BLTOS(3TSOL) Trusted Extensions Library Functions BLTOS(3TSOL)

NAME


bltos, bsltos, bcleartos - translate binary labels to character coded
labels

SYNOPSIS


cc [flag...] file... -ltsol [library...]


#include <tsol/label.h>

int bsltos(const m_label_t *label, char **string,
const int str_len, const int flags);


int bcleartos(const m_label_t *label, char **string,
const int str_len, const int flags);


DESCRIPTION


These functions translate binary labels into strings controlled by
the value of the flags parameter.


The bsltos() function translates a binary sensitivity label into a
string. The applicable flags are LONG_CLASSIFICATION or
SHORT_CLASSIFICATION, LONG_WORDS or SHORT_WORDS, VIEW_EXTERNAL or
VIEW_INTERNAL, and NO_CLASSIFICATION. A flags value 0 is equivalent
to (SHORT_CLASSIFICATION | LONG_WORDS).


The bcleartos() function translates a binary clearance into a string.
The applicable flags are LONG_CLASSIFICATION or SHORT_CLASSIFICATION,
LONG_WORDS or SHORT_WORDS, VIEW_EXTERNAL or VIEW_INTERNAL, and
NO_CLASSIFICATION. A flags value 0 is equivalent to
(SHORT_CLASSIFICATION | LONG_WORDS). The translation of a clearance
might not be the same as the translation of a sensitivity label.
These functions use different label_encodings file tables that might
contain different words and constraints.


The calling process must have PRIV_SYS_TRANS_LABEL in its set of
effective privileges to perform label translation on labels that
dominate the current process's sensitivity label.


The generic form of an output character-coded label is:

CLASSIFICATION WORD1 WORD2 WORD3/WORD4 SUFFIX PREFIX WORD5/WORD6


Capital letters are used to display all CLASSIFICATION names and
WORDs. The ` ' (space) character separates classifications and words
from other words in all character-coded labels except where multiple
words that require the same PREFIX or SUFFIX are present, in which
case the multiple words are separated from each other by the `/'
(slash) character.


The string argument can point to either a pointer to pre-allocated
memory, or the value (char *)0. If string points to a pointer to pre-
allocated memory, then str_len indicates the size of that memory. If
string points to the value (char *)0, memory is allocated using
malloc() to contain the translated character-coded labels. The
translated label is copied into allocated or pre-allocated memory.


The flags argument is 0 or the logical sum of the following:

LONG_WORDS
Translate using long names of words defined
in label.


SHORT_WORDS
Translate using short names of words defined
in label. If no short name is defined in the
label_encodings file for a word, the long
name is used.


LONG_CLASSIFICATION
Translate using long name of classification
defined in label.


SHORT_CLASSIFICATION
Translate using short name of classification
defined in label.


ACCESS_RELATED
Translate only access-related entries defined
in information label label.


VIEW_EXTERNAL
Translate ADMIN_LOW and ADMIN_HIGH labels to
the lowest and highest labels defined in the
label_encodings file.


VIEW_INTERNAL
Translate ADMIN_LOW and ADMIN_HIGH labels to
the admin low name and admin high name
strings specified in the label_encodings
file. If no strings are specified, the
strings "ADMIN_LOW" and "ADMIN_HIGH" are
used.


NO_CLASSIFICATION
Do not translate classification defined in
label.


Process Attributes


If the VIEW_EXTERNAL or VIEW_INTERNAL flags are not specified,
translation of ADMIN_LOW and ADMIN_HIGH labels is controlled by the
label view process attribute flags. If no label view process
attribute flags are defined, their translation is controlled by the
label view configured in the label_encodings file. A value of
External specifies that ADMIN_LOW and ADMIN_HIGH labels are mapped to
the lowest and highest labels defined in the label_encodings file. A
value of Internal specifies that the ADMIN_LOW and ADMIN_HIGH labels
are translated to the admin low and admin high name strings specified
in the label_encodings file. If no such names are specified, the
strings "ADMIN_LOW" and "ADMIN_HIGH" are used.

RETURN VALUES


Upon successful completion, the bsltos() and bcleartos() functions
return the length of the character-coded label, including the NULL
terminator.


If the label is not of the valid defined required type, if the label
is not dominated by the process sensitivity label and the process
does not have PRIV_SYS_TRANS_LABEL in its set of effective
privileges, or if the label_encodings file is inaccessible, these
functions return -1.


If memory cannot be allocated for the return string or if the pre-
allocated return string memory is insufficient to hold the string,
these functions return 0. The value of the pre-allocated string is
set to the NULL string (string[0]='\0';).

FILES


/etc/security/tsol/label_encodings

The label encodings file contains the classification names,
words, constraints, and values for the defined labels of this
system.


ATTRIBUTES


See attributes(7) for descriptions of the following attributes:


+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Interface Stability | Obsolete |
+--------------------+-------------------------+
|MT-Level | MT-Safe with exceptions |
+--------------------+-------------------------+


The bsltos() and bcleartos() functions are Obsolete. Use the
label_to_str(3TSOL) function instead.

SEE ALSO


free(3C), malloc(3C), libtsol(3LIB), label_to_str(3TSOL),
label_encodings(5), attributes(7)

NOTES


The functionality described on this manual page is available only if
the system is configured with Trusted Extensions.


If memory is allocated by these functions, the caller must free the
memory with free(3C) when the memory is no longer in use.

July 20, 2007 BLTOS(3TSOL)
tribblix@gmail.com :: GitHub :: Privacy