| Skip Navigation Links | |
| Exit Print View | |
|
Trusted Extensions Developer's Guide Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Trusted Extensions Developer's Guide Oracle Solaris 11.1 Information Library |
1. Trusted Extensions APIs and Security Policy
4. Interprocess Communications
7. Trusted Web Guard Prototype
8. Experimental Java Bindings for the Solaris Trusted Extensions Label APIs
Figure 6-1 shows the label builder GUI that is created by the following tgnome-selectlabel command:
# tgnome-selectlabel -n admin_low -x admin_high
Figure 6-1 Label Builder GUI
The label builder GUI in the figure includes the Classification and Sensitivity lists, the default label, and the Revert, Help, Cancel, and OK buttons.
You can build a sensitivity label or a clearance by selecting radio buttons, check boxes, or both from the classifications and compartments that are shown in the Classification and Sensitivity lists.
The information about the classifications, compartments, and markings is specified in the label_encodings file for the system. The combinations and constraints that are specified in the label_encodings file are enforced by graying out invalid combinations.
The Revert button resets the text in the adjacent field to the value that was set when the application started.
The Label Selector dialog box shows only those classifications and related compartments that are dominated by the workspace sensitivity label. If the executable has the sys_trans_label privilege in its effective set, more classifications and compartments might be shown.
If a user does not have the authorization to upgrade or downgrade labels, the OK and Revert buttons are grayed out. The same is true if the user-built label is outside of the user's label range. The grayed-out buttons prevent the user from completing the task. No privileges can override these restrictions.
To add online help to your application, follow the procedures and guidelines in “Writing Context Sensitive Help” in GNOME Documentation System.
The Trusted Extensions txzonemgr command uses the tgnome-selectlabel utility to create label builder GUIs that help the user specify labels for the following:
Labeled zones
Multilevel ports
The following examples show how the tgnome-selectlabel utility is used in the txzonemgr command.
Example 6-1 selectLabel() Function
The selectLabel() function uses the tgnome-selectlabel utility to create a label builder GUI that helps the user select the label for a new labeled zone.
title="Labeled Zone Manager 2.2"
msg_getlabel=${gettext "Select a label for the")
...
selectLabel() {
hexlabel=$(tgnome-selectlabel \
--title="$title" \
--text="$msg_getlabel $zonename zone:" \
--min="${DEFAULTLABEL}" \
--default="${DEFAULTLABEL}" \
--max=$(chk_encodings -X) \
--accredcheck=yes \
--mode=sensitivity \
--format=internal \
2>/dev/null)
if [ $? = 0 ] ; then
setTNdata
if [ $? -ne 0 ] ; then
return 1
fi
fi
}Example 6-2 getLabelRange() Function
The getLabelRange() function uses the tgnome-selectlabel utility to select the minimum and maximum labels for a multilevel port.
title="Labeled Zone Manager 2.2"
msg_getmin=$(gettext "Select the minimum network label for the")
msg_getmax=$(gettext "Select the maximum network label for the")
...
getLabelRange() {
deflabel=$(tncfg -t $cipso_template info min_label|cut -d= -f2)
minlabel=$(tgnome-selectlabel \
--title="$title" \
--text="$msg_getmin $zonename zone:" \
--min="admin_low" \
--max="$hexlabel" \
--default="$deflabel" \
--accredcheck=no \
--mode=sensitivity \
--format=internal \
2>/dev/null)
[ $? != 0 ] && return
deflabel=$(tncfg -t $cipso_template info max_label|cut -d= -f2)
maxlabel=$(tgnome-selectlabel \
--title="$title" \
--text="$msg_getmax $zonename zone:" \
--min="${minlabel}" \
--max="admin_high" \
--default="$deflabel" \
--accredcheck=no \
--mode=sensitivity \
--format=internal \
2>/dev/null)
[ $? != 0 ] && return
hostType=cipso
updateTemplate
}
|