libugidfw(3)
NAME
- libugidfw - library interface to the file system firewall
- MAC policy
LIBRARY
library ``libugidfw''
SYNOPSIS
#include <sys/types.h> #include <security/mac_bsdextended/mac_bsdextended.h> #include <ugidfw.h>
DESCRIPTION
The libugidfw library routines provide an interface to the
mac_bsdextended(4) file system firewall MAC policy.
The libugidfw library defines the following functions:
- bsde_rule_to_string() Converts the internal represen
- tation of a
- rule (struct
- mac_bsdextended_rule) into its
text representation; see
bsde_rule_to_string(3). - bsde_parse_identity() Parses the identity of a subject
- or object;
- see bsde_parse_identity(3).
- bsde_parse_mode() Parses the access mode for a
- ugidfw rule; see
- bsde_parse_mode(3).
- bsde_parse_rule() Parses an entire rule (in argu
- ment array
- form); see bsde_parse_rule(3).
- bsde_parse_rule_string() Parses an entire rule string;
- see
- bsde_parse_rule_string(3).
- bsde_get_rule_count() Returns the total number of
- ugidfw rules
- being enforced in the system;
- see
bsde_get_rule_count(3). - bsde_get_rule_slots() Returns the total number of used
- rule slots;
- see bsde_get_rule_slots(3).
- bsde_get_rule() Returns a rule by its rule num
- ber; see
- bsde_get_rule(3).
- bsde_delete_rule() Deletes a rule by its rule num
- ber; see
- bsde_delete_rule(3).
- bsde_set_rule() Uploads the rule to the mac_bs
- dextended(4)
- module and applies it; see bs
- de_set_rule(3).
- bsde_add_rule() Upload the rule to the module,
- automatically
- selecting the next available
- rule number; see
bsde_add_rule(3).
SEE ALSO
- bsde_delete_rule(3), bsde_get_rule(3), bs
- de_get_rule_count(3),
bsde_get_rule_slots(3), bsde_parse_identity(3), bs - de_parse_mode(3),
bsde_parse_rule(3), bsde_parse_rule_string(3), bs - de_rule_to_string(3),
bsde_set_rule(3)
AUTHORS
- This software was contributed to the FreeBSD Project by Net
- work Associates Labs, the Security Research Division of Network Associ
- ates Inc.
under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as - part of the
DARPA CHATS research program. - BSD February 25, 2004