Interface Descriptions

The interfaces defined by the POSIX.6 standard to support an information labeling mechanism are similar to those of the MAC supporting interfaces, with exceptions made for the labeling float capability. The interfaces support the model that uses opaque data structures, i.e., the information label is copied into working storage from permanent storage, manipulated there, and then written back out to permanent storage. When a function is used that requires working storage, the system must allocate the storage when the interface that requires the storage is called. There are specific interfaces that can be called to free any working storage that was utilized.

The information label interfaces specified support the following functions:

• test information label relationship - includes interfaces that will determine dominance between two labels, and equivalence between two labels.
• float a label - includes an interface that will produce a label that is the combination of a label associated with a source, and the label associated with a destination. This new label will then be associated with the destination.
• label validity - includes an interface for determining whether an information label is valid. The definition of a valid information label is implementation defined; however, examples include: the label is malformed, the label contains components that are not currently defined on the system, or the label is simply forbidden to be dealt with by the system.