Rules When Changing the Level of Security for Data

By default, regular users can perform cut-and-paste, copy-and-paste, and drag-and-drop operations on both files and selections. The source and target must be at the same label.

To change the label of files, or the label of information within files requires authorization. When users are authorized to change the security level of data, the Selection Manager application mediates the transfer. The /usr/dt/config/sel_config file controls file relabeling actions, and the cutting and copying of information to a different label. The /usr/dt/bin/sel_mgr application controls drag-and-drop operations between windows. As the following tables illustrate, the relabeling of a selection is more restrictive than the relabeling of a file.

The following table summarizes the rules for file relabeling. The rules cover cut-and-paste, copy-and-paste, and drag-and-drop operations.

Table 10-1 Conditions for Moving Files to a New Label

Transaction Description	Label Relationship	Owner Relationship	Required Authorization
Copy and paste, cut and paste, or drag and drop of files between File Managers	Same label	Same UID	None
	Downgrade	Same UID	`solaris.label.file.downgrade`
	Upgrade	Same UID	`solaris.label.file.upgrade`
	Downgrade	Different UIDs	`solaris.label.file.downgrade`
	Upgrade	Different UIDs	`solaris.label.file.upgrade`

Different rules apply to selections within a window or file. Drag-and-drop of selections always requires equality of labels and ownership. Drag-and-drop between windows is mediated by the sel_mgr application, not by the sel_config file.

The rules for changing the label of selections are summarized in the following table.

Table 10-2 Conditions for Moving Selections to a New Label

Transaction Description	Label Relationship	Owner Relationship	Required Authorization
Copy and paste, or cut and paste of selections between windows	Same label	Same UID	None
	Downgrade	Same UID	`solaris.label.win.downgrade`
	Upgrade	Same UID	`solaris.label.win.upgrade`
	Downgrade	Different UIDs	`solaris.label.win.downgrade`
	Upgrade	Different UIDs	`solaris.label.win.upgrade`
Drag and drop of selections between windows	Same label	Same UID	None applicable

Trusted Extensions provides a selection confirmer to mediate label changes. This window appears when an authorized user attempts to change the label of a file or selection. The user has 120 seconds to confirm the operation. To change the security level of data without this window requires the solaris.label.win.noview authorization, in addition to the relabeling authorizations. The following illustration shows a selection, zonename, in the window.

The illustration shows the Selection Confirmer.

By default, the selection confirmer displays whenever data is being transferred to a different label. If a selection requires several transfer decisions, the automatic reply mechanism provides a way to reply once to the several transfers. For more information, see the sel_config(4) man page and the following section.

`sel_config` File

The sel_config file is checked to determine the behavior of the selection confirmer when an operation would upgrade or downgrade a label.

The sel_config file defines the following:

A list of selection types to which automatic replies are given
Whether certain types of operations can be automatically confirmed
Whether a selection confirmer dialog box is displayed

In Trusted CDE, the Security Administrator role can change the defaults by using the Configure Selection Confirmation action in the Trusted_Extensions folder. The new settings become effective at the next login. If you are in Solaris Trusted Extensions (JDS) when modifying the file, do not use the CDE action. Copy the sel_config file to the /etc/dt/config directory. Then, customize that copy as you would customize any other CDE configuration file.