JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Trusted Extensions Label Administration     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

1.  Labels in Trusted Extensions Software (Overview)

2.  Planning Labels in Trusted Extensions(Tasks)

3.  Creating a Label Encodings File (Tasks)

4.  Labeling Printer Output (Tasks)

5.  Customizing the LOCAL DEFINITIONS Section (Tasks)

6.  Planning an Organization's Encodings File (Example)

A.  Encodings File for SecCompany (Example)

SecCompany's label_encodings File

SecCompany's Verification of the label_encodings File

Index

SecCompany's Verification of the label_encodings File

After the chk_encodings -a command several times, the security administrator corrected the syntax of the label_encodings file. The following corrections provide a sample:

Label encodings conversion error:

In PRINTER BANNERS WORDS, word "ALL_DEPARTMENTS": SUFFIX "(NON-DISCLOSURE AGREEMENT REQUIRED)" not found.

Description: The final parenthesis after REQUIRED in the ALL_DEPARTMENTS entry was missing. The security administrator typed the parenthesis.

Label encodings conversion error at line 168:

In ACCREDITATION RANGE, classification "INTERNAL_USE_ONLY": SENSITIVITY LABEL "INTERNAL_USE_ONLY" not in canonical form. Is IUO what was intended?

Description: The security administrator replaced INTERNAL_USE_ONLY with IUO at line 168.

Label encodings conversion error at line 172:

In ACCREDITATION RANGE, classification "NEED_TO_KNOW": No sensitivity labels allowed after ALL COMPARTMENT COMBINATIONS VALID.

Description: The security administrator removed NEED_TO_KNOW at line 172.

"DEFAULT USER SENSITIVITY LABEL= PUBLIC" is not in canonical form. Is PUB what is intended?

Description: The security administrator replaced PUBLIC with PUB.

Label encodings conversion error at line 206: Invalid color label "NEED_TO_KNOW EMG".

Description: The security administrator replaced EMG with EMGT.

The following is an excerpt from the successful execution of the chk_encodings -a command.

No errors found in label_encodings.seccompany.


---> VERSION = SECCOMPANY, INC. EXAMPLE VERSION - 2.2 10/10/20 <---

---> CLASSIFICATIONS <---

Classification 1: PUBLIC (PUB)
    Initial Compartment bits: NONE
    Initial Markings bits: NONE
Classification 4: INTERNAL_USE_ONLY (IUO) / IUO
    Initial Compartment bits: NONE
    Initial Markings bits: NONE
Classification 5: NEED_TO_KNOW (NTK) / NTK
    Initial Compartment bits: NONE
    Initial Markings bits: NONE
Classification 6: REGISTERED (REG) / REG
    Initial Compartment bits: NONE
    Initial Markings bits: NONE

---> COMPARTMENTS AND MARKINGS USAGE ANALYSIS <---

Normal compartment bits defined: 11-20
Regular inverse compartment bits defined: NONE
Compartment bits reserved as 1 but not defined: NONE

Normal marking bits defined: NONE
Regular inverse marking bits defined: NONE
Marking bits reserved as 1 but not defined: NONE

---> INFORMATION LABEL WORDS <---
...

---> SENSITIVITY LABEL WORDS <---

Word: ALL_DEPARTMENTS (ALL)
   Valid classification range: NTK -> REG
   Type: Normal
   Words hierarchically above: NONE
   Words hierarchically below:
      EXECUTIVE_MANAGEMENT_GROUP (EMGT)
      SALES (SALES)
      FINANCE (FIN)
      LEGAL (LEGAL)
      MARKETING (MKTG)
      HUMAN_RESOURCES (HR)
      ENGINEERING (ENG)
      MANUFACTURING (MFG)
      SYSTEM_ADMINISTRATION (SYSADM)
      PROJECT_TEAM (P_TEAM)

Word: EXECUTIVE_MANAGEMENT_GROUP (EMGT)
   Valid classification range: NTK -> REG
   Type: Normal
   Words hierarchically above:
      ALL_DEPARTMENTS (ALL)
   Words hierarchically below: NONE

Word: SALES (SALES)
   Valid classification range: NTK -> REG
   Type: Normal
   Words hierarchically above:
      ALL_DEPARTMENTS (ALL)
   Words hierarchically below: NONE

...
Word: MARKETING (MKTG)
   Valid classification range: NTK -> REG
   Type: Normal
   Words hierarchically above:
      ALL_DEPARTMENTS (ALL)
   Words hierarchically below:
      PROJECT_TEAM (P_TEAM)

...
Word: PROJECT_TEAM (P_TEAM)
   Valid classification range: NTK -> REG
   Type: Normal
   Words hierarchically above:
      ALL_DEPARTMENTS (ALL)
      MARKETING (MKTG)
      ENGINEERING (ENG)
   Words hierarchically below: NONE

---> CLEARANCE WORDS <---

Word: ALL_DEPARTMENTS (ALL)
   Valid classification range: NTK -> REG
   Type: Normal
   Words hierarchically above: NONE
   Words hierarchically below:
      EXECUTIVE_MANAGEMENT_GROUP (EMGT)
      SALES (SALES)
      FINANCE (FIN)
      LEGAL (LEGAL)
      MARKETING (MKTG)
      HUMAN_RESOURCES (HR)
      ENGINEERING (ENG)
      MANUFACTURING (MFG)
      SYSTEM_ADMINISTRATION (SYSADM)
      PROJECT_TEAM (P_TEAM)

Word: EXECUTIVE_MANAGEMENT_GROUP (EMGT)
   Valid classification range: NTK -> REG
   Type: Normal
   Words hierarchically above:
      ALL_DEPARTMENTS (ALL)
   Words hierarchically below: NONE

...
Word: MARKETING (MKTG)
   Valid classification range: NTK -> REG
   Type: Normal
   Words hierarchically above:
      ALL_DEPARTMENTS (ALL)
   Words hierarchically below:
      PROJECT_TEAM (P_TEAM)
...

Word: PROJECT_TEAM (P_TEAM)
   Valid classification range: NTK -> REG
   Type: Normal
   Words hierarchically above:
      ALL_DEPARTMENTS (ALL)
      MARKETING (MKTG)
      ENGINEERING (ENG)
   Words hierarchically below: NONE

---> CHANNEL WORDS <---

Prefix Word: DISTRIBUTE_ONLY_TO

Suffix Word: EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)

Word: DISTRIBUTE_ONLY_TO ALL_DEPARTMENTS EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
   Valid classification range: PUB -> REG
   Type: Normal
   Words hierarchically above: NONE
   Words hierarchically below:
      DISTRIBUTE_ONLY_TO EXECUTIVE_MANAGEMENT_GROUP EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
      DISTRIBUTE_ONLY_TO SALES EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
      DISTRIBUTE_ONLY_TO FINANCE EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
      DISTRIBUTE_ONLY_TO LEGAL EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
      DISTRIBUTE_ONLY_TO MARKETING EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
      DISTRIBUTE_ONLY_TO HUMAN_RESOURCES EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
      DISTRIBUTE_ONLY_TO ENGINEERING EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
      DISTRIBUTE_ONLY_TO MANUFACTURING EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
      DISTRIBUTE_ONLY_TO SYSTEM_ADMINISTRATION EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
      DISTRIBUTE_ONLY_TO PROJECT_TEAM EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)

Word: DISTRIBUTE_ONLY_TO EXECUTIVE_MANAGEMENT_GROUP EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
   Valid classification range: PUB -> REG
   Type: Normal
   Words hierarchically above:
      DISTRIBUTE_ONLY_TO ALL_DEPARTMENTS EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
   Words hierarchically below: NONE

...
Word: DISTRIBUTE_ONLY_TO PROJECT_TEAM EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
   Valid classification range: PUB -> REG
   Type: Normal
   Words hierarchically above:
      DISTRIBUTE_ONLY_TO ALL_DEPARTMENTS EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
      DISTRIBUTE_ONLY_TO MARKETING EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
      DISTRIBUTE_ONLY_TO ENGINEERING EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED)
   Words hierarchically below: NONE

---> PRINTER BANNER WORDS <---

Prefix Word: SECCOMPANY CONFIDENTIAL:

Suffix Word: (NON-DISCLOSURE AGREEMENT REQUIRED)

Word: SECCOMPANY CONFIDENTIAL: ALL_DEPARTMENTS (NON-DISCLOSURE AGREEMENT REQUIRED)
   Valid classification range: PUB -> REG
   Type: Normal
   Words hierarchically above: NONE
   Words hierarchically below:
      SECCOMPANY CONFIDENTIAL: EXECUTIVE_MANAGEMENT_GROUP (NON-DISCLOSURE AGREEMENT REQUIRED)
      SECCOMPANY CONFIDENTIAL: SALES (NON-DISCLOSURE AGREEMENT REQUIRED)
      SECCOMPANY CONFIDENTIAL: FINANCE (NON-DISCLOSURE AGREEMENT REQUIRED)
      SECCOMPANY CONFIDENTIAL: LEGAL (NON-DISCLOSURE AGREEMENT REQUIRED)
      SECCOMPANY CONFIDENTIAL: MARKETING (NON-DISCLOSURE AGREEMENT REQUIRED)
      SECCOMPANY CONFIDENTIAL: HUMAN_RESOURCES (NON-DISCLOSURE AGREEMENT REQUIRED)
      SECCOMPANY CONFIDENTIAL: ENGINEERING (NON-DISCLOSURE AGREEMENT REQUIRED)
      SECCOMPANY CONFIDENTIAL: MANUFACTURING (NON-DISCLOSURE AGREEMENT REQUIRED)
      SECCOMPANY CONFIDENTIAL: SYSTEM_ADMINISTRATION (NON-DISCLOSURE AGREEMENT REQUIRED)
      SECCOMPANY CONFIDENTIAL: PROJECT_TEAM (NON-DISCLOSURE AGREEMENT REQUIRED)

Word: SECCOMPANY CONFIDENTIAL: EXECUTIVE_MANAGEMENT_GROUP (NON-DISCLOSURE AGREEMENT REQUIRED)
   Valid classification range: PUB -> REG
   Type: Normal
   Words hierarchically above:
      SECCOMPANY CONFIDENTIAL: ALL_DEPARTMENTS (NON-DISCLOSURE AGREEMENT REQUIRED)
   Words hierarchically below: NONE
...
Word: SECCOMPANY CONFIDENTIAL: PROJECT_TEAM (NON-DISCLOSURE AGREEMENT REQUIRED)
   Valid classification range: PUB -> REG
   Type: Normal
   Words hierarchically above:
      SECCOMPANY CONFIDENTIAL: ALL_DEPARTMENTS (NON-DISCLOSURE AGREEMENT REQUIRED)
      SECCOMPANY CONFIDENTIAL: LEGAL (NON-DISCLOSURE AGREEMENT REQUIRED)
      SECCOMPANY CONFIDENTIAL: ENGINEERING (NON-DISCLOSURE AGREEMENT REQUIRED)
   Words hierarchically below: NONE

---> LOCAL DEFINITIONS <---

Classification Field Name is "CLASSIFICATION"
Compartments Field Name is "DEPARTMENTS"

Default User Clearance = "PUB"

Default User Sensitivity Label = "PUB"

---> SENSITIVITY LABEL to COLOR MAPPING <---

    ADMIN_LOW = "#BDBDBD"
    PUB = "GREEN"
    IUO = "YELLOW"
    NTK = "BLUE"
    NTK EMGT = "#7FA9EB"
    NTK SALES = "#87CEFF"
    NTK FIN = "#00BFFF"
    NTK LEGAL = "#7885D0"
    NTK MKTG = "#7A67CD"
    NTK HR = "#7F7FFF"
    NTK ENG = "#007FFF"
       NTK MFG = "#0000BF"
    NTK P_TEAM = "#9E7FFF"
    NTK SYSADM = "#5B85D0"
    NTK ALL = "#4D658D"
    REG = "RED"
    ADMIN_HIGH = "#636363"