xref: /freebsd/lib/libc/posix1e/mac_get.3 (revision 0b294a386d34f6584848ed52407687df7ae59861)
1.\" Copyright (c) 2001, 2004 Networks Associates Technology, Inc.
2.\" All rights reserved.
3.\"
4.\" This software was developed for the FreeBSD Project by Chris
5.\" Costello at Safeport Network Services and NAI Labs, the Security
6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
8.\" research program.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.Dd December 21, 2001
32.Dt MAC_GET 3
33.Os
34.Sh NAME
35.Nm mac_get_file ,
36.Nm mac_get_link ,
37.Nm mac_get_fd ,
38.Nm mac_get_peer ,
39.Nm mac_get_pid ,
40.Nm mac_get_proc
41.Nd get the label of a file, socket, socket peer or process
42.Sh LIBRARY
43.Lb libc
44.Sh SYNOPSIS
45.In sys/mac.h
46.Ft int
47.Fn mac_get_file "const char *path" "mac_t label"
48.Ft int
49.Fn mac_get_link "const char *path" "mac_t label"
50.Ft int
51.Fn mac_get_fd "int fd" "mac_t label"
52.Ft int
53.Fn mac_get_peer "int fd" "mac_t label"
54.Ft int
55.Fn mac_get_pid "pid_t pid" "mac_t label"
56.Ft int
57.Fn mac_get_proc "mac_t label"
58.Sh DESCRIPTION
59The
60.Fn mac_get_file
61system call returns the label associated with a file specified by
62pathname.
63The
64.Fn mac_get_link
65function is the same as
66.Fn mac_get_file ,
67except that it does not follow symlinks.
68.Pp
69The
70.Fn mac_get_fd
71system call returns the label associated with an object referenced by
72the specified file descriptor.
73Note that in the case of a file system socket, the label returned will
74be the socket label, which may be different from the label of the
75on-disk node acting as a rendezvous for the socket.
76The
77.Fn mac_get_peer
78system call returns the label associated with the remote endpoint of
79a socket; the exact semantics of this call will depend on the protocol
80domain, communications type, and endpoint; typically this label will
81be cached when a connection-oriented protocol instance is first set up,
82and is undefined for datagram protocols.
83.Pp
84The
85.Fn mac_get_pid
86and
87.Fn mac_get_proc
88system calls return the process label associated with an arbitrary
89process ID, or the current process.
90.Pp
91Label storage for use with these calls must first be allocated and
92prepared using the
93.Xr mac_prepare 3
94functions.
95When an application is done using a label, the memory may be returned
96using
97.Xr mac_free 3 .
98.Sh ERRORS
99.Bl -tag -width Er
100.It Bq Er EACCES
101A component of
102.Fa path
103is not searchable,
104or MAC read access to the file
105is denied.
106.It Bq Er EINVAL
107The requested label operation is not valid for the object referenced by
108.Fa fd .
109.It Bq Er ENAMETOOLONG
110The pathname pointed to by
111.Fa path
112exceeds
113.Dv PATH_MAX ,
114or a component of the pathname exceeds
115.Dv NAME_MAX .
116.It Bq Er ENOENT
117A component of
118.Fa path
119does not exist.
120.It Bq Er ENOMEM
121Insufficient memory is available
122to allocate a new MAC label structure.
123.It Bq Er ENOTDIR
124A component of
125.Fa path
126is not a directory.
127.El
128.Sh SEE ALSO
129.Xr mac 3 ,
130.Xr mac_free 3 ,
131.Xr mac_prepare 3 ,
132.Xr mac_set 3 ,
133.Xr mac_text 3 ,
134.Xr posix1e 3 ,
135.Xr mac 4 ,
136.Xr mac 9
137.Sh STANDARDS
138POSIX.1e is described in IEEE POSIX.1e draft 17.
139Discussion of the draft
140continues on the cross-platform POSIX.1e implementation mailing list.
141To join this list, see the
142.Fx
143POSIX.1e implementation page
144for more information.
145.Sh HISTORY
146Support for Mandatory Access Control was introduced in
147.Fx 5.0
148as part of the
149.Tn TrustedBSD
150Project.
151