xref: /freebsd/lib/libc/posix1e/mac_prepare.3 (revision 7ef62cebc2f965b0f640263e179276928885e33d)
1.\" Copyright (c) 2002, 2003 Networks Associates Technology, Inc.
2.\" All rights reserved.
3.\"
4.\" This software was developed for the FreeBSD Project by Chris
5.\" Costello at Safeport Network Services and Network Associates Labs,
6.\" the Security Research Division of Network Associates, Inc. under
7.\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
8.\" DARPA CHATS research program.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.\" $FreeBSD$
32.\"
33.Dd August 22, 2003
34.Dt MAC_PREPARE 3
35.Os
36.Sh NAME
37.Nm mac_prepare , mac_prepare_type , mac_prepare_file_label ,
38.Nm mac_prepare_ifnet_label , mac_prepare_process_label
39.Nd allocate appropriate storage for
40.Vt mac_t
41.Sh SYNOPSIS
42.In sys/mac.h
43.Ft int
44.Fn mac_prepare "mac_t *mac" "const char *elements"
45.Ft int
46.Fn mac_prepare_type "mac_t *mac" "const char *name"
47.Ft int
48.Fn mac_prepare_file_label "mac_t *mac"
49.Ft int
50.Fn mac_prepare_ifnet_label "mac_t *mac"
51.Ft int
52.Fn mac_prepare_process_label "mac_t *mac"
53.Sh DESCRIPTION
54The
55.Nm
56family of functions allocates the appropriate amount of storage and initializes
57.Fa *mac
58for use by
59.Xr mac_get 3 .
60When the resulting label is passed into the
61.Xr mac_get 3
62functions, the kernel will attempt to fill in the label elements specified
63when the label was prepared.
64Elements are specified in a nul-terminated string, using commas to
65delimit fields.
66Element names may be prefixed with the
67.Ql \&?
68character to indicate that a failure by the kernel to retrieve that
69element should not be considered fatal.
70.Pp
71The
72.Fn mac_prepare
73function accepts a list of policy names as a parameter, and allocates the
74storage to fit those label elements accordingly.
75The remaining functions in the family make use of system defaults defined
76in
77.Xr mac.conf 5
78instead of an explicit
79.Va elements
80argument, deriving the default from the specified object type.
81.Pp
82.Fn mac_prepare_type
83allocates the storage to fit an object label of the type specified by
84the
85.Va name
86argument.
87The
88.Fn mac_prepare_file_label ,
89.Fn mac_prepare_ifnet_label ,
90and
91.Fn mac_prepare_process_label
92functions are equivalent to invocations of
93.Fn mac_prepare_type
94with arguments of
95.Qq file ,
96.Qq ifnet ,
97and
98.Qq process
99respectively.
100.Sh RETURN VALUES
101.Rv -std
102.Sh SEE ALSO
103.Xr mac 3 ,
104.Xr mac_free 3 ,
105.Xr mac_get 3 ,
106.Xr mac_is_present 3 ,
107.Xr mac_set 3 ,
108.Xr mac 4 ,
109.Xr mac.conf 5 ,
110.Xr maclabel 7
111.Sh STANDARDS
112POSIX.1e is described in IEEE POSIX.1e draft 17.
113Discussion of the draft
114continues on the cross-platform POSIX.1e implementation mailing list.
115To join this list, see the
116.Fx
117POSIX.1e implementation page
118for more information.
119.Sh HISTORY
120Support for Mandatory Access Control was introduced in
121.Fx 5.0
122as part of the
123.Tn TrustedBSD
124Project.
125Support for generic object types first appeared in
126.Fx 5.2 .
127