2002-08-02 21:14:42 +00:00
|
|
|
.\" Copyright (c) 2001 Networks Associates Technology, Inc.
|
|
|
|
.\" All rights reserved.
|
2002-12-04 16:28:45 +00:00
|
|
|
.\"
|
2002-08-02 21:14:42 +00:00
|
|
|
.\" This software was developed for the FreeBSD Project by Chris
|
|
|
|
.\" Costello at Safeport Network Services and NAI Labs, the Security
|
|
|
|
.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
|
|
|
|
.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
|
|
|
|
.\" research program.
|
2002-12-04 16:28:45 +00:00
|
|
|
.\"
|
2002-08-02 21:14:42 +00:00
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
2002-12-04 16:28:45 +00:00
|
|
|
.\"
|
2002-08-02 21:14:42 +00:00
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
|
|
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
.\" SUCH DAMAGE.
|
2002-12-04 16:28:45 +00:00
|
|
|
.\"
|
2002-08-02 21:14:42 +00:00
|
|
|
.\" $FreeBSD$
|
2002-12-04 16:28:45 +00:00
|
|
|
.\"
|
2002-08-02 21:14:42 +00:00
|
|
|
.Dd December 21, 2001
|
|
|
|
.Dt MAC_GET 3
|
2002-12-11 15:55:29 +00:00
|
|
|
.Os
|
2002-08-02 21:14:42 +00:00
|
|
|
.Sh NAME
|
|
|
|
.Nm mac_get_file ,
|
|
|
|
.Nm mac_get_fd ,
|
|
|
|
.Nm mac_get_proc
|
|
|
|
.Nd get the label of a file, socket, socket peer or process
|
2002-12-04 16:28:45 +00:00
|
|
|
.Sh LIBRARY
|
|
|
|
.Lb libc
|
2002-08-02 21:14:42 +00:00
|
|
|
.Sh SYNOPSIS
|
|
|
|
.In sys/mac.h
|
2003-01-15 00:45:31 +00:00
|
|
|
.Ft int
|
|
|
|
.Fn mac_get_file "const char *path" "mac_t label"
|
|
|
|
.Ft int
|
|
|
|
.Fn mac_get_fd "int fd" "mac_t label"
|
|
|
|
.Ft int
|
|
|
|
.Fn mac_get_pid "pid_t pid" "mac_t label"
|
|
|
|
.Ft int
|
|
|
|
.Fn mac_get_proc "mac_t label"
|
2002-08-02 21:14:42 +00:00
|
|
|
.Sh DESCRIPTION
|
|
|
|
The
|
|
|
|
.Fn mac_get_file
|
|
|
|
and
|
|
|
|
.Fn mac_get_fd
|
2003-01-15 00:45:31 +00:00
|
|
|
functions fill in
|
|
|
|
.Fa label
|
|
|
|
(which must first be allocated by
|
|
|
|
.Xr mac_prepare 3 )
|
|
|
|
with the MAC label associated with the file referenced by
|
|
|
|
.Fa path
|
2002-08-02 21:14:42 +00:00
|
|
|
or the file descriptor specified by
|
|
|
|
.Fa fd ,
|
2002-12-04 16:28:45 +00:00
|
|
|
respectively.
|
|
|
|
Note that this function will fail on socket descriptors.
|
|
|
|
For information on
|
2002-08-02 21:14:42 +00:00
|
|
|
getting MAC labels on socket descriptors see
|
|
|
|
.Xr getsockopt 2 .
|
2003-01-15 00:45:31 +00:00
|
|
|
.Pp
|
2002-08-02 21:14:42 +00:00
|
|
|
The
|
|
|
|
.Fn mac_get_proc
|
2003-01-15 00:45:31 +00:00
|
|
|
and
|
|
|
|
.Fn mac_get_pid
|
|
|
|
functions fill in
|
|
|
|
.Fa label
|
|
|
|
(which must first be allocated by
|
|
|
|
.Xr mac_prepare 3 )
|
|
|
|
with the MAC label associated
|
|
|
|
with the requesting process
|
|
|
|
or the specified process, respectively.
|
2002-08-02 21:14:42 +00:00
|
|
|
.Sh ERRORS
|
|
|
|
.Bl -tag -width Er
|
|
|
|
.It Bq Er EACCES
|
|
|
|
A component of
|
2003-01-15 00:45:31 +00:00
|
|
|
.Fa path
|
2002-08-02 21:14:42 +00:00
|
|
|
is not searchable,
|
|
|
|
or MAC read access to the file
|
|
|
|
is denied.
|
|
|
|
.It Bq Er ENAMETOOLONG
|
|
|
|
The pathname pointed to by
|
2003-01-15 00:45:31 +00:00
|
|
|
.Fa path
|
2002-08-02 21:14:42 +00:00
|
|
|
exceeds
|
|
|
|
.Dv PATH_MAX ,
|
|
|
|
or a component of the pathname exceeds
|
|
|
|
.Dv NAME_MAX .
|
|
|
|
.It Bq Er ENOENT
|
|
|
|
A component of
|
2003-01-15 00:45:31 +00:00
|
|
|
.Fa path
|
2002-08-02 21:14:42 +00:00
|
|
|
does not exist.
|
|
|
|
.It Bq Er ENOMEM
|
|
|
|
Insufficient memory is available
|
|
|
|
to allocate a new MAC label structure.
|
|
|
|
.It Bq Er ENOTDIR
|
|
|
|
A component of
|
2003-01-15 00:45:31 +00:00
|
|
|
.Fa path
|
2002-08-02 21:14:42 +00:00
|
|
|
is not a directory.
|
|
|
|
.El
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr mac 3 ,
|
|
|
|
.Xr mac_free 3 ,
|
2003-01-15 00:45:31 +00:00
|
|
|
.Xr mac_text 3 ,
|
|
|
|
.Xr mac_prepare 3 ,
|
2002-12-04 16:28:45 +00:00
|
|
|
.Xr mac_set 3 ,
|
2003-01-15 03:03:05 +00:00
|
|
|
.Xr mac 4 ,
|
2003-01-15 00:45:31 +00:00
|
|
|
.Xr mac 9
|
2002-08-02 21:14:42 +00:00
|
|
|
.Sh STANDARDS
|
|
|
|
POSIX.1e is described in IEEE POSIX.1e draft 17.
|
|
|
|
Discussion of the draft
|
|
|
|
continues on the cross-platform POSIX.1e implementation mailing list.
|
|
|
|
To join this list, see the
|
|
|
|
.Fx
|
|
|
|
POSIX.1e implementation page
|
|
|
|
for more information.
|
2003-08-22 18:01:03 +00:00
|
|
|
.Sh HISTORY
|
|
|
|
Support for Mandatory Access Control was introduced in
|
|
|
|
.Fx 5.0
|
|
|
|
as part of the
|
|
|
|
.Tn TrustedBSD
|
|
|
|
Project.
|