Oracle Solaris Trusted Extensions Label Administration

Accreditation Ranges, Label Ranges, and Valid Labels

Certain combinations of label components can be disqualified by rules in the label_encodings file. Combination rules implicitly define the organization's usable labels. The security administrator is responsible for specifying combination rules.

A valid or well-formed label is a label that satisfies a combination rule. The security administrator defines combination rules by using one of the following means:

Two accreditation ranges are implicitly specified in the label_encodings file:

The term accreditation range is also used for the label ranges that are assigned to user and role accounts, printers, hosts, networks, and other objects. Because rules can constrain the set of valid labels, label ranges and accreditation ranges might not include all the potential combinations of label components in a range.