NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | RETURN VALUES | ERRORS | FILES | SEE ALSO | NOTES
#include <tsol/label.h>int stobcl(const char * string , bclabel_t * label , const int flags , int * error);
The calling process must have
PRIV_SYS_TRANS_LABEL
in its set of effective privileges to perform label translation on character-coded labels that dominate the process's sensitivity label.
The stobl functions translate character-coded labels into binary labels. They also modify an existing binary label by incrementing or decrementing it to produce a new binary label relative to its existing value.
The generic form of an input character-coded label string is:
[ + ] [ classification name ] [ [ + | - ] word ... ]
Leading and trailing white space is ignored. Fields are separated by white space, a ` / ' (slash), or a ` , ' (comma). Case is irrelevant. If string starts with + or - , string is interpreted a modification to an existing label. If string starts with a classification name followed by a + or - , the new classification is used and the rest of the old label is retained and modified as specified by string . + modifies an existing label by adding words. - modifies an existing label by removing words. To the maximum extent possible, errors in string are corrected in the resulting binary label label .
The stobl functions also translate hexadecimal label representations into binary labels [see hextob() ] when the string starts with 0x and either NEW_LABEL or NO_CORRECTION is specified in flags .
flags may be the following:
label
contents is not used, is formatted as a label of the relevant type, and is assumed to be
ADMIN_LOW
for modification
changes. If
NEW_LABEL
is not present,
label
is validated as a defined label of the correct type dominated by the process's sensitivity label.
No corrections are made if there are errors in the character-coded label string . string must be complete and contain all the label components that are required by the label_encodings file. The NO_CORRECTION flag implies the NEW_LABEL flag.
The default action is taken.
error is a return parameter that is set only if the function is unsuccessful.
stobcl() translates the character-coded CMW label string into a binary CMW label and places the result in the return parameter label . string has the form:
[ information label ] [ [ information label ] ]
or
'*'
Information Labels ( IL s) are now obsolete. See NOTES below.
flags is the logical sum of NEW_LABEL or NO_CORRECTION and ONLY_INFORMATION_LABEL, or is 0 (zero). If both NEW_LABEL or NO_CORRECTION and ONLY_INFORMATION_LABEL are specified, the sensitivity label portion of label is set to the caller's present sensitivity label. The sensitivity label is translated first (unless ONLY_INFORMATION_LABEL is specified). Its presence is noted by the [ character in the string . This translation must result in a sensitivity label that is dominated by the process's sensitivity label or an error is reported at the sensitivity label. The translated sensitivity label, or the one present in the label parameter must dominate the information label that is translated or an error is reported at the information label. Unless NO_CORRECTION is specified, these translations force the labels to dominate the minimum classification, and initial compartments set (and markings set) specified in the label_encodings file and correct the label to include other label components that are required by the label_encodings file, but not present in string . The special case where string contains ` * ' (star) sets the sensitivity label portion of label to the information level of the information label portion of label .
stobsl() translates the character-coded sensitivity label string into a binary sensitivity label and places the result in the return parameter label . string has the form: [ [ ] sensitivity label [ ] ]
flags may be either NEW_LABEL , NO_CORRECTION , or 0 (zero). Unless NO_CORRECTION is specified, this translation forces the label to dominate the minimum classification, and initial compartments set specified in the label_encodings file and corrects the label to include other label components required by the label_encodings file, but not present in string .
stobil() translates the character-coded information label string into a binary information label and places the result in the return parameter label . string has the form: information label However, information labels (ILs) are now obsolete. See NOTES below.
flags may be either NEW_LABEL , NO_CORRECTION , or 0 (zero). Unless NO_CORRECTION is specified, this translation forces the label to dominate the minimum classification, and initial compartments and markings sets specified in the label_encodings file and corrects the label to include other label components required by the label_encodings file, but not present in string .
stobclear() translates the character-coded clearance string into a binary clearance and places the result in the return parameter clearance. string has the form: clearance
flags may be either NEW_LABEL , NO_CORRECTION , or 0 (zero). Unless NO_CORRECTION is specified, this translation forces the label to dominate the minimum classification, and initial compartments set specified in the label_encodings file and corrects the label to include other label components that are required by the label_encodings file, but not present in string . The translation of a clearance may not be the same as the translation of a sensitivity label. These functions use different tables of the label_encodings file that may contain different words and constraints.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWtsu |
MT-Level | MT-Safe |
These functions return:
If the translation was successful and a valid binary label was returned.
If an error occurred. error indicates the type of error.
If these functions returned zero, error contains one of these values:
Unable to access the label_encodings file.
The label
label
is not valid for this translation and the
NEW_LABEL
or
NO_CORRECTION
flag was not specified, or the label
label
is not dominated by
the process's
Sensitivity
Label
and the process does not have
PRIV_SYS_TRANS_LABEL
in its set of effective privileges.
The character-coded label string is in error. error is a one-based index into string indicating where the translation error occurred.
The label encodings file contains the classification names, words, constraints, and values for the defined labels of this system.
bcltobanner(3) , bilconjoin(3) , blcompare(3) , blinset(3) , blmanifest(3) , blminmax(3) , blportion(3) , bltocolor(3) , bltos(3) , bltype(3) , blvalid(3) , btohex(3) , hextob(3) , labelinfo(3) , labelvers(3) , sbltos(3) , label_encodings(4)
Trusted Solaris Developer's Guide , Trusted Solaris user's document set , and Trusted Solaris administrator's document set
In addition to the
ADMIN_LOW
name and
ADMIN_HIGH
name strings defined in the
label_encodings
file, the strings "
ADMIN_LOW
" and "
ADMIN_HIGH
" are always accepted as character-coded labels to be translated to the appropriate
ADMIN_LOW
and
ADMIN_HIGH
label, respectively.
Modifying an existing
ADMIN_LOW
label acts as the specification of a
NEW_LABEL
and forces the label to start at the minimum label specified in the
label_encodings
file.
Modifying an existing
ADMIN_HIGH
label is treated as an attempt to change a label that represents the highest defined classification and all the defined compartments (and, if applicable, markings) specified in the
label_encodings
file.
The NO_CORRECTION flag is used when the character-coded label must be complete and accurate so that translation to and from the binary form results in an equivalent character-coded label.
Information labels (
IL
s) are not supported in Trusted Solaris 7 and later releases. Trusted Solaris software interprets any
IL
s on communications and files from systems running earlier releases as
ADMIN_LOW
.
Objects still have
CMW
labels, and
CMW
labels still include the
IL
component:
IL[SL]
; however, the
IL
component is fixed at
ADMIN_LOW
.
As a result, Trusted Solaris 7 has the following characteristics:
IL s do not display in window labels; SL s (Sensitivity Labels) display alone within brackets.
IL s do not float.
Setting an IL on an object has no effect.
Getting an object's
IL
will always return
ADMIN_LOW
.
Although certain utilities, library functions, and system calls can manipulate
IL
strings, the resulting
IL
s are always
ADMIN_LOW
, and cannot be set on any objects.
Options related to information labels in the label_encodings(4) file can be ignored:
Markings Name= Marks; Float Process Information Label;
NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | RETURN VALUES | ERRORS | FILES | SEE ALSO | NOTES