1100978Srwatson/*- 2126097Srwatson * Copyright (c) 1999-2002 Robert N. M. Watson 3145167Srwatson * Copyright (c) 2001-2005 Networks Associates Technology, Inc. 4163606Srwatson * Copyright (c) 2005-2006 SPARTA, Inc. 5100978Srwatson * All rights reserved. 6100978Srwatson * 7100978Srwatson * This software was developed by Robert Watson for the TrustedBSD Project. 8100978Srwatson * 9106392Srwatson * This software was developed for the FreeBSD Project in part by Network 10106392Srwatson * Associates Laboratories, the Security Research Division of Network 11106392Srwatson * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 12106392Srwatson * as part of the DARPA CHATS research program. 13100978Srwatson * 14147784Srwatson * This software was enhanced by SPARTA ISSO under SPAWAR contract 15147784Srwatson * N66001-04-C-6019 ("SEFOS"). 16147784Srwatson * 17100978Srwatson * Redistribution and use in source and binary forms, with or without 18100978Srwatson * modification, are permitted provided that the following conditions 19100978Srwatson * are met: 20100978Srwatson * 1. Redistributions of source code must retain the above copyright 21100978Srwatson * notice, this list of conditions and the following disclaimer. 22100978Srwatson * 2. Redistributions in binary form must reproduce the above copyright 23100978Srwatson * notice, this list of conditions and the following disclaimer in the 24100978Srwatson * documentation and/or other materials provided with the distribution. 25100978Srwatson * 26100978Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 27100978Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28100978Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29100978Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 30100978Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31100978Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32100978Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33100978Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34100978Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35100978Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36100978Srwatson * SUCH DAMAGE. 37100978Srwatson * 38100978Srwatson * $FreeBSD$ 39100978Srwatson */ 40100978Srwatson/* 41166537Srwatson * Userland interface for Mandatory Access Control. Loosely based on the 42166537Srwatson * POSIX.1e API. More information may be found at: 43100978Srwatson * 44166537Srwatson * http://www.TrustedBSD.org/ 45100978Srwatson */ 46145167Srwatson 47129096Srwatson#ifndef _SYS_MAC_H_ 48129096Srwatson#define _SYS_MAC_H_ 49100978Srwatson 50100978Srwatson#ifndef _POSIX_MAC 51100978Srwatson#define _POSIX_MAC 52100978Srwatson#endif 53100978Srwatson 54100978Srwatson/* 55102123Srwatson * MAC framework-related constants and limits. 56102123Srwatson */ 57105693Srwatson#define MAC_MAX_POLICY_NAME 32 58105693Srwatson#define MAC_MAX_LABEL_ELEMENT_NAME 32 59105693Srwatson#define MAC_MAX_LABEL_ELEMENT_DATA 4096 60105693Srwatson#define MAC_MAX_LABEL_BUF_LEN 8192 61102123Srwatson 62166537Srwatson/* 63166537Srwatson * struct mac is the data structure used to carry MAC labels in system calls 64166537Srwatson * and ioctls between userspace and the kernel. 65166537Srwatson */ 66105693Srwatsonstruct mac { 67105693Srwatson size_t m_buflen; 68105693Srwatson char *m_string; 69105693Srwatson}; 70105693Srwatson 71105693Srwatsontypedef struct mac *mac_t; 72105693Srwatson 73105693Srwatson#ifndef _KERNEL 74105693Srwatson 75102123Srwatson/* 76105693Srwatson * Location of the userland MAC framework configuration file. mac.conf 77166537Srwatson * set defaults for MAC-aware applications. 78100978Srwatson */ 79105693Srwatson#define MAC_CONFFILE "/etc/mac.conf" 80100978Srwatson 81100978Srwatson/* 82166537Srwatson * Extended non-POSIX.1e interfaces that offer additional services available 83166537Srwatson * from the userland and kernel MAC frameworks. 84100978Srwatson */ 85120657Srwatson__BEGIN_DECLS 86119546Srwatsonint mac_execve(char *fname, char **argv, char **envv, mac_t _label); 87119546Srwatsonint mac_free(mac_t _label); 88119546Srwatsonint mac_from_text(mac_t *_label, const char *_text); 89119546Srwatsonint mac_get_fd(int _fd, mac_t _label); 90119546Srwatsonint mac_get_file(const char *_path, mac_t _label); 91119546Srwatsonint mac_get_link(const char *_path, mac_t _label); 92122810Srwatsonint mac_get_peer(int _fd, mac_t _label); 93119546Srwatsonint mac_get_pid(pid_t _pid, mac_t _label); 94119546Srwatsonint mac_get_proc(mac_t _label); 95119546Srwatsonint mac_is_present(const char *_policyname); 96119546Srwatsonint mac_prepare(mac_t *_label, const char *_elements); 97119546Srwatsonint mac_prepare_file_label(mac_t *_label); 98119546Srwatsonint mac_prepare_ifnet_label(mac_t *_label); 99119546Srwatsonint mac_prepare_process_label(mac_t *_label); 100119546Srwatsonint mac_prepare_type(mac_t *_label, const char *_type); 101119546Srwatsonint mac_set_fd(int _fildes, const mac_t _label); 102119546Srwatsonint mac_set_file(const char *_path, mac_t _label); 103119546Srwatsonint mac_set_link(const char *_path, mac_t _label); 104119546Srwatsonint mac_set_proc(const mac_t _label); 105119546Srwatsonint mac_syscall(const char *_policyname, int _call, void *_arg); 106119546Srwatsonint mac_to_text(mac_t mac, char **_text); 107120657Srwatson__END_DECLS 108105693Srwatson 109106093Srwatson#endif /* !_KERNEL */ 110100978Srwatson 111129096Srwatson#endif /* !_SYS_MAC_H_ */ 112