1.\" Copyright (c) 2001 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris 5.\" Costello at Safeport Network Services and NAI Labs, the Security 6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR 7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 8.\" research program. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 3. The name of the author may not be used to endorse or promote 19.\" products derived from this software without specific prior written 20.\" permission. 21.\" 22.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 23.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 26.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32.\" SUCH DAMAGE. 33.\" 34.\" $FreeBSD$ 35.Dd December 21, 2001 36.Dt MAC 3 37.Sh NAME 38.Nm mac 39.Nd introduction to the POSIX.1e MAC security API 40.Sh LIBRARY 41.Lb libc 42.Sh SYNOPSIS 43.In sys/mac.h 44.Pp 45In the kernel configuration file: 46.Cd "options MAC" 47.Sh DESCRIPTION 48.Fx 49permits administrators to define Mandatory Access Control labels 50defining levels for the privacy and integrity of data, 51overriding discretionary policies 52for those objects. 53Not all objects currently provide support for MAC labels, 54and MAC support must be explicitly enabled by the administrator. 55The library calls include routines to retrieve, duplicate, 56and set MAC labels associated with files and processes. 57.Pp 58POSIX.1e describes a set of MAC manipulation routines 59to manage the contents of MAC labels, 60as well as their relationships with 61files and processes; 62almost all of these support routines 63are implemented in 64.Fx . 65.Pp 66Available functions, sorted by behavior, include: 67.Bl -tag -width indent 68.It Fn mac_get_fd 69This function is described in 70.Xr mac_get 3 , 71and may be used to retrieve the 72MAC label associated with 73a specific file descriptor. 74.It Fn mac_get_file 75This function is described in 76.Xr mac_get 3 , 77and may be used to retrieve the 78MAC label associated with 79a named file. 80.It Fn mac_get_proc 81This function is described in 82.Xr mac_get 3 , 83and may be used to retrieve the 84MAC label associated with 85the calling process. 86.It Fn mac_set_fd 87This function is described in 88.Xr mac_set 3 , 89and may be used to set the 90MAC label associated with 91a specific file descriptor. 92.It Fn mac_set_file 93This function is described in 94.Xr mac_set 3 , 95and may be used to set the 96MAC label associated with 97a named file. 98.It Fn mac_set_proc 99This function is described in 100.Xr mac_set 3 , 101and may be used to set the 102MAC label associated with 103the calling process. 104.It Fn mac_free 105This function is described in 106.Xr mac_free 3 , 107and may be used to free 108userland working MAC label storage. 109.It Fn mac_from_text 110This function is described in 111.Xr mac_text 3 , 112and may be used to convert 113a text-form MAC label 114into a working 115.Vt mac_t . 116.It Fn mac_to_text 117This function is described in 118.Xr mac_text 3 , 119and may be used to convert a 120.Vt mac_t 121into a text-form MAC label. 122.El 123.Sh IMPLEMENTATION NOTES 124.Fx Ns 's 125support for POSIX.1e interfaces and features 126is still under development 127at this time. 128.Sh SEE ALSO 129.Xr mac_free 3 , 130.Xr mac_get 3 , 131.Xr mac_set 3 , 132.Xr mac_text 3 , 133.Xr mac 9 134.Sh STANDARDS 135POSIX.1e is described in IEEE POSIX.1e draft 17. 136Discussion of the draft 137continues on the cross-platform POSIX.1e implementation mailing list. 138To join this list, see the 139.Fx 140POSIX.1e implementation page 141for more information. 142