Specifying Whether Users See Administrative Labels' Names

The option to set a label view allows the security administrator role to determine whether the names for administrative labels are displayed to non-administrative users. If the label view is set to external, another label is substituted: ADMIN_HIGH is demoted to the maximum label and ADMIN_LOW is promoted to the minimum label within the user accreditation range.

Some reasons a site might hide the names of administrative labels are:

• The site assigns each user a single label to work at and chooses not to train users about administrative labels.

• The site's security policy treats the names of administrative labels as classified information.

The label view is set to be either INTERNAL or EXTERNAL in several different ways that are listed in order of precedence, with the lowest first.

• If not otherwise overridden, the system-wide label view is EXTERNAL.

• An optional system-wide setting can be made in the label_encodings(4) file

  The default label_encodings(4) file has the label view set to External in the LOCAL DEFINITIONS section. If the optional definition is not round in the file, the default system-wide setting of EXTERNAL is used.

• The User Accounts and Administrative Roles Tools can set an individual value for any user or role account.

  The Security Administrator role can make an individual setting in the Trusted Solaris Attributes tab that is found in both the User Accounts and Administrative Roles Properties dialogs. The values are stored in the user_attr(4) file entry for the user or role account.

  ---

  Note -

  Do not edit the user_attr file directly. Change any account's labels views using the SMC tools.

  ---

  The View: choices are External | Internal | System Default

  If the System Default is chosen, the Default Label View is value in the optional LOCAL DEFINITIONS section of the label_encodings file applies.

• Programs can use library routines to manipulate the label view of the process running the program.

  The label view setting in a process can override the system-wide setting. A process's label view is set to be either internal, external, or sys. If sys, the process's label view is whatever is set in the label_encodings file, and if no value is set in the file, then the default of External is used.

A process's label view gets set indirectly through the following:

• From the user_attr entry for the owner of the process

  When a user or role starts a process, the user_attr file entry for the account is consulted and the process attribute flag PAF_LABEL_VIEW is set using setpattr(2), according to the label view specified in the for the account. PAF_VIEW_EXT sets the external view and a PAF_VIEW_INT sets the internal view. If the sys label view is specified, the PAF_VIEW_DEF is set equal to the optional setting in the label_encodings(4) file, or the default of EXTERNAL that applies if the option is not set.

• From within a program using library routines

  Programs can use library routines (described on the bltos(3TSOL) man page and under "Labels" in Trusted Solaris Developer's Guide) to set or get the label view of a process.

  Regardless of the value of the PAF_LABEL_VIEW flag, a library call used to translate labels from binary form to text can specify that labels be translated with either an INTERNAL or EXTERNAL label view. If the VIEW_EXTERNAL or VIEW_INTERNAL flags are not specified in the call to the library routine, translation of ADMIN_LOW and ADMIN_HIGH labels is controlled by the label view process attribute flags. If the label view process attribute flag is defined as VIEW_SYS, the translation is controlled by the label view option configured in the label_encodings(4) file or by the default system-wide value of EXTERNAL if the option is not specified.