1 .\" Copyright (c) 2002, 2003 Networks Associates Technology, Inc.
2 .\" All rights reserved.
4 .\" This software was developed for the FreeBSD Project by Chris
5 .\" Costello at Safeport Network Services and Network Associates Labs,
6 .\" the Security Research Division of Network Associates, Inc. under
7 .\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
8 .\" DARPA CHATS research program.
10 .\" Redistribution and use in source and binary forms, with or without
11 .\" modification, are permitted provided that the following conditions
13 .\" 1. Redistributions of source code must retain the above copyright
14 .\" notice, this list of conditions and the following disclaimer.
15 .\" 2. Redistributions in binary form must reproduce the above copyright
16 .\" notice, this list of conditions and the following disclaimer in the
17 .\" documentation and/or other materials provided with the distribution.
19 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 .Nm mac_prepare , mac_prepare_type , mac_prepare_file_label ,
38 .Nm mac_prepare_ifnet_label , mac_prepare_process_label
39 .Nd allocate appropriate storage for
44 .Fn mac_prepare "mac_t *mac" "const char *elements"
46 .Fn mac_prepare_type "mac_t *mac" "const char *name"
48 .Fn mac_prepare_file_label "mac_t *mac"
50 .Fn mac_prepare_ifnet_label "mac_t *mac"
52 .Fn mac_prepare_process_label "mac_t *mac"
56 family of functions allocates the appropriate amount of storage and initializes
60 When the resulting label is passed into the
62 functions, the kernel will attempt to fill in the label elements specified
63 when the label was prepared.
64 Elements are specified in a nul-terminated string, using commas to
66 Element names may be prefixed with the
68 character to indicate that a failure by the kernel to retrieve that
69 element should not be considered fatal.
73 function accepts a list of policy names as a parameter, and allocates the
74 storage to fit those label elements accordingly.
75 The remaining functions in the family make use of system defaults defined
78 instead of an explicit
80 argument, deriving the default from the specified object type.
83 allocates the storage to fit an object label of the type specified by
88 .Fn mac_prepare_file_label ,
89 .Fn mac_prepare_ifnet_label ,
91 .Fn mac_prepare_process_label
92 functions are equivalent to invocations of
106 .Xr mac_is_present 3 ,
112 POSIX.1e is described in IEEE POSIX.1e draft 17.
113 Discussion of the draft
114 continues on the cross-platform POSIX.1e implementation mailing list.
115 To join this list, see the
117 POSIX.1e implementation page
118 for more information.
120 Support for Mandatory Access Control was introduced in
125 Support for generic object types first appeared in