xref: /freebsd/lib/libc/posix1e/mac_get.3 (revision b653faaa19c47a4a7e488e5ead738b7ae44ffe8b) 
1804613dcSRobert Watson.\" Copyright (c) 2001, 2004 Networks Associates Technology, Inc.
2d97fcfceSRobert Watson.\" All rights reserved.
3d97fcfceSRobert Watson.\"
4d97fcfceSRobert Watson.\" This software was developed for the FreeBSD Project by Chris
5d97fcfceSRobert Watson.\" Costello at Safeport Network Services and NAI Labs, the Security
6d97fcfceSRobert Watson.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7d97fcfceSRobert Watson.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
8d97fcfceSRobert Watson.\" research program.
9d97fcfceSRobert Watson.\"
10d97fcfceSRobert Watson.\" Redistribution and use in source and binary forms, with or without
11d97fcfceSRobert Watson.\" modification, are permitted provided that the following conditions
12d97fcfceSRobert Watson.\" are met:
13d97fcfceSRobert Watson.\" 1. Redistributions of source code must retain the above copyright
14d97fcfceSRobert Watson.\"    notice, this list of conditions and the following disclaimer.
15d97fcfceSRobert Watson.\" 2. Redistributions in binary form must reproduce the above copyright
16d97fcfceSRobert Watson.\"    notice, this list of conditions and the following disclaimer in the
17d97fcfceSRobert Watson.\"    documentation and/or other materials provided with the distribution.
18d97fcfceSRobert Watson.\"
19d97fcfceSRobert Watson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20d97fcfceSRobert Watson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21d97fcfceSRobert Watson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22d97fcfceSRobert Watson.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23d97fcfceSRobert Watson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24d97fcfceSRobert Watson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25d97fcfceSRobert Watson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26d97fcfceSRobert Watson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27d97fcfceSRobert Watson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28d97fcfceSRobert Watson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29d97fcfceSRobert Watson.\" SUCH DAMAGE.
30d97fcfceSRobert Watson.\"
31*b653faaaSDag-Erling Smørgrav.Dd September 21, 2023
32d97fcfceSRobert Watson.Dt MAC_GET 3
33051bb54bSRuslan Ermilov.Os
34d97fcfceSRobert Watson.Sh NAME
35d97fcfceSRobert Watson.Nm mac_get_file ,
36804613dcSRobert Watson.Nm mac_get_link ,
37d97fcfceSRobert Watson.Nm mac_get_fd ,
3833992dc0SRuslan Ermilov.Nm mac_get_peer ,
3933992dc0SRuslan Ermilov.Nm mac_get_pid ,
40d97fcfceSRobert Watson.Nm mac_get_proc
41d97fcfceSRobert Watson.Nd get the label of a file, socket, socket peer or process
423b296920SRuslan Ermilov.Sh LIBRARY
433b296920SRuslan Ermilov.Lb libc
44d97fcfceSRobert Watson.Sh SYNOPSIS
45d97fcfceSRobert Watson.In sys/mac.h
4676a829fdSChris Costello.Ft int
4776a829fdSChris Costello.Fn mac_get_file "const char *path" "mac_t label"
4876a829fdSChris Costello.Ft int
49804613dcSRobert Watson.Fn mac_get_link "const char *path" "mac_t label"
50804613dcSRobert Watson.Ft int
5176a829fdSChris Costello.Fn mac_get_fd "int fd" "mac_t label"
5276a829fdSChris Costello.Ft int
53920325eeSRobert Watson.Fn mac_get_peer "int fd" "mac_t label"
54920325eeSRobert Watson.Ft int
5576a829fdSChris Costello.Fn mac_get_pid "pid_t pid" "mac_t label"
5676a829fdSChris Costello.Ft int
5776a829fdSChris Costello.Fn mac_get_proc "mac_t label"
58d97fcfceSRobert Watson.Sh DESCRIPTION
59d97fcfceSRobert WatsonThe
60d97fcfceSRobert Watson.Fn mac_get_file
61920325eeSRobert Watsonsystem call returns the label associated with a file specified by
62920325eeSRobert Watsonpathname.
63804613dcSRobert WatsonThe
64804613dcSRobert Watson.Fn mac_get_link
65804613dcSRobert Watsonfunction is the same as
66804613dcSRobert Watson.Fn mac_get_file ,
67804613dcSRobert Watsonexcept that it does not follow symlinks.
6876a829fdSChris Costello.Pp
69d97fcfceSRobert WatsonThe
70920325eeSRobert Watson.Fn mac_get_fd
71920325eeSRobert Watsonsystem call returns the label associated with an object referenced by
72920325eeSRobert Watsonthe specified file descriptor.
73920325eeSRobert WatsonNote that in the case of a file system socket, the label returned will
74920325eeSRobert Watsonbe the socket label, which may be different from the label of the
75920325eeSRobert Watsonon-disk node acting as a rendezvous for the socket.
76920325eeSRobert WatsonThe
77920325eeSRobert Watson.Fn mac_get_peer
78920325eeSRobert Watsonsystem call returns the label associated with the remote endpoint of
79920325eeSRobert Watsona socket; the exact semantics of this call will depend on the protocol
80920325eeSRobert Watsondomain, communications type, and endpoint; typically this label will
81920325eeSRobert Watsonbe cached when a connection-oriented protocol instance is first set up,
82920325eeSRobert Watsonand is undefined for datagram protocols.
83920325eeSRobert Watson.Pp
84920325eeSRobert WatsonThe
8576a829fdSChris Costello.Fn mac_get_pid
86920325eeSRobert Watsonand
87920325eeSRobert Watson.Fn mac_get_proc
88920325eeSRobert Watsonsystem calls return the process label associated with an arbitrary
8933992dc0SRuslan Ermilovprocess ID, or the current process.
90920325eeSRobert Watson.Pp
91920325eeSRobert WatsonLabel storage for use with these calls must first be allocated and
92920325eeSRobert Watsonprepared using the
93920325eeSRobert Watson.Xr mac_prepare 3
94920325eeSRobert Watsonfunctions.
95920325eeSRobert WatsonWhen an application is done using a label, the memory may be returned
96920325eeSRobert Watsonusing
97920325eeSRobert Watson.Xr mac_free 3 .
98d97fcfceSRobert Watson.Sh ERRORS
99d97fcfceSRobert Watson.Bl -tag -width Er
100d97fcfceSRobert Watson.It Bq Er EACCES
101d97fcfceSRobert WatsonA component of
10276a829fdSChris Costello.Fa path
103d97fcfceSRobert Watsonis not searchable,
104d97fcfceSRobert Watsonor MAC read access to the file
105d97fcfceSRobert Watsonis denied.
106920325eeSRobert Watson.It Bq Er EINVAL
107920325eeSRobert WatsonThe requested label operation is not valid for the object referenced by
108920325eeSRobert Watson.Fa fd .
109d97fcfceSRobert Watson.It Bq Er ENAMETOOLONG
110d97fcfceSRobert WatsonThe pathname pointed to by
11176a829fdSChris Costello.Fa path
112d97fcfceSRobert Watsonexceeds
113d97fcfceSRobert Watson.Dv PATH_MAX ,
114d97fcfceSRobert Watsonor a component of the pathname exceeds
115d97fcfceSRobert Watson.Dv NAME_MAX .
116d97fcfceSRobert Watson.It Bq Er ENOENT
117d97fcfceSRobert WatsonA component of
11876a829fdSChris Costello.Fa path
119d97fcfceSRobert Watsondoes not exist.
120d97fcfceSRobert Watson.It Bq Er ENOMEM
121d97fcfceSRobert WatsonInsufficient memory is available
122d97fcfceSRobert Watsonto allocate a new MAC label structure.
123d97fcfceSRobert Watson.It Bq Er ENOTDIR
124d97fcfceSRobert WatsonA component of
12576a829fdSChris Costello.Fa path
126d97fcfceSRobert Watsonis not a directory.
127d97fcfceSRobert Watson.El
128d97fcfceSRobert Watson.Sh SEE ALSO
129d97fcfceSRobert Watson.Xr mac 3 ,
130d97fcfceSRobert Watson.Xr mac_free 3 ,
13176a829fdSChris Costello.Xr mac_prepare 3 ,
1323b296920SRuslan Ermilov.Xr mac_set 3 ,
133a1de21c1SRuslan Ermilov.Xr mac_text 3 ,
1343a67af38SRobert Watson.Xr posix1e 3 ,
1358f8690e7SChris Costello.Xr mac 4 ,
13676a829fdSChris Costello.Xr mac 9
137d97fcfceSRobert Watson.Sh STANDARDS
138d97fcfceSRobert WatsonPOSIX.1e is described in IEEE POSIX.1e draft 17.
13909a7f448SRobert Watson.Sh HISTORY
14009a7f448SRobert WatsonSupport for Mandatory Access Control was introduced in
14109a7f448SRobert Watson.Fx 5.0
14209a7f448SRobert Watsonas part of the
14309a7f448SRobert Watson.Tn TrustedBSD
14409a7f448SRobert WatsonProject.
145