1stobl(3TSOL)         Trusted Extensions Library Functions         stobl(3TSOL)
2
3
4

NAME

6       stobl,  stobsl,  stobclear - translate character-coded labels to binary
7       labels
8

SYNOPSIS

10       cc [flag...] file... -ltsol [library...]
11
12
13       #include <tsol/label.h>
14
15       int stobsl(const char *string, m_label_t *label, const int flags,
16            int *error);
17
18
19       int stobclear(const char *string, m_label_t *clearance,
20            const int flags, int *error);
21
22

DESCRIPTION

24       The stobsl() and stobclear() functions translate character-coded labels
25       into binary labels. They also modify an existing binary label by incre‐
26       menting or decrementing it to produce a new binary  label  relative  to
27       its existing value.
28
29
30       The calling process must have PRIV_SYS_TRANS_LABEL in its set of effec‐
31       tive privileges to perform label translation on character-coded  labels
32       that dominate the process's sensitivity label.
33
34
35       The generic form of an input character-coded label string is:
36
37         [  +  ] classification name ] [ [  + | − ] word ...
38
39
40
41
42       Leading  and  trailing  white space is ignored. Fields are separated by
43       white space, a `/' (slash), or a `,' (comma). Case  is  irrelevant.  If
44       string  starts  with + or , string is interpreted a modification to an
45       existing label. If string starts with a classification name followed by
46       a  + or , the new classification is used and the rest of the old label
47       is retained and modified as specified by string. + modifies an existing
48       label  by adding words. modifies an existing label by removing words.
49       To the maximum extent possible, errors in string are corrected  in  the
50       resulting binary label label.
51
52
53       The stobsl() and stobclear() functions also translate hexadecimal label
54       representations into binary labels (see hextob(3TSOL)) when the  string
55       starts  with  0x  and either NEW_LABEL or NO_CORRECTION is specified in
56       flags.
57
58
59       The flags argument can take the following values:
60
61       NEW_LABEL        label contents is not used, is formatted as a label of
62                        the  relevant type, and is assumed to be ADMIN_LOW for
63                        modification changes. If  NEW_LABEL  is  not  present,
64                        label  is  validated as a defined label of the correct
65                        type dominated by the process's sensitivity label.
66
67
68       NO_CORRECTION    No corrections are made if there  are  errors  in  the
69                        character-coded  label string. string must be complete
70                        and contain all the label components that are required
71                        by  the  label_encodings  file. The NO_CORRECTION flag
72                        implies the NEW_LABEL flag.
73
74
75       0 (zero)         The default action is taken.
76
77
78
79       The error argument is a return parameter that is set only if the  func‐
80       tion is unsuccessful.
81
82
83       The  stobsl() function translates the character-coded sensitivity label
84       string into a binary sensitivity label and places  the  result  in  the
85       return parameter label.
86
87
88       The flags argument can be either NEW_LABEL, NO_CORRECTION, or 0 (zero).
89       Unless NO_CORRECTION is specified, this translation forces the label to
90       dominate  the minimum classification, and initial compartments set that
91       is specified in the label_encodings file  and  corrects  the  label  to
92       include  other  label  components required by the label_encodings file,
93       but not present in string.
94
95
96       The  stobclear()  function  translates  the  character-coded  clearance
97       string  into  a  binary  clearance  and places the result in the return
98       parameter clearance.
99
100
101       The flags argument can be either NEW_LABEL, NO_CORRECTION, or 0 (zero).
102       Unless NO_CORRECTION is specified, this translation forces the label to
103       dominate the minimum classification, and initial compartments set  that
104       is  specified  in  the  label_encodings  file and corrects the label to
105       include other label components that are required by the label_encodings
106       file,  but  not present in string. The translation of a clearance might
107       not be the same as the translation of a sensitivity label. These  func‐
108       tions  use different tables of the label_encodings file that might con‐
109       tain different words and constraints.
110

RETURN VALUES

112       These functions return 1 if the translation was successful and a  valid
113       binary label was returned. Otherwise they return 0 and the value of the
114       error argument indicates the error.
115

ERRORS

117       When these functions return zero, error contains one of  the  following
118       values:
119
120       −1       Unable to access the label_encodings file.
121
122
123       0        The  label  label  is  not  valid for this translation and the
124                NEW_LABEL or NO_CORRECTION flag  was  not  specified,  or  the
125                label  label  is  not  dominated  by the process's sensitivity
126                label and the process does not  have  PRIV_SYS_TRANS_LABEL  in
127                its set of effective privileges.
128
129
130       >0       The  character-coded label string is in error. error is a one-
131                based index into string indicating where the translation error
132                occurred.
133
134

FILES

136       /etc/security/tsol/label_encodings
137
138           The  label encodings file contains the classification names, words,
139           constraints, and values for the defined labels of this system.
140
141

ATTRIBUTES

143       See attributes(5) for descriptions of the following attributes:
144
145
146
147
148       ┌─────────────────────────────┬─────────────────────────────┐
149       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
150       ├─────────────────────────────┼─────────────────────────────┤
151       │Interface Stability          │Obsolete                     │
152       ├─────────────────────────────┼─────────────────────────────┤
153       │MT-Level                     │MT-Safe                      │
154       └─────────────────────────────┴─────────────────────────────┘
155
156
157       The  stobsl()  and  stobclear()  functions  are   obsolete.   Use   the
158       str_to_label(3TSOL) function instead.
159

SEE ALSO

161       blcompare(3TSOL),  hextob(3TSOL),  libtsol(3LIB),  str_to_label(3TSOL),
162       attributes(5)
163

NOTES

165       The functionality described on this manual page is  available  only  if
166       the system is configured with Trusted Extensions.
167
168
169       In  addition  to the ADMIN_LOW name and ADMIN_HIGH name strings defined
170       in the label_encodings file, the strings "ADMIN_LOW"  and  "ADMIN_HIGH"
171       are  always  accepted as character-coded labels to be translated to the
172       appropriate ADMIN_LOW and ADMIN_HIGH label, respectively.
173
174
175       Modifying an existing ADMIN_LOW label acts as the  specification  of  a
176       NEW_LABEL  and  forces  the label to start at the minimum label that is
177       specified in the label_encodings file.
178
179
180       Modifying an existing ADMIN_HIGH label is  treated  as  an  attempt  to
181       change  a  label that represents the highest defined classification and
182       all the defined compartments that are specified in the  label_encodings
183       file.
184
185
186       The  NO_CORRECTION  flag is used when the character-coded label must be
187       complete and accurate so that translation to and from the  binary  form
188       results in an equivalent character-coded label.
189
190
191
192SunOS 5.11                        20 Jul 2007                     stobl(3TSOL)
Impressum