A valid clearance is a clearance defined in the label_encodings(4) file. Call the bclearvalid(3TSOL) routine to check if a clearance is valid. The process running at TS A B equals the clearance and needs no privilege for this operation.
#include <tsol/label.h> main() { int retval, error; bclear_t bclear; char *string = "TS ABLE BAKER"; retval = stobclear(string, &bclear, NEW_LABEL, &error); retval = bclearvalid(&bclear); printf("Return value = %d\n", retval); }
The printf statement prints the following where 1 means the clearance is valid; -1 means the label_encodings file is inaccessible; and 0 means the label is not valid or the process sensitivity label does not dominate the clearance and the sys_trans_label privilege is not effective:
Return value = 1 |