Comment LABEL_TO_SLOT() macro, including observing that we'd like to improve

this policy API to avoid encoding struct label binary layout in policy
modules.

Obtained from:	TrustedBSD Project

2 files changed, 16 insertions, 0 deletions

diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index e75a1e3..62ebfcb 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -948,6 +948,14 @@ struct mac_policy_conf {
 
 int	mac_policy_modevent(module_t mod, int type, void *data);
 
+/*
+ * Policy interface to map a struct label pointer to per-policy data.
+ * Typically, policies wrap this in their own accessor macro that casts a
+ * void pointer to a policy-specific data type.
+ *
+ * XXXRW: It might be preferable to provide get/set methods via functions to
+ * avoid encoding the struct label layout in compiled modules.
+ */
 #define	LABEL_TO_SLOT(l, s)	(l)->l_perpolicy[s]
 
 #endif /* !_SYS_MAC_POLICY_H_ */
diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h
index e75a1e3..62ebfcb 100644
--- a/sys/sys/mac_policy.h
+++ b/sys/sys/mac_policy.h
@@ -948,6 +948,14 @@ struct mac_policy_conf {
 
 int	mac_policy_modevent(module_t mod, int type, void *data);
 
+/*
+ * Policy interface to map a struct label pointer to per-policy data.
+ * Typically, policies wrap this in their own accessor macro that casts a
+ * void pointer to a policy-specific data type.
+ *
+ * XXXRW: It might be preferable to provide get/set methods via functions to
+ * avoid encoding the struct label layout in compiled modules.
+ */
 #define	LABEL_TO_SLOT(l, s)	(l)->l_perpolicy[s]
 
 #endif /* !_SYS_MAC_POLICY_H_ */