By default, normal users can perform cut and paste, copy and paste, and drag and drop operations on both files and selections as long as the source and destination have the same label and have the same user ID.
The /usr/dt/config/sel_config file is consulted to determine which actions will be taken when an operation would upgrade or downgrade a label. (The comments and keywords in the file use the terms sensitivity label and label interchangeably.)
The rules that apply when some operations are performed on file icons differ from the rules that apply when the same operations are performed on selections made in windows. Drag and drop of selections always requires equality of labels and ownership.
The sel_config file defines:
A list of selection types to which automatic replies are given
Whether certain types of operation should be automatically confirmed or
Whether a selection confirmer dialog should be displayed
The following figure shows the selection confirmer for drag and drop operations between File Managers. Other slightly-different selection confirmers display for cut and paste and copy and paste operations between File Managers and between windows at varying labels.
The Security Administrator role can change the defaults by using the Selection Configuration action. The new settings become effective the next time anyone logs in.
Users can copy and paste between file managers that they own and that are at the same label. The types of operations that may be performed on files with varying label and ownership relationships are summarized and shown with the authorizations needed, in the following table.
Table 2-1 Conditions for Moving Files Between File Managers
Transaction Description |
Label Relationship |
Owner Relationship |
Authorization(s) Required |
---|---|---|---|
Copy/Cut and paste, or drag and drop of files between File Managers |
Same label |
Same UID |
None required |
Downgrade |
Same UID |
Downgrade file label |
|
Upgrade |
Same UID |
Upgrade file label |
|
Downgrade |
Different UIDs |
Downgrade file label Act as file owner |
|
Upgrade |
Different UIDs |
Upgrade file label Act as file owner |
Users can copy and paste between windows that they own and that are at the same label.The types of operations that may be performed on selections between windows with varying label and ownership relationships are summarized and shown with the authorizations needed in the following table.
Table 2-2 Conditions for Moving Selections Between Windows
Transaction Description |
Label Relationship |
Owner Relationship |
Authorization(s) Required |
---|---|---|---|
Copy/Cut and paste of selections between windows |
Same label |
Same UID |
None required |
Downgrade |
Same UID |
Paste to a downgraded window |
|
Upgrade |
Same UID |
Paste to an upgraded window |
|
Downgrade |
Different UIDs |
Paste to a downgraded window Act as file owner |
|
Upgrade |
Different UIDs |
Paste to an upgraded window Act as file owner |
|
Drag and drop of selections between windows |
Same SL always required |
Same UID always required |
None applicable |
The rules in the sel_config file apply to cut and paste, copy and paste, and drag and drop of files between file managers. (See dtfile(1) and the Trusted Solaris User's Guide for more about the File Manager application.) The rules in the sel_config file also apply to cut and paste and copy and paste between windows. Drag and drop between windows is mediated by the /usr/dt/bin/sel_mgr application, not by sel_config.
The sel_config file has two sections described below:
Automatic confirmation
Automatic reply
The format of each line in the automatic confirmation section of the sel_config file is shown in the following table. label-relation refers to the relationship between the label of the source and the label of the destination, and the value n means to display the selection confirmer to the user.
Transfer Type |
Automatically confirm? |
---|---|
label-relation (upgrade|downgrade|equal|disjoint) |
y | n |
The autoreply field defines the type of reply for all the named types of selections that follow it. This section provides a way to reply automatically to several types of selections at once instead of having to respond to each individually. See the sel_config(4) man page for more information.