Labels can be translated from binary to text and back again. The calling process needs the sys_trans_label privilege in its effective set to translate any label not dominated by the process's sensitivity label.
Text characters can be input in any combination of upper and lowercase letters, but they are always output all uppercase.
Text label input and output formats consist of classifications and words defined in the label_encodings file. Classification names and words may contain embedded blanks or punctuation if they are defined that way in the label_encodings file.
These examples translate binary labels to text. The translation uses the keyword settings in label_encodings(4) and the flag parameter value. Not all flag values make sense for every label, although nothing stops you from using any flag with any type of label. The descriptions state the label type a flag is to be used with. Settings that apply to sensitivity labels also apply to CMW labels.
LONG_WORDS--Translate a binary label using the long names for words.
SHORT_WORDS--Translate a binary label using the short names for words.
LONG_CLASSIFICATION--Translate a binary label using long names for the classification.
SHORT_CLASSIFICATION--Translate a binary label using short names for the classification.
NO_CLASSIFICATION--Do not include the classification in the translation of a binary sensitivity label label
VIEW_INTERNAL--Use internal names for the highest and lowest sensitivity labels in the system: ADMIN_HIGH and ADMIN_LOW.
VIEW_EXTERNAL--Demote an ADMIN_HIGH sensitivity label to the next highest label, and promote an ADMIN_LOW label to the lowest label defined in label_encodings(4).
The label view process attribute described in "Get and Set Process Security Attribute Flags" contains the status of the label view.
The text output form for CMW labels is as follows:
[SENSITIVITY LABEL]
This example initializes a CMW label to ADMIN_LOW [ADMIN_HIGH]
and prints out the internal and external views. The process runs at ADMIN_HIGH
and does not need privileges to translate the ADMIN_LOW [ADMIN_HIGH]
label.
#include <tsol/label.h> main() { int retval, length = 0; char *string1 = (char *)0, *string2 = (char *)0; bclabel_t cmwlabel; bclhigh(&cmwlabel); retval = bcltos(&cmwlabel, &string1, length, VIEW_INTERNAL); printf("View Internal = %s\n", string1); retval = bcltos(&cmwlabel, &string2, length, VIEW_EXTERNAL); printf("View External = %s\n", string2); }
The printf statements print the following:
View Internal = ADMIN_LOW [ADMIN_HIGH] View External = UNCLASSIFIED [TS A B SA SB CC] |
Although bclhigh() and the other functions in the bclmanifest() family allow you to manipulate to manipulate the value of the information label of the CMW label, you cannot set this value on an object. The information label for all objects is ADMIN_LOW
by default.
The text forms of sensitivity labels and information labels output by interfaces are separated by spaces and formatted as follows where the curly brackets indicate optional items and the ellipses indicate repeated words. In a sensitivity label, words represent compartments, and in an information label words represent compartments and markings.
CLASSIFICATION {WORD}...
The following code example translates a binary sensitivity label to text using different flags. The process runs at TS A B and needs the sys_trans_label privilege for the translation after the call to bslhigh(3TSOL). The code comments indicate where privilege bracketing as described in Chapter 3, Privileges should take place.
#include <tsol/label.h> main() { int retval, length = 0; char *string1 = (char *)0, *string2 = (char *)0, *string3 = (char *)0, *string4 = (char *)0, *string5 = (char *)0, *string6 = (char *)0, *string7 = (char *)0; bclabel_t cmwlabel; bslabel_t senslabel; retval = getcmwplabel(&cmwlabel); getcsl(&senslabel, &cmwlabel); retval = bsltos(&senslabel, &string1, length, LONG_WORDS); printf("Retval1 = %d Long Words = %s\n", retval, string1); retval = bsltos(&senslabel, &string2, length, SHORT_WORDS); printf("Retval2 = %d Short Words = %s\n", retval, string2); retval = bsltos(&senslabel, &string3, length, LONG_CLASSIFICATION); printf("Retval3 = %d Long Classifications = %s\n", retval, string3); retval = bsltos(&senslabel, &string4, length, SHORT_CLASSIFICATION); printf("Retval4 = %d Short Classifications = %s\n", retval, string4); retval = bsltos(&senslabel, &string5, length, NO_CLASSIFICATION); printf("Retval5 = %d No Classification = %s\n", retval, string5); bslhigh(&senslabel); /* Turn sys_trans_label on in the effective set */ retval = bsltos(&senslabel, &string6, length, VIEW_INTERNAL); /* sys_trans_label off. */ printf("Retval6 = %d View Internal = %s\n", retval, string6); retval = bsltos(&senslabel, &string7, length, VIEW_EXTERNAL); printf("Retval7 = %d View External = %s\n", retval, string7); }
The printf statements print the following.
Long Words = TS A B Short Words = TS A B Long Classifications = TOP SECRET A B Short Classifications = TS A B No Classification = A B View Internal = ADMIN_HIGH View External = TS A B SA SB CC |
This example translates text strings to a binary CMW label or sensitivity label using the following flag values:
NEW_LABEL - Create a new label and correct the string as much as possible so the binary label is a complete and valid label for the system as defined in label_encodings(4). If the correction cannot be made, an error is returned. The string can be a text or hexadecimal string.
NO_CORRECTION - Create a new label, but do not correct the construction of the string. If the string is not a complete and valid label for the system, an error is returned. The string can be a text hexadecimal string.
Text CMW labels are accepted in the following form: [sensitivity_label]
.
Text sensitivity and information labels are accepted in the following forms. Input items can be separated by white space, commas, or slashes (/). Short and long forms of classification names and words are interchangeable.
{+} {classification} {{+|-}{word}...
The vertical bar (|) indicates a choice between two items. Leading and trailing white space is ignored.
The plus and minus signs can be used to modify an existing label to turn on or off the compartments and markings associated with the words.
Curly braces indicate optional items and ellipses indicate repeated words. In a sensitivity label, the words represent compartments.
This example translates text strings to a binary CMW label and sensitivity label and back again using the NEW_LABEL flag. An example of translating a sensitivity label to a specified length (clipping) is also given. If the process runs at [TS A B]
or higher, the sys_trans_label
privilege is not needed for the label translations.
#include <tsol/label.h> main() { int retval, error, length = 0; char *cmwstring ="SECRET A B [TOP SECRET A B]"; char *sensstring = "TOP SECRET A B"; char *string1 = (char *)0, *string2 = (char *)0, *string3 = (char *)0; bclabel_t cmwlabel; bslabel_t senslabel; retval = stobcl(cmwstring, &cmwlabel, NEW_LABEL, &error); retval = bcltos(&cmwlabel, &string1, length, ALL_ENTRIES); retval = stobsl(sensstring, &senslabel, NEW_LABEL, &error); retval = bsltos(&senslabel, &string2, length, ALL_ENTRIES); string3 = sbsltos(&senslabel, 4); printf("CMW label = %s\nSens label = %s\nClipped label = %s\n'', string1, string2, string3); }
The printf statement prints the following. In the clipped label, the arrow <-indicates the sensitivity label name has clipped letters.
CMW label = [TS A B] Sens label = TS A B Clipped label = TS<- |