Purpose
Compares sensitivity
and integrity labels.
Library
Trusted AIX® Library (libmls.a)
Syntax
#include <mls/mls.h>
CMP_RES_T sl_cmp (sl1, sl2)
const sl_t *sl1;
const sl_t *sl2;
CMP_RES_T tl_cmp (tl1, tl2)
const tl_t *tl1;
const tl_t *tl2;
Description
The sl_cmp and tl_cmp subroutines
compare two labels. There are three types of relationship between
labels: dominance, equality, and non-comparable.
Sensitivity
label (SL) comparison is made based on the following conditions:
Dominance:
One
SL (L1) dominates another (L2) if and only if the L1 meets the following
requirement:
- The classification in L1 equals or exceeds the classification
in L2.
- The set of compartments in L1 completely contains the set of compartments
in L2.
Equality:
One SL (L1) equals another SL
(L2) if and only if the L1 meets the following requirement:
- The classification in L1 equals the classification in L2.
- The set of compartments in L1 is identical to the set of compartments
in L2.
Non-comparable:
Two labels can be disjoint
(L1 is not equal to L2, and L1 does not dominate L2, and L2 does not
dominate L1). One SL (L1) is non-comparable to another (L2) if the
L1 meets the following requirement:
- The set of compartments in L1 does not completely contain the
set in L2 and L2 does not completely contain the set in L1.
Therefore, they are considered disjoint.
Integrity label
(TL) comparison is made based on the following conditions:
Dominance:
One
TL (L1) dominates another (L2) if and only if the L1 meets the following
requirement:
- The classification in L1 equals or exceeds the classification
in L2.
Equality:
One TL (L1) equals another SL
(L2) if and only if the L1 meets the following requirement:
- The classification in L1 equals the classification in L2.
Parameters
| Item |
Description |
|---|
| sl1, sl2 |
Specifies sensitivity labels to be compared. |
| tl1, tl2 |
Specifies Integrity labels to be compared. |
Return Values
| Item |
Description |
|---|
| LAB_DOM |
Indicates that sl1 dominates sl2. |
| LAB_SAME |
Indicates that sl1 is identical to sl2. |
| LAB_IDOM |
Indicates that sl2 dominates sl1. |
| LAB_NCMP |
Indicates that sl1 and sl2 are non-comparable. |
| LAB_ERR |
Indicates that the parameter is not valid. |
Note: For the tl_cmp subroutine, if either
of the integrity labels passed evaluates to the special TL NOTL, the
subroutine returns the LAB_DOM value.
Error Codes
| Item |
Description |
|---|
| EINVAL |
Indicates that the passed-in parameter is NULL. |