MAC access to classified data sets is determined by label dominance checking rules, which depend on what MLS options have been set in the system and what kind of access has been requested. In addition, if MAC checking allows the access, DAC checking is then performed to ultimately allow or deny the requested access.
The following security labels are used in the examples below:
|
Security Label |
Value |
|---|---|
|
TSAABBDD |
SECLEVEL(50) CATEGORY(AA BB DD) |
|
LABELB |
SECLEVEL(50) CATEGORY(AA BB) |
|
LABELA |
SECLEVEL(50) CATEGORY(AA) |
|
LABELD |
SECLEVEL(50) CATEGORY(KK) |
|
TSRR |
SECLEVEL(50) CATEGORY(RR) |
|
SSAABBRR |
SECLEVEL(25) CATEGORY(AA BB RR) |
|
LABELC |
SECLEVEL(25) CATEGORY(AA) |
|
LABELE |
SECLEVEL(25) CATEGORY(KK) |
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|