Go to main content

Trusted Extensions Label Administration

Exit Print View

Updated: August 2018
 
 

How to Create a Single-Label Encodings File

    Certain labels must always be present in a label_encodings file:

  • One sensitivity label in the user accreditation range must be defined

  • One clearance in the user accreditation range must be defined

  • One information label in the user accreditation range must be defined

Before You Begin

You must be in the Security Administrator role in the global zone.

  1. Open an existing encodings file or create a new one.

    Provide a name that is different from the installed label_encodings file.

    # pfedit label_encodings.myco.single
  2. Specify one classification and only the desired compartments.

    For example, you could set up an encodings file with the INTERNAL_USE_ONLY classification, and specify no words.

    VERSION= MyCompany Single-Label Encodings - 1.01 10/10/11
. . .
CLASSIFICATIONS:

name= INTERNAL_USE_ONLY;       sname= INTERNAL;  value= 5;

INFORMATION LABELS:

WORDS:

SENSITIVITY LABELS:

WORDS:

CLEARANCES:

WORDS:

CHANNELS:

WORDS:

PRINTER BANNERS:

WORDS:
  3. In the ACCREDITATION RANGE section, include only one classification and one valid compartment combination.

    In the following example, the INTERNAL classification is encoded.

    ACCREDITATION RANGE:

classification= INTERNAL;
only valid compartment combinations:

INTERNAL

minimum clearance= INTERNAL;
minimum sensitivity label= INTERNAL;
minimum protect as classification= INTERNAL;
  4. Add and modify the LOCAL DEFINITIONS section.

    For details, see Modifying Extensions From Oracle Solaris to the label_encodings File.

Example 10  Defining the Accreditation Range in a Single-Label Encodings File

The following example shows the settings in the ACCREDITATION RANGE section for a single-level label encodings file. A single ANY_CLASS classification is defined. Compartment words A, B, and REL CNTRY 1 are specified for all types of labels.

ACCREDITATION RANGE:

classification= ANY_CLASS;      only valid compartment combinations:

ANY_CLASS A B REL CNTRY1

minimum clearance= ANY_CLASS A B REL CNTRY1;
minimum sensitivity label= ANY_CLASS A B REL CNTRY1;
minimum protect as classification= ANY_CLASS;
Example 11  Changing the Single Label Name

In this example, the label_encodings.example file is changed to handle a single-label company. The name= value is changed from SECRET to INTERNAL_USE_ONLY. The sname= value is changed from s to INTERNAL. Neither the value= nor the initial compartments= definition is changed.

CLASSIFICATIONS:
name= INTERNAL_USE_ONLY;  sname= INTERNAL;  value= 5; initial compartments= 4-5
190-239;

In the ACCREDITATION RANGE section, the short name of the classification is replaced. Also, the minimum values are replaced with the new sname.

ACCREDITATION RANGE:

classification= INTERNAL;      only valid compartment combinations:

INTERNAL

minimum clearance= INTERNAL;
minimum sensitivity label= INTERNAL;
minimum protect as classification= INTERNAL;

Next Steps

Verify the file by performing How to Analyze and Verify the label_encodings File.

Distribute the file by following How to Distribute the label_encodings File.

Copyright © 1997, 2018, Oracle and/or its affiliates. All rights reserved. 
Previous
Next