Multilevel Directories
Multilevel directories (MLDs) enable an application to run at different sensitivity labels and access data in the single-level directory (SLD) at the sensitivity label at which its process was launched. This example shows how to get the name for the Confidential SLD in the zelda MLD by translating a text string to binary with stobsl(3TSOL) and passing the binary label to getsldname(1). The /export/home/zelda MLD is at ADMIN_LOW and the process is running at Confidential. The process needs no privileges because it has mandatory read access to the MLD and the process sensitivity label dominates the SLD sensitivity label.
#include <tsol/mld.h>
char *file = "/export/home/zelda";
char buffer[3*1024];
bslabel_t senslabel;
int length, flags, retval, error;
main()
{
/* Get the Confidential SLD name */
retval = stobsl("CONFIDENTIAL", &senslabel, NEW_LABEL, &error);
length = sizeof(buffer);
retval = getsldname(file, &senslabel, buffer, length);
printf("SLD Name = %s\n", buffer);
}
The printf statement prints the name of the SLD at ADMIN_LOW. See Chapter 7, Multilevel Directories for the meaning of the SLD name.
SLD Name = .SLD.2 |
Note -
You can get file attribute information for an MLD or symbolic link that is an MLD with the mldstat(3TSOL) and mldlstat(3TSOL) system calls. See also the stat(2) man page and Chapter 7, Multilevel Directories.
- © 2010, Oracle Corporation and/or its affiliates