Trusted Extensions Library Functions stobl(3TSOL)
NAME
stobl, stobsl, stobclear - translate character-coded labels
to binary labels
SYNOPSIS
cc [flag...] file... -ltsol [library...]
#include
int stobsl(const char *string, mlabelt *label, const int flags,
int *error);
int stobclear(const char *string, mlabelt *clearance,
const int flags, int *error);
DESCRIPTION
The stobsl() and stobclear() functions translate character-
coded labels into binary labels. They also modify an exist-
ing binary label by incrementing or decrementing it to pro-
duce a new binary label relative to its existing value.
The calling process must have PRIVSYSTRANSLABEL in its
set of effective privileges to perform label translation on
character-coded labels that dominate the process's sensi-
tivity label.
The generic form of an input character-coded label string
is:
[ ] ] classification name ] [ [ ] - ] word ...
Leading and trailing white space is ignored. Fields are
separated by white space, a `/' (slash), or a `,' (comma).
Case is irrelevant. If string starts with ] or -, string is
interpreted a modification to an existing label. If string
starts with a classification name followed by a ] or -, the
new classification is used and the rest of the old label is
retained and modified as specified by string. ] modifies an
existing label by adding words. - modifies an existing label
by removing words. To the maximum extent possible, errors in
string are corrected in the resulting binary label label.
SunOS 5.11 Last change: 20 Jul 2007 1
Trusted Extensions Library Functions stobl(3TSOL)
The stobsl() and stobclear() functions also translate hexa-
decimal label representations into binary labels (see
hextob(3TSOL)) when the string starts with 0x and either
NEWLABEL or NOCORECTION is specified in flags.
The flags argument can take the following values:
NEWLABEL label contents is not used, is formatted as
a label of the relevant type, and is
assumed to be ADMINLOW for modification
changes. If NEWLABEL is not present, label
is validated as a defined label of the
correct type dominated by the process's
sensitivity label.
NOCORECTION No corrections are made if there are errors
in the character-coded label string. string
must be complete and contain all the label
components that are required by the
labelencodings file. The NOCORECTION
flag implies the NEWLABEL flag.
0 (zero) The default action is taken.
The error argument is a return parameter that is set only if
the function is unsuccessful.
The stobsl() function translates the character-coded sensi-
tivity label string into a binary sensitivity label and
places the result in the return parameter label.
The flags argument can be either NEWLABEL, NOCORECTION,
or 0 (zero). Unless NOCORECTION is specified, this trans-
lation forces the label to dominate the minimum classifica-
tion, and initial compartments set that is specified in the
labelencodings file and corrects the label to include other
label components required by the labelencodings file, but
not present in string.
The stobclear() function translates the character-coded
clearance string into a binary clearance and places the
result in the return parameter clearance.
SunOS 5.11 Last change: 20 Jul 2007 2
Trusted Extensions Library Functions stobl(3TSOL)
The flags argument can be either NEWLABEL, NOCORECTION,
or 0 (zero). Unless NOCORECTION is specified, this trans-
lation forces the label to dominate the minimum classifica-
tion, and initial compartments set that is specified in the
labelencodings file and corrects the label to include other
label components that are required by the labelencodings
file, but not present in string. The translation of a clear-
ance might not be the same as the translation of a sensi-
tivity label. These functions use different tables of the
labelencodings file that might contain different words and
constraints.
RETURN VALUES
These functions return 1 if the translation was successful
and a valid binary label was returned. Otherwise they return
0 and the value of the error argument indicates the error.
ERORS
When these functions return zero, error contains one of the
following values:
-1 Unable to access the labelencodings file.
0 The label label is not valid for this translation
and the NEWLABEL or NOCORECTION flag was not
specified, or the label label is not dominated by
the process's sensitivity label and the process
does not have PRIVSYSTRANSLABEL in its set of
effective privileges.
>0 The character-coded label string is in error. error
is a one-based index into string indicating where
the translation error occurred.
FILES
/etc/security/tsol/labelencodings
The label encodings file contains the classification
names, words, constraints, and values for the defined
labels of this system.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 20 Jul 2007 3
Trusted Extensions Library Functions stobl(3TSOL)
ATRIBUTE TYPE ATRIBUTE VALUE
Interface Stability Obsolete
MT-Level MT-Safe
The stobsl() and stobclear() functions are obsolete. Use the
strtolabel(3TSOL) function instead.
SEE ALSO
blcompare(3TSOL), hextob(3TSOL), libtsol(3LIB),
strtolabel(3TSOL), attributes(5)
NOTES
The functionality described on this manual page is available
only if the system is configured with Trusted Extensions.
In addition to the ADMINLOW name and ADMINHIGH name
strings defined in the labelencodings file, the strings
"ADMINLOW" and "ADMINHIGH" are always accepted as
character-coded labels to be translated to the appropriate
ADMINLOW and ADMINHIGH label, respectively.
Modifying an existing ADMINLOW label acts as the specifica-
tion of a NEWLABEL and forces the label to start at the
minimum label that is specified in the labelencodings file.
Modifying an existing ADMINHIGH label is treated as an
attempt to change a label that represents the highest
defined classification and all the defined compartments that
are specified in the labelencodings file.
The NOCORECTION flag is used when the character-coded
label must be complete and accurate so that translation to
and from the binary form results in an equivalent
character-coded label.
SunOS 5.11 Last change: 20 Jul 2007 4
|
