| mac_get.3 (cbd59a4f658ff44ebe2aab164cc6f830f8dfcd62) | mac_get.3 (d97fcfce273eb3bc3984441c9e4bcbd5231fb1f5) |
|---|---|
| 1.\" Copyright (c) 2001, 2004 Networks Associates Technology, Inc. | 1.\" Copyright (c) 2001 Networks Associates Technology, Inc. |
| 2.\" All rights reserved. | 2.\" All rights reserved. |
| 3.\" | 3.\" |
| 4.\" This software was developed for the FreeBSD Project by Chris 5.\" Costello at Safeport Network Services and NAI Labs, the Security 6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR 7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 8.\" research program. | 4.\" This software was developed for the FreeBSD Project by Chris 5.\" Costello at Safeport Network Services and NAI Labs, the Security 6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR 7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 8.\" research program. |
| 9.\" | 9.\" |
| 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. | 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. |
| 18.\" | 18.\" 3. The name of the author may not be used to endorse or promote 19.\" products derived from this software without specific prior written 20.\" permission. 21.\" |
| 19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. | 22.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. |
| 30.\" | 33.\" |
| 31.\" $FreeBSD$ | 34.\" $FreeBSD$ |
| 32.\" | |
| 33.Dd December 21, 2001 34.Dt MAC_GET 3 | 35.Dd December 21, 2001 36.Dt MAC_GET 3 |
| 35.Os | |
| 36.Sh NAME 37.Nm mac_get_file , | 37.Sh NAME 38.Nm mac_get_file , |
| 38.Nm mac_get_link , | |
| 39.Nm mac_get_fd , | 39.Nm mac_get_fd , |
| 40.Nm mac_get_peer , 41.Nm mac_get_pid , | |
| 42.Nm mac_get_proc 43.Nd get the label of a file, socket, socket peer or process | 40.Nm mac_get_proc 41.Nd get the label of a file, socket, socket peer or process |
| 44.Sh LIBRARY 45.Lb libc | |
| 46.Sh SYNOPSIS 47.In sys/mac.h | 42.Sh SYNOPSIS 43.In sys/mac.h |
| 48.Ft int 49.Fn mac_get_file "const char *path" "mac_t label" 50.Ft int 51.Fn mac_get_link "const char *path" "mac_t label" 52.Ft int 53.Fn mac_get_fd "int fd" "mac_t label" 54.Ft int 55.Fn mac_get_peer "int fd" "mac_t label" 56.Ft int 57.Fn mac_get_pid "pid_t pid" "mac_t label" 58.Ft int 59.Fn mac_get_proc "mac_t label" | 44.Ft mac_t 45.Fn mac_get_file "const char *path_p" 46.Ft mac_t 47.Fn mac_get_fd "int fd" 48.Ft mac_t 49.Fn mac_get_proc |
| 60.Sh DESCRIPTION 61The 62.Fn mac_get_file | 50.Sh DESCRIPTION 51The 52.Fn mac_get_file |
| 63system call returns the label associated with a file specified by 64pathname. 65The 66.Fn mac_get_link 67function is the same as 68.Fn mac_get_file , 69except that it does not follow symlinks. 70.Pp 71The | 53and |
| 72.Fn mac_get_fd | 54.Fn mac_get_fd |
| 73system call returns the label associated with an object referenced by 74the specified file descriptor. 75Note that in the case of a file system socket, the label returned will 76be the socket label, which may be different from the label of the 77on-disk node acting as a rendezvous for the socket. | 55functions return the MAC label associated 56with the file referenced by 57the pathname pointed to by 58.Fa path_p 59or the file descriptor specified by 60.Fa fd , 61respectively. Note this function will 62fail on socket descriptors. For information on 63getting MAC labels on socket descriptors see 64.Xr getsockopt 2 . |
| 78The | 65The |
| 79.Fn mac_get_peer 80system call returns the label associated with the remote endpoint of 81a socket; the exact semantics of this call will depend on the protocol 82domain, communications type, and endpoint; typically this label will 83be cached when a connection-oriented protocol instance is first set up, 84and is undefined for datagram protocols. 85.Pp 86The 87.Fn mac_get_pid 88and | |
| 89.Fn mac_get_proc | 66.Fn mac_get_proc |
| 90system calls return the process label associated with an arbitrary 91process ID, or the current process. 92.Pp 93Label storage for use with these calls must first be allocated and 94prepared using the 95.Xr mac_prepare 3 96functions. 97When an application is done using a label, the memory may be returned 98using 99.Xr mac_free 3 . | 67function returns a MAC label associated 68with the requesting process. |
| 100.Sh ERRORS 101.Bl -tag -width Er 102.It Bq Er EACCES 103A component of | 69.Sh ERRORS 70.Bl -tag -width Er 71.It Bq Er EACCES 72A component of |
| 104.Fa path | 73.Fa path_p |
| 105is not searchable, 106or MAC read access to the file 107is denied. | 74is not searchable, 75or MAC read access to the file 76is denied. |
| 108.It Bq Er EINVAL 109The requested label operation is not valid for the object referenced by 110.Fa fd . | |
| 111.It Bq Er ENAMETOOLONG 112The pathname pointed to by | 77.It Bq Er ENAMETOOLONG 78The pathname pointed to by |
| 113.Fa path | 79.Fa path_p |
| 114exceeds 115.Dv PATH_MAX , 116or a component of the pathname exceeds 117.Dv NAME_MAX . 118.It Bq Er ENOENT 119A component of | 80exceeds 81.Dv PATH_MAX , 82or a component of the pathname exceeds 83.Dv NAME_MAX . 84.It Bq Er ENOENT 85A component of |
| 120.Fa path | 86.Fa path_p |
| 121does not exist. 122.It Bq Er ENOMEM 123Insufficient memory is available 124to allocate a new MAC label structure. 125.It Bq Er ENOTDIR 126A component of | 87does not exist. 88.It Bq Er ENOMEM 89Insufficient memory is available 90to allocate a new MAC label structure. 91.It Bq Er ENOTDIR 92A component of |
| 127.Fa path | 93.Fa path_p |
| 128is not a directory. 129.El 130.Sh SEE ALSO 131.Xr mac 3 , 132.Xr mac_free 3 , | 94is not a directory. 95.El 96.Sh SEE ALSO 97.Xr mac 3 , 98.Xr mac_free 3 , |
| 133.Xr mac_prepare 3 , 134.Xr mac_set 3 , | |
| 135.Xr mac_text 3 , | 99.Xr mac_text 3 , |
| 136.Xr posix1e 3 , 137.Xr mac 4 , 138.Xr mac 9 | 100.Xr mac_set 3 |
| 139.Sh STANDARDS 140POSIX.1e is described in IEEE POSIX.1e draft 17. 141Discussion of the draft 142continues on the cross-platform POSIX.1e implementation mailing list. 143To join this list, see the 144.Fx 145POSIX.1e implementation page 146for more information. | 101.Sh STANDARDS 102POSIX.1e is described in IEEE POSIX.1e draft 17. 103Discussion of the draft 104continues on the cross-platform POSIX.1e implementation mailing list. 105To join this list, see the 106.Fx 107POSIX.1e implementation page 108for more information. |
| 147.Sh HISTORY 148Support for Mandatory Access Control was introduced in 149.Fx 5.0 150as part of the 151.Tn TrustedBSD 152Project. | |