Set SL Portion of Process CMW Label

This example gets the calling process's CMW label, and sets the sensitivity portion to TOP SECRET (upgrades the label). The altered CMW label is set on the privileged process. The calling process needs the proc_setsl privilege in its effective set to change its sensitivity label. The code comments indicate where privilege bracketing as described in Chapter 3, Privileges should occur. (Note that this example will work only if the process clearance dominates TOP SECRET.)

#include <tsol/label.h>

main()
{
	int retval, error, length = 0;
	bclabel_t pCMWlabel;
	bslabel_t psenslabel;
	char *string = "TOP SECRET",  *string1 = (char *)0;

/* Create new sensitivity value and set CMW label to the value */
	retval = stobsl(string, &psenslabel, NEW_LABEL, &error);
	setcsl(&pCMWlabel, &psenslabel);

/* Set process CMW label with new CMW label */
/* Turn proc_setsl on in the effective set */
	retval = setcmwplabel(&pCMWlabel, SETCL_SL);
 /* Turn proc_setsl off */

}

The printf statement prints the following where ADMIN_LOW is the information label and [TS] is the sensitivity label.

Process CMW label = ADMIN_LOW [TS]

The text output depends on the flag parameter to bcltos(3TSOL) and specifications in label_encodings(4). See "Binary to Text Label Translation Routines" for information on flag parameter values.

The SETCL_SL value passed to setcmwplabel(2) sets the sensitivity label portion of the CMW label.