1.\" Copyright (c) 2002, 2003 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris 5.\" Costello at Safeport Network Services and Network Associates Labs, 6.\" the Security Research Division of Network Associates, Inc. under 7.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8.\" DARPA CHATS research program. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.Dd August 22, 2003 32.Dt MAC_PREPARE 3 33.Os 34.Sh NAME 35.Nm mac_prepare , mac_prepare_type , mac_prepare_file_label , 36.Nm mac_prepare_ifnet_label , mac_prepare_process_label 37.Nd allocate appropriate storage for 38.Vt mac_t 39.Sh SYNOPSIS 40.In sys/mac.h 41.Ft int 42.Fn mac_prepare "mac_t *mac" "const char *elements" 43.Ft int 44.Fn mac_prepare_type "mac_t *mac" "const char *name" 45.Ft int 46.Fn mac_prepare_file_label "mac_t *mac" 47.Ft int 48.Fn mac_prepare_ifnet_label "mac_t *mac" 49.Ft int 50.Fn mac_prepare_process_label "mac_t *mac" 51.Sh DESCRIPTION 52The 53.Nm 54family of functions allocates the appropriate amount of storage and initializes 55.Fa *mac 56for use by 57.Xr mac_get 3 . 58When the resulting label is passed into the 59.Xr mac_get 3 60functions, the kernel will attempt to fill in the label elements specified 61when the label was prepared. 62Elements are specified in a nul-terminated string, using commas to 63delimit fields. 64Element names may be prefixed with the 65.Ql \&? 66character to indicate that a failure by the kernel to retrieve that 67element should not be considered fatal. 68.Pp 69The 70.Fn mac_prepare 71function accepts a list of policy names as a parameter, and allocates the 72storage to fit those label elements accordingly. 73The remaining functions in the family make use of system defaults defined 74in 75.Xr mac.conf 5 76instead of an explicit 77.Va elements 78argument, deriving the default from the specified object type. 79.Pp 80.Fn mac_prepare_type 81allocates the storage to fit an object label of the type specified by 82the 83.Va name 84argument. 85The 86.Fn mac_prepare_file_label , 87.Fn mac_prepare_ifnet_label , 88and 89.Fn mac_prepare_process_label 90functions are equivalent to invocations of 91.Fn mac_prepare_type 92with arguments of 93.Qq file , 94.Qq ifnet , 95and 96.Qq process 97respectively. 98.Sh RETURN VALUES 99.Rv -std 100.Sh SEE ALSO 101.Xr mac 3 , 102.Xr mac_free 3 , 103.Xr mac_get 3 , 104.Xr mac_is_present 3 , 105.Xr mac_set 3 , 106.Xr mac 4 , 107.Xr mac.conf 5 , 108.Xr maclabel 7 109.Sh STANDARDS 110POSIX.1e is described in IEEE POSIX.1e draft 17. 111Discussion of the draft 112continues on the cross-platform POSIX.1e implementation mailing list. 113To join this list, see the 114.Fx 115POSIX.1e implementation page 116for more information. 117.Sh HISTORY 118Support for Mandatory Access Control was introduced in 119.Fx 5.0 120as part of the 121.Tn TrustedBSD 122Project. 123Support for generic object types first appeared in 124.Fx 5.2 . 125