These Java bindings use the Java File object to obtain and set file labels. Use the getFileLabel static factory to obtain the label from the file's File object. To set a file label to another specified label, use the setFileLabel method on the file's File object.
In addition to obtaining the sensitivity label of a file, the getSocketPeer static factory enables you to obtain the sensitivity label for the peer endpoint of a socket.
The getFileLabel static factory and the setFileLabel method correspond to the getlabel() system call and the setflabel() routine, respectively. For more information, see Obtaining and Setting the Label of a File and the getlabel(2) and setflabel(3TSOL) man pages.
The following descriptions include the prototype declarations for the static factories and the method:
The getFileLabel static factory obtains the label of a Java File object that is specified by file.
The getSocketPeer static factory obtains a sensitivity label object from the specified socket, socket.
The following code fragment obtains the sensitivity label object of the socket, s:
SensitivityLabel sl = SolarisLabel.getSocketPeer(s); |
The following example code shows how to create a server socket on port 9090 and then obtain the sensitivity label of the peer end of the accepted connection. This code example also outputs the internal and human-readable forms, the color, and the root path of the obtained socket peer label.
import java.io.*; import java.net.*; import solarismac.*; public class ServerSocketTest { public static void main (String args[]) { System.out.println("ServerSocketTest Start"); CreateListner(); System.out.println("ServerSocketTest End"); } /* * Listen for connections on port then print the peer connection label. * You can use telnet host 9090 to create a client connection. */ private static void CreateListner() { int port = 9090; ServerSocket acceptSocket; Socket s; try { System.out.println("Creating ServerSocket on port " + port); acceptSocket = new ServerSocket(port); System.out.println("ServerSocket created, waiting for connection"); s = acceptSocket.accept(); /* * Get the Sensitivity Label for the peer end of the socket. */ SensitivityLabel socksl = SolarisLabel.getSocketPeer(s); System.out.println("Client connected..."); System.out.println(" toInternal: " + socksl.toInternal()); System.out.println(" toText: " + socksl.toText()); System.out.println(" toString: " + socksl.toString()); System.out.println(" toColor: " + socksl.toColor()); System.out.println(" toRootPath: " + socksl.toRootPath()); } catch (Exception e) { e.printStackTrace(); } } } |
The setFileLabel method changes the sensitivity label of the specified file to the specified label. When the sensitivity label of a file changes, the file is moved to the zone that corresponds to the new label. The file is moved to a new path name that is relative to the root of the other zone.
For example, if you use the setFileLabel method to change the label of the file /zone/internal/documents/designdoc.odt from INTERNAL to RESTRICTED, the new path of the file will be /zone/restricted/documents/designdoc.odt. Note that if the destination directory does not exist, the file is not moved.
The following code fragment shows how you might change the label of the file:
SolarisLabel.setFileLabel(new File("/zone/internal/documents/designdoc.odt"), SolarisLabel.getSensitivityLabel("RESTRICTED")); |
When you change the sensitivity label of a file, the original file is deleted. The only exception occurs when the source and destination file systems are loopback-mounted from the same underlying file system. In this case, the file is renamed.
The Java virtual machine must be running with the appropriate privilege (file_upgrade_sl or file_downgrade_sl) to relabel a file.
For more information about setting privileges, see Chapter 2, Developing Privileged Applications, in Oracle Solaris Security for Developers Guide. See also the setflabel(3TSOL) man page.