getuserrange - get the label range of a user
cc [flags...] file... -ltsol [library...]
#include <tsol/label.h> m_range_t *getuserrange(const char *username);
The getuserrange() function returns the label range of username. The lower bound in the range is used as the initial workspace label when a user logs into a multilevel desktop. The upper bound, or clearance, is used as an upper limit to the available labels that a user can assign to labeled workspaces.
The default value for a user's label range is specified in label_encodings(5). Overriding values for individual users are specified in user_attr(5).
If the labeld(8) service is enabled, the default value for a user's label range is specified in label_encodings(5). Otherwise, the default clearance is specified by the CLEARANCE property in policy.conf(5), which defaults to ADMIN_HIGH. Overriding values for individual users are specified in user_attr(5).
The getuserrange() function returns NULL if the memory allocation fails. Otherwise, the function returns a structure which must be freed by the caller, as follows:
m_range_t *range; ... m_label_free(range->lower_bound); m_label_free(range->upper_bound); free(range);
The getuserrange() function will fail if:
The physical limits of the system are exceeded by size bytes of memory which cannot be allocated.
See attributes(7) for descriptions of the following attributes:
|
The getuserrange() function is Committed for systems that implement the Defense Intelligence Agency (DIA) MAC policy of label_encodings(5). Other policies might exist in a future release of Trusted Extensions that might make obsolete or supplement label_encodings.
free(3C), libtsol(3LIB), m_label_free(3TSOL), label_encodings(5), user_attr(5), attributes(7)