Solaris Trusted Extensions Developer's Guide
|
|||
|
1. Solaris Trusted Extensions APIs and Security Policy Setting a File Sensitivity Label Obtaining the Color Names of Labels Obtaining Printer Banner Information 4. Printing and the Label APIs 5. Interprocess Communications 8. Trusted Web Guard Prototype 9. Experimental Java Bindings for the Solaris Trusted Extensions Label APIs |
Determining the Relationship Between Two LabelsIf your application accesses data at different sensitivity labels, perform checks in your code to ensure that the process label has the correct relationship to the data label before you permit an access operation to occur. You check the sensitivity label of the object that is being accessed to determine whether access is permitted by the system. The following code example shows how to test two sensitivity labels for equality, dominance, and strict dominance. The program checks whether a file's label is dominated by or is equal to the process's label. #include <stdio.h>
#include <stdlib.h>
#include <tsol/label.h>
main(int argc, char *argv[])
{
m_label_t *plabel;
m_label_t *flabel;
plabel = m_label_alloc(MAC_LABEL);
flabel = m_label_alloc(MAC_LABEL);
if (getplabel(plabel) == -1) {
perror("getplabel");
exit(1);
}
if (getlabel(argv[1], flabel) == -1) {
perror("getlabel");
exit(1);
}
if (blequal(plabel, flabel)) {
printf("Labels are equal\n");
}
if (bldominates(plabel, flabel)) {
printf("Process label dominates file label\n");
}
if (blstrictdom(plabel, flabel)) {
printf("Process label strictly dominates file label\n");
}
m_label_free(plabel);
m_label_free(flabel);
return (0);
}The text output of this program depends on the process's label, relative to the label of the file that was passed to the process, as follows:
|
||
|