diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-02-06 14:19:25 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-02-06 14:19:25 +0000 |
commit | 19777f08023deb4d6171525896812b717dd9c968 (patch) | |
tree | 5dc8beed75f16d01bef656c68bffd5b9829a48ff /sys/security/mac/mac_policy.h | |
parent | f82b2337b98055d193bfafd3608aa0505161ec29 (diff) | |
download | FreeBSD-src-19777f08023deb4d6171525896812b717dd9c968.zip FreeBSD-src-19777f08023deb4d6171525896812b717dd9c968.tar.gz |
Introduce accessor functions mac_label_get() and mac_label_set() to replace
LABEL_TO_SLOT() macro used by policy modules to query and set label data
in struct label. Instead of using a union, store an intptr_t, simplifying
the API.
Update policies: in most cases this required only small tweaks to current
wrapper macros. In two cases, a single wrapper macros had to be split into
separate get and set macros.
Move struct label definition from _label.h to mac_internal.h and remove
_label.h. With this change, policies may now treat struct label * as
opaque, allowing us to change the layout of struct label without breaking
the policy module ABI. For example, we could make the maximum number of
policies with labels modifiable at boot-time rather than just at
compile-time.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac/mac_policy.h')
-rw-r--r-- | sys/security/mac/mac_policy.h | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 750218f..c3c435c 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -47,8 +47,6 @@ #error "no user-serviceable parts inside" #endif -#include <sys/_label.h> - /*- * Pluggable access control policy definition structure. * @@ -970,11 +968,9 @@ int mac_policy_modevent(module_t mod, int type, void *data); /* * Policy interface to map a struct label pointer to per-policy data. * Typically, policies wrap this in their own accessor macro that casts a - * void pointer to a policy-specific data type. - * - * XXXRW: It might be preferable to provide get/set methods via functions to - * avoid encoding the struct label layout in compiled modules. + * uintptr_t to a policy-specific data type. */ -#define LABEL_TO_SLOT(l, s) (l)->l_perpolicy[s] +intptr_t mac_label_get(struct label *l, int slot); +void mac_label_set(struct label *l, int slot, intptr_t v); #endif /* !_SYS_SECURITY_MAC_MAC_POLICY_H_ */ |