This example creates an identifier for a shared memory region at Confidential and gets the CMW label on the same shared memory region. The program is running at Top Secret.
#include <sys/ipc.h> #include <sys/types.h> #include <tsol/label.h> #include <sys/shm.h> main() { int id, retval, error, pid; bclabel_t cmwlabel; bslabel_t senslabel; char *string = (char *)0; retval = stobsl("CONFIDENTIAL", &senslabel, NEW_LABEL, &error); /* Create shared memory region at Confidential */ /* Turn ipc_mac_write on in the effective set */ id = shmgetl(IPC_PRIVATE, 256, IPC_CREAT|0666, &senslabel); /* Turn off ipc_mac_write */ /* Get CMW label of shared memory region */ /* Turn ipc_mac_read on in the effective set */ retval = getshmcmwlabel(id, &cmwlabel); /* Turn off ipc_mac_read */ /* Print CMW label */ bcltos(&cmwlabel, &string, 0, LONG_WORDS); printf("CMW label = %s\n", string); }
The printf(1) statement prints the following:
CMW label = UNCLASSIFIED[C] |