I'm sponsoring this case for myself. It updates the PSARC/2005/259
"Layered Trusted Solaris Label Interfaces" str_to_label(3tsol) function.
The commitment level remains Committed. A Patch release binding is requested.
A full diff marked man page is in the case directory.
The timer is set for 10 June, 2009.
Gary..
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Background:
==========
str_to_label() is the Committed interface to translate strings to various
type of labels in Solaris Trusted Extensions. The implementation is a
client side in libtsol(3LIB), which for label translation services call
the labeld(1M) service. labeld in turn implements a set of algorithms
which parse strings based on rules define in label_encodings(4).
For MAC_LABEL type labels, a set of supplemental rules called the
ACCREDITATION RANGE: are defined. str_to_label() does not provide an
interface that takes these rules into account. There is a Project Private
interface to check against the accreditation range. A recent request
for a Committed interface lead to RFE 6845609 "str_to_label(3) should be
able to verify if the label is within the accreditation range"
Proposal:
========
Provide for optional checking if the string being translated is acceptable
to the accreditation range rules. A new error code, M_OUTSIDE_AR, will be
returned if the resulting str_to_label() translation is not in the
label_encodings(4) defined accreditation range and a new flag, L_CHECK_AR,
is passed in.
str_to_label(3TSOL):
int str_to_label(const char *string, m_label_t **label,
const m_label_type_t label_type, uint_t flags, int *error);
DESCRIPTION
The str_to_label() function is a simple function to parse
human readable strings into labels of the requested type.
[ . . . ]
If flags is L_DEFAULT, the previously parsed label is
replaced and the parsing algorithm makes a best effort to
imply a valid label from the elements of string.
+ If flags contains L_CHECK_AR logically or-ed with another value,
+ the resulting label will be checked to ensure that it is within
+ the "Accreditation Range" of the DIA encodings schema. This flag
+ is only interpreted for MAC_LABEL label types.
[ . . . ]
ERRORS
The str_to_label() function will fail if:
EINVAL Invalid parameter. M_BAD_STRING indicates that
string could not be parsed. M_BAD_LABEL indicates
| that the label passed in was in error. M_OUTSIDE_AR
+ indicates that the resulting label is not within the
+ "Accreditation Range" specified in the DIA encodings
+ schema.
