test

Trusted Solaris Developer's Guide

Find Greatest Level and Lowest Level

The next example finds the greatest and lowest values between two variables of type blevel_t. These interfaces let you compare two levels to find the level that represents the greatest lower bound (with the blminimum(3TSOL) routine) or least upper bound (with the blmaximum(3TSOL) routine) bounded by the two levels. A level can be a sensitivity label or clearance.

The example code finds the greatest lower bound and least upper bound of the range created by a process clearance of TS A B and a sensitivity label of ADMIN_LOW. The process runs at Confidential.

The first part of the example finds the greater of the classifications and the greater of all the compartments of the two levels and puts that value into the first parameter. This operation is called finding the least upper bound because it finds the lowest level that dominates both original parameter values passed.

The process sensitivity level does not dominate the process clearance so the process needs the sys_trans_label privilege for the translation. The code comments indicate where privilege bracketing as described in Chapter 3, Privileges should take place.

#include <tsol/label.h>
#include <tsol/priv.h>
main()
{
	int        retval, length = 0;
	char       *string = (char *)0, *string1 = (char *)0;
	bclear_t   clear;
	bslabel_t  senslabel;
	bsllow(&senslabel;);
	retval = getclearance(&clear;);
	blmaximum(&senslabel;, &clear;);
	/* Turn the sys_trans_label privilege on in the effective set */
	set_effective_priv(PRIV_ON, 1, PRIV_SYS_TRANS_LABEL); 
	retval = bsltos(&senslabel;, &string;, length, LONG_WORDS);
	printf("Maximum = %s\n", string);

The printf statements print the following where TS ABLE BAKER is the lowest level that dominates TS A B and ADMIN_LOW.


Maximum = TS A B

The second part of the example finds the lower of the classifications and only those compartments contained in both parameters, and puts that value in the first parameter. This operation finds the greatest lower bound because it finds the greatest level dominated by both original parameter values passed. 

bsllow(&senslabel;);
blminimum(&senslabel;, &clear;);
retval = bsltos(&senslabel;, &string1;, length, LONG_WORDS);
printf("Minimum = %s\n", string1);
/* Turn sys_trans_label off */
set_effective_priv(PRIV_OFF, 1, PRIV_SYS_TRANS_LABEL);

}

The printf statements print the following where ADMIN_LOW is the highest level that is dominated by TS A B and ADMIN_LOW. 


Minimum = ADMIN_LOW