PSARC/2009/333 str_to_label() update

Gary Winiger gww at sac.sfbay.sun.com
Tue Jun 2 12:56:57 PDT 2009 

I'm sponsoring this case for myself.  It updates the PSARC/2005/259
"Layered Trusted Solaris Label Interfaces" str_to_label(3tsol) function.

The commitment level remains Committed.  A Patch release binding is requested.
A full diff marked man page is in the case directory.

The timer is set for 10 June, 2009.

Gary..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Background:
==========
str_to_label() is the Committed interface to translate strings to various
type of labels in Solaris Trusted Extensions.  The implementation is a
client side in libtsol(3LIB), which for label translation services call
the labeld(1M) service.  labeld in turn implements a set of algorithms
which parse strings based on rules define in label_encodings(4).
For MAC_LABEL type labels, a set of supplemental rules called the
ACCREDITATION RANGE: are defined.  str_to_label() does not provide an
interface that takes these rules into account.  There is a Project Private
interface to check against the accreditation range.  A recent request
for a Committed interface lead to RFE 6845609 "str_to_label(3) should be
able to verify if the label is within the accreditation range"

Proposal:
========
Provide for optional checking if the string being translated is acceptable
to the accreditation range rules.  A new error code, M_OUTSIDE_AR, will be
returned if the resulting str_to_label() translation is not in the
label_encodings(4) defined accreditation range and a new flag, L_CHECK_AR,
is passed in.

str_to_label(3TSOL):

     int str_to_label(const char *string, m_label_t **label,
	      const m_label_type_t label_type, uint_t flags, int *error);

DESCRIPTION
     The str_to_label() function is a simple  function  to  parse
     human readable strings into labels of the requested type.

[ . . . ]

     If flags  is  L_DEFAULT,  the  previously  parsed  label  is
     replaced  and  the  parsing algorithm makes a best effort to
     imply a valid label from the elements of string.

+    If flags contains L_CHECK_AR logically or-ed with another value,
+    the resulting label will be checked to ensure that it is within
+    the "Accreditation Range" of the DIA encodings schema.  This flag
+    is only interpreted for MAC_LABEL label types.

[ . . . ]

ERRORS
     The str_to_label() function will fail if:

     EINVAL     Invalid parameter.  M_BAD_STRING  indicates  that
		string could not be parsed. M_BAD_LABEL indicates
|               that the label passed in was in error.  M_OUTSIDE_AR
+               indicates that the resulting label is not within the
+               "Accreditation Range" specified in the DIA encodings
+               schema.

More information about the opensolaris-arc mailing list