Multilevel Ports
The Trusted Solaris environment supports single-level and multilevel ports. A multilevel port can receive data at any sensitivity label, and a single-level port can receive data at a designated sensitivity label only.
-
Single-level port - A communication channel is established between two unprivileged applications. The sensitivity label of the communication endpoints must be equal.
-
Multilevel port - A communication channel is established between an application with net_mac_read in its effective set and any number of unprivileged applications running at different sensitivity labels. The application with net_mac_read in the effective set of its process can receive all data from the applications regardless of the receiving application's sensitivity label or process clearance. A multilevel communication channel cannot be established where there is already a single-level connection.
See "Client-Server Application" in Chapter 12, Trusted Security Information Exchange Library for a short example application that establishes a multilevel port connection using Berkeley sockets and the TSIX library.
Note -
If a connection is multilevel, be sure the application does not make a connection at one sensitivity label and send or receive data at another sensitivity label causing data to reach an unauthorized destination.
- © 2010, Oracle Corporation and/or its affiliates