Go to main content

Trusted Extensions Developer's Guide

Exit Print View

Updated: November 2020

Multilevel Port Information

A system that is configured with Trusted Extensions supports single-level and multilevel ports. These ports are used to create connections between applications. A multilevel port can receive data within the range of sensitivity labels that is defined for that port. A single-level port can receive data at a designated sensitivity label only.

  • Single-level port – A communication channel is established between two unprivileged applications. The sensitivity label of the communication endpoints must be equal.

  • Multilevel port – A communication channel is established between an application with the net_bindmlp privilege in its effective set and any number of unprivileged applications that run at different sensitivity labels. The application with the net_bindmlp privilege in the effective set of its process can receive all data from the applications, regardless of the receiving application's sensitivity label.

    A multilevel port is a server-side mechanism to establish a connection between two Trusted Extensions applications that are running at different labels. If you want a Trusted Extensions client application to communicate with a service that runs on an untrusted operating system at a different label, you might be able to use the SO_MAC_EXEMPT socket option. For more information, see MAC-Exempt Sockets.

Caution  - If a connection is multilevel, ensure that the application does not make a connection at one sensitivity label, and then send or receive data at another sensitivity label. Such a configuration would cause data to reach an unauthorized destination.

The Trusted Network library provides an interface to retrieve the label from a packet. The programmatic manipulation of network packets is not needed. Specifically, you cannot change the security attributes of a message before it is sent. Also, you cannot change the security attributes on the communication endpoint over which the message is sent. You can read the label of a packet, just as you read other security information of a packet. The ucred_getlabel() function is used to retrieve label information.

If your application requires the use of a multilevel port, that port cannot be created programmatically. Rather, you must tell the system administrator to create a multilevel port for the application.