Introduce accessor functions mac_label_get() and mac_label_set() to replace

LABEL_TO_SLOT() macro used by policy modules to query and set label data
in struct label.  Instead of using a union, store an intptr_t, simplifying
the API.

Update policies: in most cases this required only small tweaks to current
wrapper macros.  In two cases, a single wrapper macros had to be split into
separate get and set macros.

Move struct label definition from _label.h to mac_internal.h and remove
_label.h.  With this change, policies may now treat struct label * as
opaque, allowing us to change the layout of struct label without breaking
the policy module ABI.  For example, we could make the maximum number of
policies with labels modifiable at boot-time rather than just at
compile-time.

Obtained from:	TrustedBSD Project

1 files changed, 1 insertions, 2 deletions

diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index 9f3ee33..4a95476 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -50,8 +50,6 @@
 #error "no user-serviceable parts inside"
 #endif
 
-#include <sys/_label.h>
-
 struct bpf_d;
 struct cdev;
 struct componentname;
@@ -62,6 +60,7 @@ struct image_params;
 struct inpcb;
 struct ipq;
 struct ksem;
+struct label;
 struct m_tag;
 struct mac;
 struct mbuf;