Structure of the Experimental Java Label Interfaces
The JNI implementation of the Trusted Extensions label APIs introduces several label-related
classes that relate to each other in this way:
SolarisLabel Abstract Class
The SolarisLabel abstract class provides the foundation for common and native methods
related to Solaris Trusted Extensions labels. The SensitivityLabel and ClearanceLabel subclasses inherit
members from this abstract class. Static factories for creating sensitivity labels and
clearance labels are also provided by the abstract class.
Static factories and methods throw exceptions when errors are encountered to ensure
that no mandatory access control-related errors occur silently.
This abstract class defines the following general-purpose methods that are used to
compare labels and to translate labels to strings:
dominates
equals
setFileLabel
strictlyDominates
toColor
toInternal
toRootPath
toString
toText
toTextLong
toTextShort
The equals, dominates, and strictlyDominates methods are analogous to the blequal(), bldominates(),
and blstrictdom() label APIs currently available with Solaris Trusted Extensions. The setFileLabel
method is analogous to the setflabel() routine currently available with Solaris Trusted
Extensions.
The rest of the methods (such as toText, toInternal, and toColor) are
related in function to the label_to_str() routine that is currently available with
Solaris Trusted Extensions. These methods enable you to translate a label to
a particular type of string. Depending on the label relationship of the
process and the object, you might need privileges in your effective set
to translate a label to a human-readable form. For instance, the Java
Virtual Machine (JVMTM) process must be running with the sys_trans_label privilege to
translate labels that it does not dominate.
The SolarisLabel abstract class also includes the following static factories:
getClearanceLabel
getFileLabel
getSensitivityLabel
getSocketPeer
The string that you pass as a label to getSensitivityLabel or getClearanceLabel
can be in one of the following forms:
Human-readable form of the label, such as PUBLIC
Internal form of the label, such as 0x0002-08-08
Only the internal form of the label is suitable for storage and
for transmission over a network connection, as the internal form does not
reveal the actual label. For more information, see Readable Versions of Labels.
The ClearanceLabel and SensitivityLabel subclasses extend the SolarisLabel abstract class. These subclasses
each inherit the common methods provided by the SolarisLabel abstract class.
ClearanceLabel Subclass
The ClearanceLabel subclass extends the SolarisLabel abstract class and defines the getMaximum
and getMinimum methods, which return the ClearanceLabel object that represents the least
upper bound and the greatest lower bound, respectively.
SensitivityLabel Subclass
The SensitivityLabel subclass extends the SolarisLabel abstract class and defines the getMaximum
and getMinimum methods, which return the SensitivityLabel object that represents the least
upper bound and the greatest lower bound, respectively.
The SensitivityLabel subclass introduces the following methods that provide information suitable for
labeled printer banner pages:
toCaveats
toChannels
toFooter
toHeader
toProtectAs
Range Class
The Range class represents a Java version of a Solaris Trusted Extensions
label range.
This class defines the following general-purpose methods that are used to obtain
the upper and lower labels in a label range and to determine
whether a label is within a specified label range:
getLower
getUpper
inRange
The Range class also includes the following static factories that create range
objects:
getDeviceRange
getLabelRange
getUserRange
The getDeviceRange and getUserRange static factories create range objects based on the
range for the specified device and the specified user, respectively. The getLabelRange
static factory enables you to create a label range where you specify
the upper and lower bounds for the range.