Find Relationship Between Two Levels
A level is a classification and set of compartments for a sensitivity label or clearance; and is represented by the data type blevel_t. Two levels can be equal, one can dominate the other, or one can strictly dominate the other.
-
Equals - One level is equal to another when its classification is arithmetically equal to the other's classification (by means of its place in the classifications hierarchy), and its compartments contain all the other's compartments and no additional compartments.
-
Dominates - One level dominates another when its classification is arithmetically greater than or equal to the other's classification (by means of its place in the classifications hierarchy), and its compartments contain all the other's compartments.
-
Strictly dominates - Level one is said to strictly dominate level two when level one dominates level two, but is not equal to level two.
This example tests the process sensitivity label against a file's sensitivity label. The code for getting the process and file CMW label and extracting the sensitivity label portion is not shown. See "Get Process CMW Label" and "Get File CMW Label" for example code to perform these operations.
In this example, the process sensitivity label is Confidential and the file sensitivity label is Confidential. The labels are equal, the process label dominates the file label, but does not strictly dominate the file label.
#include <tsol/label.h>
main()
{
int equal, dominate, strictdom, retval;
bslabel_t *plabel, *filelabel;
bclabel_t fileCMWlabel, pCMWlabel;
/* Get file and process CMW labels */
retval = getcmwlabel("/export/home/zelda/afile", &fileCMWlabel);
retval = getcmwplabel(&pCMWlabel);
/* Get sensitivity labels */
plabel = bcltosl(&plabel);
filelabel = bcltosl(&filelabel);
/* Once have both labels, test for equality */
equal = blequal(plabel, filelabel);
printf("Process label equals file label? %d\n", equal);
/* Test for dominance */
dominate = bldominates(plabel, filelabel);
printf("Process label dominates file label? %d\n", dominate);
/* Test for strict dominance */
strictdom = blstrictdom(plabel, filelabel);
printf("Process label strictly dominates file label? %d\n", strictdom);
}
The printf statement prints the following where any value greater than zero is true and zero is false.
Process label equals file label? 1 Process label dominates file label? 1 Process label strictly dominates file label? 0 |
- © 2010, Oracle Corporation and/or its affiliates