Lines Matching refs:label
97 struct label;
162 sleep during label initialization operations; it will be noted when
166 generic label for the given object. What follows initialization is
167 creation, where a label is made specific to the object it is associated
168 with. Destruction occurs when the label is no longer needed, such as
170 be performed in label destroy operations.
172 Where possible, the label entry points have identical parameters. If
173 the policy module does not require structure-specific label
243 @brief Initialize BPF descriptor label
244 @param label New label to initialize
246 Initialize the label for a newly instantiated BPF descriptor.
250 struct label *label
253 @brief Destroy BPF descriptor label
254 @param label The label to be destroyed
256 Destroy a BPF descriptor label. Since the BPF descriptor
258 storage associated with the label so that it may be destroyed.
261 struct label *label
264 @brief Associate a BPF descriptor with a label
267 @param bpflabel The new label
269 Set the label on a newly created BPF descriptor from the passed
276 struct label *bpflabel
281 @param bpflabel Policy label for bpf_d
283 @param ifnetlabel Policy label for ifp
288 value for failure. Suggested failure: EACCES for label mismatches,
293 struct label *bpflabel,
295 struct label *ifnetlabel
298 @brief Indicate desire to change the process label at exec time
304 @param scriptvnodelabel Script vnode label
305 @param execlabel Userspace provided execution label
313 Indicate whether this policy intends to update the label of a newly
324 example, a script), the label of the original exec-time vnode has
327 The final label, execlabel, corresponds to a label supplied by a
344 struct label *vnodelabel,
345 struct label *scriptvnodelabel,
346 struct label *execlabel,
354 @param newlabel New label to apply to the user credential
359 itself to the supplied new label (newlabel). This access control check
369 struct label *newlabel
382 errno should be returned. Suggested failure: EACCES for label mismatch,
398 catch label destroy callback.
409 kernel processes. Policies should update the label in the
416 @brief Create a credential label
420 Set the label of a newly created credential, most likely using the
436 user processes. Policies should update the label in the previously
443 @brief Destroy credential label
444 @param label The label to be destroyed
446 Destroy a user credential label. Since the user credential
448 storage associated with the label so that it may be destroyed.
451 struct label *label
454 @brief Externalize a user credential label for auditing
455 @param label Label to be externalized
456 @param element_name Name of the label namespace for which labels should be
458 @param sb String buffer to be filled with a text representation of the label
460 Produce an external representation of the label on a user credential for
461 inclusion in an audit record. An externalized label consists of a text
462 representation of the label contents that will be added to the audit record
467 externalizing the label data.
471 struct label *label,
476 @brief Externalize a user credential label
477 @param label Label to be externalized
478 @param element_name Name of the label namespace for which labels should be
480 @param sb String buffer to be filled with a text representation of the label
482 Produce an external representation of the label on a user
483 credential. An externalized label consists of a text representation
484 of the label contents that can be used with user applications.
489 externalizing the label data.
493 struct label *label,
498 @brief Initialize user credential label
499 @param label New label to initialize
501 Initialize the label for a newly instantiated user credential.
505 struct label *label
508 @brief Internalize a user credential label
509 @param label Label to be internalized
510 @param element_name Name of the label namespace for which the label should
514 Produce a user credential label from an external representation. An
515 externalized label consists of a text representation of the label
521 policy has registered interest in the label namespace.
524 while internalizing the label data.
528 struct label *label,
541 @param scriptvnodelabel Script vnode label
542 @param execlabel Userspace provided execution label
550 Update the label of a newly created credential (new) from the
559 example, a script), the label of the original exec-time vnode has
562 The final label, execlabel, corresponds to a label supplied by a
581 struct label *vnodelabel,
582 struct label *scriptvnodelabel,
583 struct label *execlabel,
590 @brief Update a credential label
592 @param newlabel A new label to apply to the credential
596 Update the label on a user credential, using the supplied new label.
602 struct label *newlabel
608 @param label Destination label
611 This entry point labels a new devfs device. The label will likely be based
613 The policy should store an appropriate label into 'label'.
618 struct label *label,
626 @param label Destination label
629 This entry point labels a new devfs directory. The label will likely be
631 label into 'label'. The devfs root directory is labelled in this way.
637 struct label *label,
641 @brief Copy a devfs label
642 @param src Source devfs label
643 @param dest Destination devfs label
645 Copy the label information from src to dest. The devfs file system
650 struct label *src,
651 struct label *dest
654 @brief Destroy devfs label
655 @param label The label to be destroyed
657 Destroy a devfs entry label. Since the object is going out
659 with the label so that it may be destroyed.
662 struct label *label
665 @brief Initialize devfs label
666 @param label New label to initialize
668 Initialize the label for a newly instantiated devfs entry. Sleeping
672 struct label *label
675 @brief Update a devfs label after relabelling its vnode
680 @param vnodelabel New label of vnode
682 Update a devfs label when its vnode is manually relabelled,
684 the vnode label into the devfs label.
689 struct label *delabel,
691 struct label *vnodelabel
697 @param label Policy label for fg
708 struct label *label
727 @param label Policy label for fg
740 struct label *label,
747 @param label Policy label for fg
760 struct label *label,
772 to get an externalized version of the label on the object indicated by fd.
787 @param label Policy label for fg
798 struct label *label
804 @param label Policy label for fg
815 struct label *label
821 @param label Policy label for fg
838 struct label *label,
845 @param label Policy label for fg
859 struct label *label,
867 @param label Policy label associated with vp
880 errno should be returned. Suggested failure: EACCES for label mismatch or
886 struct label *label,
895 @param label Policy label associated with vp
903 struct label *label,
910 @param label Policy label for fg
921 struct label *label
932 to associate a MAC label with a file.
944 @brief Create file label
947 @param label Policy label for fg
952 struct label *label
955 @brief Destroy file label
956 @param label The label to be destroyed
958 Destroy the label on a file descriptor. In this entry point, a
960 label so that it may be destroyed.
963 struct label *label
966 @brief Initialize file label
967 @param label New label to initialize
970 struct label *label
976 @param ifnetlabel Current label of the network interfaces
977 @param newlabel New label to apply to the network interfaces
982 new label (newlabel).
990 struct label *ifnetlabel,
991 struct label *newlabel
1002 Determine whether the mbuf with label mbuflabel may be transmitted
1004 label ifnetlabel.
1011 struct label *ifnetlabel,
1013 struct label *mbuflabel,
1018 @brief Create a network interface label
1022 Set the label of a newly created network interface, most likely
1027 struct label *ifnetlabel
1030 @brief Copy an ifnet label
1031 @param src Source ifnet label
1032 @param dest Destination ifnet label
1034 Copy the label information from src to dest.
1037 struct label *src,
1038 struct label *dest
1041 @brief Destroy ifnet label
1042 @param label The label to be destroyed
1044 Destroy the label on an ifnet label. In this entry point, a
1046 label so that it may be destroyed.
1049 struct label *label
1052 @brief Externalize an ifnet label
1053 @param label Label to be externalized
1054 @param element_name Name of the label namespace for which labels should be
1056 @param sb String buffer to be filled with a text representation of the label
1058 Produce an external representation of the label on an interface.
1059 An externalized label consists of a text representation of the
1060 label contents that can be used with user applications.
1065 externalizing the label data.
1069 struct label *label,
1074 @brief Initialize ifnet label
1075 @param label New label to initialize
1078 struct label *label
1081 @brief Internalize an interface label
1082 @param label Label to be internalized
1083 @param element_name Name of the label namespace for which the label should
1087 Produce an interface label from an external representation. An
1088 externalized label consists of a text representation of the label
1094 policy has registered interest in the label namespace.
1097 while internalizing the label data.
1101 struct label *label,
1106 @brief Recycle up a network interface label
1107 @param label The label to be recycled
1109 Recycle a network interface label. Darwin caches the struct ifnet
1112 present in the label.
1115 struct label *label
1118 @brief Update a network interface label
1121 @param ifnetlabel The current label of the network interface
1122 @param newlabel A new label to apply to the network interface
1125 Update the label on a network interface, using the supplied new label.
1130 struct label *ifnetlabel,
1131 struct label *newlabel
1142 Determine whether the mbuf with label mbuflabel may be received
1143 by the socket associated with inpcb that has the label inplabel.
1150 struct label *inplabel,
1152 struct label *mbuflabel,
1157 @brief Create an inpcb label
1163 Set the label of a newly created inpcb, most likely
1164 using the information in the socket and/or socket label.
1168 struct label *solabel,
1170 struct label *inplabel
1173 @brief Destroy inpcb label
1174 @param label The label to be destroyed
1176 Destroy the label on an inpcb label. In this entry point, a
1178 label so that it may be destroyed.
1181 struct label *label
1184 @brief Initialize inpcb label
1185 @param label New label to initialize
1189 struct label *label,
1193 @brief Recycle up an inpcb label
1194 @param label The label to be recycled
1196 Recycle an inpcb label. Darwin allocates the inpcb as part of
1201 struct label *label
1204 @brief Update an inpcb label from a socket label
1206 @param solabel New label of the socket
1210 Set the label of a newly created inpcb due to a change in the
1211 underlying socket label.
1215 struct label *solabel,
1217 struct label *inplabel
1339 @brief Create an IP reassembly queue label
1341 @param fragmentlabel Policy label for fragment
1343 @param ipqlabel Policy label to be filled in for ipq
1345 Set the label on a newly created IP reassembly queue from
1350 struct label *fragmentlabel,
1352 struct label *ipqlabel
1355 @brief Compare an mbuf header label to an ipq label
1357 @param fragmentlabel Policy label for fragment
1359 @param ipqlabel Policy label for ipq
1361 Compare the label of the mbuf header containing an IP datagram
1362 (fragment) fragment with the label of the passed IP fragment
1369 policy does not permit them to be reassembled based on the label
1374 struct label *fragmentlabel,
1376 struct label *ipqlabel
1379 @brief Destroy IP reassembly queue label
1380 @param label The label to be destroyed
1382 Destroy the label on an IP fragment queue. In this entry point, a
1384 label so that it may be destroyed.
1387 struct label *label
1390 @brief Initialize IP reassembly queue label
1391 @param label New label to initialize
1394 Initialize the label on a newly instantiated IP fragment reassembly
1404 struct label *label,
1408 @brief Update the label on an IP fragment reassembly queue
1410 @param fragmentlabel Policy label for fragment
1412 @param ipqlabel Policy label to be updated for ipq
1414 Update the label on an IP fragment reassembly queue (ipq) based
1419 struct label *fragmentlabel,
1421 struct label *ipqlabel
1426 @param newlabel New label to apply to the Login Context
1432 itself to the supplied new label (newlabel). This access control check
1442 struct label *newlabel
1445 @brief Destroy Login Context label
1446 @param label The label to be destroyed
1449 struct label *label
1452 @brief Externalize a Login Context label
1453 @param label Label to be externalized
1454 @param element_name Name of the label namespace for which labels should be
1456 @param sb String buffer to be filled with a text representation of the label
1458 Produce an external representation of the label on a Login Context.
1459 An externalized label consists of a text representation
1460 of the label contents that can be used with user applications.
1465 externalizing the label data.
1469 struct label *label,
1474 @brief Initialize Login Context label
1475 @param label New label to initialize
1478 struct label *label
1481 @brief Internalize a Login Context label
1482 @param label Label to be internalized
1483 @param element_name Name of the label namespace for which the label should
1487 Produce a Login Context label from an external representation. An
1488 externalized label consists of a text representation of the label
1494 policy has registered interest in the label namespace.
1497 while internalizing the label data.
1501 struct label *label,
1506 @brief Update a Login Context label
1508 @param newlabel A new label to apply to the Login Context
1513 Update the label on a login context, using the supplied new label.
1519 struct label *newlabel
1561 @brief Assign a label to a new mbuf
1563 @param b_label Policy label for bpf_d
1565 @param m_label Policy label to fill in for m
1567 Set the label on the mbuf header of a newly created datagram
1574 struct label *b_label,
1576 struct label *m_label
1579 @brief Assign a label to a new mbuf
1581 @param i_label Existing label of ifp
1583 @param m_label Policy label to fill in for m
1589 struct label *i_label,
1591 struct label *m_label
1594 @brief Assign a label to a new mbuf
1596 @param i_label Existing label of inp
1598 @param m_label Policy label to fill in for m
1604 struct label *i_label,
1606 struct label *m_label
1609 @brief Set the label on a newly reassembled IP datagram
1611 @param ipqlabel Policy label for ipq
1613 @param mbuflabel Policy label to be filled in for mbuf
1615 Set the label on a newly reassembled IP datagram (mbuf) from the IP
1620 struct label *ipqlabel,
1622 struct label *mbuflabel
1625 @brief Assign a label to a new mbuf
1627 @param i_label Existing label of ifp
1629 @param m_label Policy label to fill in for m
1631 Set the label on the mbuf header of a newly created datagram
1638 struct label *i_label,
1640 struct label *m_label
1643 @brief Assign a label to a new mbuf
1645 @param oldmbuflabel Policy label for oldmbuf
1647 @param ifplabel Policy label for ifp
1649 @param newmbuflabel Policy label for newmbuf
1651 Set the label on the mbuf header of a newly created datagram
1658 struct label *oldmbuflabel,
1660 struct label *ifplabel,
1662 struct label *newmbuflabel
1665 @brief Assign a label to a new mbuf
1667 @param oldmbuflabel Policy label for oldmbuf
1669 @param newmbuflabel Policy label for newmbuf
1671 Set the label on the mbuf header of a newly created datagram generated
1678 struct label *oldmbuflabel,
1680 struct label *newmbuflabel
1683 @brief Assign a label to a new mbuf
1684 @param so Socket to label
1685 @param so_label Policy label for socket
1687 @param m_label Policy label to fill in for m
1691 in an mbuf first. This function sets the label on a newly created mbuf header
1692 based on the socket sending the data. The contents of the label should be
1700 struct label *so_label,
1702 struct label *m_label
1705 @brief Copy a mbuf label
1706 @param src Source label
1707 @param dest Destination label
1709 Copy the mbuf label information in src into dest.
1714 struct label *src,
1715 struct label *dest
1718 @brief Destroy mbuf label
1719 @param label The label to be destroyed
1721 Destroy a mbuf label. Since the
1723 internal storage associated with the label so that it may be
1727 struct label *label
1730 @brief Initialize mbuf label
1731 @param label New label to initialize
1734 Initialize the label for a newly instantiated mbuf.
1742 struct label *label,
1749 @param label Label associated with the mount point
1766 struct label *label,
1786 struct label *mp_label,
1793 @param mntlabel Policy label for fle system mount point
1799 errno should be returned. Suggested failure: EACCES for label mismatch
1805 struct label *mntlabel
1824 struct label *vlabel,
1843 struct label *mlabel
1861 struct label *mp_label,
1868 @param mntlabel Policy label for mp
1878 errno should be returned. Suggested failure: EACCES for label mismatch
1884 struct label *mntlabel
1901 struct label *mlabel
1916 struct label *mntlabel
1919 @brief Destroy mount label
1920 @param label The label to be destroyed
1922 Destroy a file system mount label. Since the
1924 internal storage associated with the label so that it may be
1928 struct label *label
1931 @brief Externalize a mount point label
1932 @param label Label to be externalized
1933 @param element_name Name of the label namespace for which labels should be
1935 @param sb String buffer to be filled with a text representation of the label
1937 Produce an external representation of the mount point label. An
1938 externalized label consists of a text representation of the label
1943 policy has registered interest in the label namespace.
1946 externalizing the label data.
1950 struct label *label,
1955 @brief Initialize mount point label
1956 @param label New label to initialize
1958 Initialize the label for a newly instantiated mount structure.
1959 This label is typically used to store a default label in the case
1963 a default label separately from the label of the mount point
1967 struct label *label
1970 @brief Internalize a mount point label
1971 @param label Label to be internalized
1972 @param element_name Name of the label namespace for which the label should
1976 Produce a mount point file system label from an external representation.
1977 An externalized label consists of a text representation of the label
1983 policy has registered interest in the label namespace.
1986 while internalizing the label data.
1990 struct label *label,
1995 @brief Set the label on an IPv4 datagram fragment
1997 @param datagramlabel Policy label for datagram
1999 @param fragmentlabel Policy label for fragment
2002 Policies implementing mbuf labels will typically copy the label from the
2007 struct label *datagramlabel,
2009 struct label *fragmentlabel
2012 @brief Set the label on an ICMP reply
2014 @param mlabel Policy label for m
2016 A policy may wish to update the label of an mbuf that refers to
2022 struct label *mlabel
2025 @brief Set the label on a TCP reply
2027 @param mlabel Policy label for m
2033 struct label *mlabel
2039 @param pipelabel The label on the pipe
2056 struct label *pipelabel,
2064 @param pipelabel Policy label for the pipe
2076 struct label *pipelabel
2082 @param pipelabel The current label on the pipe
2083 @param newlabel The new label to be used
2096 struct label *pipelabel,
2097 struct label *newlabel
2103 @param pipelabel The label on the pipe
2116 struct label *pipelabel
2122 @param pipelabel The label on the pipe
2136 struct label *pipelabel,
2143 @param pipelabel The label on the pipe
2156 struct label *pipelabel
2162 @param pipelabel The label on the pipe
2175 struct label *pipelabel
2178 @brief Create a pipe label
2181 @param label Label for the pipe object
2183 Create a label for the pipe object being created by the supplied
2191 struct label *pipelabel
2194 @brief Copy a pipe label
2195 @param src Source pipe label
2196 @param dest Destination pipe label
2198 Copy the pipe label associated with src to dest.
2203 struct label *src,
2204 struct label *dest
2207 @brief Destroy pipe label
2208 @param label The label to be destroyed
2210 Destroy a pipe label. Since the object is going out of scope,
2212 label so that it may be destroyed.
2215 struct label *label
2218 @brief Externalize a pipe label
2219 @param label Label to be externalized
2220 @param element_name Name of the label namespace for which labels should be
2222 @param sb String buffer to be filled with a text representation of the label
2224 Produce an external representation of the label on a pipe.
2225 An externalized label consists of a text representation
2226 of the label contents that can be used with user applications.
2231 policy has registered interest in the label namespace.
2234 externalizing the label data.
2238 struct label *label,
2243 @brief Initialize pipe label
2244 @param label New label to initialize
2246 Initialize label storage for use with a newly instantiated pipe object.
2250 struct label *label
2253 @brief Internalize a pipe label
2254 @param label Label to be internalized
2255 @param element_name Name of the label namespace for which the label should
2259 Produce a pipe label from an external representation. An
2260 externalized label consists of a text representation of the label
2266 policy has registered interest in the label namespace.
2269 while internalizing the label data.
2273 struct label *label,
2278 @brief Update a pipe label
2281 @param oldlabel Existing pipe label
2282 @param newlabel New label to replace existing label
2288 update oldlabel using the label stored in the newlabel parameter.
2294 struct label *oldlabel,
2295 struct label *newlabel
2416 the named POSIX semaphore with label semlabel.
2424 struct label *semlabel
2433 the named POSIX semaphore with label semlabel.
2441 struct label *semlabel
2451 the named POSIX semaphore with label semlabel.
2459 struct label *semlabel,
2469 the named POSIX semaphore with label semlabel.
2477 struct label *semlabel
2480 @brief Create a POSIX semaphore label
2486 Label a new POSIX semaphore. The label was previously
2488 appropriate initial label value should be assigned to the object and
2494 struct label *semlabel,
2498 @brief Destroy POSIX semaphore label
2499 @param label The label to be destroyed
2501 Destroy a POSIX semaphore label. Since the object is
2503 associated with the label so that it may be destroyed.
2506 struct label *label
2509 @brief Initialize POSIX semaphore label
2510 @param label New label to initialize
2512 Initialize the label for a newly instantiated POSIX semaphore. Sleeping
2516 struct label *label
2550 struct label *shmlabel,
2570 struct label *shmlabel,
2588 struct label *shmlabel
2606 struct label *shmlabel,
2625 struct label *shmlabel,
2629 @brief Create a POSIX shared memory region label
2635 Label a new POSIX shared memory region. The label was previously
2637 time, an appropriate initial label value should be assigned to the
2643 struct label *shmlabel,
2647 @brief Destroy POSIX shared memory label
2648 @param label The label to be destroyed
2650 Destroy a POSIX shared memory region label. Since the
2652 internal storage associated with the label so that it may be
2656 struct label *label
2659 @brief Initialize POSIX Shared Memory region label
2660 @param label New label to initialize
2662 Initialize the label for newly a instantiated POSIX Shared Memory
2666 struct label *label
2718 errno should be returned. Suggested failure: EACCES for label mismatch,
2914 errno should be returned. Suggested failure: EACCES for label mismatch,
2990 errno should be returned. Suggested failure: EACCES for label mismatch,
3019 @brief Destroy process label
3020 @param label The label to be destroyed
3022 Destroy a process label. Since the object is going
3024 associated with the label so that it may be destroyed.
3027 struct label *label
3030 @brief Initialize process label
3031 @param label New label to initialize
3034 Initialize the label for a newly instantiated BSD process structure.
3035 Normally, security policies will store the process label in the user
3037 there are some floating label policies that may need to temporarily
3038 store a label in the process structure until it is safe to update
3039 the user credential label. Sleeping is permitted.
3042 struct label *label
3048 @param socklabel Policy label for socket
3059 struct label *socklabel
3065 @param socklabel Policy label for socket
3077 struct label *socklabel,
3084 @param socklabel Policy label for socket
3096 struct label *socklabel,
3103 @param socklabel Policy label for socket
3115 struct label *socklabel,
3140 @param so_label The label of so
3142 @param m_label The label of the sender of the data.
3159 requires using the "failed label" occasionally. In that case, on rejection,
3178 struct label *so_label,
3180 struct label *m_label
3187 @param socklabel Policy label for socket
3199 struct label *socklabel
3205 @param so_label The current label of so
3206 @param newlabel The label to be assigned to so
3209 change the label on the socket.
3217 struct label *so_label,
3218 struct label *newlabel
3224 @param socklabel Policy label for socket
3235 struct label *socklabel
3241 @param socklabel Policy label for socket
3252 struct label *socklabel
3259 @param socklabel Policy label for socket
3271 struct label *socklabel,
3280 @param socklabel Policy label for socket
3292 struct label *socklabel,
3299 @param socklabel Policy label for socket
3311 struct label *socklabel,
3318 @param socklabel Policy label for so
3329 struct label *socklabel
3335 @param socklabel Policy label for so
3347 struct label *socklabel,
3354 @param socklabel Policy label for so
3366 struct label *socklabel,
3372 @param oldlabel Policy label associated with oldsock
3374 @param newlabel Policy label associated with newsock
3382 struct label *oldlabel,
3384 struct label *newlabel
3387 @brief Assign a label to a new socket
3390 @param solabel The label
3393 Set the label on a newly created socket from the passed subject
3401 struct label *solabel
3404 @brief Copy a socket label
3405 @param src Source label
3406 @param dest Destination label
3408 Copy the socket label information in src into dest.
3411 struct label *src,
3412 struct label *dest
3415 @brief Destroy socket label
3416 @param label The label to be destroyed
3418 Destroy a socket label. Since the object is going out of
3420 with the label so that it may be destroyed.
3423 struct label *label
3426 @brief Externalize a socket label
3427 @param label Label to be externalized
3428 @param element_name Name of the label namespace for which labels should be
3430 @param sb String buffer to be filled with a text representation of label
3432 Produce an externalized socket label based on the label structure passed.
3433 An externalized label consists of a text representation of the label
3437 the label data.
3443 struct label *label,
3448 @brief Initialize socket label
3449 @param label New label to initialize
3452 Initialize the label of a newly instantiated socket. The waitok
3464 struct label *label,
3468 @brief Internalize a socket label
3469 @param label Label to be filled in
3470 @param element_name Name of the label namespace for which the label should
3474 Produce an internal socket label structure based on externalized label
3478 policy has registered interest in the label namespace.
3484 struct label *label,
3492 @param so_label Current label of the socket
3493 @param newlabel The label to be assigned to so
3497 policies to perform the actual label update operation.
3504 struct label *so_label,
3505 struct label *newlabel
3508 @brief Set the peer label on a socket from mbuf
3511 @param so Current label for the socket
3512 @param so_label Policy label to be filled out for the socket
3514 Set the peer label of a socket based on the label of the sender of the
3518 socket operates on a newly initialized label, and subsequent calls operate
3519 on existing label data.
3525 initialize and destroy a label every time data is received for the socket.
3526 Instead, it is up to the policies to determine how to replace the label data.
3531 struct label *m_label,
3533 struct label *so_label
3536 @brief Set the peer label on a socket from socket
3538 @param sourcelabel Policy label for source
3540 @param targetlabel Policy label to fill in for target
3542 Set the peer label on a stream UNIX domain socket from the passed
3551 struct label *sourcelabel,
3553 struct label *targetlabel
3556 @brief Destroy socket peer label
3557 @param label The peer label to be destroyed
3559 Destroy a socket peer label. Since the object is going out of
3561 with the label so that it may be destroyed.
3564 struct label *label
3567 @brief Externalize a socket peer label
3568 @param label Label to be externalized
3569 @param element_name Name of the label namespace for which labels should be
3571 @param sb String buffer to be filled with a text representation of label
3573 Produce an externalized socket peer label based on the label structure
3574 passed. An externalized label consists of a text representation of the
3575 label contents that can be used with userland applications and read by the
3578 the label data.
3584 struct label *label,
3589 @brief Initialize socket peer label
3590 @param label New label to initialize
3593 Initialize the peer label of a newly instantiated socket. The
3606 struct label *label,
3616 based on its label and the label of the accounting log file. See
3628 struct label *vlabel
3654 the auditctl() system call, based on its label and the label of the proposed
3663 struct label *vl
3770 @param label Label associated with vp
3781 struct label *label
3787 @param label Label associated with vp
3798 struct label *label
3848 @brief Create a System V message label
3851 @param msqlabel The label of the message queue
3853 @param msglabel The label of the message
3860 struct label *msqlabel,
3862 struct label *msglabel
3865 @brief Destroy System V message label
3866 @param label The label to be destroyed
3868 Destroy a System V message label. Since the object is
3870 associated with the label so that it may be destroyed.
3873 struct label *label
3876 @brief Initialize System V message label
3877 @param label New label to initialize
3879 Initialize the label for a newly instantiated System V message.
3882 struct label *label
3885 @brief Clean up a System V message label
3886 @param label The label to be destroyed
3888 Clean up a System V message label. Darwin pre-allocates
3892 the label.
3895 struct label *label
3901 @param msglabel The message's label
3903 @param msqlabel The message queue's label
3914 struct label *msglabel,
3916 struct label *msqlabel
3922 @param msglabel The message's label
3933 struct label *msglabel
3939 @param msglabel The message's label
3952 struct label *msglabel
3958 @param msqlabel The message queue's label
3968 struct label *msqlabel,
3975 @param msqlabel The message queue's label
3987 struct label *msqlabel
3993 @param msqlabel The message queue's label
4004 struct label *msqlabel
4010 @param msqlabel The message queue's label
4021 struct label *msqlabel
4024 @brief Create a System V message queue label
4027 @param msqlabel The label of the message queue
4033 struct label *msqlabel
4036 @brief Destroy System V message queue label
4037 @param label The label to be destroyed
4039 Destroy a System V message queue label. Since the object is
4041 associated with the label so that it may be destroyed.
4044 struct label *label
4047 @brief Initialize System V message queue label
4048 @param label New label to initialize
4050 Initialize the label for a newly instantiated System V message queue.
4053 struct label *label
4056 @brief Clean up a System V message queue label
4057 @param label The label to be destroyed
4059 Clean up a System V message queue label. Darwin pre-allocates
4063 the label.
4066 struct label *label
4084 struct label *semaklabel,
4102 struct label *semaklabel
4124 struct label *semaklabel,
4128 @brief Create a System V semaphore label
4133 Label a new System V semaphore. The label was previously
4135 appropriate initial label value should be assigned to the object and
4141 struct label *semalabel
4144 @brief Destroy System V semaphore label
4145 @param label The label to be destroyed
4147 Destroy a System V semaphore label. Since the object is
4149 associated with the label so that it may be destroyed.
4152 struct label *label
4155 @brief Initialize System V semaphore label
4156 @param label New label to initialize
4158 Initialize the label for a newly instantiated System V semaphore. Sleeping
4162 struct label *label
4165 @brief Clean up a System V semaphore label
4166 @param label The label to be cleaned
4168 Clean up a System V semaphore label. Darwin pre-allocates
4172 the label.
4175 struct label *label
4193 struct label *shmseglabel,
4213 struct label *shmseglabel,
4231 struct label *shmseglabel
4249 struct label *shmseglabel,
4253 @brief Create a System V shared memory region label
4258 Label a new System V shared memory region. The label was previously
4260 time, an appropriate initial label value should be assigned to the
4266 struct label *shmlabel
4269 @brief Destroy System V shared memory label
4270 @param label The label to be destroyed
4272 Destroy a System V shared memory region label. Since the
4274 internal storage associated with the label so that it may be
4278 struct label *label
4281 @brief Initialize System V Shared Memory region label
4282 @param label New label to initialize
4284 Initialize the label for a newly instantiated System V Shared Memory
4288 struct label *label
4291 @brief Clean up a System V Share Memory Region label
4292 @param shmlabel The label to be cleaned
4294 Clean up a System V Shared Memory Region label. Darwin
4298 information present in the label.
4301 struct label *shmlabel
4313 errno should be returned. Suggested failure: EACCES for label mismatch,
4330 errno should be returned. Suggested failure: EACCES for label mismatch,
4385 @brief Initialize per thread label
4386 @param label New label to initialize
4388 Initialize the label for a newly instantiated thread.
4392 struct label *label
4395 @brief Destroy thread label
4396 @param label The label to be destroyed
4398 Destroy a user thread label. Since the user thread
4400 storage associated with the label so that it may be destroyed.
4403 struct label *label
4409 @param label Label for vp
4419 errno should be returned. Suggested failure: EACCES for label mismatch or
4425 struct label *label,
4432 @param dlabel Policy label for dvp
4438 errno should be returned. Suggested failure: EACCES for label mismatch or
4444 struct label *dlabel
4450 @param dlabel Policy label associated with dvp
4462 struct label *dlabel,
4469 @param dlabel Policy label for dvp
4480 errno should be returned. Suggested failure: EACCES for label mismatch or
4486 struct label *dlabel,
4501 errno should be returned. Suggested failure: EACCES for label mismatch or
4507 struct label *vlabel,
4514 @param vl1 Policy label for v1
4516 @param vl2 Policy label for v2
4522 errno should be returned. Suggested failure: EACCES for label mismatch or
4528 struct label *vl1,
4530 struct label *vl2
4538 @param scriptvnodelabel Script vnode label
4539 @param execlabel Userspace provided execution label
4546 from decisions about any process label transitioning event.
4548 The final label, execlabel, corresponds to a label supplied by a
4550 This label will be NULL if the user application uses the the vendor
4554 errno should be returned. Suggested failure: EACCES for label mismatch or
4561 struct label *vnodelabel,
4562 struct label *scriptlabel,
4563 struct label *execlabel, /* NULLOK */
4573 @param label Label associated with the vnode
4584 struct label *label
4589 typedef int mpo_vnode_check_signature_t(struct vnode *vp, struct label *label,
4598 @param vlabel Policy label for vp
4607 errno should be returned. Suggested failure: EACCES for label mismatch or
4615 struct label *vlabel,
4622 @param label Policy label for vp
4632 errno should be returned. Suggested failure: EACCES for label mismatch or
4638 struct label *label, /* NULLOK */
4646 @param label Policy label for vp
4663 struct label *label,
4671 @param label Policy label for vp
4684 struct label *label
4690 @param vnodelabel Existing policy label for vp
4691 @param newlabel Policy label update to later be applied to vp
4695 the passed vnode to the passed label update. If all policies permit
4696 the label change, the actual relabel entry point (mpo_vnode_label_update)
4705 struct label *vnodelabel,
4706 struct label *newlabel
4712 @param dlabel Policy label associated with dvp
4714 @param label Policy label associated with vp
4726 struct label *dlabel,
4728 struct label *label,
4735 @param vlabel Policy label associated with vp
4746 struct label *vlabel
4752 @param dlabel Policy label for dvp
4759 errno should be returned. Suggested failure: EACCES for label mismatch or
4765 struct label *dlabel,
4772 @param label Policy label associated with vp
4779 errno should be returned. Suggested failure: EACCES for label mismatch or
4785 struct label *label,
4793 @param label Policy label for vp
4801 errno should be returned. Suggested failure: EACCES for label mismatch or
4808 struct label *label /* LABEL */
4814 @param dlabel Policy label for dvp
4820 errno should be returned. Suggested failure: EACCES for label mismatch or
4826 struct label *dlabel /* LABEL */
4832 @param label Policy label for vp
4841 errno should be returned. Suggested failure: EACCES for label mismatch or
4847 struct label *label
4853 @param dlabel Policy label associated with dvp
4855 @param label Policy label associated with vp
4858 @param tdlabel Policy label associated with tdvp
4860 @param tlabel Policy label associated with tvp
4872 struct label *dlabel,
4874 struct label *label,
4877 struct label *tdlabel,
4879 struct label *tlabel,
4886 @param dlabel Policy label associated with dvp
4888 @param label Policy label associated with vp
4908 struct label *dlabel,
4910 struct label *label,
4917 @param dlabel Policy label associated with dvp
4919 @param label Policy label associated with vp
4928 vp and label will be NULL.
4942 struct label *dlabel,
4944 struct label *label, /* NULLOK */
4952 @param label Policy label for vp
4958 errno should be returned. Suggested failure: EACCES for label mismatch or
4964 struct label *label
4970 @param vlabel Policy label for vp
4982 struct label *vlabel,
4989 @param label Policy label for vp
5001 struct label *label,
5008 @param vlabel Policy label for vp
5017 errno should be returned. Suggested failure: EACCES for label mismatch or
5024 struct label *vlabel,
5031 @param label Policy label for vp
5045 errno should be returned. Suggested failure: EACCES for label mismatch or
5051 struct label *label,
5059 @param label Policy label for vp
5066 errno should be returned. Suggested failure: EACCES for label mismatch or
5072 struct label *label,
5079 @param label Policy label for vp
5086 errno should be returned. Suggested failure: EACCES for label mismatch or
5092 struct label *label,
5099 @param label Policy label for vp
5108 errno should be returned. Suggested failure: EACCES for label mismatch or
5114 struct label *label,
5122 @param label Policy label for vp
5130 errno should be returned. Suggested failure: EACCES for label mismatch or
5136 struct label *label,
5145 @param label Policy label for vp
5154 errno should be returned. Suggested failure: EACCES for label mismatch or
5161 struct label *label
5168 @param label Policy label for vp
5177 errno should be returned. Suggested failure: EACCES for label mismatch or
5184 struct label *label
5190 @param dlabel Policy label for dvp
5199 errno should be returned. Suggested failure: EACCES for label mismatch or
5205 struct label *dlabel,
5213 @param label Policy label associated with vp
5219 errno should be returned. Suggested failure: EACCES for label mismatch or
5225 struct label *label
5231 @param dlabel Policy label for dvp
5233 @param label Policy label for vp
5245 errno should be returned. Suggested failure: EACCES for label mismatch or
5251 struct label *dlabel,
5253 struct label *label,
5261 @param label Policy label for vp
5270 errno should be returned. Suggested failure: EACCES for label mismatch or
5277 struct label *label
5282 @param mntlabel Devfs mount point label
5288 Fill in the label (vlabel) for a newly created devfs vnode. The
5289 label is typically derived from the label on the devfs directory
5290 entry or the label on the filesystem, supplied as parameters.
5294 struct label *mntlabel,
5296 struct label *delabel,
5298 struct label *vlabel
5301 @brief Associate a label with a vnode
5303 @param mntlabel File system mount point label
5304 @param vp Vnode to label
5307 Attempt to retrieve label information for the vnode, vp, from the
5308 file system extended attribute store. The label should be stored in
5313 If the policy requires vnodes to have a valid label elsewhere it
5315 a valid label of some sort. Returning an error will cause vnode
5325 struct label *mntlabel,
5327 struct label *vlabel
5330 @brief Associate a file label with a vnode
5333 @param mntlabel Fdesc mount point label
5335 @param label Policy label for fg
5336 @param vp Vnode to label
5339 Associate label information for the vnode, vp, with the label of
5341 The label should be stored in the supplied vlabel parameter.
5346 struct label *mntlabel,
5348 struct label *label,
5350 struct label *vlabel
5353 @brief Associate a pipe label with a vnode
5357 @param vp Vnode to label
5360 Associate label information for the vnode, vp, with the label of
5362 The label should be stored in the supplied vlabel parameter.
5367 struct label *pipelabel,
5369 struct label *vlabel
5372 @brief Associate a POSIX semaphore label with a vnode
5376 @param vp Vnode to label
5379 Associate label information for the vnode, vp, with the label of
5381 The label should be stored in the supplied vlabel parameter.
5386 struct label *psemlabel,
5388 struct label *vlabel
5391 @brief Associate a POSIX shared memory label with a vnode
5395 @param vp Vnode to label
5398 Associate label information for the vnode, vp, with the label of
5400 The label should be stored in the supplied vlabel parameter.
5405 struct label *pshmlabel,
5407 struct label *vlabel
5410 @brief Associate a label with a vnode
5412 @param mntlabel File system mount point label
5413 @param vp Vnode to label
5416 On non-multilabel file systems, set the label for a vnode. The
5417 label will most likely be based on the file system label.
5421 struct label *mntlabel,
5423 struct label *vlabel
5426 @brief Associate a socket label with a vnode
5430 @param vp Vnode to label
5433 Associate label information for the vnode, vp, with the label of
5435 The label should be stored in the supplied vlabel parameter.
5440 struct label *solabel,
5442 struct label *vlabel
5445 @brief Copy a vnode label
5446 @param src Source vnode label
5447 @param dest Destination vnode label
5449 Copy the vnode label information from src to dest. On Darwin, this
5451 will later be used if vnode label externalization cannot be an
5455 struct label *src,
5456 struct label *dest
5459 @brief Destroy vnode label
5460 @param label The label to be destroyed
5462 Destroy a vnode label. Since the object is going out of scope,
5464 label so that it may be destroyed.
5467 struct label *label
5470 @brief Externalize a vnode label for auditing
5471 @param label Label to be externalized
5472 @param element_name Name of the label namespace for which labels should be
5474 @param sb String buffer to be filled with a text representation of the label
5476 Produce an external representation of the label on a vnode suitable for
5477 inclusion in an audit record. An externalized label consists of a text
5478 representation of the label contents that will be added to the audit record
5483 externalizing the label data.
5487 struct label *label,
5492 @brief Externalize a vnode label
5493 @param label Label to be externalized
5494 @param element_name Name of the label namespace for which labels should be
5496 @param sb String buffer to be filled with a text representation of the label
5498 Produce an external representation of the label on a vnode. An
5499 externalized label consists of a text representation of the label
5504 externalizing the label data.
5508 struct label *label,
5513 @brief Initialize vnode label
5514 @param label New label to initialize
5516 Initialize label storage for use with a newly instantiated vnode, or
5518 vnode label. While it is necessary to allocate space for a
5519 kernel-resident vnode label, it is not yet necessary to link this vnode
5520 with persistent label storage facilities, such as extended attributes.
5524 struct label *label
5527 @brief Internalize a vnode label
5528 @param label Label to be internalized
5529 @param element_name Name of the label namespace for which the label should
5533 Produce a vnode label from an external representation. An
5534 externalized label consists of a text representation of the label
5540 policy has registered interest in the label namespace.
5543 while internalizing the label data.
5546 struct label *label,
5551 @brief Clean up a vnode label
5552 @param label The label to be cleaned for re-use
5554 Clean up a vnode label. Darwin (Tiger, 8.x) allocates vnodes on demand, but
5556 re-use, policies can cleanup or overwrite any information present in the label.
5559 struct label *label
5562 @brief Write a label to a extended attribute
5564 @param vp The vnode for which the label is being stored
5566 @param intlabel The new label to store
5568 Store a new label in the extended attribute corresponding to the
5582 struct label *vlabel,
5583 struct label *intlabel
5586 @brief Update vnode label from extended attributes
5588 @param mntlabel Mount point label
5589 @param vp Vnode to label
5595 functions, the MAC vnode label might also require an update.
5596 Policies should first determine if 'name' matches their xattr label
5599 vnode. Normally labels should only be modified via MAC Framework label
5604 This entry point is called after the label update has occurred, so
5608 If the vnode label needs to be updated the policy should return
5609 a non-zero value. The vnode label will be marked for re-association
5614 struct label *mntlabel,
5616 struct label *vlabel,
5620 @brief Update a vnode label
5623 @param vnodelabel Existing vnode label
5624 @param label New label to replace existing label
5630 update vnodelabel using the label stored in the label parameter.
5635 struct label *vnodelabel,
5636 struct label *label
5643 @param label Existing vnode label
5650 struct label *label
5656 @param mntlabel File system mount point label
5658 @param dlabel Parent directory vnode label
5663 Write out the label for the newly created vnode, most likely storing
5665 derive the new vnode label using information from a combination
5666 of the subject (user) credential, the file system label, the parent
5667 directory label, and potentially the path name component.
5669 @return If the operation succeeds, store the new label in vlabel and
5675 struct label *mntlabel,
5677 struct label *dlabel,
5679 struct label *vlabel,
5687 @param label Policy label for the vp
5696 struct label *label,
5704 @param label Policy label for vp
5706 @param dlabel Policy label for dvp
5714 struct label *label,
5716 struct label *dlabel,
5724 @param dlabel Policy label for dvp
5726 @param vlabel Policy label for vp
5734 struct label *dlabel,
5736 struct label *vlabel,
5745 @param label Policy label for tp
5753 struct label *label
5761 @param label Policy label for tp
5769 struct label *label
6215 a short unique policy name, a more descriptive full name, a list of label
6217 any load time flags, and optionally, a pointer to a label slot identifier.
6222 If the label slot identifier (mpc_field_off) is NULL, the Framework
6223 will not provide label storage for the policy. Otherwise, the
6224 Framework will store the label location (slot) in this field.
6233 const char **mpc_labelnames; /** managed label namespaces */
6234 unsigned int mpc_labelname_count; /** number of managed label namespaces */
6237 int *mpc_field_off; /** label slot */
6322 label state and are unable to free that state at runtime, or for
6401 * Policy interface to map a struct label pointer to per-policy data.
6405 intptr_t mac_label_get(struct label *l, int slot);
6406 void mac_label_set(struct label *l, int slot, intptr_t v);