SBLTOS(3TSOL) Trusted Extensions Library Functions SBLTOS(3TSOL)
NAME
sbltos, sbsltos, sbcleartos - translate binary labels to canonical
character-coded labels
SYNOPSIS
cc [
flag...]
file...
-ltsol [
library...]
#include <tsol/label.h>
char *sbsltos(
const m_label_t *label,
const int len);
char *sbcleartos(
const m_label_t *clearance,
const int len);
DESCRIPTION
These functions translate binary labels into canonical strings that
are clipped to the number of printable characters specified in
len.
Clipping is required if the number of characters of the translated
string is greater than
len. Clipping is done by truncating the label
on the right to two characters less than the specified number of
characters. A clipped indicator, "<-", is appended to sensitivity
labels and clearances. The character-coded label begins with a
classification name separated with a single space character from the
list of words making up the remainder of the label. The binary labels
must be of the proper defined type and dominated by the process's
sensitivity label. A
len of 0 (zero) returns the entire string with
no clipping.
The
sbsltos() function translates a binary sensitivity label into a
clipped string using the long form of the words and the short form of
the classification name. If
len is less than the minimum number of
characters (three), the translation fails.
The
sbcleartos() function translates a binary clearance into a
clipped string using the long form of the words and the short form of
the classification name. If
len is less than the minimum number of
characters (three), the translation fails. The translation of a
clearance might not be the same as the translation of a sensitivity
label. These functions use different tables of the
label_encodings file which might contain different words and constraints.
The calling process must have
PRIV_SYS_TRANS_LABEL in its set of
effective privileges to perform label translation on labels that
dominate the current process's sensitivity label.
Process Attributes
If the
VIEW_EXTERNAL or
VIEW_INTERNAL flags are not specified,
translation of
ADMIN_LOW and
ADMIN_HIGH labels is controlled by the
label view process attribute flags. If no label view process
attribute flags are defined, their translation is controlled by the
label view configured in the
label_encodings file. A value of
External specifies that
ADMIN_LOW and
ADMIN_HIGH labels are mapped to
the lowest and highest labels defined in the
label_encodings file. A
value of Internal specifies that the
ADMIN_LOW and
ADMIN_HIGH labels
are translated to the
admin low name and
admin high name strings
specified in the
label_encodings file. If no such names are
specified, the strings "
ADMIN_LOW" and "
ADMIN_HIGH" are used.
RETURN VALUES
These functions return a pointer to a statically allocated string
that contains the result of the translation, or
(char *)0 if the
translation fails for any reason.
EXAMPLES
sbsltos() Assume that a sensitivity label is:
UN TOP/MIDDLE/LOWER DRAWER
When clipped to ten characters it is:
UN TOP/M<-
sbcleartos() Assume that a clearance is:
UN TOP/MIDDLE/LOWER DRAWER
When clipped to ten characters it is:
UN TOP/M<-
FILES
/etc/security/tsol/label_encodings The label encodings file contains the classification names,
words, constraints, and values for the defined labels of this
system.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Obsolete |
+--------------------+-----------------+
|MT-Level | Unsafe |
+--------------------+-----------------+
These functions are obsolete and retained for ease of porting. They
might be removed in a future Solaris Trusted Extensions release. Use
the
label_to_str(3TSOL) function instead.
SEE ALSO
libtsol(3LIB),
label_to_str(3TSOL),
attributes(7),
labels(7)WARNINGS
All these functions share the same statically allocated string
storage. They are not MT-Safe. Subsequent calls to any of these
functions will overwrite that string with the newly translated
string.
NOTES
The functionality described on this manual page is available only if
the system is configured with Trusted Extensions.
July 20, 2007 SBLTOS(3TSOL)
