Label Components

A label contains a hierarchical classification and a set of zero or more nonhierarchical compartments. A classification is also referred to as a level or a security level. A classification represents a single level within a hierarchy of labels, for example, TOP SECRET or UNCLASSIFIED. A compartment is associated with a classification and represents a distinct, nonhierarchical area of information in a system, such as private information for a human resources (HR) group or a sales group. A compartment limits access only to users who need to know the information in a particular area. For example, a user with a SECRET classification only has access to the secret information that is specified by the associated list of compartments, not to any other secret information. The classification and compartments together represent the label of the zone and the resources within that zone.

The textual format of a classification is specified in the label_encodings file and appears similar to this:

CLASSIFICATIONS:
name= CONFIDENTIAL; sname= C; value= 4; initial compartments= 4-5 190-239;
name= REGISTERED; sname= REG; value= 6; initial compartments= 4-5 190-239;

The textual format of a compartment is specified in the label_encodings file and appears similar to this:

WORDS:
name= HR; minclass= C; compartments= 0;

For more information about label definitions and label formats, see Solaris Trusted Extensions Label Administration and Compartmented Mode Workstation Labeling: Encodings Format. For information about the label APIs, see Chapter 2, Labels and Clearances.