Sections for Defining Labels
Label components are defined by the Security Administrator role in the /etc/security/tsol/label_encodings file in the sections described here. The encodings are comprised of a VERSION specification and seven mandatory sections: CLASSIFICATIONS, INFORMATION LABELS, SENSITIVITY
LABELS, CLEARANCES, CHANNELS, PRINTER BANNERS, AND ACCREDITATION RANGE, which must appear in the order given. An optional LOCAL DEFINITIONS section may follow. Mandatory means only that all the keywords must be present. Not all keywords must be defined. See the notes for each section for what must be
defined and what is optional.
Table 2-2 Table Caption
|
Section
|
Notes
|
|
VERSION=
|
Mandatory keyword must be present. The version specification is the single keyword VERSION=, followed by a character
string that identifies this particular version of encodings. An example is:
VERSION= DISTRIBUTED DEMO VERSION
|
|
CLASSIFICATIONS:
|
Mandatory keyword must be present. At least one classification must be defined
|
|
INFORMATION LABELS: WORDS: REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS
|
Mandatory keywords must be present. Even though
information labels are not used in Trusted Solaris, you must assign one bit to an INFORMATION LABEL WORD for each bit you assign to a SENSITIVITY LABEL WORD that you may define in the following section. Hint: Encode the SENSITIVITY LABELS WORDS first and then copy them to the INFORMATION LABELS section.
|
|
SENSITIVITY LABELS:WORDS: REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS
|
Mandatory keywords must be present. WORDS definitions are optional.
If you define SENSITIVITY LABELS WORDS, the same bits must be assigned to WORDS in both the INFORMATION LABELS and CLEARANCES section, even though the words assigned to the bits do not need to be the same.
|
|
CLEARANCES:WORDS: REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS
|
Mandatory keywords must be present. One bit must be assigned to a CLEARANCE WORD
for any SENSITIVITY LABEL WORD you define. Clearance labels may allow combinations of words that have been disallowed in the definitions for sensitivity labels words.
|
|
CHANNELS:
|
Mandatory keyword must be present
|
|
PRINTER BANNERS:
|
Mandatory keyword must be present
|
|
ACCREDITATION RANGE:
|
Mandatory keyword must be present. A rule must be defined for each CLASSIFICATION
name; the minimum clearance, minimum senstivity label, and minimum protect as classification must be defined.
|
|
LOCAL DEFINITIONS:
|
Optional.
|
For all the required sections, the keywords shown must be present, but not all of the sections must have elements defined. This means that you could have a valid label encodings file with only CLASSIFICATIONS and ACCREDITATION RANGE definitions.
