test

Trusted Solaris Developer's Guide

Security Attributes on Messages

This example sets up new sensitivity label and clearance attribute values to send with msg. This is done by doing the following:

Because the process sending msg is at Confidential, it needs the net_setclr and net_upgrade_sl privileges in its effective set to change the clearance and sensitivity label. The new sensitivity label and clearance override the sensitivity label and clearance msg received from its sending process. The code comments indicate where privilege bracketing as described in Chapter 3, Privileges should take place. 

#include <tsix/t6attrs.h>
#include <label.h>
main()
{
	int retval, sock, error;
	t6attr_t sendattrs;
	t6mask_t sendmask;
	char *msg = "Hello World!";
	bslabel_t senslabel;
	bclear_t clearance;
	struct sockaddr_in sin;

/* Initialize a mask with the sensitivity label and */
/* process clearance security attribute fields */
	sendmask = T6M_SL | T6M_CLEARANCE;
/* Allocate space for two security attribute structures */
/* using the masks so only the space needed is allocated */
	sendattrs = t6alloc_blk(sendmask);
/* Initialize senslabel and clearance to Top Secret */
	stobsl("TOP SECRET", &senslabel;, NEW_LABEL, &error;);
	stobclear("TOP SECRET", &clearance;, NEW_LABEL, &error;);
/* Set attribute values for the security attribute fields */
/* to be sent with the message */
	retval = t6set_attr(T6_SL, &senslabel;, sendattrs);
	printf("Retval1 = %d\n", retval);
	retval = t6set_attr(T6_CLEARANCE, &clearance;, sendattrs);
	printf("Retval2 = %d\n", retval);
/* Set up socket communications */
/* ... */
/* Send changed security attributes with the message */
/* Turn net_setclr and net_upgrade_sl on in the effective set */
	retval = t6sendto(sock, msg, sizeof(msg), 0, (struct sockaddr *) &sin;,
		sizeof(sin), &sendattrs;);
/* Turn off the net_setclr and net_upgrade_sl privileges */
	printf("Retval3 = %d\n bytes", retval);
}

The printf statements print the following:


Retval1 = 0
Retval2 = 0
Retval3 = 4 bytes