biltos(3)

NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | RETURN VALUES | PROCESS ATTRIBUTES | FILES | SEE ALSO | NOTES

NAME

bltos, bcltos, bsltos, biltos, bcleartos- Translate binary labels to character coded labels

SYNOPSIS

cc [flag...] file ... -ltsol [library...]


#include <tsol/label.h>

int bltos(const blevel_t * label , char ** string , const int str_len , const int flags);
int bcltos(const bclabel_t * label , char ** string , const int str_len , const int flags);
int bcltos(const bclabel_t * label , char ** string , const int str_len , const int flags);
int bsltos(const bslabel_t * label , char ** string , const int str_len , const int flags);
int bcleartos(const bclear_t * label , char ** string , const int str_len , const int flags);

DESCRIPTION

The calling process must have PRIV_SYS_TRANS_LABEL in its set of effective privileges to perform label translation on labels that dominate the current process' sensitivity label.

These routines translate binary labels into strings controlled by the value of the flags parameter.

The generic form of an output character-coded label is:

---

CLASSIFICATION WORD1 WORD2 WORD3/WORD4 SUFFIX PREFIX WORD5/WORD6

---

Capital letters are used to display all Classification names and Words. The ` ' (space) character separates classifications and words from other words in all character-coded labels except where multiple words that require the same Prefix or Suffix are present, in which case the multiple words are separated from each other by the ` / ' (slash) character.

string may point to either a pointer to pre-allocated memory, or the value (char *)0 . If it points to a pointer to pre-allocated memory, then str_len indicates the size of that memory. If it points to the value (char *)0 , memory is allocated using malloc() to contain the translated character-coded labels. The translated label is copied into allocated or pre-allocated memory.

flags is 0 (zero), or the logical sum of the following:

LONG_WORDS

Translate using long names of words defined in label .

SHORT_WORDS

Translate using short names of words defined in label . If no short name is defined in the label_encodings file for a word, the long name is used.

LONG_CLASSIFICATION

Translate using long name of classification defined in label .

SHORT_CLASSIFICATION

Translate using short name of classification defined in label .

ACCESS_RELATED

Translate only access-related entries defined in information label label .

VIEW_EXTERNAL

Translate ADMIN_LOW and ADMIN_HIGH labels to the lowest and highest labels defined in the label_encodings file.

VIEW_INTERNAL

Translate ADMIN_LOW and ADMIN_HIGH labels to the admin low name and admin high name strings specified in the label_encodings file. If no strings are specified, the strings " ADMIN_LOW " and " ADMIN_HIGH " are used.

NO_CLASSIFICATION

Do not translate classification defined in label .

bcltos() translates a binary CMW label into a string of the form:

---

INFORMATION LABEL [ SENSITIVITY LABEL ]

---

The applicable flags are LONG_WORDS or SHORT_WORDS , and VIEW_EXTERNAL or VIEW_INTERNAL . A flags value 0 is equivalent to ( LONG_WORDS ).

bsltos() translates a binary sensitivity label into a string. The applicable flags are LONG_CLASSIFICATION or SHORT_CLASSIFICATION , LONG_WORDS or SHORT_WORDS , VIEW_EXTERNAL or VIEW_INTERNAL , and NO_CLASSIFICATION . A flags value 0 is equivalent to ( SHORT_CLASSIFICATION | LONG_WORDS ).

biltos() translates a binary information label into a string. The applicable flags are LONG_CLASSIFICATION or SHORT_CLASSIFICATION , LONG_WORDS or SHORT_WORDS , ALL_ENTRIES or ACCESS_RELATED , VIEW_EXTERNAL or VIEW_INTERNAL , and NO_CLASSIFICATION . A flags value 0 is equivalent to ( LONG_CLASSIFICATION | LONG_WORDS | ALL_ENTRIES ).

bcleartos() translates a binary clearance into a string. The applicable flags are LONG_CLASSIFICATION or SHORT_CLASSIFICATION , LONG_WORDS or SHORT_WORDS , VIEW_EXTERNAL or VIEW_INTERNAL , and NO_CLASSIFICATION . A flags value 0 is equivalent to ( SHORT_CLASSIFICATION | LONG_WORDS ). The translation of a clearance may not be the same as the translation of a sensitivity label. These functions use different label_encodings file tables that may contain different words and constraints.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsu
MT-Level	MT-Safe

RETURN VALUES

These routines return:

-1

If the label is not of the valid defined required type, if the label is not dominated by the process sensitivity label and the process does not have PRIV_SYS_TRANS_LABEL in its set of effective privileges, or the label_encodings file is inaccessible.

0

If memory cannot be allocated for the return string, or the pre-allocated return string memory is insufficient to hold the string. The value of the pre-allocated string is set to the NULL string ( *string[0]='\\00'; ).

>0

If successful, the length of the character-coded label including the NULL terminator.

PROCESS ATTRIBUTES

If the VIEW_EXTERNAL or VIEW_INTERNAL flags are not specified, translation of ADMIN_LOW and ADMIN_HIGH labels is controlled by the label view process attribute flags. If no label view process attribute flags are defined, their translation is controlled by the label view configured in the label_encodings file. A value of External specifies that ADMIN_LOW and ADMIN_HIGH labels are mapped to the lowest and highest labels defined in the label_encodings file. A value of Internal specifies that the ADMIN_LOW and ADMIN_HIGH labels are translated to the admin low and admin high name strings specified in the label_encodings file. If no such names are specified, the strings " ADMIN_LOW " and " ADMIN_HIGH " are used.

FILES

/etc/security/tsol/label_encodings

The label encodings file contains the classification names, words, constraints, and values for the defined labels of this system.

SEE ALSO

Trusted Solaris 7 Reference Manual

bcltobanner(3) , blcompare(3) , blinset(3) , blmanifest(3) , blminmax(3) , blportion(3) , bltocolor(3) , bltype(3) , blvalid(3) , btohex(3) , hextob(3) , labelinfo(3) , labelvers(3) , sbltos(3) , stobl(3) , label_encodings(4)

Trusted Solaris Developer's Guide , Trusted Solaris administrator's document set

SunOS 5.7 Reference Manual

free(3C) , malloc(3C) , attributes(5)

NOTES

If memory is allocated by these routines, the caller must free the memory with free() when the memory is no longer in use.

Information labels ( IL s) are not supported in Trusted Solaris 7 and later releases. Trusted Solaris software interprets any IL s on communications and files from systems running earlier releases as ADMIN_LOW .

Objects still have CMW labels, and CMW labels still include the IL component: IL[SL] ; however, the IL component is fixed at ADMIN_LOW .

As a result, Trusted Solaris 7 has the following characteristics:

• IL s do not display in window labels; SL s (Sensitivity Labels) display alone within brackets.

• IL s do not float.

• Setting an IL on an object has no effect.

• Getting an object's IL will always return ADMIN_LOW .

• Although certain utilities, library functions, and system calls can manipulate IL strings, the resulting IL s are always ADMIN_LOW , and cannot be set on any objects.

NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | RETURN VALUES | PROCESS ATTRIBUTES | FILES | SEE ALSO | NOTES