Trusted Extensions defines two types of labels:
Sensitivity labels, often referred to as labels
Clearance labels, referred to as clearances
Sensitivity labels, label ranges, and a label limit or clearance determine who can access which objects on the system. Clearance labels are assigned to users. Sensitivity labels are assigned to processes, including user processes, and to files and directories.
Some objects have a label range. These objects can be accessed at a particular label within the defined label range. A label range from ADMIN_LOW to ADMIN_HIGH allows access at all labels. The security administrator can narrow that label range. Objects with label ranges include the following:
All hosts and networks with which communications are allowed
User accounts and role accounts
Allocatable devices, such as tape drives, CD-ROM and DVD devices, and audio devices
Other devices that are not allocatable, for example, printers, workstations (which are controlled through the label range of the frame buffer), and serial lines when they are used as a login device
The various procedures for setting labels on these objects is described in Trusted Extensions Configuration and Administration . Device Manager GUI in Trusted Extensions Configuration and Administration describes how to set label ranges on devices.