These Java bindings use the Java File object to obtain and set file labels. Use the getFileLabel static factory to obtain the label from the file's File object. To set a file label to another specified label, use the setFileLabel method on the file's File object.
In addition to obtaining the sensitivity label of a file, the getSocketPeer static factory enables you to obtain the sensitivity label for the peer endpoint of a socket.
The getFileLabel static factory and the setFileLabel method correspond to the getlabel() system call and the setflabel() routine, respectively. For more information, see Obtaining and Setting the Label of a File and the getlabel(2) and setflabel(3TSOL) man pages.
The following descriptions include the prototype declarations for the static factories and the method:
The getFileLabel static factory obtains the label of a Java File object that is specified by file.
The getSocketPeer static factory obtains a sensitivity label object from the specified socket, socket.
The following code fragment obtains the sensitivity label object of the socket, s:
SensitivityLabel sl = SolarisLabel.getSocketPeer(s);
The following example code shows how to create a server socket on port 9090 and then obtain the sensitivity label of the peer end of the accepted connection. This code example also outputs the internal and human-readable forms, the color, and the root path of the obtained socket peer label.
import java.io.*;
import java.net.*;
import solarismac.*;
public class ServerSocketTest
{
public static void main (String args[]) {
System.out.println("ServerSocketTest Start");
CreateListner();
System.out.println("ServerSocketTest End");
}
/*
* Listen for connections on port then print the peer connection label.
* You can use telnet host 9090 to create a client connection.
*/
private static void CreateListner() {
int port = 9090;
ServerSocket acceptSocket;
Socket s;
try {
System.out.println("Creating ServerSocket on port " + port);
acceptSocket = new ServerSocket(port);
System.out.println("ServerSocket created, waiting for connection");
s = acceptSocket.accept();
/*
* Get the Sensitivity Label for the peer end of the socket.
*/
SensitivityLabel socksl = SolarisLabel.getSocketPeer(s);
System.out.println("Client connected...");
System.out.println(" toInternal: " + socksl.toInternal());
System.out.println(" toText: " + socksl.toText());
System.out.println(" toString: " + socksl.toString());
System.out.println(" toColor: " + socksl.toColor());
System.out.println(" toRootPath: " + socksl.toRootPath());
} catch (Exception e) {
e.printStackTrace();
}
}
}
The setFileLabel method changes the sensitivity label of the specified file to the specified label. When the sensitivity label of a file changes, the file is moved to the zone that corresponds to the new label. The file is moved to a new path name that is relative to the root of the other zone.
For example, if you use the setFileLabel method to change the label of the file /zone/internal/documents/designdoc.odt from INTERNAL to RESTRICTED, the new path of the file will be /zone/restricted/documents/designdoc.odt. Note that if the destination directory does not exist, the file is not moved.
The following code fragment shows how you might change the label of the file:
SolarisLabel.setFileLabel(new File("/zone/internal/documents/designdoc.odt"),
SolarisLabel.getSensitivityLabel("RESTRICTED"));When you change the sensitivity label of a file, the original file is deleted. The only exception occurs when the source and destination file systems are loopback-mounted from the same underlying file system. In this case, the file is renamed.
The Java virtual machine must be running with the appropriate privilege (file_upgrade_sl or file_downgrade_sl) to relabel a file.
For more information about setting privileges, see Developing Privileged Applications, in Solaris Security for Developers Guide. See also the setflabel(3TSOL) man page.