Programming Interface Declarations

The following programming interfaces are available for managing process clearances.

System Calls

These system calls get and set the clearance of the calling process. Refer to the getclearance(2) and setclearance(2) man pages.

Every process that sets a clearance is responsible for setting a valid clearance as specified in the label_encodings(4) file, and must pass the correct binary form of the clearance. The text to binary translation functions correct the clearance as much as possible to ensure a correct binary clearance results from the translation. However, you might use the bclearvalid(3TSOL) routine to check that the clearance is valid.

int	getclearance(bclear_t *clearance);
int	setclearance(bclear_t *clearance);

Library Routines

Library routines are available to initialize, compare, translate and verify the process clearance.

Initialization

These routines initialize a clearance to ADMIN_HIGH, ADMIN_LOW, or undefined (similar to NULL). Refer to the blmanifest(3TSOL) man page.

void  bclearhigh(bclear_t *clearance);
void  bclearlow(bclear_t *clearance);
void  bclearundef(bclear_t *clearance);

Comparisons

These routines compare two levels to see if level1 equals, dominates, or strictly dominates level2. A level is a classification and set of compartments in a sensitivity label or clearance.

A returned non-zero is true and 0 is false. Refer to the blcompare(3TSOL) man page.

int  blequal(const blevel_t *level1, const blevel_t *level2);
int  bldominates(const blevel_t *level1, const blevel_t *level2);
int  blstrictdom(const blevel_t *level1, const blevel_t *level2);
int  blinrange(const blevel_t *level, const brange_t *range);

Clearance Type

The bltype(3TSOL) routine checks the clearance type, and the setbltype(3TSOL) routine sets the clearance type. A clearance can be defined or undefined. Refer to the bltype(3TSOL) man page.

int  bltype(const void *clearance, const unsigned char type);
void  setbltype(void *clearance, const unsigned char type);

Level Bounds

These routines compare two levels to find the sensitivity level that represents the greatest lower bound (blminimum(3TSOL)) or least upper bound (blmaximum(3TSOL)) of the range bounded by the two levels. A level is a classification and set of compartments in a sensitivity label or clearance. Refer to the blminmax(3TSOL) man page.

void  blmaximum(blevel_t *maximum_label,
				const blevel_t *bounding_label);
void  blminimum(blevel_t *minimum_label,
				const blevel_t *bounding_label);

Valid Clearance

This routine tests whether the specified clearance is valid for the system. Refer to the blvalid(3TSOL) man page.

int  bclearvalid(const bclear_t *clearance);

Binary and Text Translation

These routines translate a clearance from binary to text and back again. Refer to the stobl(3TSOL) man page.

See Chapter 14, Trusted X Window System for Interfaces that translate binary labels to text and clip the final label according to the specified width and font list for display in Motif-based graphical user interfaces (GUIs).

int  bcleartos(const bclear_t *clearance,
		char **string,
		const int len,
		const int flags);

int  stobclear(const char *string,
		bclear_t *clearance,
		const int flags, int *error);

char*  sbcleartos(const bclear_t *clearance,
		const int len);

Binary and Hexadecimal Translation

These routines translate a clearance from binary to hexadecimal and back again. Refer to the btohex(3TSOL) man page.

char  *h_alloc(const unsigned char id);
void  h_free(char *hex);

char  *bcleartoh_r(const bclear_t *clearance, char *hex);
char  *bcleartoh(const bclear_t *clearance);
int   htobclear(const char *s, bclear_t *clearance);