Appendix A Example: Label Encodings File
This appendix contains a sample label_encodings file developed along with Chapter 5, Example: Planning an Organization's Labels.
Classifications and Compartments
The example file has the following four classifications:
-
PUBLIC
-
INTERNAL_USE_ONLY
-
NEED_TO_KNOW
-
REGISTERED
In this model, PUBLIC is the sensitivity label for communications with the Internet, and INTERNAL_USE_ONLY is the sensitivity label for communications within the company.
The sample file defines compartments to appear only in labels that have the NEED_TO_KNOW classification. The sample file also specifies that the default word Comps is changed to the word Departments in label-builder GUIs.
NEED_TO_KNOW compartments are:
-
ALL_DEPARTMENTS
-
EXECUTIVE_MGMNT_GROUP
-
SALES
-
FINANCE
-
LEGAL
-
MARKETING
-
HUMAN_RESOURCES
-
ENGINEERING
-
MANUFACTURING
-
SYSTEM_ADMINISTRATION
-
PROJECT_TEAM
-
The ALL_DEPARTMENTS compartment word gets turned on when all defined compartment bits are on and works as a toggle in a label builder.
PROJECT_TEAM is hierarchically below both ENGINEERING and MARKETING. The hierarchy allows someone working at NEED_TO_KNOW ENGINEERING or at NEED_TO_KNOW MARKETING to read files with the NEED_TO_KNOW PROJECT_TEAM label but not to write to files that have that label.
label_encodings.simple File
* @(#)label_encodings.simple 5.9 99/11/01 SMI; TSOL 2.x
*
*
* Copyright (c) 1997 by Sun Microsystems, Inc.
* All rights reserved.
*
*
* This version of the label_encodings file encodes the Sun
* proprietary/confidential labels that are required by Sun's
* legal and information protection departments. The prefix
* SUN PROPRIETARY/CONFIDENTIAL is omitted from the labels for
* brevity. This encodings includes some example department
* names that can be used for controlling access to information
* across department boundaries. Commercial sites with different
* requirements can copy this file and change the definitions to suit.
* This example shows how to specify labels that meet an actual
* site's (Sun's) legal information protection requirements for
* labeling email and printer output. These labels may also
* be used to enforce mandatory access control checks based on user
* clearance labels and labels and sensitivity labels on files
* and directories.
VERSION= Sun Microsystems, Inc. Example Version - 5.9 99/11/01
CLASSIFICATIONS:
name= PUBLIC; sname= PUBLIC; value= 1;
name= INTERNAL_USE_ONLY; sname= INTERNAL; aname= INTERNAL; value= 4;
name= NEED_TO_KNOW; sname= NEED_TO_KNOW; aname= NEED_TO_KNOW; value= 5;
name= REGISTERED; sname= REGISTERED; aname= REGISTERED; value= 6;
INFORMATION LABELS:
WORDS:
name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19;
minclass= NEED_TO_KNOW;
name= MANUFACTURING; sname= MANUFACTURING; compartments= 18;
minclass= NEED_TO_KNOW;
name= ENGINEERING; sname= ENG; compartments= 17 20;
minclass= NEED_TO_KNOW;
name= HUMAN_RESOURCES; sname= HR; compartments= 16;
minclass= NEED_TO_KNOW;
name= MARKETING; sname= MRKTG; compartments= 15 20;
minclass= NEED_TO_KNOW;
name= LEGAL; sname= LEGAL; compartments= 14;
minclass= NEED_TO_KNOW;
name= FINANCE; sname= FINANCE; compartments= 13;
minclass= NEED_TO_KNOW;
name= SALES; sname= SALES; compartments= 12;
minclass= NEED_TO_KNOW;
name= EXECUTIVE_MGMNT_GROUP; sname= EMG; compartments= 11;
minclass= NEED_TO_KNOW;
name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20;
minclass= NEED_TO_KNOW;
name= PROJECT_TEAM; sname= P_TEAM; compartments= 20;
minclass= NEED_TO_KNOW;
REQUIRED COMBINATIONS:
COMBINATION CONSTRAINTS:
SENSITIVITY LABELS:
WORDS:
name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20;
minclass= NEED_TO_KNOW;
name= EXECUTIVE_MGMNT_GROUP; sname= EMG; compartments= 11;
minclass= NEED_TO_KNOW;
name= SALES; sname= SALES; compartments= 12;
minclass= NEED_TO_KNOW;
name= FINANCE; sname= FINANCE; compartments= 13;
minclass= NEED_TO_KNOW;
name= LEGAL; sname= LEGAL; compartments= 14;
minclass= NEED_TO_KNOW;
name= MARKETING; sname= MRKTG; compartments= 15 20;
minclass= NEED_TO_KNOW;
name= HUMAN_RESOURCES; sname= HR; compartments= 16;
minclass= NEED_TO_KNOW;
name= ENGINEERING; sname= ENG; compartments= 17 20;
minclass= NEED_TO_KNOW;
name= MANUFACTURING; sname= MANUFACTURING; compartments= 18;
minclass= NEED_TO_KNOW;
name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19;
minclass= NEED_TO_KNOW;
name= PROJECT_TEAM; sname= P_TEAM; compartments= 20;
minclass= NEED_TO_KNOW;
REQUIRED COMBINATIONS:
COMBINATION CONSTRAINTS:
CLEARANCES:
WORDS:
name= ALL_DEPARTMENTS; sname= ALL; compartments= 11-20;
minclass= NEED_TO_KNOW;
name= EXECUTIVE_MANAGEMENT_GROUP; sname= EMG; compartments= 11;
minclass= NEED_TO_KNOW;
name= SALES; sname= SALES; compartments= 12;
minclass= NEED_TO_KNOW;
name= FINANCE; sname= FINANCE; compartments= 13;
minclass= NEED_TO_KNOW;
name= LEGAL; sname= LEGAL; compartments= 14;
minclass= NEED_TO_KNOW;
name= MARKETING; sname= MRKTG; compartments= 15 20;
minclass= NEED_TO_KNOW;
name= HUMAN_RESOURCES; sname= HR; compartments= 16;
minclass= NEED_TO_KNOW;
name= ENGINEERING; sname= ENG; compartments= 17 20;
minclass= NEED_TO_KNOW;
name= MANUFACTURING; sname= MANUFACTURING; compartments= 18;
minclass= NEED_TO_KNOW;
name= SYSTEM_ADMINISTRATION; sname= SYSADM; compartments= 19;
minclass= NEED_TO_KNOW;
name= PROJECT_TEAM; sname= P_TEAM; compartments= 20;
minclass= NEED_TO_KNOW;
REQUIRED COMBINATIONS:
COMBINATION CONSTRAINTS:
CHANNELS:
WORDS:
name= DISTRIBUTE_ONLY_TO; prefix;
name= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
suffix;
name= EXECUTIVE_MANAGEMENT_GROUP;
prefix= DISTRIBUTE_ONLY_TO; compartments= 11;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= SALES; prefix= DISTRIBUTE_ONLY_TO; compartments= 12;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= FINANCE; prefix= DISTRIBUTE_ONLY_TO; compartments= 13;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= LEGAL; prefix= DISTRIBUTE_ONLY_TO; compartments= 14;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= MARKETING; prefix= DISTRIBUTE_ONLY_TO;
compartments= 15 20;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= HUMAN_RESOURCES; prefix= DISTRIBUTE_ONLY_TO;
compartments= 16;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= ENGINEERING; prefix= DISTRIBUTE_ONLY_TO;
compartments= 17 20;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= MANUFACTURING; prefix= DISTRIBUTE_ONLY_TO;
compartments= 18;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= SYSTEM_ADMINISTRATION; prefix= DISTRIBUTE_ONLY_TO;
compartments= 19;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
name= PROJECT_TEAM; prefix= DISTRIBUTE_ONLY_TO; compartments= 20;
suffix= EMPLOYEES (NON-DISCLOSURE AGREEMENT REQUIRED);
PRINTER BANNERS:
WORDS:
name= COMPANY PROPRIETARY/CONFIDENTIAL:; prefix;
name= ALL_DEPARTMENTS;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 11-20;
name= EXECUTIVE_MANAGEMENT_GROUP;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 11;
name= SALES; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 12;
name= FINANCE; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 13;
name= LEGAL; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 14;
name= MARKETING; prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 15 20;
name= HUMAN_RESOURCES;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 16;
name= ENGINEERING;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 17 20;
name= MANUFACTURING;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 18;
name= SYSTEM_ADMINISTRATION;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 19;
name= PROJECT_TEAM;
prefix= COMPANY PROPRIETARY/CONFIDENTIAL:;
compartments= 20;
ACCREDITATION RANGE:
classification= PUBLIC; only valid compartment combinations:
PUBLIC
classification= INTERNAL_USE_ONLY; only valid compartment combinations:
INTERNAL
classification= NEED_TO_KNOW; all compartment combinations valid;
classification= REGISTERED; only valid compartment combinations:
REGISTERED
minimum clearance= PUBLIC;
minimum sensitivity label= PUBLIC;
minimum protect as classification= PUBLIC;
LOCAL DEFINITIONS:
*
* The names for the administrative high and low name are set to
* site_high and site_low respectively by the example commands below.
*
* NOTE: Use of these options could lead to interoperability problems
* with machines that do not have the same alternate names.
*
*Admin Low Name= site_low;
*Admin High Name= site_high;
default flags= 0x0;
forced flags= 0x0;
Default Label View is External;
Classification Name= Classification;
Compartments Name= Departments;
COLOR NAMES:
label= Admin_Low; color= #bdbdbd;
label= PUBLIC; color= green;
label= INTERNAL_USE_ONLY; color= yellow;
label= NEED_TO_KNOW; color= blue;
label= NEED_TO_KNOW EMG; color= #7FA9EB;
label= NEED_TO_KNOW SALES; color= #87CEFF;
label= NEED_TO_KNOW FINANCE; color= #00BFFF;
label= NEED_TO_KNOW LEGAL; color= #7885D0;
label= NEED_TO_KNOW MRKTG; color= #7A67CD;
label= NEED_TO_KNOW HR; color= #7F7FFF;
label= NEED_TO_KNOW ENG; color= #007FFF;
label= NEED_TO_KNOW MANUFACTURING; color= #0000BF;
label= NEED_TO_KNOW PROJECT_TEAM; color= #9E7FFF;
label= NEED_TO_KNOW SYSADM; color= #5B85D0;
label= NEED_TO_KNOW ALL; color= #4D658D;
label= REGISTERED; color= red;
label= Admin_High; color= #636363;
** End of local site definitions
|
- © 2010, Oracle Corporation and/or its affiliates