Hello, I started to learn about trusted extensions, and I have a problem that I dont understand the meaning of label_encodings. Especially, "inverse bits" and "initial compartment" bother me.
In label_encoding , in classification section, we can see >name= PUBLIC; sname= PUB; value= 2; initial compartments= 4; >name= CONFIDENTIAL; sname= CNF; value= 4; initial compartments= 4; >name= SANDBOX; sname= SBX; value= 5; initial compartments= 0; >name= MAX LABEL; sname= MAX; value= 10; initial compartments= 0 4; Also, in sensitivity section, we can see >name= INTERNAL USE ONLY; sname= INTERNAL; compartments= 1 ~2; >minclass= CNF; prefix= : > >name= NEED TO KNOW; sname= NEED TO KNOW; compartments= 1-2 ~3; >minclass= CNF; prefix= : > >name= RESTRICTED; compartments= 1-3; >minclass= CNF; prefix= : > >name= PLAYGROUND; compartments= 0 ~1 ~2 ~3; >minclass= SBX; What I dont understand is : 1) Why do we have to use "inverse bits"? Generally speaking, In which case do we have to use "inverse bits"? 2) In classifications section, "initial compartment" is 0 or 4 or "0 and 4". but in sensitivity section, there are different number defined as argument of "compartment". Why are these number different? Those numbers has any relation? ( I dont understand how tx deal with "initial compartment" and "compartment". I suppose if I understand how tx decides access OK/deny, then my question is solved.) Any help is highly appreciated. Hopefully, tx manual is a bit difficult for me, easier documents are helpful. Best Regards, mmkk This message posted from opensolaris.org
