| Skip Navigation Links | |
| Exit Print View | |
|
Trusted Extensions Developer's Guide Oracle Solaris 10 1/13 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Trusted Extensions Developer's Guide Oracle Solaris 10 1/13 Information Library |
1. Trusted Extensions APIs and Security Policy
Setting a File Sensitivity Label
Determining the Relationship Between Two Labels
Obtaining the Color Names of Labels
4. Printing and the Label APIs
5. Interprocess Communications
8. Trusted Web Guard Prototype
9. Experimental Java Bindings for the Solaris Trusted Extensions Label APIs
The label_encodings file defines several conversions that are useful for printing security information on printer output. Label conversions are printed at the top and at the bottom of pages. Other conversions, such as handling channels, can appear on the banner pages.
In the following code example, the label_to_str() routine converts a label to strings, such as the header and footer, a caveats section, and handling channels. This routine is used internally by the Trusted Extensions print system, as shown in Chapter 4, Printing and the Label APIs.
#include <stdlib.h>
#include <stdio.h>
#include <tsol/label.h>
int
main()
{
m_label_t *plabel;
char *header = NULL;
char *label = NULL;
char *caveats = NULL;
char *channels = NULL;
plabel = m_label_alloc(MAC_LABEL);
if (getplabel(plabel) == -1) {
perror("getplabel");
exit(1);
}
if (label_to_str(plabel, &header, PRINTER_TOP_BOTTOM, DEF_NAMES) != 0) {
perror("label_to_str: header");
exit(1);
}
if (label_to_str(plabel, &label, PRINTER_LABEL, DEF_NAMES) != 0) {
perror("label_to_str: label");
exit(1);
}
if (label_to_str(plabel, &caveats, PRINTER_CAVEATS, DEF_NAMES) != 0) {
perror("label_to_str: caveats");
exit(1);
}
if (label_to_str(plabel, &channels, PRINTER_CHANNELS, DEF_NAMES) != 0) {
perror("label_to_str: channels");
exit(1);
}
printf("\t\t\t\"%s\"\n\n", header);
printf("\t\tUnless manually reviewed and downgraded, this output\n");
printf("\t\tmust be protected at the following label:\n\n");
printf("\t\t\t\"%s\"\n", label);
printf("\n\n\n");
printf("\t\t\"%s\"\n", caveats);
printf("\t\t\"%s\"\n", channels);
printf("\n\n");
printf("\t\t\t\"%s\"\n", header);
m_label_free(plabel);
return (0);
}
For a process label of TS SA SB, the text output might be the following:
"TOP SECRET"
Unless manually reviewed and downgraded, this output
must be protected at the following label:
"TOP SECRET A B SA SB"
"(FULL SB NAME) (FULL SA NAME)"
"HANDLE VIA (CH B)/(CH A) CHANNELS JOINTLY"
"TOP SECRET"
For more information, see the label_encodings(4) man page, Compartmented Mode Workstation Labeling: Encodings Format, and Trusted Extensions Label Administration.
|