The following code gets the CMW label (FSA_LABEL) of file and returns it in buffer.
#include <tsol/fsattr.h> #include <tsol/label.h> main() { char *file = "/export"; char buffer [3*1024], *string = (char *)0; int length, retval; length = sizeof(buffer); retval = getfsattr(file, FSA_LABEL, buffer, length); retval = bcltos((bclabel_t *)buffer, &string, 0, VIEW_INTERNAL); printf("/export CMW label = %s \n", buffer); }
The printf statement prints the following:
/export CMW label = [ADMIN_LOW]
Manifest constant values can be any one of the following:
FSA_ACLCNT - File system access Access Control List (ACL) count.
FSA_ACL - File system access ACL.
FSA_APRIV - File system allowed privilege set.
FSA_FPRIV - File system forced privilege set.
FSA_LABEL - File system CMW label.
FSA_AFLAGS - File system attribute flags as described in "Get and Set File System Security Attribute Flags".
FSA_LBLRNG - File system label range.
FSA_MLDPFX - File system MLD prefix string.
FSA_APSACNT - Number of classes in the process audit preselection mask.
FSA_APSA - Classes in the process audit preselection mask. The process needs the file_audit privilege in its effective set to get this information. See "Privileges and Authorizations" for more information.
The programming interfaces for accessing CMW labels, file system label ranges, file privileges, and multilevel directories are described briefly in "Trusted Solaris Security Mechanisms" and in more detail in their respective chapters in this guide.
ACLs - Because ACLs are part of the Solaris operating environment, they are not described in this guide.
Audit preselection attributes - Audit preselection attributes are specified for a file system from the command line by the system administrator with setfsattr(1M). File system audit preselection attributes specify auditing on file permission bits. A file system can be configured so its files and directories are audited when access (read, write, or execute) succeeds or fails.
Audit preselection attributes are specified for a process from the command line by the system administrator with auditconfig(1M). File system preselection attributes override the process preselection attributes. For example, a process that is audited for reads on files is not audited for reads on files that have file system preselection audit attributes that specify not to audit reads. See Trusted Solaris Audit Administration for more information.