PSARC/2009/333 str_to_label() update

Glenn Faden Glenn.Faden at sun.com
Tue Jun 2 13:01:26 PDT 2009 

Looks good to me.

--Glenn

Gary Winiger wrote:
> I'm sponsoring this case for myself.  It updates the PSARC/2005/259
> "Layered Trusted Solaris Label Interfaces" str_to_label(3tsol) function.
>
> The commitment level remains Committed.  A Patch release binding is requested.
> A full diff marked man page is in the case directory.
>
> The timer is set for 10 June, 2009.
>
> Gary..
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Background:
> ==========
> str_to_label() is the Committed interface to translate strings to various
> type of labels in Solaris Trusted Extensions.  The implementation is a
> client side in libtsol(3LIB), which for label translation services call
> the labeld(1M) service.  labeld in turn implements a set of algorithms
> which parse strings based on rules define in label_encodings(4).
> For MAC_LABEL type labels, a set of supplemental rules called the
> ACCREDITATION RANGE: are defined.  str_to_label() does not provide an
> interface that takes these rules into account.  There is a Project Private
> interface to check against the accreditation range.  A recent request
> for a Committed interface lead to RFE 6845609 "str_to_label(3) should be
> able to verify if the label is within the accreditation range"
>
> Proposal:
> ========
> Provide for optional checking if the string being translated is acceptable
> to the accreditation range rules.  A new error code, M_OUTSIDE_AR, will be
> returned if the resulting str_to_label() translation is not in the
> label_encodings(4) defined accreditation range and a new flag, L_CHECK_AR,
> is passed in.
>
> str_to_label(3TSOL):
>
>      int str_to_label(const char *string, m_label_t **label,
> 	      const m_label_type_t label_type, uint_t flags, int *error);
>
> DESCRIPTION
>      The str_to_label() function is a simple  function  to  parse
>      human readable strings into labels of the requested type.
>
> [ . . . ]
>
>      If flags  is  L_DEFAULT,  the  previously  parsed  label  is
>      replaced  and  the  parsing algorithm makes a best effort to
>      imply a valid label from the elements of string.
>
> +    If flags contains L_CHECK_AR logically or-ed with another value,
> +    the resulting label will be checked to ensure that it is within
> +    the "Accreditation Range" of the DIA encodings schema.  This flag
> +    is only interpreted for MAC_LABEL label types.
>
> [ . . . ]
>
> ERRORS
>      The str_to_label() function will fail if:
>
>      EINVAL     Invalid parameter.  M_BAD_STRING  indicates  that
> 		string could not be parsed. M_BAD_LABEL indicates
> |               that the label passed in was in error.  M_OUTSIDE_AR
> +               indicates that the resulting label is not within the
> +               "Accreditation Range" specified in the DIA encodings
> +               schema.
>

More information about the opensolaris-arc mailing list