xref: /illumos-gate/usr/src/man/man3tsol/bltos.3tsol (revision e8d80663e4f91871f843bb8ad9108dc0b76dfcf3)
te
Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
BLTOS 3TSOL "Jul 20, 2007"
NAME
bltos, bsltos, bcleartos - translate binary labels to character coded labels
SYNOPSIS

cc [flag...] file... -ltsol [library...]

#include <tsol/label.h>

int bsltos(const m_label_t *label, char **string,
 const int str_len, const int flags);

int bcleartos(const m_label_t *label, char **string,
 const int str_len, const int flags);
DESCRIPTION

These functions translate binary labels into strings controlled by the value of the flags parameter.

The bsltos() function translates a binary sensitivity label into a string. The applicable flags are LONG_CLASSIFICATION or SHORT_CLASSIFICATION, LONG_WORDS or SHORT_WORDS, VIEW_EXTERNAL or VIEW_INTERNAL, and NO_CLASSIFICATION. A flags value 0 is equivalent to (SHORT_CLASSIFICATION | LONG_WORDS).

The bcleartos() function translates a binary clearance into a string. The applicable flags are LONG_CLASSIFICATION or SHORT_CLASSIFICATION, LONG_WORDS or SHORT_WORDS, VIEW_EXTERNAL or VIEW_INTERNAL, and NO_CLASSIFICATION. A flags value 0 is equivalent to (SHORT_CLASSIFICATION | LONG_WORDS). The translation of a clearance might not be the same as the translation of a sensitivity label. These functions use different label_encodings file tables that might contain different words and constraints.

The calling process must have PRIV_SYS_TRANS_LABEL in its set of effective privileges to perform label translation on labels that dominate the current process's sensitivity label.

The generic form of an output character-coded label is:

CLASSIFICATION WORD1 WORD2 WORD3/WORD4 SUFFIX PREFIX WORD5/WORD6

Capital letters are used to display all CLASSIFICATION names and WORDs. The ` ' (space) character separates classifications and words from other words in all character-coded labels except where multiple words that require the same PREFIX or SUFFIX are present, in which case the multiple words are separated from each other by the `/' (slash) character.

The string argument can point to either a pointer to pre-allocated memory, or the value (char *)0. If string points to a pointer to pre-allocated memory, then str_len indicates the size of that memory. If string points to the value (char *)0, memory is allocated using malloc() to contain the translated character-coded labels. The translated label is copied into allocated or pre-allocated memory.

The flags argument is 0 or the logical sum of the following: LONG_WORDS

Translate using long names of words defined in label.

SHORT_WORDS

Translate using short names of words defined in label. If no short name is defined in the label_encodings file for a word, the long name is used.

LONG_CLASSIFICATION

Translate using long name of classification defined in label.

SHORT_CLASSIFICATION

Translate using short name of classification defined in label.

ACCESS_RELATED

Translate only access-related entries defined in information label label.

VIEW_EXTERNAL

Translate ADMIN_LOW and ADMIN_HIGH labels to the lowest and highest labels defined in the label_encodings file.

VIEW_INTERNAL

Translate ADMIN_LOW and ADMIN_HIGH labels to the admin low name and admin high name strings specified in the label_encodings file. If no strings are specified, the strings "ADMIN_LOW" and "ADMIN_HIGH" are used.

NO_CLASSIFICATION

Do not translate classification defined in label.

"Process Attributes"

If the VIEW_EXTERNAL or VIEW_INTERNAL flags are not specified, translation of ADMIN_LOW and ADMIN_HIGH labels is controlled by the label view process attribute flags. If no label view process attribute flags are defined, their translation is controlled by the label view configured in the label_encodings file. A value of External specifies that ADMIN_LOW and ADMIN_HIGH labels are mapped to the lowest and highest labels defined in the label_encodings file. A value of Internal specifies that the ADMIN_LOW and ADMIN_HIGH labels are translated to the admin low and admin high name strings specified in the label_encodings file. If no such names are specified, the strings "ADMIN_LOW" and "ADMIN_HIGH" are used.

RETURN VALUES

Upon successful completion, the bsltos() and bcleartos() functions return the length of the character-coded label, including the NULL terminator.

If the label is not of the valid defined required type, if the label is not dominated by the process sensitivity label and the process does not have PRIV_SYS_TRANS_LABEL in its set of effective privileges, or if the label_encodings file is inaccessible, these functions return -1.

If memory cannot be allocated for the return string or if the pre-allocated return string memory is insufficient to hold the string, these functions return 0. The value of the pre-allocated string is set to the NULL string (*string[0]='\00';).

FILES
/etc/security/tsol/label_encodings

The label encodings file contains the classification names, words, constraints, and values for the defined labels of this system.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Obsolete
MT-Level MT-Safe with exceptions

The bsltos() and bcleartos() functions are Obsolete. Use the label_to_str(3TSOL) function instead.

SEE ALSO

free(3C), label_to_str(3TSOL), libtsol(3LIB), malloc(3C), label_encodings(4), attributes(5)

NOTES

The functionality described on this manual page is available only if the system is configured with Trusted Extensions.

If memory is allocated by these functions, the caller must free the memory with free(3C) when the memory is no longer in use.