Keywords for Classifications (Solaris Trusted Extensions Label Administration)

Solaris Trusted Extensions Label Administration

Keywords for Classifications

The following list describes the keywords that can be defined for classifications. For examples of initial compartment definitions, see Default and Inverse Words.

name=

Cannot contain (/) or (,) or (;). All other alphanumeric characters and white space are allowed. Users can enter either the name or the sname or the aname when specifying labels.

sname=

Required in classifications only. The short name appears in sensitivity labels in brackets.

aname=

Optional. Name that can be entered by users when a classification is needed.

value=

The values that you assign should represent the actual hierarchy among the classifications. The values should leave room for later expansion. 0 is reserved for ADMIN_LOW. Values can start at 1 and go to 255.

initial compartments=

Optional. Specify bit numbers for any default compartment words. Default compartment words are words that should initially appear in any label that has the associated classification.

Advanced: Specify bit numbers for any inverse words. The minimum classification should not have initial compartments.

initial markings=

Obsolete. Do not define.

The following example shows the top of the label_encodings.multi file.

Example 3–1 Classifications With Initial Compartments in `label_encodings.multi`

VERSION= Trusted Solaris Multi-Label Sample Version - 5.6 05/07/27

*
*    WARNING:  If CIPSO Tag Type 1 network labels are to be used:
*
*        a) All CLASSIFICATIONS values must be less than or equal to 255.
*        b) All COMPARTMENTS bits must be less than or equal to 239.
*

CLASSIFICATIONS:

*
name= UNCLASSIFIED;  sname= U;  value= 1;
name= CONFIDENTIAL;  sname= C;  value= 4; initial compartments= 4-5 190-239;
name= SECRET;        sname= S;  value= 5; initial compartments= 4-5 190-239;
name= TOP SECRET;    sname= TS; value= 6; initial compartments= 4-5 190-239;

Each classification has the mandatory name, sname, and value fields. The CONFIDENTIAL, SECRET, and TOP SECRET classifications have initial compartments. The lowest classification, UNCLASSIFIED, has no initial compartments.

The initial compartment bit assignments of 4-5 and 190-239 signify that bits 4, 5, and 190 through 239 are turned on. These bits are set to 1 in a label with this classification.

Some of the initial compartments are later used to define default and inverse words. Some initial compartments are reserved for possible later definitions of inverse words.

The following example shows a set of classifications that have no initial compartments.

Example 3–2 Classifications With No Initial Compartments in `label_encodings.example`

CLASSIFICATIONS:

name= PUBLIC; sname= PUBLIC; value= 1;
name= INTERNAL_USE_ONLY; sname= INTERNAL; aname= INTERNAL; value= 4;
name= NEED_TO_KNOW; sname= NEED_TO_KNOW; aname= NEED_TO_KNOW; value= 5;
name= REGISTERED; sname= REGISTERED; aname= REGISTERED; value= 6;