Looks good to me. --Glenn
Gary Winiger wrote: > I'm sponsoring this case for myself. It updates the PSARC/2005/259 > "Layered Trusted Solaris Label Interfaces" str_to_label(3tsol) function. > > The commitment level remains Committed. A Patch release binding is requested. > A full diff marked man page is in the case directory. > > The timer is set for 10 June, 2009. > > Gary.. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Background: > ========== > str_to_label() is the Committed interface to translate strings to various > type of labels in Solaris Trusted Extensions. The implementation is a > client side in libtsol(3LIB), which for label translation services call > the labeld(1M) service. labeld in turn implements a set of algorithms > which parse strings based on rules define in label_encodings(4). > For MAC_LABEL type labels, a set of supplemental rules called the > ACCREDITATION RANGE: are defined. str_to_label() does not provide an > interface that takes these rules into account. There is a Project Private > interface to check against the accreditation range. A recent request > for a Committed interface lead to RFE 6845609 "str_to_label(3) should be > able to verify if the label is within the accreditation range" > > Proposal: > ======== > Provide for optional checking if the string being translated is acceptable > to the accreditation range rules. A new error code, M_OUTSIDE_AR, will be > returned if the resulting str_to_label() translation is not in the > label_encodings(4) defined accreditation range and a new flag, L_CHECK_AR, > is passed in. > > str_to_label(3TSOL): > > int str_to_label(const char *string, m_label_t **label, > const m_label_type_t label_type, uint_t flags, int *error); > > DESCRIPTION > The str_to_label() function is a simple function to parse > human readable strings into labels of the requested type. > > [ . . . ] > > If flags is L_DEFAULT, the previously parsed label is > replaced and the parsing algorithm makes a best effort to > imply a valid label from the elements of string. > > + If flags contains L_CHECK_AR logically or-ed with another value, > + the resulting label will be checked to ensure that it is within > + the "Accreditation Range" of the DIA encodings schema. This flag > + is only interpreted for MAC_LABEL label types. > > [ . . . ] > > ERRORS > The str_to_label() function will fail if: > > EINVAL Invalid parameter. M_BAD_STRING indicates that > string could not be parsed. M_BAD_LABEL indicates > | that the label passed in was in error. M_OUTSIDE_AR > + indicates that the resulting label is not within the > + "Accreditation Range" specified in the DIA encodings > + schema. >
