xref: /freebsd/lib/libc/posix1e/mac_get.3 (revision 2357939bc239bd5334a169b62313806178dd8f30) 
1.\" Copyright (c) 2001 Networks Associates Technology, Inc.
2.\" All rights reserved.
3.\"
4.\" This software was developed for the FreeBSD Project by Chris
5.\" Costello at Safeport Network Services and NAI Labs, the Security
6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
8.\" research program.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.\" $FreeBSD$
32.\"
33.Dd December 21, 2001
34.Dt MAC_GET 3
35.Os
36.Sh NAME
37.Nm mac_get_file ,
38.Nm mac_get_fd ,
39.Nm mac_get_proc
40.Nd get the label of a file, socket, socket peer or process
41.Sh LIBRARY
42.Lb libc
43.Sh SYNOPSIS
44.In sys/mac.h
45.Ft int
46.Fn mac_get_file "const char *path" "mac_t label"
47.Ft int
48.Fn mac_get_fd "int fd" "mac_t label"
49.Ft int
50.Fn mac_get_peer "int fd" "mac_t label"
51.Ft int
52.Fn mac_get_pid "pid_t pid" "mac_t label"
53.Ft int
54.Fn mac_get_proc "mac_t label"
55.Sh DESCRIPTION
56The
57.Fn mac_get_file
58system call returns the label associated with a file specified by
59pathname.
60.Pp
61The
62.Fn mac_get_fd
63system call returns the label associated with an object referenced by
64the specified file descriptor.
65Note that in the case of a file system socket, the label returned will
66be the socket label, which may be different from the label of the
67on-disk node acting as a rendezvous for the socket.
68The
69.Fn mac_get_peer
70system call returns the label associated with the remote endpoint of
71a socket; the exact semantics of this call will depend on the protocol
72domain, communications type, and endpoint; typically this label will
73be cached when a connection-oriented protocol instance is first set up,
74and is undefined for datagram protocols.
75.Pp
76The
77.Fn mac_get_pid
78and
79.Fn mac_get_proc
80system calls return the process label associated with an arbitrary
81process id, or the current process.
82.Pp
83Label storage for use with these calls must first be allocated and
84prepared using the
85.Xr mac_prepare 3
86functions.
87When an application is done using a label, the memory may be returned
88using
89.Xr mac_free 3 .
90.Sh ERRORS
91.Bl -tag -width Er
92.It Bq Er EACCES
93A component of
94.Fa path
95is not searchable,
96or MAC read access to the file
97is denied.
98.It Bq Er EINVAL
99The requested label operation is not valid for the object referenced by
100.Fa fd .
101.It Bq Er ENAMETOOLONG
102The pathname pointed to by
103.Fa path
104exceeds
105.Dv PATH_MAX ,
106or a component of the pathname exceeds
107.Dv NAME_MAX .
108.It Bq Er ENOENT
109A component of
110.Fa path
111does not exist.
112.It Bq Er ENOMEM
113Insufficient memory is available
114to allocate a new MAC label structure.
115.It Bq Er ENOTDIR
116A component of
117.Fa path
118is not a directory.
119.El
120.Sh SEE ALSO
121.Xr mac 3 ,
122.Xr mac_free 3 ,
123.Xr mac_prepare 3 ,
124.Xr mac_set 3 ,
125.Xr mac_text 3 ,
126.Xr mac 4 ,
127.Xr mac 9
128.Sh STANDARDS
129POSIX.1e is described in IEEE POSIX.1e draft 17.
130Discussion of the draft
131continues on the cross-platform POSIX.1e implementation mailing list.
132To join this list, see the
133.Fx
134POSIX.1e implementation page
135for more information.
136.Sh HISTORY
137Support for Mandatory Access Control was introduced in
138.Fx 5.0
139as part of the
140.Tn TrustedBSD
141Project.
142