Figure 7-1
This process flow diagram describes how labels are evaluated for LABEL_UPDATE. There are several successive tests by which a label can be evaluated:
Test 1: Is the new data level less than the old level? If yes, proceed to Test 2. If no, proceed to Test 3.
Test 2: Does the user have WRITEDOWN privilege? If yes, proceed to Test 4. If no, access is denied.
Test 3: Is the new level greater than the old level? If yes, proceed to Test 5. If no, proceed to Test 6.
Test 4: Is the new level equal to or less than the maximum level, and equal to or greater than the minimum level?
If yes, proceed to Test 6. If no, access is denied.
Test 5: Does the user have WRITEUP privilege? If yes, go to Test 4. If no, access is denied.
Test 6: Are the new groups not equal to the old groups? If yes, proceed to Test 7. If no, proceed to Test 8.
Test 7: Does the user have WRITEACROSS privilege? If yes, access is granted. If no, access is denied.
Test 8: Are the new compartments not equal to the old compartments? If yes, go to Test 7. If no, access is granted.