Skip Navigation Links | |
Exit Print View | |
Compartmented Mode Workstation Labeling: Encodings Format Oracle Solaris 11.1 Information Library |
2. Structure and Syntax of Encodings File
4. Information Label Encodings
5. Sensitivity Label, Clearance, Channels, and Printer Banner Encodings
6. Accreditation Range and Name Information Label Encodings
7. General Considerations for Specifying Encodings
Consistency of Word Specification among Different Types of Labels
Mandatory Access Control Considerations When Encoding Words
Encoding Non-MAC-Related Words
Using Initial Compartments and Markings to Specify Inverse Compartment and Marking Bits
Using Prefixes to Specify Special Inverse Compartment and Marking Bits
Avoiding "Loops" In Required Combinations
Visibility Restrictions for Required Combinations
Relationships between Required Combinations and Combination Constraints
Restrictions on Specifying Information Label Combination Constraints
Consistency of Default Word Specification
8. Enforcing Proper Label Adjudications
A. Encodings Specifications Error Messages
Extreme care must be taken when modifying an encodings file that has already been loaded and run on a CMW system. The reason for concern is the fact that once the system has run with the encodings, many objects will become labeled with sensitivity labels and information labels that are well formed with respect to the encodings loaded. If the encodings are subsequently changed, it is possible that the existing labels will no longer be well formed unless care is taken. Changing the bit patterns associated with words will cause existing objects whose labels contain the words to have possibly invalid labels. Raising the minimum classification or lowering the maximum classification associated with words will likely cause existing objects whose labels contain the words to no longer be well formed.
Therefore, changes to encodings that have already been used should generally be limited to adding new classifications or words, or changing the names of existing words only. However, as described above, it is important to reserve extra inverse bits when the encodings file is first created to allow for later expansion of the encodings to incorporate new inverse words. If an inverse word is added not using reserved inverse bits, all existing objects on the system will erroneously have labels that include the new inverse word.