·  Home
+   man pages
 -> Linux -> FreeBSD -> OpenBSD -> NetBSD -> Tru64 Unix -> HP-UX 11i -> IRIX
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

man pages->IRIX man pages -> dominance (5)
 Title
 Content
 Arch
 Section All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands

## _text(3c)

### Contents

DOMINANCE(5)							  DOMINANCE(5)

### NAME[Toc][Back]

dominance - MAC label comparison policy

### SYNOPSIS[Toc][Back]

#include <sys/mac_label.h>

### DESCRIPTION[Toc][Back]

On	systems	with mandatory access control (MAC) enabled, the set of	all
possible Mandatory	Access Control (MAC) labels constitutes	a lattice,
where a lattice is	defined	to be a	partially ordered set for which	there
exists, for every pair of elements	in the set, a greatest lower bound
(GLB) and a least upper bound (LUB).  A partial ordering over a set is
defined by	a relation that	has the	following three	properties:
reflexive,	antisymmetric, transitive. The reflexive property states that
every element in the set is "related" to itself.  The antisymmetric
property states that given	two elements in	the set, if the	first element
is	"related" to the second	element, and the second	element	is "related"
to	the first element, then	the two	elements are necessarily equal.	 The
transitive	property states	that given three elements in the set, if the
first element is "related"	to the second element, and the second element
is	"related" to the third element,	then the first element is also
"related" to the third element.

A simple example of this is the improper subset relation:

Reflexive:	 Given a set A,	A is an	improper subset
of A
Antisymmetric:	 Given two sets	A and B, if A is an
improper subset of B and B is an
improper subset of A, then A and B are
equal (i.e., the same set).
Transitive:	 Given three sets A, B,	and C, if A is an
improper subset of B and B is an
improper subset of C, then A is an
improper subset of C.

dominance represents the relation providing the partial ordering over the
lattice formed by the set of all possible MAC labels.  Hence, the
dominance relation	upholds	the three properties described above over the
set of all	possible MAC labels.

Page 1

DOMINANCE(5)							  DOMINANCE(5)

A MAC label is defined as follows:

structure mac_label{   unsigned char   ml_msen_type;
unsigned char   ml_mint_type;
unsigned char   ml_level;
unsigned short  ml_catcount;
unsigned short  ml_divcount;
unsigned short  ml_list[MAC_MAX_SETS]; }

A MAC label comprises both	a Mandatory Sensitivity	(MSEN) label portion
and a Mandatory Integrity (MINT) label portion. With respect to the above
definition	of MAC label; the MSEN label portion includes 1) ml_msen_type,
2)	ml_level, 3) ml_catcount, and 4) the first ml_catcount elements	in
ml_list[MAC_MAX_SETS], while the MINT label portion includes 1)
ml_mint_type, 2) ml_grade,	3) ml_divcount,	and 4) the last	ml_divcount
elements in ml_list[MAC_MAX_SETS].

The determination of whether one MAC label	dominates another MAC label
depends at	the highest level simply upon whether the MSEN label portions
compare as	required and whether the MINT label portions compare as
required. By definition, for any two MAC labels A and B, A	dominates B if
and only if the MSEN label	portion	of A dominates the MSEN	label portion
of	B and the MINT label portion of	A is dominated by the MINT label
portion of	B.  However, comparison	of MSEN	label portions and MINT	label
portions is more complicated, and may take	one of two different paths.
Specifically, given two MAC labels	A and B: the ml_msen_types are read
and based on their	values either an MSEN dominance	determination is made
or	it is determined that comparison of ml_levels, ml_catcount, and
ml_lists is required; the ml_mint_types are read and based	on their
values either a MINT dominance determination is made or it	is determined
that comparison of	ml_grades, ml_divcount,	and ml_lists is	required.

Specifically, a MAC label includes	an MSEN	label type as part of the MSEN
label portion and a MINT label type as part of the	MINT label portion.
The predefined set	of valid system	MSEN label type	values is: msenadmin,
msenequal,	msenhigh, msenmldhigh, msenlow,	msenmldlow, msenmld,  and
msentcsec.	 The predefined	set of valid system MINT label type values is:
mintequal,	minthigh, mintlow and mintbiba.	Each of	the MSEN label type
set and the MINT label type set constitute	a lattice, in that there
exists a fully defined comparison relation	between	each pair of MSEN
label types and each pair of MINT label types, i.e. either	they are
equal, one	dominates the other, they are non-comparable, or further
comparison	of the other relevant component	fields is required.

In	particular, for	all MAC	labels containing the following	MSEN label
types, msenadmin, msenequal, msenhigh, msenmldhigh, msenlow and
msenmldlow, the comparison	relation between the MSEN label	portions of
two MAC labels is entirely	dependent upon only the	MSEN label types.  In
addition, for all MAC labels containing the following MINT	label types,
mintequal,	minthigh and mintlow, the comparison relation between the MINT
label portions of two MAC labels is entirely dependent upon only the MINT

Page 2

DOMINANCE(5)							  DOMINANCE(5)

label types.  In other words, given two MAC labels	A and B, where either
comprises one of the MSEN label types and one of the MINT label types
referenced	above, the comparison relation between the two labels is fully
defined.

Additionally, in the case where a MAC label contains an MSEN label	type
of	msenmld	or msentcsec there must	be included the	level and the
(possibly empty) category set component fields as part of the MSEN	label
portion. Analogously, in the case where a MAC label contains a MINT label
type of mintbiba there must be included the grade and (possibly empty)
division set component fields as part of the MINT label portion.  Then
given two MAC labels A and	B, there are three possible situations that
result:

1.) Both MAC labels comprise one of the MSEN label	types msenmld or
msentcsec and the MINT	label type mintbiba.

2.) Both MAC labels comprise one of the MSEN label	types msenmld or
msentcsec along with comparable MINT label types (not mintbiba),

3.) Both MAC labels comprise the MINT label type mintbiba along with
comparable MSEN label types (not msenmld or msentcsec).

In	all three situations, the comparison relation between the two MAC
labels is dependent upon actual comparison	of the level, category set,
grade, and	division set component fields.

Given MAC labels A	and B: A[S] and	B[S] represent the MSEN	label portions
of A and	B respectively
A[I] and	B[I] represent the MINT	label portions
of A and	B respectively

So	that:

If	    A[S] is an element in the set {msenadmin, msenequal, msenhigh,
msenmldhigh, msenlow, msenmldlow} and
A[I] is an element in the set {mintequal, minthigh,	mintlow}
or
B[S] is an element in the set {msenadmin, msenequal, msenhigh,
msenmldhigh, msenlow, msenmldlow} and
B[I] is an element in the set {mintbiba, minthigh, mintlow}

then a dominance determination is possible based solely on the
MSEN and MINT label	types.

If	    A[S], B[S] are elements in the set {msenmld, msentcsec}

then comparison of the ml_level fields, the	ml_catcount fields,
and	the first ml_catcount elements of the ml_list fields is
required.

Page 3

DOMINANCE(5)							  DOMINANCE(5)

If	    A[I], B[I] are elements in the set {mintbiba}

then comparison of the ml_grade fields, the	ml_divcount fields,
and	the last ml_divcount elements of the ml_list fields is
required.

And If A[S], B[S] are elements in the set {msenmld, msentcsec} and
A[I], B[I] are elements in the set {mintbiba}

then comparison of the ml_level fields, the	ml_catcount fields,
and	the first ml_catcount elements of the ml_list fields is
required, and comparison of	the ml_grade fields, the ml_divcount
fields, and	the last ml_divcount elements of the ml_list fields is
required.

MSEN label	type Comparison

If B[S]	  is msenadmin or msenequal then A[S] is equal to
B[S]
If B[S]	  is msenhigh or msenmldhigh then A[S] is dominated
by B[S]
If B[S]	  is msenlow or	msenmldlow then	A[S] dominates B[S]
If B[S]	  is msenmld or	msentcsec then A[S] and	B[S] are
non-comparable

If	A[S] is	msenequal then
A[S]	 is equal to B[S]

If	A[S] is	msenhigh then
If B[S]	  is msenequal,	msenhigh or msenmldhigh	then A[S] is
equal	to B[S]
If B[S]	  is msenadmin,	msenlow, msenmldlow, msenmld or
msentcsec then A[S] dominates	B[S]

If	A[S] is	msenmldhigh then
If B[S]	  is msenequal,	msenhigh or msenmldhigh	then A[S] is
equal	to B[S]
If B[S]	  is msenadmin,	msenlow, msenmldlow, msenmld or
msentcsec then A[S] dominates	B[S]

If	A[S] is	msenlow	then
If B[S]	  is msenequal,	msenlow	or msenmldlow then A[S]	is
equal	to B[S]
If B[S]	  is msenadmin,	msenhigh, msenmldhigh, msenmldor
msentcsec then A[S] is dominated by B[S]

If	A[S] is	msenmldlow then
If B[S]	  is msenequal,	msenlow	or msenmldlow then A[S]	is
equal	to B[S]

Page 4

DOMINANCE(5)							  DOMINANCE(5)

If B[S]	  is msenadmin,	msenhigh, msenmldhigh, msenmld or
msentcsec then A[S] is dominated by B[S]

If	A[S] is	msenmld	then
If B[S]	  is msenequal then A[S] is equal to B[S]
If B[S]	  is msenlow or	msenmldlow then	A[S] dominates B[S]
If B[S]	  is msenhigh or msenmldhigh then A[S] is dominated
by B[S]
If B[S]	  is msenadmin then A[S] and  are non-comparable
If B[S]	  is msenmld or	msentcsec then the level and
category set component fields	of A[S]	and B[S]
must be compared

If	A[S] is	msentcsec then
If B[S]	  is msenequal then A[S] is equal to B[S]
If B[S]	  is msenlow or	msenmldlow then	A[S] dominates B[S]
If B[S]	  is msenhigh or msenmldhigh then A[S] is dominated
by B[S]
If B[S]	  is msenadmin then A[S] and  are non-comparable
If B[S]	  is msenmld or	msentcsec then the level and
category set component fields	of A[S]	and B[S]
must be compared

MINT label	type Comparison

If	A[I] is	mintequal then
A[I]	 is equal to B[I]

If	A[I] is	minthigh then
If B[I]	  is mintequal or minthigh then	A[I] is	equal to
B[I]
If B[I]	  is mintlow or	mintbiba then A[I] is dominated	by
B[I]

If	A[I] is	mintlow	then
If B[I]	  is mintequal or mintlow then A[I] is equal to	B[I]
If B[I]	  is minthigh or minbiba then A[I] dominates B[I]

If	A[I] is	mintbiba then
If B[I]	  is msenequal then A[I] is equal to B[I]
If B[I]	  is minthigh then A[I]	dominates B[I]
If B[I]	  is mintlow then A[I] is dominated by B[I]
If B[I]	  is mintbiba then the grade and division set
component fields of A[I] and B[I] must be compared

The rules for the MSEN and	MINT label type	dominance relationship are
defined as	follows:

Page 5

DOMINANCE(5)							  DOMINANCE(5)

For MSEN label type dominance:
msenmldlow.
msenequal is defined to dominate all other MSEN label	types.
msenhigh is defined to dominate all other MSEN label types.
msenmldhigh is defined to dominate all other MSEN label types.
msenlow is defined to	dominate msenequal, msenlow and	msenmldlow.
msenmldlow is	defined	to dominate msenequal, msenlow and msenmldlow.
msenmld is defined to	dominate msenequal, msenlow and	msenmldlow.
In addition, msenmld is defined to dominate msenmld and msentcsec if
level	of A[S]	is greater than	or equal to level of B[S] and category
set of B[S] is a subset of category set of A[S].
msentcsec is defined to dominate msenqual, msenlow and msenmldlow.
In addition, msentcsec is defined to dominate	msenmld	and msentcsec
if level of A[S] is greater than or equal to level of	B[S] and
category set of B[S] is a subset of category set of A[S].

For MINT label type dominance:
mintequal is defined to dominate all other MINT label	types.
mintlow is defined to	dominate all other MINT	label types.
minthigh is defined to dominate mintequal and	minthigh.
mintbiba is defined to dominate mintequal and	minthigh.  In
is greater than or equal to grade of B[I] and	division set of	B[I]
is a subset of division set of A[I].

The rules for the MSEN and	MINT label type	equality relationship are
defined as	follows:

For MSEN label type equality:
msenequal is defined to equal	all other MSEN label types.
msenhigh is defined to equal msenequal, msenhigh and msenmldhigh.
msenmldhigh is defined to equal msenequal, msenhigh and msenmldhigh.
msenlow is defined to	equal msenequal, msenlow and msenmldlow.
msenmldlow is	defined	to equal msenequal, msenlow and	msenmldlow.
msenmld is defined to	equal msenequal. In addition, msenmld is
defined to equal msenmld and msentcsec if level of A[S] is equal to
level	of B[S]	and category set of A[S] is equal to category set of
B[S].
msentcsec is defined to equal	msenqual.  In addition,	msentcsec is
defined to equal msenmld and msentcsec if level of A[S] is equal to
level	of B[S]	and category set of A[S] is equal to category set of
B[S].

For MINT label type equality:
mintequal is defined to equal	all other MINT label types.
minthigh is defined to equal mintequal and minthigh.
mintlow is defined to	equal mintequal	and mintlow.
mintbiba is defined to equal mintequal.  In addition,	mintbiba is
defined to equal mintbiba if grade of	lp1 is equal to	grade of lp2

Page 6

DOMINANCE(5)							  DOMINANCE(5)

and division set of lp1 is equal to division set of lp2.

Any pair of MSEN label types or MINT label	types not explicitly
referenced	above are considered to	be non-comparable, and thus the	MAC
labels comprised of them are also non-comparable.

TABLE 1:	MSEN Label Type	Relationships

______________________________________
|	 ||A  |	E | H |	I | L |	N | M  | T  |
|__||___|___|___|___|___|___|____|____|
|A ||=  |	= | < |	< | > |	> | NC | NC |
|__||___|___|___|___|___|___|____|____|
|E ||=  |	= | = |	= | = |	= | =  | =  |
|__||___|___|___|___|___|___|____|____|
|H ||>  |	= | = |	= | > |	> | >  | >  |
|__||___|___|___|___|___|___|____|____|
|I ||>  |	= | = |	= | > |	> | >  | >  |
|__||___|___|___|___|___|___|____|____|
|L ||<  |	= | < |	< | = |	= | <  | <  |
|__||___|___|___|___|___|___|____|____|
|N ||<  |	= | < |	< | = |	= | <  | <  |
|__||___|___|___|___|___|___|____|____|
|M ||NC |	= | < |	< | > |	> | *  | *  |
|__||___|___|___|___|___|___|____|____|
|T ||NC |	= | < |	< | > |	> | *  | *  |
|__||___|___|___|___|___|___|____|____|

TABLE 2:	MINT Label Type	Relationships
___________________
|  ||e | h | l | b |
|__||__|___|___|___|
|e ||= | = | = | = |
|__||__|___|___|___|
|h ||= | = | < | < |
|__||__|___|___|___|
|l ||= | > | = | > |
|__||__|___|___|___|
|b ||= | > | < | * |
|__||__|___|___|___|

/etc/mac