
+.RE
+
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_VALUE_SL\fR\fR
+.ad
+.RS 22n
+.rt  
+The starting sensitivity label. This value is \fBADMIN_LOW\fR by default and is
+used when the mode is \fBLBUILD_MODE_SL\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_VALUE_CLR\fR\fR
+.ad
+.RS 22n
+.rt  
+The starting clearance. This value is \fBADMIN_LOW\fR by default and is used
+when the mode is \fBLBUILD_MODE_CLR\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_USERFIELD\fR\fR
+.ad
+.RS 22n
+.rt  
+A character string prompt that displays at the top of the label builder dialog
+box. Value is \fINULL\fR by default.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_SHOW\fR\fR
+.ad
+.RS 22n
+.rt  
+Show or hide the label builder dialog box. Value is \fBFALSE\fR by default.
+.sp
+.ne 2
+.mk
+.na
+\fB\fBTRUE\fR\fR
+.ad
+.RS 9n
+.rt  
+Show the label builder dialog box.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBFALSE\fR\fR
+.ad
+.RS 9n
+.rt  
+Hide the label builder dialog box.
+.RE
+
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_TITLE\fR\fR
+.ad
+.RS 22n
+.rt  
+A character string title that appears at the top of the label builder dialog
+box. Value is \fINULL\fR by default.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_WORK_SL\fR\fR
+.ad
+.RS 22n
+.rt  
+Not valid for \fBtsol_lbuild_set()\fR or \fBtsol_lbuild_create()\fR. The
+sensitivity label the end user is building. Value is updated to the end user's
+input when the end user selects the Update pushbutton or interactively chooses
+an option.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_WORK_CLR\fR\fR
+.ad
+.RS 22n
+.rt  
+Not valid for \fBtsol_lbuild_set()\fR or \fBtsol_lbuild_create()\fR. The
+clearance the end user is building. Value is updated to the end user's input
+when the end user selects the Update pushbutton or interactively chooses an
+option.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_X\fR\fR
+.ad
+.RS 22n
+.rt  
+The X position in pixels of the top-left corner of the label builder dialog box
+in relation to the top-left corner of the screen. By default the label builder
+dialog box is positioned in the middle of the screen.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_Y\fR\fR
+.ad
+.RS 22n
+.rt  
+The Y position in pixels of the top-left corner of the label builder dialog box
+in relation to the top-left corner of the screen. By default the label builder
+dialog box is positioned in the middle of the screen.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_LOWER_BOUND\fR\fR
+.ad
+.RS 22n
+.rt  
+The lowest classification (and related compartments and markings) available to
+the user as radio buttons for interactively building a label or clearance. This
+value is the user's minimum label.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_UPPER_BOUND\fR\fR
+.ad
+.RS 22n
+.rt  
+The highest classification (and related compartments and markings) available to
+the user as radio buttons for interactively building a label or clearance. A
+supplied value should be within the user's accreditation range.  If no value is
+specified, the value is the user's workspace sensitivity label, or if the
+executable has the \fBPRIV_SYS_TRANS_LABEL\fR privilege, the value is the
+user's clearance.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_CHECK_AR\fR\fR
+.ad
+.RS 22n
+.rt  
+Check that the user-built label entered in the Update With field is within the
+user's accreditation range. A value of 1 means check, and a value of 0 means do
+not check. If checking is on and the label is out of range, an error message is
+raised to the end user.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_VIEW\fR\fR
+.ad
+.RS 22n
+.rt  
+Use the internal or external label representation. Value is
+\fBLBUILD_VIEW_EXTERNAL\fR by default.
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_VIEW_INTERNAL\fR\fR
+.ad
+.sp .6
+.RS 4n
+Use the internal names for the highest and lowest labels in the system:
+\fBADMIN_HIGH\fR and \fBADMIN_LOW\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBLBUILD_VIEW_EXTERNAL\fR\fR
+.ad
+.sp .6
+.RS 4n
+Promote an \fBADMIN_LOW\fR label to the next highest label, and demote an
+\fBADMIN_HIGH\fR label to the next lowest label.
+.RE
+
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+The \fBtsol_lbuild_get()\fR function returns \fB\(mi1\fR if it is unable to get
+the value.
+.sp
+.LP
+The \fBtsol_lbuild_create()\fR function returns a variable of type
+\fBModLabelData\fR that contains the information provided in the
+\fBtsol_lbuild_create()\fR input parameter list, default values for information
+not provided, and information on the widgets used by the label builder to
+create the user interface.
+.SH EXAMPLES
+.LP
+\fBExample 1 \fRCreate a Label Builder.
+.sp
+.in +2
+.nf
+(ModLabelData *)lbldata = tsol_lbuild_create(widget0, callback_function,
+     LBUILD_MODE, LBUILD_MODE_SL,
+     LBUILD_TITLE, "Setting Sensitivity Label", 
+     LBUILD_VIEW, LBUILD_VIEW_INTERNAL,
+     LBUILD_X, 200,
+     LBUILD_Y, 200,
+     LBUILD_USERFIELD, "Pathname:",
+     LBUILD_SHOW, FALSE,
+  NULL);
+.fi
+.in -2
+.sp
+
+.LP
+\fBExample 2 \fRQuery the Mode and Display the Label Builder.
+.sp
+.LP
+These examples call the \fBtsol_lbuild_get()\fR function to query the mode
+being used, and call the \fBtsol_lbuild_set()\fR function so the label builder
+dialog box displays.
+
+.sp
+.in +2
+.nf
+mode = (int)tsol_lbuild_get(lbldata, LBUILD_MODE );
+
+tsol_lbuild_set(lbldata, LBUILD_SHOW, TRUE, NULL);
+.fi
+.in -2
+.sp
+
+.LP
+\fBExample 3 \fRDestroy the ModLabelData Variable.
+.sp
+.LP
+This example destroys the \fBModLabelData\fR variable returned in the call to
+\fBtsol_lbuild_create()\fR.
+
+.sp
+.in +2
+.nf
+tsol_lbuild_destroy(lbldata);
+.fi
+.in -2
+.sp
+
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/usr/dt/include/Dt/ModLabel.h\fR\fR
+.ad
+.sp .6
+.RS 4n
+Header file for label builder functions
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/tsol/label_encodings\fR\fR
+.ad
+.sp .6
+.RS 4n
+The label encodings file contains the classification names, words, constraints,
+and values for the defined labels of this system.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBlibtsol\fR(3LIB), \fBlabel_encodings\fR(4), \fBattributes\fR(5)
+.sp
+.LP
+\fILabel Builder APIs\fR in \fISolaris Trusted Extensions Developer\&'s
+Guide\fR
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/labelclipping.3tsol b/usr/src/man/man3tsol/labelclipping.3tsol
new file mode 100644
index 0000000000..9f2aaeb605
--- /dev/null
+++ b/usr/src/man/man3tsol/labelclipping.3tsol
@@ -0,0 +1,203 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH labelclipping 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+labelclipping, Xbsltos, Xbcleartos \- translate a binary label and clip to the
+specified width
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR \fB-lDtTsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <Dt/label_clipping.h>
+
+\fBXmString\fR \fBXbsltos\fR(\fBDisplay *\fR\fIdisplay\fR, \fBconst m_label_t *\fR\fIsenslabel\fR,
+     \fBDimension\fR \fIwidth\fR, \fBconst XmFontList\fR \fIfontlist\fR, \fBconst int\fR \fIflags\fR);
+.fi
+
+.LP
+.nf
+\fBXmString\fR \fBXbcleartos\fR(\fBDisplay *\fR\fIdisplay\fR, \fBconst m_label_t *\fR\fIclearance\fR,
+     \fBDimension\fR \fIwidth\fR, \fBconst XmFontList\fR \fIfontlist\fR, \fBconst int\fR \fIflags\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The calling process must have \fBPRIV_SYS_TRANS_LABEL\fR in its set of
+effective privileges to translate labels or clearances that dominate the
+current process' sensitivity label.
+.sp
+.ne 2
+.mk
+.na
+\fB\fIdisplay\fR\fR
+.ad
+.RS 13n
+.rt  
+The structure controlling the connection to an X Window System display.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIsenslabel\fR\fR
+.ad
+.RS 13n
+.rt  
+The sensitivity label to be translated.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIclearance\fR\fR
+.ad
+.RS 13n
+.rt  
+The clearance to be translated.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIwidth\fR\fR
+.ad
+.RS 13n
+.rt  
+The width of the translated label or clearance in pixels. If the specified
+width is shorter than the full label, the label is clipped and the presence of
+clipped letters is indicated by an arrow. In this example, letters have been
+clipped to the right of: TS<-. See the \fBsbltos\fR(3TSOL) manual page for more
+information on the clipped indicator. If the specified width is equal to the
+display width (\fIdisplay\fR), the label is not truncated, but word-wrapped
+using a width of half the display width.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIfontlist\fR\fR
+.ad
+.RS 13n
+.rt  
+A list of fonts and character sets where each font is associated with a
+character set.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fIflags\fR\fR
+.ad
+.RS 13n
+.rt  
+The value of flags indicates which words in the \fBlabel_encodings\fR(4) file
+are used for the translation. See the \fBbltos\fR(3TSOL) manual page for a
+description of the flag values: \fBLONG_WORDS\fR, \fBSHORT_WORDS\fR,
+\fBLONG_CLASSIFICATION\fR, \fBSHORT_CLASSIFICATION\fR, \fBALL_ENTRIES,\fR
+\fBACCESS_RELATED,\fR \fBVIEW_EXTERNAL\fR, \fBVIEW_INTERNAL\fR,
+\fBNO_CLASSIFICATION\fR. \fBBRACKETED\fR is an additional flag that can be used
+with \fBXbsltos()\fR only. It encloses the sensitivity label in square brackets
+as follows: [C].
+.RE
+
+.SH RETURN VALUES
+.sp
+.LP
+These functions return a compound string that represents the character-coded
+form of the sensitivity label or clearance that is translated. The compound
+string uses the language and fonts specified in \fIfontlist\fR and is clipped
+to \fIwidth\fR. These functions return \fINULL\fR if the label or clearance is
+not a valid, required type as defined in the \fBlabel_encodings\fR(4) file, or
+not dominated by the process' sensitivity label and the
+\fBPRIV_SYS_TRANS_LABEL\fR privilege is not asserted.
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/usr/dt/include/Dt/label_clipping.h\fR\fR
+.ad
+.sp .6
+.RS 4n
+Header file for label clipping functions
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/tsol/label_encodings\fR\fR
+.ad
+.sp .6
+.RS 4n
+The label encodings file contains the classification names, words, constraints,
+and values for the defined labels of this system.
+.RE
+
+.SH EXAMPLES
+.LP
+\fBExample 1 \fRTranslate and Clip a Clearance.
+.sp
+.LP
+This example translates a clearance to text using the long words specified in
+the \fBlabel_encodings\fR(4) file, a font list, and clips the translated
+clearance to a width of 72 pixels.
+
+.sp
+.in +2
+.nf
+xmstr = Xbcleartos(XtDisplay(topLevel), 
+&clearance, 72, fontlist, LONG_WORDS
+.fi
+.in -2
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityObsolete
+_
+MT-LevelMT-Safe
+.TE
+
+.sp
+.LP
+The labelclipping functions, \fBXbsltos()\fR and \fBXbcleartos()\fR, are
+obsolete. Use the \fBlabel_to_str\fR(3TSOL) function instead.
+.SH SEE ALSO
+.sp
+.LP
+\fBbltos\fR(3TSOL),  \fBlabel_to_str\fR(3TSOL),  \fBlibtsol\fR(3LIB),
+\fBlabel_encodings\fR(4), \fBattributes\fR(5)
+.sp
+.LP
+See \fBXmStringDraw\fR(3) and \fBFontList\fR(3) for information on the creation
+and structure of a font list.
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/m_label.3tsol b/usr/src/man/man3tsol/m_label.3tsol
new file mode 100644
index 0000000000..308d965149
--- /dev/null
+++ b/usr/src/man/man3tsol/m_label.3tsol
@@ -0,0 +1,139 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH m_label 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+m_label, m_label_alloc, m_label_dup, m_label_free \- m_label functions
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBm_label_t *\fR\fBm_label_alloc\fR(\fBconst m_label_type_t\fR \fIlabel_type\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBm_label_dup\fR(\fBm_label_t **\fR\fIdst\fR, \fBconst m_label_t *\fR\fIsrc\fR);
+.fi
+
+.LP
+.nf
+\fBvoid\fR \fBm_label_free\fR(\fBm_label_t *\fR\fIlabel\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBm_label_alloc()\fR function allocates resources for a new label. The
+\fIlabel_type\fR argument defines the type for a newly allocated label. The
+label type can be:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBMAC_LABEL\fR\fR
+.ad
+.RS 14n
+.rt  
+A Mandatory Access Control (MAC) label.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBUSER_CLEAR\fR\fR
+.ad
+.RS 14n
+.rt  
+A user clearance.
+.RE
+
+.sp
+.LP
+The \fBm_label_dup()\fR function allocates resources for a new \fIdst\fR label.
+The function returns a pointer to the allocated label, which is an exact copy
+of the \fIsrc\fR label. The caller is responsible for freeing the allocated
+resources by calling \fBm_label_free()\fR.
+.sp
+.LP
+The \fBm_label_free()\fR function frees resources that are associated with the
+previously allocated label.
+.SH RETURN VALUES
+.sp
+.LP
+Upon successful completion, the \fBm_label_alloc()\fR function returns a
+pointer to the newly allocated label. Otherwise, \fBm_label_alloc()\fR returns
+\fINULL\fR and \fIerrno\fR is set to indicate the error.
+.sp
+.LP
+Upon successful completion, the \fBm_label_dup()\fR function returns 0.
+Otherwise, \fB-1\fR is returned and \fIerrno\fR is set to indicate the error.
+.SH ERRORS
+.sp
+.LP
+The \fBm_label_alloc()\fR function will fail if:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEINVAL\fR\fR
+.ad
+.RS 10n
+.rt  
+Invalid parameter.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOMEM\fR\fR
+.ad
+.RS 10n
+.rt  
+The physical limits of the system are exceeded by size bytes of memory which
+cannot be allocated.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+_
+MT-LevelSafe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBlabel_to_str\fR(3TSOL), \fBlibtsol\fR(3LIB), \fBstr_to_label\fR(3TSOL),
+\fBlabel_encodings\fR(4), \fBattributes\fR(5), \fBlabels\fR(5)
+.sp
+.LP
+\fIDetermining Whether the Printing Service Is Running in a Labeled
+Environment\fR in \fISolaris Trusted Extensions Developer\&'s Guide\fR
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/sbltos.3tsol b/usr/src/man/man3tsol/sbltos.3tsol
new file mode 100644
index 0000000000..edd6e7bd4c
--- /dev/null
+++ b/usr/src/man/man3tsol/sbltos.3tsol
@@ -0,0 +1,180 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH sbltos 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+sbltos, sbsltos, sbcleartos \- translate binary labels to canonical
+character-coded labels
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBchar *\fR\fBsbsltos\fR(\fBconst m_label_t *\fR\fIlabel\fR, \fBconst int\fR \fIlen\fR);
+.fi
+
+.LP
+.nf
+\fBchar *\fR\fBsbcleartos\fR(\fBconst m_label_t *\fR\fIclearance\fR, \fBconst int\fR \fIlen\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+These functions translate binary labels into canonical strings that are clipped
+to the number of printable characters specified in \fIlen\fR. Clipping is
+required if the number of characters of the translated string is greater than
+\fIlen\fR. Clipping is done by truncating the label on the right to two
+characters less than the specified number of characters. A clipped indicator,
+"<\(mi", is appended to sensitivity labels and clearances. The character-coded
+label begins with a classification name separated with a single space character
+from the list of words making up the remainder of the label. The binary labels
+must be of the proper defined type and dominated by the process's sensitivity
+label. A \fIlen\fR of 0 (zero) returns the entire string with no clipping.
+.sp
+.LP
+The \fBsbsltos()\fR function translates a binary sensitivity label into a
+clipped string using the long form of the words and the short form of the
+classification name. If \fIlen\fR is less than the minimum number of characters
+(three), the translation fails.
+.sp
+.LP
+The \fBsbcleartos()\fR function translates a binary clearance into a clipped
+string using the long form of the words and the short form of the
+classification name. If \fIlen\fR is less than the minimum number of characters
+(three), the translation fails. The translation of a clearance might not be the
+same as the translation of a sensitivity label. These functions use different
+tables of the \fBlabel_encodings\fR file which might contain different words
+and constraints.
+.sp
+.LP
+The calling process must have \fBPRIV_SYS_TRANS_LABEL\fR in its set of
+effective privileges to perform label translation on labels that dominate the
+current process's sensitivity label.
+.SS "Process Attributes"
+.sp
+.LP
+If the \fBVIEW_EXTERNAL\fR or \fBVIEW_INTERNAL\fR flags are not specified,
+translation of \fBADMIN_LOW\fR and \fBADMIN_HIGH\fR labels is controlled by the
+label view process attribute flags. If no label view process attribute flags
+are defined, their translation is controlled by the label view configured in
+the \fBlabel_encodings\fR file. A value of External specifies that
+\fBADMIN_LOW\fR and \fBADMIN_HIGH\fR labels are mapped to the lowest and
+highest labels defined in the \fBlabel_encodings\fR file. A value of Internal
+specifies that the \fBADMIN_LOW\fR and \fBADMIN_HIGH\fR labels are translated
+to the \fBadmin low name\fR and \fBadmin high name\fR strings specified in the
+\fBlabel_encodings\fR file. If no such names are specified, the strings
+"\fBADMIN_LOW\fR" and "\fBADMIN_HIGH\fR" are used.
+.SH RETURN VALUES
+.sp
+.LP
+These functions return a pointer to a statically allocated string that contains
+the result of the translation, or \fB(char\fR \fB*)0\fR if the translation
+fails for any reason.
+.SH EXAMPLES
+.SS "\fBsbsltos()\fR"
+.sp
+.LP
+Assume that a sensitivity label is:
+.sp
+.in +2
+.nf
+UN TOP/MIDDLE/LOWER DRAWER
+.fi
+.in -2
+.sp
+
+.sp
+.LP
+When clipped to ten characters it is:
+.sp
+.in +2
+.nf
+UN TOP/M<\(mi
+.fi
+.in -2
+.sp
+
+.SS "\fBsbcleartos()\fR"
+.sp
+.LP
+Assume that a clearance is:
+.sp
+.in +2
+.nf
+UN TOP/MIDDLE/LOWER DRAWER
+.fi
+.in -2
+.sp
+
+.sp
+.LP
+When clipped to ten characters it is:
+.sp
+.in +2
+.nf
+UN TOP/M<\(mi
+.fi
+.in -2
+.sp
+
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/tsol/label_encodings\fR\fR
+.ad
+.sp .6
+.RS 4n
+The label encodings file contains the classification names, words, constraints,
+and values for the defined labels of this system.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityObsolete
+_
+MT-LevelUnsafe
+.TE
+
+.sp
+.LP
+These functions are obsolete and retained for ease of porting. They might be
+removed in a future Solaris Trusted Extensions release. Use the
+\fBlabel_to_str\fR(3TSOL) function instead.
+.SH SEE ALSO
+.sp
+.LP
+\fBlabel_to_str\fR(3TSOL), \fBlibtsol\fR(3LIB), \fBattributes\fR(5),
+\fBlabels\fR(5)
+.SH WARNINGS
+.sp
+.LP
+All these functions share the same statically allocated string storage. They
+are not MT-Safe. Subsequent calls to any of these functions will overwrite that
+string with the newly translated string.
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/setflabel.3tsol b/usr/src/man/man3tsol/setflabel.3tsol
new file mode 100644
index 0000000000..4760a0b73b
--- /dev/null
+++ b/usr/src/man/man3tsol/setflabel.3tsol
@@ -0,0 +1,273 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH setflabel 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+setflabel \- move file to zone with corresponding sensitivity label
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBint\fR \fBsetflabel\fR(\fBconst char *\fR\fIpath\fR, \fBconst m_label_t *\fR\fIlabel_p\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The file that is named by \fIpath\fR is relabeled by moving it to a new
+pathname relative to the root directory of the zone corresponding to
+\fIlabel_p\fR. If the source and destination file systems are loopback mounted
+from the same underlying file system, the file is renamed. Otherwise, the file
+is copied and removed from the source directory.
+.sp
+.LP
+The \fBsetflabel()\fR function enforces the following policy checks:
+.RS +4
+.TP
+.ie t \(bu
+.el o
+If the sensitivity label of \fIlabel_p\fR equals the existing sensitivity
+label, then the file is not moved.
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+If the corresponding directory does not exist in the destination zone, or if
+the directory exists, but has a different label than \fIlabel_p\fR, the file is
+not moved. Also, if the file already exists in the destination directory, the
+file is not moved.
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+If the sensitivity label of the existing file is not equal to the calling
+process label and the caller is not in the global zone, then the file is not
+moved. If the caller is in the global zone, the existing file label must be in
+a labeled zone (not \fBADMIN_LOW\fR or \fBADMIN_HIGH\fR).
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+If the calling process does not have write access to both the source and
+destination directories, then the calling process must have
+\fBPRIV_FILE_DAC_WRITE\fR in its set of effective privileges.
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+If the sensitivity label of \fIlabel_p\fR provides read only access to the
+existing sensitivity label (an upgrade), then the user must have the
+\fBsolaris.label.file.upgrade\fR authorization. In addition, if the current
+zone is a labeled zone, then it must have been assigned the privilege
+\fBPRIV_FILE_UPGRADE_SL\fR when the zone was configured.
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+If the sensitivity label of \fIlabel_p\fR does not provide access to the
+existing sensitivity label (a downgrade), then the calling user must have the
+\fBsolaris.label.file.downgrade\fR authorization. In addition, if the current
+zone is a labeled zone, then it must have been assigned the privilege
+\fBPRIV_FILE_DOWNGRADE_SL\fR when the zone was configured.
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+If the calling process is not in the global zone, and the user does not have
+the \fBsolaris.label.range\fR authorization, then \fIlabel_p\fR must be within
+the user's label range and within the system accreditation range.
+.RE
+.RS +4
+.TP
+.ie t \(bu
+.el o
+If the existing file is in use (not tranquil) it is not moved. This tranquility
+check does not cover race conditions nor remote file access.
+.RE
+.sp
+.LP
+Additional policy constraints can be implemented by customizing the shell
+script \fB/etc/security/tsol/relabel\fR. See the comments in this file.
+.SH RETURN VALUES
+.sp
+.LP
+Upon successful completion, \fBsetflabel()\fR returns 0. Otherwise it returns
+-1 and sets \fIerrno\fR to indicate the error.
+.SH ERRORS
+.sp
+.LP
+The \fBsetflabel()\fR function fails and the file is unchanged if:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEACCES\fR\fR
+.ad
+.RS 16n
+.rt  
+Search permission is denied for a component of the path prefix of \fIpath\fR.
+.sp
+The calling process does not have mandatory write access to the final component
+of path because the sensitivity label of the final component of path does not
+dominate the sensitivity label of the calling  process and the calling process
+does not have \fBPRIV_FILE_MAC_WRITE\fR in its set of effective privileges.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEBUSY\fR\fR
+.ad
+.RS 16n
+.rt  
+There is an open file descriptor reference to the final component of
+\fIpath\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBECONNREFUSED\fR\fR
+.ad
+.RS 16n
+.rt  
+A connection to the label daemon could not be established.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEEXIST\fR\fR
+.ad
+.RS 16n
+.rt  
+A file with the same name exists in the destination directory.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEINVAL\fR\fR
+.ad
+.RS 16n
+.rt  
+Improper parameters were received by the label daemon.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEISDIR\fR\fR
+.ad
+.RS 16n
+.rt  
+The existing file is a directory.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBELOOP\fR\fR
+.ad
+.RS 16n
+.rt  
+Too many symbolic links were encountered in translating \fIpath\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEMLINK\fR\fR
+.ad
+.RS 16n
+.rt  
+The existing file is hardlinked to another file.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENAMETOOLONG\fR\fR
+.ad
+.RS 16n
+.rt  
+The length of the path argument exceeds \fIPATH_MAX\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOENT\fR\fR
+.ad
+.RS 16n
+.rt  
+The file referred to by \fIpath\fR does not exist.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEROFS\fR\fR
+.ad
+.RS 16n
+.rt  
+The file system is read-only or its label is \fBADMIN_LOW\fR or
+\fBADMIN_HIGH\fR.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.16i) |cw(3.34i) 
+lw(2.16i) |lw(3.34i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBlibtsol\fR(3LIB), \fBattributes\fR(5)
+.sp
+.LP
+\fISetting a File Sensitivity Label\fR in \fISolaris Trusted Extensions
+Developer\&'s Guide\fR
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/stobl.3tsol b/usr/src/man/man3tsol/stobl.3tsol
new file mode 100644
index 0000000000..77a01f3d92
--- /dev/null
+++ b/usr/src/man/man3tsol/stobl.3tsol
@@ -0,0 +1,259 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH stobl 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+stobl, stobsl, stobclear \- translate character-coded labels to binary labels
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBint\fR \fBstobsl\fR(\fBconst char *\fR\fIstring\fR, \fBm_label_t *\fR\fIlabel\fR, \fBconst int\fR \fIflags\fR,
+     \fBint *\fR\fIerror\fR);
+.fi
+
+.LP
+.nf
+\fBint\fR \fBstobclear\fR(\fBconst char *\fR\fIstring\fR, \fBm_label_t *\fR\fIclearance\fR,
+     \fBconst int\fR \fIflags\fR, \fBint *\fR\fIerror\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBstobsl()\fR and \fBstobclear()\fR functions translate character-coded
+labels into binary labels. They also modify an existing binary label by
+incrementing or decrementing it to produce a new binary label relative to its
+existing value.
+.sp
+.LP
+The calling process must have \fBPRIV_SYS_TRANS_LABEL\fR in its set of
+effective privileges to perform label translation on character-coded labels
+that dominate the process's sensitivity label.
+.sp
+.LP
+The generic form of an input character-coded label string is:
+.sp
+.in +2
+.nf
+[  +  ] \fIclassification name\fR ] [ [  + | \(mi ] \fIword\fR ...
+.fi
+.in -2
+.sp
+
+.sp
+.LP
+Leading and trailing white space is ignored. Fields are separated by white
+space, a `\fB/\fR' (slash), or a `\fB,\fR' (comma). Case is irrelevant. If
+\fIstring\fR starts with \fB+\fR or \fB\(mi\fR, \fIstring\fR is interpreted a
+modification to an existing label. If \fIstring\fR starts with a classification
+name followed by a \fB+\fR or \fB\(mi\fR, the new classification is used and
+the rest of the old label is retained and modified as specified by
+\fIstring\fR. \fB+\fR modifies an existing label by adding words. \fB\(mi\fR
+modifies an existing label by removing words. To the maximum extent possible,
+errors in \fIstring\fR are corrected in the resulting binary label \fIlabel\fR.
+.sp
+.LP
+The \fBstobsl()\fR and \fBstobclear()\fR functions also translate hexadecimal
+label representations into binary labels (see \fBhextob\fR(3TSOL)) when the
+string starts with \fB0x\fR and either \fBNEW_LABEL\fR or \fBNO_CORRECTION\fR
+is specified in \fIflags\fR.
+.sp
+.LP
+The \fIflags\fR argument can take the following values:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBNEW_LABEL\fR\fR
+.ad
+.RS 17n
+.rt  
+\fIlabel\fR contents is not used, is formatted as a label of the relevant type,
+and is assumed to be \fBADMIN_LOW\fR for modification changes. If
+\fBNEW_LABEL\fR is not present, \fIlabel\fR is validated as a defined label of
+the correct type dominated by the process's sensitivity label.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBNO_CORRECTION\fR\fR
+.ad
+.RS 17n
+.rt  
+No corrections are made if there are errors in the character-coded label
+\fIstring\fR. \fIstring\fR must be complete and contain all the label
+components that are required by the \fBlabel_encodings\fR file. The
+\fBNO_CORRECTION\fR flag implies the \fBNEW_LABEL\fR flag.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB0 (zero)\fR\fR
+.ad
+.RS 17n
+.rt  
+The default action is taken.
+.RE
+
+.sp
+.LP
+The \fIerror\fR argument is a return parameter that is set only if the function
+is unsuccessful.
+.sp
+.LP
+The \fBstobsl()\fR function translates the character-coded sensitivity label
+string into a binary sensitivity label and places the result in the return
+parameter \fIlabel\fR.
+.sp
+.LP
+The \fIflags\fR argument can be either \fBNEW_LABEL\fR, \fBNO_CORRECTION\fR, or
+0 (zero). Unless \fBNO_CORRECTION\fR is specified, this translation forces the
+label to dominate the minimum classification, and initial compartments set that
+is specified in the \fBlabel_encodings\fR file and corrects the label to
+include other label components required by the \fBlabel_encodings\fR file, but
+not present in \fIstring\fR.
+.sp
+.LP
+The \fBstobclear()\fR function translates the character-coded clearance string
+into a binary clearance and places the result in the return parameter
+\fIclearance\fR.
+.sp
+.LP
+The \fIflags\fR argument can be either \fBNEW_LABEL\fR, \fBNO_CORRECTION\fR, or
+\fB0\fR (zero). Unless \fBNO_CORRECTION\fR is specified, this translation
+forces the label to dominate the minimum classification, and initial
+compartments set that is specified in the \fBlabel_encodings\fR file and
+corrects the label to include other label components that are required by the
+\fBlabel_encodings\fR file, but not present in \fIstring\fR. The translation of
+a clearance might not be the same as the translation of a sensitivity label.
+These functions use different tables of the \fBlabel_encodings\fR file that
+might contain different words and constraints.
+.SH RETURN VALUES
+.sp
+.LP
+These functions return 1 if the translation was successful and a valid binary
+label was returned. Otherwise they return 0 and the value of the \fIerror\fR
+argument indicates the error.
+.SH ERRORS
+.sp
+.LP
+When these functions return zero, \fIerror\fR contains one of the following
+values:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB\(mi1\fR\fR
+.ad
+.RS 9n
+.rt  
+Unable to access the \fBlabel_encodings\fR file.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB0\fR\fR
+.ad
+.RS 9n
+.rt  
+The label \fIlabel\fR is not valid for this translation and the \fBNEW_LABEL\fR
+or \fBNO_CORRECTION\fR flag was not specified, or the label \fIlabel\fR is not
+dominated by the process's \fIsensitivity label\fR and the process does not
+have \fBPRIV_SYS_TRANS_LABEL\fR in its set of effective privileges.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB>0\fR\fR
+.ad
+.RS 9n
+.rt  
+The character-coded label \fIstring\fR is in error. \fIerror\fR is a one-based
+index into \fIstring\fR indicating where the translation error occurred.
+.RE
+
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/tsol/label_encodings\fR\fR
+.ad
+.sp .6
+.RS 4n
+The label encodings file contains the classification names, words, constraints,
+and values for the defined labels of this system.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityObsolete
+_
+MT-LevelMT-Safe
+.TE
+
+.sp
+.LP
+The \fBstobsl()\fR and \fBstobclear()\fR functions are obsolete. Use the
+\fBstr_to_label\fR(3TSOL) function instead.
+.SH SEE ALSO
+.sp
+.LP
+\fBblcompare\fR(3TSOL), \fBhextob\fR(3TSOL), \fBlibtsol\fR(3LIB),
+\fBstr_to_label\fR(3TSOL), \fBattributes\fR(5)
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
+.sp
+.LP
+In addition to the \fBADMIN_LOW\fR name and \fBADMIN_HIGH\fR name strings
+defined in the \fBlabel_encodings\fR file, the strings "\fBADMIN_LOW\fR" and
+"\fBADMIN_HIGH\fR" are always accepted as character-coded labels to be
+translated to the appropriate \fBADMIN_LOW\fR and \fBADMIN_HIGH\fR label,
+respectively.
+.sp
+.LP
+Modifying an existing \fBADMIN_LOW\fR label acts as the specification of a
+\fBNEW_LABEL\fR and forces the label to start at the minimum label that is
+specified in the \fBlabel_encodings\fR file.
+.sp
+.LP
+Modifying an existing \fBADMIN_HIGH\fR label is treated as an attempt to change
+a label that represents the highest defined classification and all the defined
+compartments that are specified in the \fBlabel_encodings\fR file.
+.sp
+.LP
+The \fBNO_CORRECTION\fR flag is used when the character-coded label must be
+complete and accurate so that translation to and from the binary form results
+in an equivalent character-coded label.
diff --git a/usr/src/man/man3tsol/str_to_label.3tsol b/usr/src/man/man3tsol/str_to_label.3tsol
new file mode 100644
index 0000000000..d4e2f3e845
--- /dev/null
+++ b/usr/src/man/man3tsol/str_to_label.3tsol
@@ -0,0 +1,194 @@
+'\" te
+.\" Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
+.\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with
+.\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH str_to_label 3TSOL "15 Jun 2009" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+str_to_label \- parse human readable strings to label
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsol\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <tsol/label.h>
+
+\fBint\fR \fBstr_to_label\fR(\fBconst char *\fR\fIstring\fR, \fBm_label_t **\fR\fIlabel\fR, 
+    \fBconst m_label_type_t\fR \fIlabel_type\fR, \fBuint_t\fR \fIflags\fR, \fBint *\fR\fIerror\fR);
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBstr_to_label()\fR function is a simple function to parse human readable
+strings into labels of the requested type.
+.sp
+.LP
+The \fIstring\fR argument is the string to parse. If \fIstring\fR is the result
+of a \fBlabel_to_str()\fR conversion of type \fBM_INTERNAL\fR, \fIflags\fR are
+ignored, and any previously parsed label is replaced.
+.sp
+.LP
+If *\fIlabel\fR is \fINULL\fR, \fBstr_to_label()\fR allocates resources for
+\fIlabel\fR and initializes the label to the \fIlabel_type\fR that was
+requested before parsing \fIstring\fR.
+.sp
+.LP
+If *\fIlabel\fR is not \fINULL\fR, the label is a pointer to a mandatory label
+that is the result of a previously parsed label and \fIlabel_type\fR is
+ignored. The type that is used for parsing is derived from \fIlabel\fR for any
+type-sensitive operations.
+.sp
+.LP
+If \fIflags\fR is \fBL_MODIFY_EXISTING\fR, the parsed string can be used to
+modify this label.
+.sp
+.LP
+If \fIflags\fR is \fBL_NO_CORRECTION\fR, the previously parsed label is
+replaced and the parsing algorithm does not attempt to infer missing elements
+from string to compose a valid label.
+.sp
+.LP
+If \fIflags\fR is \fBL_DEFAULT\fR, the previously parsed label is replaced and
+the parsing algorithm makes a best effort to imply a valid label from the
+elements of \fIstring\fR.
+.sp
+.LP
+If \fIflags\fR contains \fBL_CHECK_AR\fR logically OR-ed with another value,
+the resulting label will be checked to ensure that it is within the
+"Accreditation Range" of the DIA encodings schema. This flag is interpreted
+only for \fBMAC_LABEL\fR label types.
+.sp
+.LP
+The caller is responsible for freeing the allocated resources by calling the
+\fBm_label_free()\fR function. \fIlabel_type\fR defines the type for a newly
+allocated label. The label type can be:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBMAC_LABEL\fR\fR
+.ad
+.RS 14n
+.rt  
+The string should be translated as a Mandatory Access Control (MAC) label.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBUSER_CLEAR\fR\fR
+.ad
+.RS 14n
+.rt  
+The string should be translated as a label that represents the least upper
+bound of the labels that the user is allowed to access.
+.RE
+
+.sp
+.LP
+If \fIerror\fR is \fINULL\fR, do not return additional error information for
+\fBEINVAL\fR. The calling process must have mandatory read access to
+\fIlabel\fR and human readable \fIstring\fR. Or the calling process must have
+the \fBsys_trans_label\fR privilege.
+.sp
+.LP
+The manifest constants \fBADMIN_HIGH\fR and \fBADMIN_LOW\fR are the human
+readable strings that correspond to the Trusted Extensions policy
+\fBadmin_high\fR and \fBadmin_low\fR label values. See \fBlabels\fR(5).
+.SH RETURN VALUES
+.sp
+.LP
+Upon successful completion, the \fBstr_to_label()\fR function returns 0.
+Otherwise, \fB-1\fR is returned, \fIerrno\fR is set to indicate the error, and
+\fIerror\fR provides additional information for \fBEINVAL\fR. Otherwise,
+\fIerror\fR is a zero-based index to the string parse failure point.
+.SH ERRORS
+.sp
+.LP
+The \fBstr_to_label()\fR function will fail if:
+.sp
+.ne 2
+.mk
+.na
+\fB\fBEINVAL\fR\fR
+.ad
+.RS 11n
+.rt  
+Invalid parameter. \fBM_BAD_STRING\fR indicates that \fIstring\fR could not be
+parsed. \fBM_BAD_LABEL\fR indicates that the label passed in was in error.
+\fBM_OUTSIDE_AR\fR indicates that the resulting label is not within the
+"Accreditation Range" specified in the DIA encodings schema.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOTSUP\fR\fR
+.ad
+.RS 11n
+.rt  
+The system does not support label translations.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fBENOMEM\fR\fR
+.ad
+.RS 11n
+.rt  
+The physical limits of the system are exceeded by size bytes of memory which
+cannot be allocated.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i) 
+lw(2.75i) |lw(2.75i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+_
+MT-LevelMT-Safe
+_
+StandardSee below.
+.TE
+
+.sp
+.LP
+Parsing types that are relative to Defense Intelligence Agency (DIA) encodings
+schema are Standard. Standard is specified in \fBlabel_encodings\fR(4).
+.SH SEE ALSO
+.sp
+.LP
+\fBlabel_to_str\fR(3TSOL), \fBlibtsol\fR(3LIB), \fBm_label\fR(3TSOL),
+\fBlabel_encodings\fR(4), \fBattributes\fR(5), \fBlabels\fR(5)
+.sp
+.LP
+\fIValidating the Label Request Against the Printer\&'s Label Range\fR in
+\fISolaris Trusted Extensions Developer\&'s Guide\fR
+.SH WARNINGS
+.sp
+.LP
+A number of the parsing rules rely on the DIA label encodings schema. The rules
+might not be valid for other label schemata.
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.
diff --git a/usr/src/man/man3tsol/tsol_getrhtype.3tsol b/usr/src/man/man3tsol/tsol_getrhtype.3tsol
new file mode 100644
index 0000000000..9a540d88ff
--- /dev/null
+++ b/usr/src/man/man3tsol/tsol_getrhtype.3tsol
@@ -0,0 +1,83 @@
+'\" te
+.\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
+.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
+.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
+.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
+.TH tsol_getrhtype 3TSOL "20 Jul 2007" "SunOS 5.11" "Trusted Extensions Library Functions"
+.SH NAME
+tsol_getrhtype \- get trusted network host type
+.SH SYNOPSIS
+.LP
+.nf
+\fBcc\fR [\fIflag\fR...] \fIfile\fR... \fB-ltsnet\fR [\fIlibrary\fR...]
+.fi
+
+.LP
+.nf
+#include <libtsnet.h>
+
+\fBtsol_host_type_t\fR \fBtsol_getrhtype\fR(\fBchar *\fR\fIhostname\fR);
+.fi
+
+.LP
+.nf
+
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBtsol_getrhtype()\fR function queries the kernel-level network
+information to determine the host type that is associated with the specified
+\fIhostname\fR. The \fIhostname\fR can be a regular hostname, an IP address, or
+a network wildcard address.
+.SH RETURN VALUES
+.sp
+.LP
+The returned value will be one of the enumerated types that is defined in the
+\fBtsol_host_type_t\fR typedef. Currently these types are \fBUNLABELED\fR and
+\fBSUN_CIPSO\fR.
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB/etc/security/tsol/tnrhdb\fR\fR
+.ad
+.RS 29n
+.rt  
+Trusted network remote-host database
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.16i) |cw(3.34i) 
+lw(2.16i) |lw(3.34i) 
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+_
+MT-LevelMT-Safe
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBlibtsnet\fR(3LIB), \fBattributes\fR(5)
+.sp
+.LP
+\fIObtaining the Remote Host Type\fR in \fISolaris Trusted Extensions
+Developer\&'s Guide\fR
+.SH NOTES
+.sp
+.LP
+The functionality described on this manual page is available only if the system
+is configured with Trusted Extensions.