Trusted Solaris Label Administration

Keywords Defined for Classifications

The following table shows the keywords that can be defined for classifications. Keywords that begin with an asterisk (*) are optional. See "Setting Default and Inverse Words" for more about how to set up optional initial compartments and markings that may be associated with classifications.

Table 2-3 Values for Classifications


Value	Requirements
name=	Cannot contain (/) or (,) or (;). All other alphanumeric characters and white space are allowed. Users can enter either the name or the sname or the aname when specifying labels.
sname=	Required in classifications only. The short name appears in sensitivity labels (within brackets).
*aname=	Name used only for input by users. The alternate name can be entered by users any time a classification is needed.
value=	The values you assign should represent the actual hierarchy among the classifications and leave room for later expansion. 0 is reserved for ADMIN_LOW. Values can start at 1 and go to 255.
*initial compartments=	Specify bit numbers for any default compartment words (words that should initially appear in any label that has the associated classification). ADVANCED: Also specify bit numbers for any inverse words. Recommended: set aside initial compartments for later additions of inverse words (if your site uses inverse words) for all but the minimum classification. It is not recommended to have initial compartments or markings for the minimum classification
*initial markings=	Used for information labels, which are not used in Trusted Solaris 7 and later releases. Do not define.

Unless you are creating a set of encodings that must be compatible with another organization's label encodings, do not worry about which numbers to use for compartment bits. Keep track of the ones you use and their relations to each other.

The following example shows the top of the demonstration Trusted Solaris label_encodings file, with the CLASSIFICATIONS section.

Example 2-1 Trusted Solaris Demonstration label_encodings File (Top)

CLASSIFICATIONS:

*
name= UNCLASSIFIED;  sname= U;  value= 1;
name= CONFIDENTIAL;  sname= C;  value= 4; initial compartments= 4-5 190-239;
name= SECRET;        sname= S;  value= 5; initial compartments= 4-5 190-239;
name= TOP SECRET;    sname= TS; value= 6; initial compartments= 4-5 190-239;

Each classification defined in Example 2-1 has the mandatory name, sname, and value. The CONFIDENTIAL, SECRET, and TOP SECRET classifications have initial compartments, while UNCLASSIFIED has none.

The following table shows some initial compartments bit assignments and what they mean.

Table 2-4 Example Initial Compartments Bit Assignments and What They Mean


initial compartments= 4 5 100-227;	compartment bits 4, 5, and 100 through 239 are initially on (set to 1) in a label with this classification.

Some of the initial compartments shown in Example 2-1 are used later to define default and inverse words, and some are reserved for possible later definitions of inverse words.

The following example shows a simple set of classifications that have no initial compartments.

Example 2-2 Simple Classifications Defined Without Initial Compartments or Markings

CLASSIFICATIONS:

name= PUBLIC; sname= PUBLIC; value= 1;
name= INTERNAL_USE_ONLY; sname= INTERNAL; aname= INTERNAL; value= 4;
name= NEED_TO_KNOW; sname= NEED_TO_KNOW; aname= NEED_TO_KNOW; value= 5;
name= REGISTERED; sname= REGISTERED; aname= REGISTERED; value= 6;
initial compartments= 10;