Using Path Names with Adornments
UNIX system calls that accept a path name such as open(2) and creat(2) go to the SLD at the same sensitivity label as the process unless the fully adorned path name is passed instead of a regular path name. The fully adorned path name includes the MLD adornment and the SLD directory name as shown in the code example. Note that a process cannot create files or directories in either an MLD or SLD with the mkdir(1) system call.
The mandatory access and discretionary access controls described in "Security Policy" apply.
Open a File
In this example, the process is running at Confidential with a clearance of Top Secret. The Confidential process needs the file_mac_search privilege in its effective set to access the SLD at Top Secret. Because the file is opened for writing and a write-up is allowed by the security policy, no other privileges are needed assuming the operation passes all discretionary access checks.
#include <tsol/label.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
main()
{
int filedes;
/* Open a file in the SLD at which the process is running */
filedes = open("/export/home/zelda/afile", O_WRONLY);
printf("File descriptor for regular path = %d\n", filedes);
/* Open a file in the Top Secret SLD */
/* Turn file_mac_search on in the effective set */
filedes = open("/export/home/.MLD.zelda/.SLD.3/afile", O_WRONLY);
/* Turn file_mac_search off */
printf("File descriptor for adorned path = %d\n", filedes);
}
The printf statements print the following.
File descriptor for regular path = 3 File descriptor for adorned path = 4 |
Create a file
In this example, the process is running at Confidential with a clearance of Top Secret. The Confidential process needs the file_mac_search privilege in its effective set to access the SLD at Top Secret. If afile does not already exist in the Top Secret SLD, the process needs the file_mac_write privilege because the process sensitivity label does not equal the SLD sensitivity label. If afile already exists, the file_mac_write privilege is not needed.
#include <tsol/label.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
main()
{
int filedes;
/* Create a file in the SLD at which the process is running */
filedes = creat("/export/home/zelda/afile", 660);
printf("File descriptor for regular path = %d\n", filedes);
/* Create a file in the Top Secret SLD */
/* Turn file_mac_search on in the effective set */
filedes = creat("/export/home/.MLD.zelda/.SLD.3/afile", 660);
/* Turn file_mac_search off */
printf("File descriptor for adorned path = %d\n", filedes);
}
The printf statements print the following.
File descriptor for regular path = 3 File descriptor for adorned path = 4 |
- © 2010, Oracle Corporation and/or its affiliates