Hi mmkk, Some insights thereafter...
mmkk a ?crit : > Hello, > I started to learn about trusted extensions, and I have a problem that I > dont understand the meaning of label_encodings. Especially, "inverse bits" > and "initial compartment" bother me. > > In label_encoding , in classification section, we can see >> name= PUBLIC; sname= PUB; value= 2; initial compartments= 4; >> name= CONFIDENTIAL; sname= CNF; value= 4; initial compartments= 4; >> name= SANDBOX; sname= SBX; value= 5; initial compartments= 0; >> name= MAX LABEL; sname= MAX; value= 10; initial compartments= 0 4; > > Also, in sensitivity section, we can see >> name= INTERNAL USE ONLY; sname= INTERNAL; compartments= 1 ~2; >> minclass= CNF; prefix= : >> >> name= NEED TO KNOW; sname= NEED TO KNOW; compartments= 1-2 ~3; >> minclass= CNF; prefix= : >> >> name= RESTRICTED; compartments= 1-3; >> minclass= CNF; prefix= : >> >> name= PLAYGROUND; compartments= 0 ~1 ~2 ~3; >> minclass= SBX; > > What I dont understand is : > 1) Why do we have to use "inverse bits"? Generally speaking, > In which case do we have to use "inverse bits"? You are not obliged to. If you which to use ~x, it means that you will exclude this bit from the possible compartment combination. i.e. from the previous settings, it means that INTERNAL USE ONLY (having ~2 (not bit 2) set) is exclusive of NEED TO KNOW (having bit 2 set). > > 2) In classifications section, "initial compartment" is 0 or 4 or "0 and 4". > but in sensitivity section, there are different number defined as argument of > "compartment". Why are these number different? Those numbers has > any relation? In fact, when you have compartments defined with exclusive bits, the initial compartment section do not relates anymore to initial compartments by default for a clearance, but to the fact you have exclusive bits sets in your compartments. I must admit the precise relation between those initial-that-are-not-initial compartments and the exclusive bits is still not perfectly clear on my side, but I suspect it is related to the max number of bits on which you have used them (4 in your example, from 0 to 3). I hope someone else could cdevelop this a bit more, as up to know I did not find real detailed doc about this specific point... HTH, Bruno.
