Getting and Setting Security Attributes

These examples show how to set up a security attribute structure and masks to specify security attributes on outgoing data. The first example sets new security attributes on the message, and the second example sets new security attributes on the communication endpoint.

Security Attributes on Messages

This example sets up new sensitivity label and clearance attribute values to send with msg. This is done by doing the following:

• Defining a mask, sendmask, with only the sensitivity label and clearance defined.

• Allocating the security attribute structure sendattrs with sendmask so the attribute structure has room only for these two attributes.

• Setting the attribute values of Top Secret for the sensitivity label and clearance in sendattrs.

• Setting up communications over a communication endpoint.

• Sending msg with the security attributes over the communication endpoint.

Because the process sending msg is at Confidential, it needs the net_setclr and net_upgrade_sl privileges in its effective set to change the clearance and sensitivity label. The new sensitivity label and clearance override the sensitivity label and clearance msg received from its sending process. The code comments indicate where privilege bracketing as described in Chapter 3, Privileges should take place.

#include <tsix/t6attrs.h>
#include <label.h>
main()
{
	int retval, sock, error;
	t6attr_t sendattrs;
	t6mask_t sendmask;
	char *msg = "Hello World!";
	bslabel_t senslabel;
	bclear_t clearance;
	struct sockaddr_in sin;

/* Initialize a mask with the sensitivity label and */
/* process clearance security attribute fields */
	sendmask = T6M_SL | T6M_CLEARANCE;
/* Allocate space for two security attribute structures */
/* using the masks so only the space needed is allocated */
	sendattrs = t6alloc_blk(sendmask);
/* Initialize senslabel and clearance to Top Secret */
	stobsl("TOP SECRET", &senslabel;, NEW_LABEL, &error;);
	stobclear("TOP SECRET", &clearance;, NEW_LABEL, &error;);
/* Set attribute values for the security attribute fields */
/* to be sent with the message */
	retval = t6set_attr(T6_SL, &senslabel;, sendattrs);
	printf("Retval1 = %d\n", retval);
	retval = t6set_attr(T6_CLEARANCE, &clearance;, sendattrs);
	printf("Retval2 = %d\n", retval);
/* Set up socket communications */
/* ... */
/* Send changed security attributes with the message */
/* Turn net_setclr and net_upgrade_sl on in the effective set */
	retval = t6sendto(sock, msg, sizeof(msg), 0, (struct sockaddr *) &sin;,
		sizeof(sin), &sendattrs;);
/* Turn off the net_setclr and net_upgrade_sl privileges */
	printf("Retval3 = %d\n bytes", retval);
}

The printf statements print the following:

Retval1 = 0
Retval2 = 0
Retval3 = 4 bytes

Security Attributes on Communication Endpoints

The first part of this example sets only the sensitivity label security attribute specified in sendattrs on the communication endpoint by using a different mask (endptmask) with sendattrs. This way, when privileged process sends a message over the communication endpoint using a form of transmission other than the t6sendto(3NSL) routine, or using the t6sendto(3NSL) routine with an attribute set that does not specify the sensitivity label, the sensitivity label is picked up from the communication endpoint. Because the process setting security attributes on the communication endpoint is running at Secret, it needs the net_upgrade_sl privilege in its effective set. The code comments indicate where privilege bracketing as described in Chapter 3, Privileges should take place.

The next statements change the mask on the communication endpoint to sendmask, retrieve the endpoint mask and put it in getmask, allocate getattrs to hold a clearance, and get the binary clearance from the communication endpoint defaults and store it in getattrs.

Security attributes on the communication endpoint override the attributes acquired from the sending process. The security attributes on the message override the attributes from the communication endpoint.

#include <tsix/t6attrs.h>
include <tsol/label.h>
#include <tsol/priv.h>
main()
{ t6mask_t sendmask, endptmask, getmask;
	int fd, sock, retval;
	t6attr_t sendattrs, getattrs;
	sendmask = T6M_SL | T6M_CLEARANCE;
	sendattrs = t6alloc_blk(sendmask);


	if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
		perror("socket");
		exit(1);
	}
/* Initialize a mask with the sensitivity label field */
	endptmask = T6M_SL;
/* Set the attribute in sendattrs indicated by the mask */
/* Turn net_upgrade_sl on in the effective set */
	set_effective_priv(PRIV_ON, 1, PRIV_NET_UPGRADE_SL);

	retval = t6set_endpt_default(sock, endptmask, &sendattrs;);

	set_effective_priv(PRIV_OFF, 1, PRIV_NET_UPGRADE_SL);
	printf("t6set_endpt_default return val: %d\n", retval);
/* Turn off the net_upgrade_sl privilege */
/* Change the endpoint mask to a different mask */

	retval = t6set_endpt_mask(sock, sendmask);

	printf("t6set_endpt_mask return val: %d\n", retval);
/* Get the current endpoint mask */

	retval = t6get_endpt_mask(sock, &getmask;);

	printf("t6get_endpt_mask return val: %d\n", retval);
/* Get the default clearance on the endpoint */

	getmask = T6M_CLEARANCE;
	getattrs = t6alloc_blk(getmask);
	retval = t6get_endpt_default(sock, &getmask;, getattrs);

	printf("t6get_endpt_default return val: %d\n", retval);
}