The Secret process opens somefile for reading, performs a read operation, and closes the file. The fully adorned pathname is used so somefile in the Confidential /export/home/heartyann single-level directory is accessed.
A fully adorned pathname uses the multilevel directory adornment and specifies precisely which single-level directory is wanted. If a regular pathname was used instead, the Secret single-level directory would be accessed because the process is running at Secret.
See "Adorned Names" for a discussion on fully adorned pathnames. Chapter 7, Multilevel Directories presents interfaces for handling multilevel and single-level directories so fully adorned pathnames are not hardcoded the way they have been for clarity in these examples.
#include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <unistd.h> main() { int filedes, retval; ssize_t size; char readbuf[1024]; char *buffer = "Write to File."; char *file = "/export/home/.MLD.heartyann/.SLD.1/filetoexec"; char *argv[10] = {"filetoexec"}; filedes = open("/export/home/.MLD.heartyann/.SLD.1/somefile", O_RDONLY); size = read(filedes, readbuf, 29); retval = close(filedes);
Mandatory access checks on the open(2) system call - The process needs mandatory search access to /export/home/heartyann, and mandatory read access to somefile. The process running at Secret passes both mandatory access checks.
Discretionary access checks on the open(2) system call - The process needs discretionary search access to /export/home/heartyann, and discretionary read access to somefile. The permission bits for other on the directory path and somefile allow the required discretionary search and read access.
Mandatory access checks on the read(2) system call - The mandatory access checks were performed when somefile opened. No other access checks are performed.
Discretionary access checks on the read(2) system call - The discretionary access checks were performed when somefile was opened. No other access checks are performed.