Administrative and User Applications

Administrative applications run at the administrative sensitivity labels of ADMIN_HIGH or ADMIN_LOW. At ADMIN_HIGH, the application can read down to any object to which it has discretionary access, and at ADMIN_LOW, the application can write up to any object to which it has discretionary access. An administrator will generally launch an application at ADMIN_HIGH to perform read-down operations, and launch the same application at ADMIN_LOW to perform write-up operations. In these cases, no privileges are needed as long as the application has discretionary access.

See "Initialize Binary Labels and Check Types" in Chapter 5, Label Code Examples for definitions of and information on initializing labels to ADMIN_HIGH and ADMIN_LOW.

Users generally launch an application at a given sensitivity label and access objects at that same sensitivity label. If the user keeps data at another sensitivity label, he or she will usually change the workspace sensitivity label and launch the application at the new sensitivity label. In this case, no privileges are needed as long as the application also has discretionary access.

If a user application is designed to access objects at sensitivity labels different from the sensitivity label at which the application is running, the application might need privilege to complete its tasks if mandatory access is denied.

See "Label Guidelines" in Chapter 4, Labels for guidance on the use of privileges to bypass mandatory access controls or to change a process or object sensitivity label.