test

Oracle Solaris Trusted Extensions Developer's Guide

Label Relationships

Comparing labels means that the label of a process is compared to the label of a target, which might be a sensitivity label or a clearance label. Based on the result of the comparison, the process is either granted access or denied access to the object. Access is granted only when the label of the process dominates the label of the target. Label relationships and dominance are described later in this section. For examples, see Determining the Relationship Between Two Labels.

A security level is a numerical classification. A label indicates the security level of an entity and might include zero or more compartments. An entity is something that can be labeled, such as a process, zone, file, or device.

Labels are of the following types and relate to each other in these ways:

The label_encodings file is used to specify the classifications and compartments for labels. See the label_encodings(4) man page.

When any type of label has a security level that is equal to or greater than the security level of a second label, the first label is said to dominate the second label. This comparison of security levels is based on classifications and compartments in the labels. The classification of the dominant label must be equal to or greater than the classification of the second label. Additionally, the dominant label must include all the compartments in the second label. Two equal labels are said to dominate each other.

In the following sample excerpt of the label_encodings file, the REGISTERED (REG) label dominates the CONFIDENTIAL (C) label. The comparison is based on the value of each label's value keyword. The value of the REG label's value keyword is numerically greater than or equal to the value of the C label's value keyword. Both labels dominate the PUBLIC (P) label.

The value of the initial compartments keyword shows the list of compartments that are initially associated with the classification. Each number in the initial compartments keyword is a compartment bit, each of which represents a particular compartment.

CLASSIFICATIONS:
name= PUBLIC; sname= P; value= 1;
name= CONFIDENTIAL; sname= C; value= 4; initial compartments= 4-5 190-239;
name= REGISTERED; sname= REG; value= 6; initial compartments= 4-5 190-239;

The following label_encodings excerpt shows that the REG HR label (Human Resources) dominates the REG label. The REG HR label has the REGISTERED classification and the HR compartment. The compartments keyword for the HR compartment sets the 0 compartment bit, so the REG HR classification has compartments 0, 4–5, and 190–239 set, which is more than the compartments set by the REG classification.

CLASSIFICATIONS:
name= REGISTERED; sname= REG; value= 6; initial compartments= 4-5 190-239;
...
WORDS:
name= HR; minclass= C; compartments= 0;

Sometimes, strict dominance is required to access an object. In the previous examples, the REG label strictly dominates the P label, and the REG HR label strictly dominates the REG label. When comparing labels, a REG label dominates another REG label.

Labels that do not dominate each other are said to be disjoint. A disjoint label might be used to separate departments in a company. In the following example, the REG HR label (Human Resources) is defined as being disjoint from the REG Sales label. These labels are disjoint because each compartment sets a different compartment bit.


CLASSIFICATIONS:
name= REGISTERED; sname= REG; value= 6; initial compartments= 4-5 190-239;
...
WORDS:
name= HR; minclass= C; compartments= 0;
name= Sales; minclass= C; compartments= 1;

For information about label APIs, see Sensitivity Label APIs.