Open a File
In this example, the process is running at Confidential with a clearance of Top Secret. The Confidential process needs the file_mac_search privilege in its effective set to access the SLD at Top Secret. Because the file is opened for writing and a write-up is allowed by the security policy, no other privileges are needed assuming the operation passes all discretionary access checks.
#include <tsol/label.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
main()
{
int filedes;
/* Open a file in the SLD at which the process is running */
filedes = open("/export/home/zelda/afile", O_WRONLY);
printf("File descriptor for regular path = %d\n", filedes);
/* Open a file in the Top Secret SLD */
/* Turn file_mac_search on in the effective set */
filedes = open("/export/home/.MLD.zelda/.SLD.3/afile", O_WRONLY);
/* Turn file_mac_search off */
printf("File descriptor for adorned path = %d\n", filedes);
}
The printf statements print the following.
File descriptor for regular path = 3 File descriptor for adorned path = 4 |
- © 2010, Oracle Corporation and/or its affiliates