test

Solaris Trusted Extensions Label Administration

Differences Between GFI Label Encodings Files

There are two government-furnished files, label_encodings.single and label_encodings.multi. The label_encodings.single file is single-level, and the label_encodings.multi is a multilevel version of the single-level file. The files also differ in the settings in the ACCREDITATION RANGE section. The ACCREDITATION RANGE section describes which classifications and compartments are available to ordinary users.

GFI Multilevel Label Encodings File

The ACCREDITATION RANGE settings in the label_encodings.multi file are shown in the following excerpt:


ACCREDITATION RANGE: 
classification= u;   all compartment combinations valid;
classification= c;   all compartment combinations valid;
classification= s;   all compartment combinations valid;
classification= ts;   all compartment combinations valid;

minimum clearance= c;
minimum sensitivity label= u;
minimum protect as classification= u;

The ACCREDITATION RANGE definitions enable the site to use all the classifications and compartment words that are defined in the label_encodings.multi file:

GFI Single Level Label Encodings File

The ACCREDITATION RANGE settings in the label_encodings.single file are shown in the following excerpt:


ACCREDITATION RANGE:  classification= s;
only valid compartment combinations:  s a b rel cntry1
minimum clearance= s Able Baker NATIONALITY: CNTRY1;
minimum sensitivity label= s A B REL CNTRY1;
minimum protect as classification= s;

The ACCREDITATION RANGE definition restricts the user to the following label: