test

Oracle Solaris Trusted Extensions Developer's Guide

Obtaining and Setting the Label of a File

The setflabel() routine, the getlabel() system call, and the fgetlabel() system call are used to obtain and set the label of a file. The following descriptions include the prototype declarations for the routine and the system calls:

int setflabel(const char *path, const m_label_t *label_p);

The setflabel() routine changes the sensitivity label of a file. When the sensitivity label of a file changes, the file is moved to a zone that corresponds to the new label. The file is moved to a new path name that is relative to the root of the other zone.

See the setflabel(3TSOL) man page.

For example, if you use the setflabel() routine to change the label of the file /zone/internal/documents/designdoc.odt from INTERNAL to RESTRICTED, the new path of the file will be /zone/restricted/documents/designdoc.odt. Note that if the destination directory does not exist, the file is not moved.

When you change the sensitivity label of a file, the original file is deleted. The only exception occurs when the source and destination file systems are loopback-mounted from the same underlying file system. In this case, the file is renamed.

When a process creates an object, the object inherits the sensitivity label of its calling process. The setflabel() routine programmatically sets the sensitivity label of a file system object.

The File Manager application and the setlabel command permit an authorized user to move an existing file to a different sensitivity label. See the setlabel(1) man page.

int getlabel(const char *path, m_label_t *label_p);

The getlabel() system call obtains the label of a file that is specified by path. The label is stored in an m_label_t structure that you allocate.

See the getlabel(2) man page.

int fgetlabel(int fd, m_label_t *label_p);

The fgetlabel() system call obtains the label of an open file by specifying a file descriptor.

When you allocate an m_label_t structure, you are responsible for freeing the allocated memory by using the m_label_free() routine. See the m_label(3TSOL) man page.