JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Solaris Trusted Extensions Reference Manual
search filter icon
search icon

Document Information

Preface

Introduction

User Commands

System Administration Commands

System Calls

Trusted Extensions Library

bcleartoh(3TSOL)

bcleartoh_r(3TSOL)

bcleartos(3TSOL)

blcompare(3TSOL)

bldominates(3TSOL)

blequal(3TSOL)

blinrange(3TSOL)

blmaximum(3TSOL)

blminimum(3TSOL)

blminmax(3TSOL)

blstrictdom(3TSOL)

bltocolor(3TSOL)

bltocolor_r(3TSOL)

bltos(3TSOL)

bsltoh(3TSOL)

bsltoh_r(3TSOL)

bsltos(3TSOL)

btohex(3TSOL)

getdevicerange(3TSOL)

getpathbylabel(3TSOL)

getplabel(3TSOL)

getuserrange(3TSOL)

getzoneidbylabel(3TSOL)

getzonelabelbyid(3TSOL)

getzonelabelbyname(3TSOL)

getzonerootbyid(3TSOL)

getzonerootbylabel(3TSOL)

getzonerootbyname(3TSOL)

h_alloc(3TSOL)

hextob(3TSOL)

h_free(3TSOL)

htobclear(3TSOL)

htobsl(3TSOL)

labelbuilder(3TSOL)

labelclipping(3TSOL)

label_to_str(3TSOL)

m_label(3TSOL)

m_label_alloc(3TSOL)

m_label_dup(3TSOL)

m_label_free(3TSOL)

sbcleartos(3TSOL)

sbltos(3TSOL)

sbsltos(3TSOL)

setflabel(3TSOL)

stobclear(3TSOL)

stobl(3TSOL)

stobsl(3TSOL)

str_to_label(3TSOL)

tsol_getrhtype(3TSOL)

tsol_lbuild_create(3TSOL)

tsol_lbuild_destroy(3TSOL)

tsol_lbuild_get(3TSOL)

tsol_lbuild_set(3TSOL)

Xbcleartos(3TSOL)

Xbsltos(3TSOL)

X Library Extensions

File Formats

Standards, Environments, and Macros

Index

stobl

, stobsl

, stobclear

- translate character-coded labels to binary labels

Synopsis

cc [flag...] file... -ltsol [library...]
#include <tsol/label.h>

int stobsl(const char *string, m_label_t *label, const int flags, int *error);
int stobclear(const char *string, m_label_t *clearance, const int flags,
     int *error);

Interface Level

The stobsl() and stobclear() functions are obsolete. Use the str_to_label(3TSOL) function instead.

Description

The calling process must have PRIV_SYS_TRANS_LABEL in its set of effective privileges to perform label translation on character-coded labels that dominate the process's sensitivity label.

The stobl functions translate character-coded labels into binary labels. They also modify an existing binary label by incrementing or decrementing it to produce a new binary label relative to its existing value.

The generic form of an input character-coded label string is:

[  +  ] classification name ] [ [  + | - ] word ...

Leading and trailing white space is ignored. Fields are separated by white space, a `/' (slash), or a `,' (comma). Case is irrelevant. If string starts with + or -, string is interpreted a modification to an existing label. If string starts with a classification name followed by a + or -, the new classification is used and the rest of the old label is retained and modified as specified by string. + modifies an existing label by adding words. - modifies an existing label by removing words. To the maximum extent possible, errors in string are corrected in the resulting binary label label.

The stobl functions also translate hexadecimal label representations into binary labels (see hextob(3TSOL)) when the string starts with 0x and either NEW_LABEL or NO_CORRECTION is specified in flags.

flags can be the following:

NEW_LABEL

label contents is not used, is formatted as a label of the relevant type, and is assumed to be ADMIN_LOW for modification changes. If NEW_LABEL is not present, label is validated as a defined label of the correct type dominated by the process's sensitivity label.

NO_CORRECTION

No corrections are made if there are errors in the character-coded label string. string must be complete and contain all the label components that are required by the label_encodings file. The NO_CORRECTION flag implies the NEW_LABEL flag.

0 (zero)

The default action is taken.

error is a return parameter that is set only if the function is unsuccessful.

stobsl() translates the character-coded sensitivity label string into a binary sensitivity label and places the result in the return parameter label.

flags can be either NEW_LABEL, NO_CORRECTION, or 0 (zero). Unless NO_CORRECTION is specified, this translation forces the label to dominate the minimum classification, and initial compartments set that is specified in the label_encodings file and corrects the label to include other label components required by the label_encodings file, but not present in string.

stobclear() translates the character-coded clearance string into a binary clearance and places the result in the return parameter clearance.

flags can be either NEW_LABEL, NO_CORRECTION, or 0 (zero). Unless NO_CORRECTION is specified, this translation forces the label to dominate the minimum classification, and initial compartments set that is specified in the label_encodings file and corrects the label to include other label components that are required by the label_encodings file, but not present in string. The translation of a clearance might not be the same as the translation of a sensitivity label. These functions use different tables of the label_encodings file that might contain different words and constraints.

Return Values

These functions return:

1

If the translation was successful and a valid binary label was returned.

0

If an error occurred. error indicates the type of error.

Errors

When these functions return zero, error contains one of the following values:

-1

Unable to access the label_encodings file.

0

The label label is not valid for this translation and the NEW_LABEL or NO_CORRECTION flag was not specified, or the label label is not dominated by the process's sensitivity label and the process does not have PRIV_SYS_TRANS_LABEL in its set of effective privileges.

>0

The character-coded label string is in error. error is a one-based index into string indicating where the translation error occurred.

Files

/etc/security/tsol/label_encodings

The label encodings file contains the classification names, words, constraints, and values for the defined labels of this system.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
SUNWtsu
Stability Level
Obsolete
MT-Level
MT-Safe

See Also

blcompare(3TSOL), hextob(3TSOL), str_to_label(3TSOL), attributes(5)

Notes

These functions are obsolete and are retained for ease of porting. They might be removed in a future release of Solaris Trusted Extensions.

In addition to the ADMIN_LOW name and ADMIN_HIGH name strings defined in the label_encodings file, the strings “ADMIN_LOW” and “ADMIN_HIGH” are always accepted as character-coded labels to be translated to the appropriate ADMIN_LOW and ADMIN_HIGH label, respectively.

Modifying an existing ADMIN_LOW label acts as the specification of a NEW_LABEL and forces the label to start at the minimum label that is specified in the label_encodings file.

Modifying an existing ADMIN_HIGH label is treated as an attempt to change a label that represents the highest defined classification and all the defined compartments that are specified in the label_encodings file.

The NO_CORRECTION flag is used when the character-coded label must be complete and accurate so that translation to and from the binary form results in an equivalent character-coded label.