Oracle Solaris Trusted Extensions Label Administration

Planning the Use of Words in MAC

The classifications and compartments in sensitivity labels and user clearances are used in mandatory access control (MAC). Therefore, the legal department's hierarchical labels and the group names need to be encoded as classifications and compartments so that they can be used in the labels that control which individual employees can access files and do other work.

SecCompany, Inc. defines a sensitivity label with the PUBLIC classification, which is assigned the lowest value in the User Accreditation Range, and another sensitivity label with the INTERNAL_USE_ONLY classification with the next highest value above PUBLIC.

An employee with no authorizations whose clearance is PUBLIC and whose minimum label is PUBLIC is able to use the system as follows: