Solaris Trusted Extensions Developer's Guide
Previous Next

Document Information

Preface

1.  Solaris Trusted Extensions APIs and Security Policy

2.  Labels and Clearances

3.  Label Code Examples

Obtaining a Process Label

Obtaining a File Label

Setting a File Sensitivity Label

Determining the Relationship Between Two Labels

Obtaining the Color Names of Labels

Obtaining Printer Banner Information

4.  Printing and the Label APIs

5.  Interprocess Communications

6.  Trusted X Window System

7.  Label Builder APIs

8.  Trusted Web Guard Prototype

9.  Experimental Java Bindings for the Solaris Trusted Extensions Label APIs

A.  Programmer's Reference

B.  Solaris Trusted Extensions API Reference

Index

Obtaining Printer Banner Information

The label_encodings file defines several conversions that are useful for printing security information on printer output. Label conversions are printed at the top and at the bottom of pages. Other conversions, such as handling channels, can appear on the banner pages.

In the following code example, the label_to_str() routine converts a label to strings, such as the header and footer, a caveats section, and handling channels. This routine is used internally by the Trusted Extensions print system, as shown in Chapter 4, Printing and the Label APIs.

#include <stdlib.h>
#include <stdio.h>

#include <tsol/label.h>

int
main()
{
   m_label_t *plabel;
   char *header = NULL;
   char *label = NULL;
   char *caveats = NULL;
   char *channels = NULL;

   plabel = m_label_alloc(MAC_LABEL);
   if (getplabel(plabel) == -1) {
      perror("getplabel");
      exit(1);
   }
   if (label_to_str(plabel, &header, PRINTER_TOP_BOTTOM, DEF_NAMES) != 0) {
      perror("label_to_str: header");
      exit(1);
   }
   if (label_to_str(plabel, &label, PRINTER_LABEL, DEF_NAMES) != 0) {
      perror("label_to_str: label");
      exit(1);
   }
   if (label_to_str(plabel, &caveats, PRINTER_CAVEATS, DEF_NAMES) != 0) {
      perror("label_to_str: caveats");
      exit(1);
   }
   if (label_to_str(plabel, &channels, PRINTER_CHANNELS, DEF_NAMES) != 0) {
      perror("label_to_str: channels");
      exit(1);
   }

   printf("\t\t\t\"%s\"\n\n", header);
   printf("\t\tUnless manually reviewed and downgraded, this output\n");
   printf("\t\tmust be protected at the following label:\n\n");
   printf("\t\t\t\"%s\"\n", label);
   printf("\n\n\n");
   printf("\t\t\"%s\"\n", caveats);
   printf("\t\t\"%s\"\n", channels);
   printf("\n\n");
   printf("\t\t\t\"%s\"\n", header);

   m_label_free(plabel);

   return (0);
}

For a process label of TS SA SB, the text output might be the following:

            "TOP SECRET"

        Unless manually reviewed and downgraded, this output
        must be protected at the following label:

            "TOP SECRET A B SA SB"



        "(FULL SB NAME) (FULL SA NAME)"
        "HANDLE VIA (CH B)/(CH A) CHANNELS JOINTLY"


            "TOP SECRET"

For more information, see the label_encodings(4) man page, Compartmented Mode Workstation Labeling: Encodings Format, and Solaris Trusted Extensions Label Administration.
Previous Next