xref: /freebsd/lib/libc/posix1e/mac.3 (revision d97fcfce273eb3bc3984441c9e4bcbd5231fb1f5) 
1d97fcfceSRobert Watson.\" Copyright (c) 2001 Networks Associates Technology, Inc.
2d97fcfceSRobert Watson.\" All rights reserved.
3d97fcfceSRobert Watson.\"
4d97fcfceSRobert Watson.\" This software was developed for the FreeBSD Project by Chris
5d97fcfceSRobert Watson.\" Costello at Safeport Network Services and NAI Labs, the Security
6d97fcfceSRobert Watson.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7d97fcfceSRobert Watson.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
8d97fcfceSRobert Watson.\" research program.
9d97fcfceSRobert Watson.\"
10d97fcfceSRobert Watson.\" Redistribution and use in source and binary forms, with or without
11d97fcfceSRobert Watson.\" modification, are permitted provided that the following conditions
12d97fcfceSRobert Watson.\" are met:
13d97fcfceSRobert Watson.\" 1. Redistributions of source code must retain the above copyright
14d97fcfceSRobert Watson.\"    notice, this list of conditions and the following disclaimer.
15d97fcfceSRobert Watson.\" 2. Redistributions in binary form must reproduce the above copyright
16d97fcfceSRobert Watson.\"    notice, this list of conditions and the following disclaimer in the
17d97fcfceSRobert Watson.\"    documentation and/or other materials provided with the distribution.
18d97fcfceSRobert Watson.\" 3. The name of the author may not be used to endorse or promote
19d97fcfceSRobert Watson.\"    products derived from this software without specific prior written
20d97fcfceSRobert Watson.\"    permission.
21d97fcfceSRobert Watson.\"
22d97fcfceSRobert Watson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
23d97fcfceSRobert Watson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24d97fcfceSRobert Watson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25d97fcfceSRobert Watson.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
26d97fcfceSRobert Watson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27d97fcfceSRobert Watson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28d97fcfceSRobert Watson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29d97fcfceSRobert Watson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30d97fcfceSRobert Watson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31d97fcfceSRobert Watson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32d97fcfceSRobert Watson.\" SUCH DAMAGE.
33d97fcfceSRobert Watson.\"
34d97fcfceSRobert Watson.\" $FreeBSD$
35d97fcfceSRobert Watson.Dd December 21, 2001
36d97fcfceSRobert Watson.Dt MAC 3
37d97fcfceSRobert Watson.Sh NAME
38d97fcfceSRobert Watson.Nm mac
39d97fcfceSRobert Watson.Nd introduction to the POSIX.1e MAC security API
40d97fcfceSRobert Watson.Sh LIBRARY
41d97fcfceSRobert Watson.Lb libc
42d97fcfceSRobert Watson.Sh SYNOPSIS
43d97fcfceSRobert Watson.In sys/mac.h
44d97fcfceSRobert Watson.Pp
45d97fcfceSRobert WatsonIn the kernel configuration file:
46d97fcfceSRobert Watson.Cd "options MAC"
47d97fcfceSRobert Watson.Sh DESCRIPTION
48d97fcfceSRobert Watson.Fx
49d97fcfceSRobert Watsonpermits administrators to define Mandatory Access Control labels
50d97fcfceSRobert Watsondefining levels for the privacy and integrity of data,
51d97fcfceSRobert Watsonoverriding discretionary policies
52d97fcfceSRobert Watsonfor those objects.
53d97fcfceSRobert WatsonNot all objects currently provide support for MAC labels,
54d97fcfceSRobert Watsonand MAC support must be explicitly enabled by the administrator.
55d97fcfceSRobert WatsonThe library calls include routines to retrieve, duplicate,
56d97fcfceSRobert Watsonand set MAC labels associated with files and processes.
57d97fcfceSRobert Watson.Pp
58d97fcfceSRobert WatsonPOSIX.1e describes a set of MAC manipulation routines
59d97fcfceSRobert Watsonto manage the contents of MAC labels,
60d97fcfceSRobert Watsonas well as their relationships with
61d97fcfceSRobert Watsonfiles and processes;
62d97fcfceSRobert Watsonalmost all of these support routines
63d97fcfceSRobert Watsonare implemented in
64d97fcfceSRobert Watson.Fx .
65d97fcfceSRobert Watson.Pp
66d97fcfceSRobert WatsonAvailable functions, sorted by behavior, include:
67d97fcfceSRobert Watson.Bl -tag -width indent
68d97fcfceSRobert Watson.It Fn mac_get_fd
69d97fcfceSRobert WatsonThis function is described in
70d97fcfceSRobert Watson.Xr mac_get 3 ,
71d97fcfceSRobert Watsonand may be used to retrieve the
72d97fcfceSRobert WatsonMAC label associated with
73d97fcfceSRobert Watsona specific file descriptor.
74d97fcfceSRobert Watson.It Fn mac_get_file
75d97fcfceSRobert WatsonThis function is described in
76d97fcfceSRobert Watson.Xr mac_get 3 ,
77d97fcfceSRobert Watsonand may be used to retrieve the
78d97fcfceSRobert WatsonMAC label associated with
79d97fcfceSRobert Watsona named file.
80d97fcfceSRobert Watson.It Fn mac_get_proc
81d97fcfceSRobert WatsonThis function is described in
82d97fcfceSRobert Watson.Xr mac_get 3 ,
83d97fcfceSRobert Watsonand may be used to retrieve the
84d97fcfceSRobert WatsonMAC label associated with
85d97fcfceSRobert Watsonthe calling process.
86d97fcfceSRobert Watson.It Fn mac_set_fd
87d97fcfceSRobert WatsonThis function is described in
88d97fcfceSRobert Watson.Xr mac_set 3 ,
89d97fcfceSRobert Watsonand may be used to set the
90d97fcfceSRobert WatsonMAC label associated with
91d97fcfceSRobert Watsona specific file descriptor.
92d97fcfceSRobert Watson.It Fn mac_set_file
93d97fcfceSRobert WatsonThis function is described in
94d97fcfceSRobert Watson.Xr mac_set 3 ,
95d97fcfceSRobert Watsonand may be used to set the
96d97fcfceSRobert WatsonMAC label associated with
97d97fcfceSRobert Watsona named file.
98d97fcfceSRobert Watson.It Fn mac_set_proc
99d97fcfceSRobert WatsonThis function is described in
100d97fcfceSRobert Watson.Xr mac_set 3 ,
101d97fcfceSRobert Watsonand may be used to set the
102d97fcfceSRobert WatsonMAC label associated with
103d97fcfceSRobert Watsonthe calling process.
104d97fcfceSRobert Watson.It Fn mac_free
105d97fcfceSRobert WatsonThis function is described in
106d97fcfceSRobert Watson.Xr mac_free 3 ,
107d97fcfceSRobert Watsonand may be used to free
108d97fcfceSRobert Watsonuserland working MAC label storage.
109d97fcfceSRobert Watson.It Fn mac_from_text
110d97fcfceSRobert WatsonThis function is described in
111d97fcfceSRobert Watson.Xr mac_text 3 ,
112d97fcfceSRobert Watsonand may be used to convert
113d97fcfceSRobert Watsona text-form MAC label
114d97fcfceSRobert Watsoninto a working
115d97fcfceSRobert Watson.Vt mac_t .
116d97fcfceSRobert Watson.It Fn mac_to_text
117d97fcfceSRobert WatsonThis function is described in
118d97fcfceSRobert Watson.Xr mac_text 3 ,
119d97fcfceSRobert Watsonand may be used to convert a
120d97fcfceSRobert Watson.Vt mac_t
121d97fcfceSRobert Watsoninto a text-form MAC label.
122d97fcfceSRobert Watson.El
123d97fcfceSRobert Watson.Sh IMPLEMENTATION NOTES
124d97fcfceSRobert Watson.Fx Ns 's
125d97fcfceSRobert Watsonsupport for POSIX.1e interfaces and features
126d97fcfceSRobert Watsonis still under development
127d97fcfceSRobert Watsonat this time.
128d97fcfceSRobert Watson.Sh SEE ALSO
129d97fcfceSRobert Watson.Xr mac_free 3 ,
130d97fcfceSRobert Watson.Xr mac_get 3 ,
131d97fcfceSRobert Watson.Xr mac_set 3 ,
132d97fcfceSRobert Watson.Xr mac_text 3
133d97fcfceSRobert Watson.Sh STANDARDS
134d97fcfceSRobert WatsonPOSIX.1e is described in IEEE POSIX.1e draft 17.
135d97fcfceSRobert WatsonDiscussion of the draft
136d97fcfceSRobert Watsoncontinues on the cross-platform POSIX.1e implementation mailing list.
137d97fcfceSRobert WatsonTo join this list, see the
138d97fcfceSRobert Watson.Fx
139d97fcfceSRobert WatsonPOSIX.1e implementation page
140d97fcfceSRobert Watsonfor more information.
141