Create a file
In this example, the process is running at Confidential with a clearance of Top Secret. The Confidential process needs the file_mac_search privilege in its effective set to access the SLD at Top Secret. If afile does not already exist in the Top Secret SLD, the process needs the file_mac_write privilege because the process sensitivity label does not equal the SLD sensitivity label. If afile already exists, the file_mac_write privilege is not needed.
#include <tsol/label.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
main()
{
int filedes;
/* Create a file in the SLD at which the process is running */
filedes = creat("/export/home/zelda/afile", 660);
printf("File descriptor for regular path = %d\n", filedes);
/* Create a file in the Top Secret SLD */
/* Turn file_mac_search on in the effective set */
filedes = creat("/export/home/.MLD.zelda/.SLD.3/afile", 660);
/* Turn file_mac_search off */
printf("File descriptor for adorned path = %d\n", filedes);
}
The printf statements print the following.
File descriptor for regular path = 3 File descriptor for adorned path = 4 |
- © 2010, Oracle Corporation and/or its affiliates