Open the File

The Secret process opens somefile for reading, performs a read operation, and closes the file. The fully adorned pathname is used so somefile in the Confidential /export/home/heartyann single-level directory is accessed.

A fully adorned pathname uses the multilevel directory adornment and specifies precisely which single-level directory is wanted. If a regular pathname was used instead, the Secret single-level directory would be accessed because the process is running at Secret.

See "Adorned Names" for a discussion on fully adorned pathnames. Chapter 7, Multilevel Directories presents interfaces for handling multilevel and single-level directories so fully adorned pathnames are not hardcoded the way they have been for clarity in these examples.

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>

main()
{
	int filedes, retval;
	ssize_t size;
	char readbuf[1024];
	char *buffer = "Write to File.";
	char *file = "/export/home/.MLD.heartyann/.SLD.1/filetoexec";
	char *argv[10] = {"filetoexec"};

	filedes = open("/export/home/.MLD.heartyann/.SLD.1/somefile", O_RDONLY);
	size = read(filedes, readbuf, 29);
	retval = close(filedes);

• Mandatory access checks on the open(2) system call - The process needs mandatory search access to /export/home/heartyann, and mandatory read access to somefile. The process running at Secret passes both mandatory access checks.

• Discretionary access checks on the open(2) system call - The process needs discretionary search access to /export/home/heartyann, and discretionary read access to somefile. The permission bits for other on the directory path and somefile allow the required discretionary search and read access.

• Mandatory access checks on the read(2) system call - The mandatory access checks were performed when somefile opened. No other access checks are performed.

• Discretionary access checks on the read(2) system call - The discretionary access checks were performed when somefile was opened. No other access checks are performed.