TREE is one type of security label component that can be
used in a label-based access control (LBAC) security policy.
In the TREE type of component the elements are treated as if they
are arranged in a tree structure. When you specify an element that
is part of a component of type TREE you must also specify which other
element it is under. The one exception is the first element which
must be specified as being the ROOT of the tree. This allows you to
organize the elements in a tree structure.
Example: If the component mycomp is
defined this way:
CREATE SECURITY LABEL COMPONENT mycomp
TREE (
'Corporate' ROOT,
'Publishing' UNDER 'Corporate',
'Software' UNDER 'Corporate',
'Development' UNDER 'Software',
'Sales' UNDER 'Software',
'Support' UNDER 'Software'
'Business Sales' UNDER 'Sales'
'Home Sales' UNDER 'Sales'
)
Then the elements are treated as if they are organized
in a tree structure like this:
In a component of type TREE, the elements can have these types
of relationships to each other:
- Parent
- Element A is a parent of element B if element B is UNDER element
A.
Example: This diagram shows the
parent of the Business Sales element:
- Child
- Element A is a child of element B if element A is UNDER element
B.
Example: This diagram shows the children
of the Software element:
- Sibling
- Two elements are siblings of each other if they have the same
parent.
Example: This diagram shows
the siblings of the Development element:
- Ancestor
- Element A is an ancestor of element B if it is the parent of B,
or if it is the parent of the parent of B, and so on. The root element
is an ancestor of all other elements in the tree.
Example: This diagram shows the ancestors
of the Home Sales element:
- Descendent
- Element A is a descendent of element B if it is the child of B,
or if it is the child of a child of B, and so on.
Example: This diagram shows the descendents
of the Software element: