Anda di halaman 1dari 17

Dclabs Mandatory Access Control on Microsoft Windows 12/2010

The Arrival of Mandatory Access Control(MAC)


on the Windows Platform
Arthur Aguiar
honestworker@dclabscombr
Abstract
This article introduces Microsoft Window!s "ntegrity #evel as the first form of Mandatory
Access Control delivered on a Windows $latform commercial $roduct We e%amine it&s
im$lementation and demonstrate it!s o$eration via a $roof'of'conce$t $rogram written
s$ecifically for this research
Access Control( in our conte%t( can be understood as a mechanism res$onsible for mediating
the user attem$t to access a system resource( for the sake of $rotecting the aforementioned resource
from ina$$ro$riate or undesired access( in other words( safeguarding it&s confidentiality and
integrity There are two o$$osing Access Control Models that we&ll be discussing on this article(
)iscretionary Access Control()AC) and Mandatory Access Control(MAC)
The )AC model allows the user( owner of the resource( to assign access rights to it at their
will(at their own discretion)( $laying an active role on the information flow *undamentally( this
model $resents two flaws that can be e%am$lified with two situations+ ' ,werson who owns a
certain resource decides to grant read $ermissions to -odrigo on that ob.ect /nce it is done(
nothing $revents -odrigo from co$ying the content to an ob.ect(or location) that -odrigo owns and
therefore has control over it( thus being able to grant $ermissions to a third user ' "f -odrigo
convinces ,werson to e%ecute a malicious $rogram that at the it&s surface seems to $ersuite a
legitimate ob.ective( but that also contains instructions to co$y a resource&s information to a location
where ,werson and -odrigo have access( he&d suceed acessing and taking control over that ob.ect
This is the traditional model $resent on every modern o$erating system "n it&s materiali0ed form( it
could be seen as 1T*2 $ermissions controlling file access on Microsoft Windows Platforms
/n the other hand( the ma.or characteristic of the MAC model is that the access to ob.ects is
e%ternally regulated in a way that ordinary users have no influence over it 3ser&s(and sub.ects( that
is( $rograms acting on their behalf) and resources(ob.ects) are given a certain hierarchical security
level that are constrained by statically defined relationshi$s
There are two well'known formal models that describe im$lementations of MAC( 4ell'
#a$adula (4ell( ) ,( and # 5 #aPadula( 2ecure Com$uter 2ystems+ Mathematical *oundations
and Model( 4edford( MA+ The Mitre Cor$oration( 6789) and 4iba (4iba( : 5( "ntegrity
Considerations for 2ecure Com$uter 2ystems( 4edford( MA+ The
6
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
M"T-, Cor$oration( 6788)
4ell'#a$adula&s is based on two $ro$erties+
2im$le security $ro$erty+ A sub.ect is $ermitted read access to an ob.ect if the sub.ect;s
security level dominates the security level of the ob.ect
2tar $ro$erty+ A sub.ect is $ermitted write access to an ob.ect if the ob.ect;s security level
dominates the security level of the sub.ect
Therefore( if we think of the following set of security levels 3nclassified( Confidential(
2ecret and To$ 2ecret( we can revisit ,werson and -odrigo&s $reviously given scenarios and derive
the following conclusions(assuming ,werson( who has To$ 2ecret level( has a hierarchically higher
security level than -odrigo&s( 2ecret)+ ' )is$ite ,werson&s decision to grant read access to -odrigo
on the resource( the 2im$le security $ro$erty would $revent -odrigo from reading the information(
for the ob.ect&s security level dominates -odrigo&s ' ,ven if -odrigo convinced ,werson to e%ecute
the malicious $rogram( ,werson wouldn&t be able to write information to a location where -odrigo
has access( for according to the 2tar $ro$erty he can not write to an ob.ect&s that has a lower security
level(it could( however( be used to destroy<alter the resource) The 4ell'#a$adula model aims
$reserving the resource&s(ob.ect) confidentiality
4iba&s model( on the other hand( is focused on the resource&s integrity and is based on
another two $ro$erties+
2im$le integrity $ro$erty+ A sub.ect is $ermitted read access to an ob.ect if the ob.ect;s
security level dominates the security level of the sub.ect
"ntegrity star $ro$erty+ A sub.ect is $ermitted write access to an ob.ect if the sub.ect;s
security level dominates the security level of the ob.ect
1ow( having the Critical( "m$ortant and /rdinary levels( from the user&s $ers$ective the
level re$resents it&s trustworthiness in terms of modification of information and the ob.ect&s level
reflects it&s sensibility regarding it&s modification /nce again( using the same scenarios+ ' -odrigo
can now read the contents of the resource ' =owever( a malicious $rogram wouldn&t be able to
destroy<alter that resource
The Windows "ntegrity #evel( available for the first time on Windows >ista ( resembles
4iba&s model in the sense that a lower "ntegrity #evel sub.ect can not modify a higher'level ob.ect
The levels 3ntrusted( #ow( Medium( =igh and 2ystem corres$ond to the user trustworthiness The
?
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
default level assigned to normal users and to resources(files and registry keys( for instance) that do
not have a e%$licit label is Medium The user "ntegrity #evel is defined on the access token(a data
structure generated during the logon $rocess that works as a security $rofile @ security conte%t @ to
be consulted every time accessing an ob.ect is reAuired) and $rocess running on his behalf inherit
his "ntegrity #evel The ob.ects (files or registry keys( for instance) have their integrity level found
in their security descri$tor(a data structure that stores information about who can $erform what
actions on an ob.ect)( more s$ecifically( on their 2AC# ,ach security descri$tor has a
2AC#(2ystem Access Control #ist) and a )AC#()iscretionary Access Control #ist) The former
carries the auditing information and the "ntegrity #evel and the later s$ecifies who has what access
to the ob.ect Biven that the 2AC# "ntegrity #evel is always checked before the )AC#( during the
validation of an access reAuest( the "ntegrity #evel overrides the $ermissions enlisted on the )AC#
As of today( Microsoft doesn&t $rovides a gra$hical interface for changing "ntegrity #evels
and to be honest they should kee$ it that way As a $roof'of'conce$t( " have written a C $rogram
that allows us to set the "ntegrity #evels for files by using the Windows AP" "t&s called macwine%e
and it can be downloaded from htt$+<<wwwdclabscombr<toolshtml We&ll be using that tool to
demonstrate the $recedence of "ntegrity #evel Mandatory Access Control over the 1T*2
$ermissions(a )iscretionary Access Control)
#et&s .um$ into that tool&s source code to understand how the label assignment works under
the hood The Create)escri$tor function $arses the command'line arguments and convert the user
choices into a 2AC# AC,(Access Control ,ntry) formatted as a string according to the
2))#(2ecurity )escri$tor )efinition #anguage) *or reference+ htt$+<<msdnmicrosoftcom<en'
us<library<bbC?D7DEas$%) "t does so by changing the values of F and GG that re$resent the
Mandatory Policy and the "ntegrity #evels res$ectively
(2AC# AC, creation as a 2))# string( taken from macwin>6c)
9
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
/nce we have the 2))# string( it is $assed to another function(that belongs to the Windows
AP")( Convert2tring2ecurity)escri$torTo2ecurity)escri$tor( whose ob.ective is to convert that
string into a valid security descri$tor structure The str)escri$tor variable has the string generated
by the $revious function and $)escri$tor takes a $ointer to the generated valid 2ecurity )escri$tor
structure
(*unction that converts the 2))# string to a valid 2ecurity )escri$tor structure)
The ne%t ste$ is to stri$ only the 2AC# $ortion of the 2ecurity )escri$tor via the Windows
AP" function called Bet2ecurity)escri$tor2acl that takes the $ointer to the 2ecurity )escri$tor(
$)escri$tor( as one of it&s $arameters and returns a $ointer to it&s 2AC#
(*unction that stri$s off the 2AC# of the 2ecurity )escri$tor structure)
#ast but not least( yet another Windows AP" function( 2et1amed2ecurity"nfo( is called to
actually do the work of setting the mandatory label "t takes the strPath variable that has the $ath of
the file that will get the label and the 2AC# gathered by the $revious function "t&s worth to notice
that a s$ecific ty$e of 2,C3-"TGH"1*/-MAT"/1 was used( one e%clusively used for mandatory
integrity labels( the #A4,#H2,C3-"TGH"1*/-MAT"/1
I
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
(*unction that actually does the work of setting the label)
With very few omissions( that is what the macwine%e tool does "t changes the "ntegrity
#evel of file ob.ects We can now $roceed to the demonstration *or this e%$eriment( 9 user
accounts have been created+ userlow( usermedium( userhigh The first two are ordinary users but
userhigh belongs to the Administrators grou$( thus the first two were su$$osed to have Medium
"ntegrity #evel and the third gets the =igh "ntegrity #evel Biven that we wanted to a sam$le of all
the three "ntegrity #evels (#ow( Medium( =igh)( " had to do a workaround to get a $rocess to run
with #ow "ntegrity #evel What " did was to use macwine%e to set the "ntegrity #evel of a cmde%e
co$y called cmd'lowe%e to #ow( therefore when userlow launches cmd'lowe%e it assumes the
"ntegrity #evel of the dominated sub.ect( that is( cmd'lowe%e
(2ysinternal&s Process ,%$lorer dis$laying cmde%e instances with #ow( Medium( =igh "ntegrity #evels)
All three users were granted *ull Control 1T*2 $ermissions over the directory
3+Jtm$Jdclabs and over a file called testfilet%t whose initial "ntegrity #evel was set to #ow At the
first moment( all users are able to read and to write to testfilet%t Then( macwine%e was used to
add a Medium "ntegrity #evel to that file 3serlow lost it&s ca$ability to read or write to the file At a
second moment( the label has been change to =igh "ntegrity #evel and neither userlow nor
usermedium were able to read or to write to that file
D
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
(All three users have full control 1T*2 $ermissions)
(All three users can read the file)
C
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
(All three users can write at the first moment)
(The ob.ect&s "ntegrity #evel gets changed to Medium with the 1o'-ead'3$ Mandatory Policy)
8
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
(3serlow can no longer access the file( for the file "ntegrity #evel dominates it&s "ntegrity #evel)
( The ob.ect&s "ntegrity #evel gets changed again( this time to =igh with 1o'-ead'3$)
E
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
(This time only userhigh was able to read the file dis$ite the *ull Control 1T*2 $ermissions granted to both userlow
and usermedium)
Conclusion
,ven if the im$lementation isn&t strictly com$liant to what is e%$ected from a Mandatory
Access Control( because there are some flaws like not having a e%$licit label for all the ob.ects in
system and the lack of more levels(the #ow level e%$ected usage was originally thought as a mean
to refrain unstrusted software from acessing the registry keys and user files)( one can certainly
affirm that it is a significant im$rovement that unveils a road towards a safer general'$ur$ose
/$erating 2ystem
7
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
References
FARRAIOO! Da"id# $%&'! Ric(ard# C&A'DRAMO%I! Ra)aswa)y* -ole'based access
control1orwood+ Artech =ouse( ?KK9
R%++I'O,IC&! Mar-# +OOMO'! Da"id# IO'.+C%! Ale/* Windows "nternals D
th
,d
-edmond+ Microsoft Press( ?KK7
O+COCCO! 0eter et al The "nevitability of *ailure+ The flawed assum$tion of security in
modern com$uting environments Proceedings of the ?6st 1ational "nformation 2ystems 2ecurity
Conference ($$ 9K9'96I) 677E
6K
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
A00.'DI1
2ource code+ macwin>6c
@2=A?DC KdEbD?DKDKD?8db78DDd?a7I9C9C9DaK7EK8D79aeafEbCKbaIcIcIbK8eCafdfd
<L
L LLLLLLLLLLL )clabs LLLLLLLLLLLLL
L *ile+ macwin>6c
L Abstract+ This utility is meant to demonstrate the o$eration
L of Mandatory Access Controls in Windows 1T MN C%
L "t can be used to set an "ntegrity #abel that enforces a
L access control $olicy inde$ent of the file system $ermissions
L
L Comments+ must be linked to adva$i9?lib and kernel9?lib
L
L #ast u$date+ Arthur Aguiar( 6?<69<?K6K
L
L (C) Arthur Aguiar ?K6K( ?K66
<'''''''''''''''''''''''''''''''''''''''''''''''''''''L<

<<C $re'$rocessor statements O Auick+ P$re$
<L''''''''''''''''''''''''''''''''''''''''''''''''''''L<
Pdefine >,-2"/1H"1*/ Qv6KQ
Pinclude RwindowshN
Pinclude R2ddlhN
Pinclude RAccCtrlhN
Pinclude RAcla$ihN
<<*unction $rototy$es O Auick+ P$rot
<L''''''''''''''''''''''''''''''''''''''''''''''''''''L<
char LParsePath(charL)S
4//# >alidate/2(void)S
void ,levate(void)S
char LCreate)escri$tor(charL( charL)S
4//# 2et#abel(charL( charL)S
void Print=el$(charL)S
int main(int argc( char LargvTU) V
char LstrPathS
char Lstr)escri$torS
<L "1P3T >A#")AT"/1
6) *our command line arguments
?) 1one of them null
9) *irst and second args eAual 6 character Third less than ?DI long
I) Characters - or W or W on the first $osition of first argument(
characters # or M or = or 2( on the first $osition of second arg L<
if (
(argc MM I) XX
Y((argvT6U MM 13##) OO (argvT?U MM 13##) OO (argvT9U MM 13##)) XX
((strlen(argvT6U) MM 6) XX (strlen(argvT?U) MM 6) XX (strlen(argvT9U) R ?DI)) XX
((strcs$n(argvT6U(Q-WWQ) MM K) XX (strcs$n(argvT?U(Q#M=2Q) MM K))
)
V
<< The o$erating system should be 1T C% or greater
if (Y>alidate/2()) V
$rintf(QThis $rogram may or may not work as e%$ectedJnQ)S
Z
66
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
<< Change current $rocess token to read 2AC#
,levate()S
if ((strPath M (charL)malloc(MAWHPAT=Lsi0eof(char))) MM 13##) V
$rintf(QMemory allocation errorJnQ)S
$rintf(Q,rror+ [dQ( Bet#ast,rror())S
e%it(6)S
Z
if ((str)escri$tor M (charL)malloc(6DLsi0eof(char))) MM 13##) V
$rintf(QMemory allocation errorJnQ)S
$rintf(Q,rror+ [dQ( Bet#ast,rror())S
e%it(6)S
Z
<< /h cra$( we must esca$e backward slashes
strPath M ParsePath(argvT9U)S
<L Create)escri$tor builds u$ whatever the user choses
for the label in a 2))# format "t returns the 2))# string
to str)escri$tor L<
str)escri$tor M Create)escri$tor(argvT6U(argvT?U)S
<< Bo *rankstein( do the real work Attem$t to set the label
if (2et#abel(strPath( str)escri$tor))V
$rintf(QJnThe new MAC label has been sucessfully addedJnJnQ)S
Z
<< Cleaning u$ the house *ree allocated memory
free(strPath)S
free(str)escri$tor)S
Z
else V
<< /h yeah( user mistake Bo read our hel$ notice
Print=el$(argvTKU)S
return 6S
Z
return KS
Z << end of main()
<L Takes two char $ointers as $arameters *irst the file system ob.ect
to set the label for( the second is the security descri$tor re$re'
senting the new label in 2))# format "t returns true if the label
has been sucessfully set and false for anything else L<
4//#
2et#abel(char LstrPath( char Lstr)escri$tor) V
P2,C3-"TGH),2C-"PT/- $)escri$tor M 13##S
PAC# $2acl M 13##S
4//# bol2aclPresent M *A#2,S
4//# bol2acl)efault M *A#2,S
)W/-) dw-esult M KS
<L This Windows AP" function takes a security descri$tor in 2))#
format and returns an actual security descri$tor structure
The 2))# re$resents the desired MAC label
-eferences+
htt$+<<msdnmicrosoftcom<en'us<library<aa98CIK6[?EvMvsED[?7as$%
htt$+<<msdnmicrosoftcom<en'us<library<aa987D8K[?EvMvsED[?7as$% L<
if (Convert2tring2ecurity)escri$torTo2ecurity)escri$tor(
str)escri$tor(
2))#H-,>"2"/1H6(
X$)escri$tor(
6?
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
13##) MM K) V
$rintf(Q*ailure converting string to security descri$torJnQ)S
$rintf(Q,rror+ [dJnQ( Bet#ast,rror())S
#ocal*ree($)escri$tor)S
return *A#2,S
Z
<L This Windows AP" function retrieves the 2AC# $ortion of the
built security descri$tor structure
-eference+
htt$+<<msdnmicrosoftcom<en'us<library<aaIICCD9[?E>2ED[?7as$% L<
if (Bet2ecurity)escri$tor2acl(
$)escri$tor(
Xbol2aclPresent(
X$2acl(
Xbol2acl)efault) MM K) V
$rintf(Q*ailure retrieving security descri$torJnQ)S
$rintf(Q,rror+ [dJnQ( Bet#ast,rror())S
#ocal*ree($)escri$tor)S
return *A#2,S
Z
<L This Windows AP" function takes the 2AC# structure retrieved
by the former function and add it to the file indicated by
strPath
"t&s worth to notice tha the second $arameter indicates that
the o$eration will take $lace on a file or directory
Additionally( the #A4,#H2,C3-"TGH"1*/-MAT"/1 is now a valid
ty$e for 2,C3-"TGH"1*/-MAT"/1
-eferences+
htt$+<<msdnmicrosoftcom<en'us<library<aa987D87[?EvMvsED[?7as$%
htt$+<<msdnmicrosoftcom<en'us<library<aa987D79[?EvMvsED[?7as$%
htt$+<<msdnmicrosoftcom<en'us<library<aa987D89[?EvMvsED[?7as$% L<
dw-esult M 2et1amed2ecurity"nfo(
strPath(
2,H*"#,H/45,CT(
#A4,#H2,C3-"TGH"1*/-MAT"/1(
13##(
13##(
13##(
$2acl )S
if (dw-esult YM ,--/-H23CC,22) V
$rintf(Q*ailed changing labelYYJnQ)S
$rintf(Q,rror+ [dJnQ( Bet#ast,rror())S
#ocal*ree($)escri$tor)S
return *A#2,S
Z
<< Cleaning u$ the house *ree resources
#ocal*ree($)escri$tor)S
return T-3,S
Z <<end of 2et#abel()
<L This function take two char $ointers as it&s $arameters
*irst one is the $olicy and it&s either -(W or W( standing
for 1o'-ead'3$( 1o'Write'3$( 1o',%ecute'3$ res$ectively
2econd is the integrity level and it&s either #(M(=(2(
standing for #ow( Medium( =igh and 2ystem
The char array( arrChr)escri$tor( is a 2AC# AC, that
translates to the desired MAC label "t&s F and GG
letters are re$laced according to the user chosen $olicy
and integrity level "t returns the 2AC# AC,L<
69
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
char
LCreate)escri$tor(char LstrPolicy( char Lstr#evel) V
static char arrChr)escri$torT6CUS
char chrTy$e M LstrPolicyS
char chr#evel M Lstr#evelS
arrChr)escri$torTKU M &JK&S
strc$y(arrChr)escri$tor( Q2+(M#SS1FSSSGG)Q)S
switch (chrTy$e) V
case &-&+
arrChr)escri$torTEU M &-&S
breakS
case &W&+
arrChr)escri$torTEU M &W&S
breakS
case &W&+
arrChr)escri$torTEU M &W&S
breakS
default+
arrChr)escri$torTEU M &-&S
Z
switch (chr#evel) V
case &#&+
arrChr)escri$torT6?U M &#&S
arrChr)escri$torT69U M &W&S
breakS
case &M&+
arrChr)escri$torT6?U M &M&S
arrChr)escri$torT69U M &,&S
breakS
case &=&+
arrChr)escri$torT6?U M &=&S
arrChr)escri$torT69U M &"&S
breakS
case &2&+
arrChr)escri$torT6?U M &2&S
arrChr)escri$torT69U M &"&S
breakS
default+
arrChr)escri$torT6?U M &#&S
arrChr)escri$torT69U M &W&S
Z
return arrChr)escri$torS
Z <<end of Create)escri$tor()
<L This function takes a char $ointer $arameter
The $arameter should be a file or folder $ath
"t goes through a newbie'level algorithm to
handle de backward slashes "t returns the
formatted file or folder $ath L<
char
LParsePath(charL strPath) V
char LstrTokenS
char LstrParsedPathS
static char arrChrPathTMAWHPAT=\6US
6I
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
arrChrPathTKU M &JK&S
if ((strToken M (char L)malloc(MAWHPAT=Lsi0eof(char))) MM 13##) V
$rintf(QMemory allocation errorJnQ)S
$rintf(Q,rror+ [dQ( Bet#ast,rror())S
e%it('D)S
Z
if ((strParsedPath M (char L)malloc(MAWHPAT=Lsi0eof(char))) MM 13##) V
$rintf(QMemory allocation errorJnQ)S
$rintf(Q,rror+ [dQ( Bet#ast,rror())S
e%it('D)S
Z
strToken M strtok(strPath( QJJQ)S
strc$y(strParsedPath( strToken)S
strParsedPath M strcat(strParsedPath( QJJJJQ)S
do V
strToken M strtok(&JK&( QJJQ)S
if (strToken) V
strParsedPath M strcat(strParsedPath( strToken)S
strParsedPath M strcat(strParsedPath( QJJJJQ)S
Z
Z while(strToken)S
strc$y(arrChrPath(strParsedPath)S
arrChrPathTstrlen(arrChrPath)'6U M &JK&S
arrChrPathTstrlen(arrChrPath)'6U M &JK&S
free(strToken)S
free(strParsedPath)S
return arrChrPathS
Z <<end of ParsePath()
<L This function takes no $arameters and has no return value
"t&s $ur$ose is to by com$liant to 2et1amed2ecurity"nfo
reAuirements for mani$ulating ob.ect&s 2AC# L<
void
,levate(void) V
=A1)#, hProcessS
#3") $#uidS
T/:,1HP-">"#,B,2 tkPrivilegesS
if (/$enProcessToken(BetCurrentProcess()(
T/:,1H]3,-G O T/:,1HA)532THP-">"#,B,2(
XhProcess) MM K ) V
$rintf(QCouldn&t retrieve token handleJnQ)S
$rintf(Q,rror+ [dJnQ( Bet#ast,rror())S
e%it('I)S
Z
if (#ooku$Privilege>alue(13##(
2,H2,C3-"TGH1AM,(
X$#uid) MM K ) V
$rintf(QCouldn&t retrieve token 3niAue "dentifierJnQ)S
$rintf(Q,rror+ [dJnQ( Bet#ast,rror())S
Close=andle(hProcess)S
e%it('I)S
Z
tkPrivilegesPrivilegeCount M 6S
6D
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
tkPrivilegesPrivilegesTKU#uid M $#uidS
tkPrivilegesPrivilegesTKUAttributes M 2,HP-">"#,B,H,1A4#,)S
if (Ad.ustTokenPrivileges(hProcess(
*A#2,(
XtkPrivileges(
si0eof(T/:,1HP-">"#,B,2)(
13##(
13##) MM K ) V
$rintf(QCouldn&t elevate $rivilegeJnQ)S
$rintf(Q,rror+ [dJnQ( Bet#ast,rror())S
Close=andle(hProcess)S
e%it('I)S
Z
Close=andle(hProcess)S
returnS
Z <<end of ,levate()
<L This $rogram is known to work on Windows 1T C% or greater
This function takes no $arameter and return true if the /2 >ersion
is eAuivalent to 1T CW or greater " can foresee many $otential
users attem$ting to run it under Windows WP or Windows ?KK9 L<
4//#
>alidate/2(void) V
/2>,-2"/1"1*/ os>ersionS
FeroMemory(Xos>ersion( si0eof(/2>,-2"/1"1*/))S
os>ersiondw/2>ersion"nfo2i0e M si0eof(/2>,-2"/1"1*/)S
if (Bet>ersion,%(Xos>ersion) MM K) V
$rintf(Q"m$ossible to figure out /2 versionJnQ)S
$rintf(Q,rror+ [dJnQ( Bet#ast,rror())S
return *A#2,S
Z
if (os>ersiondwMa.or>ersion R C) V
$rintf(QThere is no "ntegrity #evel on this /2 >ersionJnQ)S
$rintf(QThere is no use for this $rogramJnQ)S
$rintf(Q-un it with 'h $arameter for additional informationJnQ)S
e%it('9)S
Z
return T-3,S
Z <<end of >alidate/2()
<< This one is self e%$lanatory and " refuse to document it
void Print=el$(char Lstr*ile1ame) V
const char L),2C-"PT"/1 M
QThis utility is meant to demonstrate the o$erationJnQ
Qof Mandatory Access Controls in Windows 1T C%JnJnQ
QJtR$olicyNJnQ
QJtJt - ' 1o'-ead'3$JnQ
QJtJt W ' 1o'Write'3$JnQ
QJtJt W ' 1o',%ecute'3$JnJnQ
QJtRlevelNJnQ
QJtJt # ' #ow "ntegrity #evelJnQ
QJtJt M ' Medium "ntegrity #evelJnQ
QJtJt = ' =igh "ntegrity #evelJnQ
QJtJt 2 ' 2ystem "ntegrity #evelJnJnQ
QJtRfile'$athNJnQ
QJtThe absolute $ath of the file that you&d likeJnQ
6C
Dclabs Mandatory Access Control on Microsoft Windows 12/2010
QJtto have it&s label changed(eg c+JJmyfolderJJmyfilee%t)JnJnQ
Q''''''''''''''''''''''''''''''''''''''''''''' JnQ
Q*or a brief introduction( read my article at+ JnQ
Qwwwdclabscombr JnQ
Q2uggestions or comments+ JnQ
Qarthur@grande'redecomJnQS
$rintf(QJnJt )clabs ' Windows Mandatory Access Control ),M/JnQ)S
$rintf(QJtJt =onestWorker( ?K6K'?K66 [sJnQ( >,-2"/1H"1*/)S
$rintf(QJtLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLJnQ)S
$rintf(Q32AB,+ [s R$olicyN RlevelN Rfile'$athNJnJnQ( str*ile1ame)S
$rintf(Q[sQ( ),2C-"PT"/1)S
returnS
Z <<end of Print=el$()
68