Appendix A Example: Label Encodings File
This appendix contains a sample label_encodings file developed along with Chapter 5, Example: Planning an Organization's Labels.
Classifications
The example file has the following four classifications:
-
PUBLIC
-
INTERNAL_USE_ONLY
-
NEED_TO_KNOW
-
REGISTERED
Compartments
The sample file defines compartments to appear only in labels that have the NEED_TO_KNOW classification. The sample file also specifies that the default word Comps is changed to the word Departments in label-builder GUIs.
NEED_TO_KNOW compartments are:
-
ALL_DEPARTMENTS
-
EXECUTIVE_MGMNT_GROUP
-
SALES
-
FINANCE
-
LEGAL
-
MARKETING
-
HUMAN_RESOURCES
-
ENGINEERING
-
MANUFACTURING
-
SYSTEM_ADMINISTRATION
-
PROJECT_TEAM
-
The ALL_DEPARTMENTS compartment word gets turned on when all defined compartment bits are on and works as a toggle in a label builder.
PROJECT_TEAM is hierarchically below both ENGINEERING and MARKETING. The hierarchy allows someone working at NEED_TO_KNOW ENGINEERING or at NEED_TO_KNOW MARKETING to read files with the NEED_TO_KNOW PROJECT_TEAM label but not to write to files that have that label.
Internet and Intranet Labels
In this model, PUBLIC is the sensitivity label for communications with the Internet, and INTERNAL_USE_ONLY is the sensitivity label for communications within the company.
-
PUBLIC = INTERNET
-
INTERNAL_USE_ONLY = INTRANET (Company's WAN)
Example A-1 label_encodings.simple
* @(#)label_encodings.simple 5.9 99/11/01 SMI; TSOL 2.x
*
*
* Copyright (c) 1997 by Sun Microsystems, Inc.
* All rights reserved.
*
*
* This version of the label_encodings file encodes the Sun
* proprietary/confidential labels that are required by Sun's
* legal and information protection departments. The prefix
* SUN PROPRIETARY/CONFIDENTIAL is omitted from the labels for
* brevity. This encodings includes some example department
* names that can be used for controlling access to information
* across department boundaries. Commercial sites with different
* requirements can copy this file and change the definitions to suit.
* This example shows how to specify labels that meet an actual
* site's (Sun's) legal information protection requirements for
* labeling email and printer output. These labels may also
* be used to enforce mandatory access control checks based on user
* clearance labels and labels and sensitivity labels on files
* and directories.
VERSION= Sun Microsystems, Inc. Example Version - 5.9 99/11/01
CLASSIFICATIONS:
name= PUBLIC; sname= PUBLIC; value= 1;
name= INTERNAL_USE_ONLY; sname= INTERNAL; aname= INTERNAL; value= 4;
name= NEED_TO_KNOW; sname= NEED_TO_KNOW; aname= NEED_TO_KNOW; value= 5;
name= REGISTERED; sname= REGISTERED; aname= REGISTERED; value= 6;
INFORMATION LABELS:
WORDS:
name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19;
minclass= NEED_TO_KNOW;
name= MANUFACTURING; sname= MANUFACTURING; compartments= 18;
minclass= NEED_TO_KNOW;
name= ENGINEERING; sname= ENG; compartments= 17 20;
minclass= NEED_TO_KNOW;
name= HUMAN_RESOURCES; sname= HR; compartments= 16;
minclass= NEED_TO_KNOW;
name= MARKETING; sname= MRKTG; compartments= 15 20;
minclass= NEED_TO_KNOW;
name= LEGAL; sname= LEGAL; compartments= 14;
minclass= NEED_TO_KNOW;
name= FINANCE; sname= FINANCE; compartments= 13;
minclass= NEED_TO_KNOW;
name= SALES; sname= SALES; compartments= 12;
minclass= NEED_TO_KNOW;
name= EXECUTIVE_MGMNT_GROUP; sname= EMG; compartments= 11;
minclass= NEED_TO_KNOW;
name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20;
minclass= NEED_TO_KNOW;
name= PROJECT_TEAM; sname= P_TEAM; compartments= 20;
minclass= NEED_TO_KNOW;
REQUIRED COMBINATIONS:
COMBINATION CONSTRAINTS:
SENSITIVITY LABELS:
WORDS:
name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20;
minclass= NEED_TO_KNOW;
name= EXECUTIVE_MGMNT_GROUP; sname= EMG; compartments= 11;
minclass= NEED_TO_KNOW;
name= SALES; sname= SALES; compartments= 12;
minclass= NEED_TO_KNOW;
name= FINANCE; sname= FINANCE; compartments= 13;
minclass= NEED_TO_KNOW;
name= LEGAL; sname= LEGAL; compartments= 14;
minclass= NEED_TO_KNOW;
name= MARKETING; sname= MRKTG; compartments= 15 20;
minclass= NEED_TO_KNOW;
name= HUMAN_RESOURCES; sname= HR; compartments= 16;
minclass= NEED_TO_KNOW;
name= ENGINEERING; sname= ENG; compartments= 17 20;
minclass= NEED_TO_KNOW;
name= MANUFACTURING; sname= MANUFACTURING; compartments= 18;
minclass= NEED_TO_KNOW;
name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19;
minclass= NEED_TO_KNOW;
name= PROJECT_TEAM; sname= P_TEAM; compartments= 20;
minclass= NEED_TO_KNOW;
REQUIRED COMBINATIONS:
COMBINATION CONSTRAINTS:
CLEARANCES:
WORDS:
name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20;
minclass= NEED_TO_KNOW;
name= EXECUTIVE_MANAGEMENT_GROUP; sname= EMG; compartments= 11;
minclass= NEED_TO_KNOW;
name= SALES; sname= SALES; compartments= 12;
minclass= NEED_TO_KNOW;
name= FINANCE; sname= FINANCE; compartments= 13;
minclass= NEED_TO_KNOW;
name= LEGAL; sname= LEGAL; compartments= 14;
minclass= NEED_TO_KNOW;
name= MARKETING; sname= MRKTG; compartments= 15 20;
minclass= NEED_TO_KNOW;
name= HUMAN_RESOURCES; sname= HR; compartments= 16;
minclass= NEED_TO_KNOW;
name= ENGINEERING; sname= ENG; compartments= 17 20;
minclass= NEED_TO_KNOW;
name= MANUFACTURING; sname= MANUFACTURING; compartments= 18;
minclass= NEED_TO_KNOW;
name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19;
minclass= NEED_TO_KNOW;
name= PROJECT_TEAM; sname= P_TEAM; compartments= 20;
minclass= NEED_TO_KNOW;
REQUIRED COMBINATIONS:
COMBINATION CONSTRAINTS:
CHANNELS:
WORDS:
name= DISTRIBUTE_ONLY_TO; prefix;
name= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
suffix;
name= EXECUTIVE_MANAGEMENT_GROUP;
prefix= DISTRIBUTE_ONLY_TO; compartments= 11;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= SALES; prefix= DISTRIBUTE_ONLY_TO; compartments= 12;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= FINANCE; prefix= DISTRIBUTE_ONLY_TO; compartments= 13;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= LEGAL; prefix= DISTRIBUTE_ONLY_TO; compartments= 14;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= MARKETING; prefix= DISTRIBUTE_ONLY_TO;
compartments= 15 20;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= HUMAN_RESOURCES; prefix= DISTRIBUTE_ONLY_TO;
compartments= 16;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= ENGINEERING; prefix= DISTRIBUTE_ONLY_TO;
compartments= 17 20;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= MANUFACTURING; prefix= DISTRIBUTE_ONLY_TO;
compartments= 18;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= SYSTEM_ADMINISTRATION; prefix= DISTRIBUTE_ONLY_TO;
compartments= 19;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= PROJECT_TEAM; prefix= DISTRIBUTE_ONLY_TO; compartments= 20;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
PRINTER BANNERS:
WORDS:
name= COMPANY PROPRIETARY/CONFIDENTIAL:; prefix;
name= ALL_DEPARTMENTS;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 11-20;
name= EXECUTIVE_MANAGEMENT_GROUP;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 11;
name= SALES; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 12;
name= FINANCE; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 13;
name= LEGAL; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 14;
name= MARKETING; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 15 20;
name= HUMAN_RESOURCES;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 16;
name= ENGINEERING;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 17 20;
name= MANUFACTURING;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 18;
name= SYSTEM_ADMINISTRATION;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 19;
name= PROJECT_TEAM;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 20;
ACCREDITATION RANGE:
classification= PUBLIC; only valid compartment combinations:
PUBLIC
classification= INTERNAL_USE_ONLY; only valid compartment combinations:
INTERNAL
classification= NEED_TO_KNOW; all compartment combinations valid;
classification= REGISTERED; only valid compartment combinations:
REGISTERED
minimum clearance= PUBLIC;
minimum sensitivity label= PUBLIC;
minimum protect as classification= PUBLIC;
LOCAL DEFINITIONS:
*
* The names for the administrative high and low name are set to
* site_high and site_low respectively by the example commands below.
*
* NOTE: Use of these options could lead to interoperability problems
* with machines that do not have the same alternate names.
*
*Admin Low Name= site_low;
*Admin High Name= site_high;
default flags= 0x0;
forced flags= 0x0;
Default Label View is External;
Classification Name= Classification;
Compartments Name= Departments;
COLOR NAMES:
label= Admin_Low; color= #bdbdbd;
label= PUBLIC; color= green;
label= INTERNAL_USE_ONLY; color= yellow;
label= NEED_TO_KNOW; color= blue;
label= NEED_TO_KNOW EMG; color= #7FA9EB;
label= NEED_TO_KNOW SALES; color= #87CEFF;
label= NEED_TO_KNOW FINANCE; color= #00BFFF;
label= NEED_TO_KNOW LEGAL; color= #7885D0;
label= NEED_TO_KNOW MRKTG; color= #7A67CD;
label= NEED_TO_KNOW HR; color= #7F7FFF;
label= NEED_TO_KNOW ENG; color= #007FFF;
label= NEED_TO_KNOW MANUFACTURING; color= #0000BF;
label= NEED_TO_KNOW PROJECT_TEAM; color= #9E7FFF;
label= NEED_TO_KNOW SYSADM; color= #5B85D0;
label= NEED_TO_KNOW ALL; color= #4D658D;
label= REGISTERED; color= red;
label= Admin_High; color= #636363;
** End of local site definitions
|
- © 2010, Oracle Corporation and/or its affiliates