1.\" Copyright (c) 2001, 2004 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris 5.\" Costello at Safeport Network Services and NAI Labs, the Security 6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR 7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 8.\" research program. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.Dd December 21, 2001 32.Dt MAC_GET 3 33.Os 34.Sh NAME 35.Nm mac_get_file , 36.Nm mac_get_link , 37.Nm mac_get_fd , 38.Nm mac_get_peer , 39.Nm mac_get_pid , 40.Nm mac_get_proc 41.Nd get the label of a file, socket, socket peer or process 42.Sh LIBRARY 43.Lb libc 44.Sh SYNOPSIS 45.In sys/mac.h 46.Ft int 47.Fn mac_get_file "const char *path" "mac_t label" 48.Ft int 49.Fn mac_get_link "const char *path" "mac_t label" 50.Ft int 51.Fn mac_get_fd "int fd" "mac_t label" 52.Ft int 53.Fn mac_get_peer "int fd" "mac_t label" 54.Ft int 55.Fn mac_get_pid "pid_t pid" "mac_t label" 56.Ft int 57.Fn mac_get_proc "mac_t label" 58.Sh DESCRIPTION 59The 60.Fn mac_get_file 61system call returns the label associated with a file specified by 62pathname. 63The 64.Fn mac_get_link 65function is the same as 66.Fn mac_get_file , 67except that it does not follow symlinks. 68.Pp 69The 70.Fn mac_get_fd 71system call returns the label associated with an object referenced by 72the specified file descriptor. 73Note that in the case of a file system socket, the label returned will 74be the socket label, which may be different from the label of the 75on-disk node acting as a rendezvous for the socket. 76The 77.Fn mac_get_peer 78system call returns the label associated with the remote endpoint of 79a socket; the exact semantics of this call will depend on the protocol 80domain, communications type, and endpoint; typically this label will 81be cached when a connection-oriented protocol instance is first set up, 82and is undefined for datagram protocols. 83.Pp 84The 85.Fn mac_get_pid 86and 87.Fn mac_get_proc 88system calls return the process label associated with an arbitrary 89process ID, or the current process. 90.Pp 91Label storage for use with these calls must first be allocated and 92prepared using the 93.Xr mac_prepare 3 94functions. 95When an application is done using a label, the memory may be returned 96using 97.Xr mac_free 3 . 98.Sh ERRORS 99.Bl -tag -width Er 100.It Bq Er EACCES 101A component of 102.Fa path 103is not searchable, 104or MAC read access to the file 105is denied. 106.It Bq Er EINVAL 107The requested label operation is not valid for the object referenced by 108.Fa fd . 109.It Bq Er ENAMETOOLONG 110The pathname pointed to by 111.Fa path 112exceeds 113.Dv PATH_MAX , 114or a component of the pathname exceeds 115.Dv NAME_MAX . 116.It Bq Er ENOENT 117A component of 118.Fa path 119does not exist. 120.It Bq Er ENOMEM 121Insufficient memory is available 122to allocate a new MAC label structure. 123.It Bq Er ENOTDIR 124A component of 125.Fa path 126is not a directory. 127.El 128.Sh SEE ALSO 129.Xr mac 3 , 130.Xr mac_free 3 , 131.Xr mac_prepare 3 , 132.Xr mac_set 3 , 133.Xr mac_text 3 , 134.Xr posix1e 3 , 135.Xr mac 4 , 136.Xr mac 9 137.Sh STANDARDS 138POSIX.1e is described in IEEE POSIX.1e draft 17. 139Discussion of the draft 140continues on the cross-platform POSIX.1e implementation mailing list. 141To join this list, see the 142.Fx 143POSIX.1e implementation page 144for more information. 145.Sh HISTORY 146Support for Mandatory Access Control was introduced in 147.Fx 5.0 148as part of the 149.Tn TrustedBSD 150Project. 151