1.\" Copyright (c) 2003 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris 5.\" Costello at Safeport Network Services and Network Associates 6.\" Laboratories, the Security Research Division of Network Associates, 7.\" Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part 8.\" of the DARPA CHATS research program. 9.\" 10.\" Redistribution and use in source and binary forms, with or without 11.\" modification, are permitted provided that the following conditions 12.\" are met: 13.\" 1. Redistributions of source code must retain the above copyright 14.\" notice, this list of conditions and the following disclaimer. 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in the 17.\" documentation and/or other materials provided with the distribution. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" $FreeBSD$ 32.\" 33.Dd January 5, 2003 34.Os 35.Dt LIBUGIDFW 3 36.Sh NAME 37.Nm libugidfw 38.Nd "library interface to the file system firewall MAC policy" 39.Sh LIBRARY 40.Lb libugidfw 41.Sh SYNOPSIS 42.In ugidfw.h 43.Sh DESCRIPTION 44The 45.Nm 46library routines provide an interface to the 47.Xr mac_bsdextended 4 48file system firewall MAC policy. 49.Pp 50The 51.Nm 52library defines the following functions: 53.Bl -tag -width ".Fn bsde_parse_rule_string" 54.It Fn bsde_rule_to_string 55Converts the internal representation of a rule 56.Pq Vt "struct mac_bsdextended_rule" 57into its text representation; 58see 59.Xr bsde_rule_to_string 3 . 60.It Fn bsde_parse_identity 61Parses the identity of a subject or object; 62see 63.Xr bsde_parse_identity 3 . 64.It Fn bsde_parse_mode 65Parses the access mode for a ugidfw rule; 66see 67.Xr bsde_parse_mode 3 . 68.It Fn bsde_parse_rule 69Parses an entire rule 70(in argument array form); 71see 72.Xr bsde_parse_rule 3 . 73.It Fn bsde_parse_rule_string 74Parses an entire rule string; 75see 76.Xr bsde_parse_rule_string 3 . 77.It Fn bsde_get_rule_count 78Returns the total number of ugidfw rules being enforced in the system; 79see 80.Xr bsde_get_rule_count 3 . 81.It Fn bsde_get_rule_slots 82Returns the total number of used rule slots; 83see 84.Xr bsde_get_rule_slots 3 . 85.It Fn bsde_get_rule 86Returns a rule by its rule number; 87see 88.Xr bsde_get_rule 3 . 89.It Fn bsde_delete_rule 90Deletes a rule by its rule number; 91see 92.Xr bsde_delete_rule 3 . 93.It Fn bsde_set_rule 94Uploads the rule to the 95.Xr mac_bsdextended 4 96module and applies it; 97see 98.Xr bsde_set_rule 3 . 99.It Fn bsde_add_rule 100Upload the rule to the module, automatically selecting the next available 101rule number; see 102.Xr bsde_add_rule 3 . 103.El 104.Sh SEE ALSO 105.Xr bsde_delete_rule 3 , 106.Xr bsde_get_rule 3 , 107.Xr bsde_get_rule_count 3 , 108.Xr bsde_get_rule_slots 3 , 109.Xr bsde_parse_identity 3 , 110.Xr bsde_parse_mode 3 , 111.Xr bsde_parse_rule 3 , 112.Xr bsde_parse_rule_string 3 , 113.Xr bsde_rule_to_string 3 , 114.Xr bsde_set_rule 3 115.Sh AUTHORS 116This software was contributed to the 117.Fx 118Project by Network Associates Labs, 119the Security Research Division of Network Associates 120Inc. under DARPA/SPAWAR contract N66001-01-C-8035 121.Pq Dq CBOSS , 122as part of the DARPA CHATS research program. 123