NAME

libugidfw — library interface to the file system firewall MAC policy

LIBRARY

File System Firewall Interface Library (libugidfw, -lugidfw)

SYNOPSIS

#include < sys/types.h>
#include < security/mac_bsdextended/mac_bsdextended.h>
#include < ugidfw.h>

DESCRIPTION

The libugidfw library routines provide an interface to the mac_bsdextended(4) file system firewall MAC policy.

The libugidfw library defines the following functions:

bsde_rule_to_string()

Converts the internal representation of a rule ( struct mac_bsdextended_rule) into its text representation; see bsde_rule_to_string(3).

bsde_parse_rule()

Parses an entire rule (in argument array form); see bsde_parse_rule(3).

bsde_parse_rule_string()

Parses an entire rule string; see bsde_parse_rule_string(3).

bsde_get_rule_count()

Returns the total number of ugidfw rules being enforced in the system; see bsde_get_rule_count(3).

bsde_get_rule_slots()

Returns the total number of used rule slots; see bsde_get_rule_slots(3).

bsde_get_rule()

Returns a rule by its rule number; see bsde_get_rule(3).

bsde_delete_rule()

Deletes a rule by its rule number; see bsde_delete_rule(3).

bsde_set_rule()

Uploads the rule to the mac_bsdextended(4) module and applies it; see bsde_set_rule(3).

bsde_add_rule()

Upload the rule to the module, automatically selecting the next available rule number; see bsde_add_rule(3).

SEE ALSO

bsde_delete_rule(3), bsde_get_rule(3), bsde_get_rule_count(3), bsde_get_rule_slots(3), bsde_parse_rule(3), bsde_parse_rule_string(3), bsde_rule_to_string(3), bsde_set_rule(3)

AUTHORS

This software was contributed to the FreeBSD Project by Network Associates Labs, the Security Research Division of Network Associates Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS research program.