Find Relationships Between Two Levels
A level is a classification and set of compartments for a sensitivity label, information label, or clearance; and is represented by the blevel_t data type. Two levels can be equal, one can dominate the other, or one can strictly dominate the other.
-
Equal - One level is equal to another when its classification is arithmetically equal to the other's classification (by means of its place in the classifications hierarchy), and its compartments contain all the other's compartments and no additional compartments.
-
Dominates - One level dominates another when its classification is arithmetically greater than or equal to the other's (by means of its place in the classifications hierarchy), and its compartments contain all the other's compartments.
-
Strictly dominates - Level one is said to strictly dominate level two when level one dominates level two, but is not equal to level two.
This example checks the process clearance against the sensitivity label portion of a file CMW label to find their relationship (equal, dominate, or strictly dominate). The process clearance is TOP SECRET A B, the sensitivity label portion of the file CMW label is Confidential.
#include <tsol/label.h>
main()
{
int retval;
bclear_t pclear;
bclabel_t cmwlabel;
bslabel_t senslabel;
retval = getclearance(&pclear);
retval = getcmwlabel("/export/home/zelda/afile", &cmwlabel);
getcsl(&senslabel, &cmwlabel);
retval = blequal(&pclear, &senslabel);
printf("Clearance equals sensitivity label? %d\n", retval);
retval = bldominates(&pclear, &senslabel);
printf("Clearance dominates sensitivity label? %d\n", retval);
retval = blstrictdom(&pclear, &senslabel);
printf("Clearance strictly dominates sensitivity label? %d\n", retval);
}
The printf(1) statements print the following. Non-zero is True and 0 is False:
Clearance equals sensitivity label? 0 Clearance dominates sensitivity label? 1 Clearance strictly dominates sensitivity label? 1 |
- © 2010, Oracle Corporation and/or its affiliates