Merge first in a series of TrustedBSD MAC Framework KPI changes

from Mac OS X Leopard--rationalize naming for entry points to the following general forms: mac_<object>_<method/action> mac_<object>_check_<method/action> The previous naming scheme was inconsistent and mostly reversed from the new scheme. Also, make object types more consistent and remove spaces from object types that contain multiple parts ("posix_sem" -> "posixsem") to make mechanical parsing easier. Introduce a new "netinet" object type for certain IPv4/IPv6-related methods. Also simplify, slightly, some entry point names. All MAC policy modules will need to be recompiled, and modules not updates as part of this commit will need to be modified to conform to the new KPI. Sponsored by: SPARTA (original patches against Mac OS X) Obtained from: TrustedBSD Project, Apple Computer
author: rwatson <rwatson@FreeBSD.org> 2007-10-24 19:04:04 +0000
committer: rwatson <rwatson@FreeBSD.org> 2007-10-24 19:04:04 +0000
commit: 60570a92bf794d255e5f8ed235b49c553776ad92 (patch)
tree: fea282db79628eed98808fd38cc46445b2f97ca5 /sys/security/mac/mac_policy.h
parent: 7781c2181af1113baab38322a55a90b5469cba03 (diff)
download: FreeBSD-src-60570a92bf794d255e5f8ed235b49c553776ad92.zip
FreeBSD-src-60570a92bf794d255e5f8ed235b49c553776ad92.tar.gz
1 files changed, 422 insertions, 422 deletions
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index c061e2e..5106d94 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -116,217 +116,217 @@ typedef void	(*mpo_placeholder_t)(void);
  * recycle for re-use without init/destroy, copy a label to initialized
  * storage, and externalize/internalize from/to initialized storage.
  */
-typedef void	(*mpo_init_bpfdesc_label_t)(struct label *label);
-typedef void	(*mpo_init_cred_label_t)(struct label *label);
-typedef void	(*mpo_init_devfs_label_t)(struct label *label);
-typedef void	(*mpo_init_ifnet_label_t)(struct label *label);
-typedef int	(*mpo_init_inpcb_label_t)(struct label *label, int flag);
-typedef void	(*mpo_init_sysv_msgmsg_label_t)(struct label *label);
-typedef void	(*mpo_init_sysv_msgqueue_label_t)(struct label *label);
-typedef void	(*mpo_init_sysv_sem_label_t)(struct label *label);
-typedef void	(*mpo_init_sysv_shm_label_t)(struct label *label);
-typedef int	(*mpo_init_ipq_label_t)(struct label *label, int flag);
-typedef int	(*mpo_init_mbuf_label_t)(struct label *label, int flag);
-typedef void	(*mpo_init_mount_label_t)(struct label *label);
-typedef int	(*mpo_init_socket_label_t)(struct label *label, int flag);
-typedef int	(*mpo_init_socket_peer_label_t)(struct label *label,
+typedef void	(*mpo_bpfdesc_init_label_t)(struct label *label);
+typedef void	(*mpo_cred_init_label_t)(struct label *label);
+typedef void	(*mpo_devfs_init_label_t)(struct label *label);
+typedef void	(*mpo_ifnet_init_label_t)(struct label *label);
+typedef int	(*mpo_inpcb_init_label_t)(struct label *label, int flag);
+typedef void	(*mpo_sysvmsg_init_label_t)(struct label *label);
+typedef void	(*mpo_sysvmsq_init_label_t)(struct label *label);
+typedef void	(*mpo_sysvsem_init_label_t)(struct label *label);
+typedef void	(*mpo_sysvshm_init_label_t)(struct label *label);
+typedef int	(*mpo_ipq_init_label_t)(struct label *label, int flag);
+typedef int	(*mpo_mbuf_init_label_t)(struct label *label, int flag);
+typedef void	(*mpo_mount_init_label_t)(struct label *label);
+typedef int	(*mpo_socket_init_label_t)(struct label *label, int flag);
+typedef int	(*mpo_socketpeer_init_label_t)(struct label *label,
 		    int flag);
-typedef void	(*mpo_init_pipe_label_t)(struct label *label);
-typedef void    (*mpo_init_posix_sem_label_t)(struct label *label);
-typedef void	(*mpo_init_proc_label_t)(struct label *label);
-typedef void	(*mpo_init_vnode_label_t)(struct label *label);
-typedef void	(*mpo_destroy_bpfdesc_label_t)(struct label *label);
-typedef void	(*mpo_destroy_cred_label_t)(struct label *label);
-typedef void	(*mpo_destroy_devfs_label_t)(struct label *label);
-typedef void	(*mpo_destroy_ifnet_label_t)(struct label *label);
-typedef void	(*mpo_destroy_inpcb_label_t)(struct label *label);
-typedef void	(*mpo_destroy_sysv_msgmsg_label_t)(struct label *label);
-typedef void	(*mpo_destroy_sysv_msgqueue_label_t)(struct label *label);
-typedef void	(*mpo_destroy_sysv_sem_label_t)(struct label *label);
-typedef void	(*mpo_destroy_sysv_shm_label_t)(struct label *label);
-typedef void	(*mpo_destroy_ipq_label_t)(struct label *label);
-typedef void	(*mpo_destroy_mbuf_label_t)(struct label *label);
-typedef void	(*mpo_destroy_mount_label_t)(struct label *label);
-typedef void	(*mpo_destroy_socket_label_t)(struct label *label);
-typedef void	(*mpo_destroy_socket_peer_label_t)(struct label *label);
-typedef void	(*mpo_destroy_pipe_label_t)(struct label *label);
-typedef void    (*mpo_destroy_posix_sem_label_t)(struct label *label);
-typedef void	(*mpo_destroy_proc_label_t)(struct label *label);
-typedef void	(*mpo_destroy_vnode_label_t)(struct label *label);
-typedef void	(*mpo_cleanup_sysv_msgmsg_t)(struct label *msglabel);
-typedef void	(*mpo_cleanup_sysv_msgqueue_t)(struct label *msqlabel);
-typedef void	(*mpo_cleanup_sysv_sem_t)(struct label *semalabel);
-typedef void	(*mpo_cleanup_sysv_shm_t)(struct label *shmlabel);
-typedef void	(*mpo_copy_cred_label_t)(struct label *src,
+typedef void	(*mpo_pipe_init_label_t)(struct label *label);
+typedef void    (*mpo_posixsem_init_label_t)(struct label *label);
+typedef void	(*mpo_proc_init_label_t)(struct label *label);
+typedef void	(*mpo_vnode_init_label_t)(struct label *label);
+typedef void	(*mpo_bpfdesc_destroy_label_t)(struct label *label);
+typedef void	(*mpo_cred_destroy_label_t)(struct label *label);
+typedef void	(*mpo_devfs_destroy_label_t)(struct label *label);
+typedef void	(*mpo_ifnet_destroy_label_t)(struct label *label);
+typedef void	(*mpo_inpcb_destroy_label_t)(struct label *label);
+typedef void	(*mpo_sysvmsg_destroy_label_t)(struct label *label);
+typedef void	(*mpo_sysvmsq_destroy_label_t)(struct label *label);
+typedef void	(*mpo_sysvsem_destroy_label_t)(struct label *label);
+typedef void	(*mpo_sysvshm_destroy_label_t)(struct label *label);
+typedef void	(*mpo_ipq_destroy_label_t)(struct label *label);
+typedef void	(*mpo_mbuf_destroy_label_t)(struct label *label);
+typedef void	(*mpo_mount_destroy_label_t)(struct label *label);
+typedef void	(*mpo_socket_destroy_label_t)(struct label *label);
+typedef void	(*mpo_socketpeer_destroy_label_t)(struct label *label);
+typedef void	(*mpo_pipe_destroy_label_t)(struct label *label);
+typedef void    (*mpo_posixsem_destroy_label_t)(struct label *label);
+typedef void	(*mpo_proc_destroy_label_t)(struct label *label);
+typedef void	(*mpo_vnode_destroy_label_t)(struct label *label);
+typedef void	(*mpo_sysvmsg_cleanup_t)(struct label *msglabel);
+typedef void	(*mpo_sysvmsq_cleanup_t)(struct label *msqlabel);
+typedef void	(*mpo_sysvsem_cleanup_t)(struct label *semalabel);
+typedef void	(*mpo_sysvshm_cleanup_t)(struct label *shmlabel);
+typedef void	(*mpo_cred_copy_label_t)(struct label *src,
 		    struct label *dest);
-typedef void	(*mpo_copy_ifnet_label_t)(struct label *src,
+typedef void	(*mpo_ifnet_copy_label_t)(struct label *src,
 		    struct label *dest);
-typedef void	(*mpo_copy_mbuf_label_t)(struct label *src,
+typedef void	(*mpo_mbuf_copy_label_t)(struct label *src,
 		    struct label *dest);
-typedef void	(*mpo_copy_pipe_label_t)(struct label *src,
+typedef void	(*mpo_pipe_copy_label_t)(struct label *src,
 		    struct label *dest);
-typedef void	(*mpo_copy_socket_label_t)(struct label *src,
+typedef void	(*mpo_socket_copy_label_t)(struct label *src,
 		    struct label *dest);
-typedef void	(*mpo_copy_vnode_label_t)(struct label *src,
+typedef void	(*mpo_vnode_copy_label_t)(struct label *src,
 		    struct label *dest);
-typedef int	(*mpo_externalize_cred_label_t)(struct label *label,
+typedef int	(*mpo_cred_externalize_label_t)(struct label *label,
 		    char *element_name, struct sbuf *sb, int *claimed);
-typedef int	(*mpo_externalize_ifnet_label_t)(struct label *label,
+typedef int	(*mpo_ifnet_externalize_label_t)(struct label *label,
 		    char *element_name, struct sbuf *sb, int *claimed);
-typedef int	(*mpo_externalize_pipe_label_t)(struct label *label,
+typedef int	(*mpo_pipe_externalize_label_t)(struct label *label,
 		    char *element_name, struct sbuf *sb, int *claimed);
-typedef int	(*mpo_externalize_socket_label_t)(struct label *label,
+typedef int	(*mpo_socket_externalize_label_t)(struct label *label,
 		    char *element_name, struct sbuf *sb, int *claimed);
-typedef int	(*mpo_externalize_socket_peer_label_t)(struct label *label,
+typedef int	(*mpo_socketpeer_externalize_label_t)(struct label *label,
 		    char *element_name, struct sbuf *sb, int *claimed);
-typedef int	(*mpo_externalize_vnode_label_t)(struct label *label,
+typedef int	(*mpo_vnode_externalize_label_t)(struct label *label,
 		    char *element_name, struct sbuf *sb, int *claimed);
-typedef int	(*mpo_internalize_cred_label_t)(struct label *label,
+typedef int	(*mpo_cred_internalize_label_t)(struct label *label,
 		    char *element_name, char *element_data, int *claimed);
-typedef int	(*mpo_internalize_ifnet_label_t)(struct label *label,
+typedef int	(*mpo_ifnet_internalize_label_t)(struct label *label,
 		    char *element_name, char *element_data, int *claimed);
-typedef int	(*mpo_internalize_pipe_label_t)(struct label *label,
+typedef int	(*mpo_pipe_internalize_label_t)(struct label *label,
 		    char *element_name, char *element_data, int *claimed);
-typedef int	(*mpo_internalize_socket_label_t)(struct label *label,
+typedef int	(*mpo_socket_internalize_label_t)(struct label *label,
 		    char *element_name, char *element_data, int *claimed);
-typedef int	(*mpo_internalize_vnode_label_t)(struct label *label,
+typedef int	(*mpo_vnode_internalize_label_t)(struct label *label,
 		    char *element_name, char *element_data, int *claimed);
 
 /*
  * Labeling event operations: file system objects, and things that look a lot
  * like file system objects.
  */
-typedef void	(*mpo_associate_vnode_devfs_t)(struct mount *mp,
+typedef void	(*mpo_devfs_vnode_associate_t)(struct mount *mp,
 		    struct label *mplabel, struct devfs_dirent *de,
 		    struct label *delabel, struct vnode *vp,
 		    struct label *vplabel);
-typedef int	(*mpo_associate_vnode_extattr_t)(struct mount *mp,
+typedef int	(*mpo_vnode_associate_extattr_t)(struct mount *mp,
 		    struct label *mplabel, struct vnode *vp,
 		    struct label *vplabel);
-typedef void	(*mpo_associate_vnode_singlelabel_t)(struct mount *mp,
+typedef void	(*mpo_vnode_associate_singlelabel_t)(struct mount *mp,
 		    struct label *mplabel, struct vnode *vp,
 		    struct label *vplabel);
-typedef void	(*mpo_create_devfs_device_t)(struct ucred *cred,
+typedef void	(*mpo_devfs_create_device_t)(struct ucred *cred,
 		    struct mount *mp, struct cdev *dev,
 		    struct devfs_dirent *de, struct label *delabel);
-typedef void	(*mpo_create_devfs_directory_t)(struct mount *mp,
+typedef void	(*mpo_devfs_create_directory_t)(struct mount *mp,
 		    char *dirname, int dirnamelen, struct devfs_dirent *de,
 		    struct label *delabel);
-typedef void	(*mpo_create_devfs_symlink_t)(struct ucred *cred,
+typedef void	(*mpo_devfs_create_symlink_t)(struct ucred *cred,
 		    struct mount *mp, struct devfs_dirent *dd,
 		    struct label *ddlabel, struct devfs_dirent *de,
 		    struct label *delabel);
-typedef int	(*mpo_create_vnode_extattr_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_create_extattr_t)(struct ucred *cred,
 		    struct mount *mp, struct label *mplabel,
 		    struct vnode *dvp, struct label *dvplabel,
 		    struct vnode *vp, struct label *vplabel,
 		    struct componentname *cnp);
-typedef void	(*mpo_create_mount_t)(struct ucred *cred, struct mount *mp,
+typedef void	(*mpo_mount_create_t)(struct ucred *cred, struct mount *mp,
 		    struct label *mplabel);
-typedef void	(*mpo_relabel_vnode_t)(struct ucred *cred, struct vnode *vp,
+typedef void	(*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp,
 		    struct label *vplabel, struct label *label);
-typedef int	(*mpo_setlabel_vnode_extattr_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_setlabel_extattr_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel,
 		    struct label *intlabel);
-typedef void	(*mpo_update_devfs_t)(struct mount *mp,
+typedef void	(*mpo_devfs_update_t)(struct mount *mp,
 		    struct devfs_dirent *de, struct label *delabel,
 		    struct vnode *vp, struct label *vplabel);
 
 /*
  * Labeling event operations: IPC objects.
  */
-typedef void	(*mpo_create_mbuf_from_socket_t)(struct socket *so,
+typedef void	(*mpo_socket_create_mbuf_t)(struct socket *so,
 		    struct label *solabel, struct mbuf *m,
 		    struct label *mlabel);
-typedef void	(*mpo_create_socket_t)(struct ucred *cred, struct socket *so,
+typedef void	(*mpo_socket_create_t)(struct ucred *cred, struct socket *so,
 		    struct label *solabel);
-typedef void	(*mpo_create_socket_from_socket_t)(struct socket *oldso,
+typedef void	(*mpo_socket_newconn_t)(struct socket *oldso,
 		    struct label *oldsolabel, struct socket *newso,
 		    struct label *newsolabel);
-typedef void	(*mpo_relabel_socket_t)(struct ucred *cred, struct socket *so,
+typedef void	(*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so,
 		    struct label *oldlabel, struct label *newlabel);
-typedef void	(*mpo_relabel_pipe_t)(struct ucred *cred, struct pipepair *pp,
+typedef void	(*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp,
 		    struct label *oldlabel, struct label *newlabel);
-typedef void	(*mpo_set_socket_peer_from_mbuf_t)(struct mbuf *m,
+typedef void	(*mpo_socketpeer_set_from_mbuf_t)(struct mbuf *m,
 		    struct label *mlabel, struct socket *so,
 		    struct label *sopeerlabel);
-typedef void	(*mpo_set_socket_peer_from_socket_t)(struct socket *oldso,
+typedef void	(*mpo_socketpeer_set_from_socket_t)(struct socket *oldso,
 		    struct label *oldsolabel, struct socket *newso,
 		    struct label *newsopeerlabel);
-typedef void	(*mpo_create_pipe_t)(struct ucred *cred, struct pipepair *pp,
+typedef void	(*mpo_pipe_create_t)(struct ucred *cred, struct pipepair *pp,
 		    struct label *pplabel);
 
 /*
  * Labeling event operations: System V IPC primitives.
  */
-typedef void	(*mpo_create_sysv_msgmsg_t)(struct ucred *cred,
+typedef void	(*mpo_sysvmsg_create_t)(struct ucred *cred,
 		    struct msqid_kernel *msqkptr, struct label *msqlabel,
 		    struct msg *msgptr, struct label *msglabel);
-typedef void	(*mpo_create_sysv_msgqueue_t)(struct ucred *cred,
+typedef void	(*mpo_sysvmsq_create_t)(struct ucred *cred,
 		    struct msqid_kernel *msqkptr, struct label *msqlabel);
-typedef void	(*mpo_create_sysv_sem_t)(struct ucred *cred,
+typedef void	(*mpo_sysvsem_create_t)(struct ucred *cred,
 		    struct semid_kernel *semakptr, struct label *semalabel);
-typedef void	(*mpo_create_sysv_shm_t)(struct ucred *cred,
+typedef void	(*mpo_sysvshm_create_t)(struct ucred *cred,
 		    struct shmid_kernel *shmsegptr, struct label *shmlabel);
 
 /*
  * Labeling event operations: POSIX (global/inter-process) semaphores.
  */
-typedef void	(*mpo_create_posix_sem_t)(struct ucred *cred,
+typedef void	(*mpo_posixsem_create_t)(struct ucred *cred,
 		    struct ksem *ks, struct label *kslabel);
 
 /*
  * Labeling event operations: network objects.
  */
-typedef void	(*mpo_create_bpfdesc_t)(struct ucred *cred,
+typedef void	(*mpo_bpfdesc_create_t)(struct ucred *cred,
 		    struct bpf_d *d, struct label *dlabel);
-typedef void	(*mpo_create_ifnet_t)(struct ifnet *ifp,
+typedef void	(*mpo_ifnet_create_t)(struct ifnet *ifp,
 		    struct label *ifplabel);
-typedef void	(*mpo_create_inpcb_from_socket_t)(struct socket *so,
+typedef void	(*mpo_inpcb_create_t)(struct socket *so,
 		    struct label *solabel, struct inpcb *inp,
 		    struct label *inplabel);
-typedef void	(*mpo_create_ipq_t)(struct mbuf *m, struct label *mlabel,
+typedef void	(*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel,
 		    struct ipq *ipq, struct label *ipqlabel);
-typedef void	(*mpo_create_datagram_from_ipq)
+typedef void	(*mpo_ipq_reassemble)
 		    (struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
 		    struct label *mlabel);
-typedef void	(*mpo_create_fragment_t)(struct mbuf *m,
+typedef void	(*mpo_netinet_fragment_t)(struct mbuf *m,
 		    struct label *mlabel, struct mbuf *frag,
 		    struct label *fraglabel);
-typedef void	(*mpo_create_mbuf_from_inpcb_t)(struct inpcb *inp,
+typedef void	(*mpo_inpcb_create_mbuf_t)(struct inpcb *inp,
 		    struct label *inplabel, struct mbuf *m,
 		    struct label *mlabel);
 typedef void	(*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp,
 		    struct label *ifplabel, struct mbuf *m,
 		    struct label *mlabel);
-typedef void	(*mpo_create_mbuf_from_bpfdesc_t)(struct bpf_d *d,
+typedef void	(*mpo_bpfdesc_create_mbuf_t)(struct bpf_d *d,
 		    struct label *dlabel, struct mbuf *m,
 		    struct label *mlabel);
-typedef void	(*mpo_create_mbuf_from_ifnet_t)(struct ifnet *ifp,
+typedef void	(*mpo_ifnet_create_mbuf_t)(struct ifnet *ifp,
 		    struct label *ifplabel, struct mbuf *m,
 		    struct label *mlabel);
-typedef void	(*mpo_create_mbuf_multicast_encap_t)(struct mbuf *m,
+typedef void	(*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m,
 		    struct label *mlabel, struct ifnet *ifp,
 		    struct label *ifplabel, struct mbuf *mnew,
 		    struct label *mnewlabel);
-typedef void	(*mpo_create_mbuf_netlayer_t)(struct mbuf *m,
+typedef void	(*mpo_mbuf_create_netlayer_t)(struct mbuf *m,
 		    struct label *mlabel, struct mbuf *mnew,
 		    struct label *mnewlabel);
-typedef int	(*mpo_fragment_match_t)(struct mbuf *m, struct label *mlabel,
+typedef int	(*mpo_ipq_match_t)(struct mbuf *m, struct label *mlabel,
 		    struct ipq *ipq, struct label *ipqlabel);
-typedef void	(*mpo_reflect_mbuf_icmp_t)(struct mbuf *m,
+typedef void	(*mpo_netinet_icmp_reply_t)(struct mbuf *m,
 		    struct label *mlabel);
-typedef void	(*mpo_reflect_mbuf_tcp_t)(struct mbuf *m,
+typedef void	(*mpo_netinet_tcp_reply_t)(struct mbuf *m,
 		    struct label *mlabel);
-typedef void	(*mpo_relabel_ifnet_t)(struct ucred *cred, struct ifnet *ifp,
+typedef void	(*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp,
 		    struct label *ifplabel, struct label *newlabel);
-typedef void	(*mpo_update_ipq_t)(struct mbuf *m, struct label *mlabel,
+typedef void	(*mpo_ipq_update_t)(struct mbuf *m, struct label *mlabel,
 		    struct ipq *ipq, struct label *ipqlabel);
 typedef void	(*mpo_inpcb_sosetlabel_t)(struct socket *so,
 		    struct label *label, struct inpcb *inp,
 		    struct label *inplabel);
 
-typedef	void	(*mpo_create_mbuf_from_firewall_t)(struct mbuf *m,
+typedef	void	(*mpo_mbuf_create_from_firewall_t)(struct mbuf *m,
 		    struct label *label);
 typedef void	(*mpo_destroy_syncache_label_t)(struct label *label);
 typedef int	(*mpo_init_syncache_label_t)(struct label *label, int flag);
@@ -337,274 +337,274 @@ typedef void	(*mpo_create_mbuf_from_syncache_t)(struct label *sc_label,
 /*
  * Labeling event operations: processes.
  */
-typedef void	(*mpo_execve_transition_t)(struct ucred *old,
+typedef void	(*mpo_vnode_execve_transition_t)(struct ucred *old,
 		    struct ucred *new, struct vnode *vp,
 		    struct label *vplabel, struct label *interpvnodelabel,
 		    struct image_params *imgp, struct label *execlabel);
-typedef int	(*mpo_execve_will_transition_t)(struct ucred *old,
+typedef int	(*mpo_vnode_execve_will_transition_t)(struct ucred *old,
 		    struct vnode *vp, struct label *vplabel,
 		    struct label *interpvnodelabel,
 		    struct image_params *imgp, struct label *execlabel);
-typedef void	(*mpo_create_proc0_t)(struct ucred *cred);
-typedef void	(*mpo_create_proc1_t)(struct ucred *cred);
-typedef void	(*mpo_relabel_cred_t)(struct ucred *cred,
+typedef void	(*mpo_proc_create_swapper_t)(struct ucred *cred);
+typedef void	(*mpo_proc_create_init_t)(struct ucred *cred);
+typedef void	(*mpo_cred_relabel_t)(struct ucred *cred,
 		    struct label *newlabel);
 typedef void	(*mpo_thread_userret_t)(struct thread *thread);
 
 /*
  * Access control checks.
  */
-typedef	int	(*mpo_check_bpfdesc_receive_t)(struct bpf_d *d,
+typedef	int	(*mpo_bpfdesc_check_receive_t)(struct bpf_d *d,
 		    struct label *dlabel, struct ifnet *ifp,
 		    struct label *ifplabel);
-typedef int	(*mpo_check_cred_relabel_t)(struct ucred *cred,
+typedef int	(*mpo_cred_check_relabel_t)(struct ucred *cred,
 		    struct label *newlabel);
-typedef int	(*mpo_check_cred_visible_t)(struct ucred *cr1,
+typedef int	(*mpo_cred_check_visible_t)(struct ucred *cr1,
 		    struct ucred *cr2);
-typedef int	(*mpo_check_ifnet_relabel_t)(struct ucred *cred,
+typedef int	(*mpo_ifnet_check_relabel_t)(struct ucred *cred,
 		    struct ifnet *ifp, struct label *ifplabel,
 		    struct label *newlabel);
-typedef int	(*mpo_check_ifnet_transmit_t)(struct ifnet *ifp,
+typedef int	(*mpo_ifnet_check_transmit_t)(struct ifnet *ifp,
 		    struct label *ifplabel, struct mbuf *m,
 		    struct label *mlabel);
-typedef int	(*mpo_check_inpcb_deliver_t)(struct inpcb *inp,
+typedef int	(*mpo_inpcb_check_deliver_t)(struct inpcb *inp,
 		    struct label *inplabel, struct mbuf *m,
 		    struct label *mlabel);
-typedef int	(*mpo_check_sysv_msgmsq_t)(struct ucred *cred,
+typedef int	(*mpo_sysvmsq_check_msgmsq_t)(struct ucred *cred,
 		    struct msg *msgptr, struct label *msglabel,
 		    struct msqid_kernel *msqkptr, struct label *msqklabel);
-typedef int	(*mpo_check_sysv_msgrcv_t)(struct ucred *cred,
+typedef int	(*mpo_sysvmsq_check_msgrcv_t)(struct ucred *cred,
 		    struct msg *msgptr, struct label *msglabel);
-typedef int	(*mpo_check_sysv_msgrmid_t)(struct ucred *cred,
+typedef int	(*mpo_sysvmsq_check_msgrmid_t)(struct ucred *cred,
 		    struct msg *msgptr, struct label *msglabel);
-typedef int	(*mpo_check_sysv_msqget_t)(struct ucred *cred,
+typedef int	(*mpo_sysvmsq_check_msqget_t)(struct ucred *cred,
 		    struct msqid_kernel *msqkptr, struct label *msqklabel);
-typedef int	(*mpo_check_sysv_msqsnd_t)(struct ucred *cred,
+typedef int	(*mpo_sysvmsq_check_msqsnd_t)(struct ucred *cred,
 		    struct msqid_kernel *msqkptr, struct label *msqklabel);
-typedef int	(*mpo_check_sysv_msqrcv_t)(struct ucred *cred,
+typedef int	(*mpo_sysvmsq_check_msqrcv_t)(struct ucred *cred,
 		    struct msqid_kernel *msqkptr, struct label *msqklabel);
-typedef int	(*mpo_check_sysv_msqctl_t)(struct ucred *cred,
+typedef int	(*mpo_sysvmsq_check_msqctl_t)(struct ucred *cred,
 		    struct msqid_kernel *msqkptr, struct label *msqklabel,
 		    int cmd);
-typedef int	(*mpo_check_sysv_semctl_t)(struct ucred *cred,
+typedef int	(*mpo_sysvsem_check_semctl_t)(struct ucred *cred,
 		    struct semid_kernel *semakptr, struct label *semaklabel,
 		    int cmd);
-typedef int	(*mpo_check_sysv_semget_t)(struct ucred *cred,
+typedef int	(*mpo_sysvsem_check_semget_t)(struct ucred *cred,
 		    struct semid_kernel *semakptr, struct label *semaklabel);
-typedef int	(*mpo_check_sysv_semop_t)(struct ucred *cred,
+typedef int	(*mpo_sysvsem_check_semop_t)(struct ucred *cred,
 		    struct semid_kernel *semakptr, struct label *semaklabel,
 		    size_t accesstype);
-typedef int	(*mpo_check_sysv_shmat_t)(struct ucred *cred,
+typedef int	(*mpo_sysvshm_check_shmat_t)(struct ucred *cred,
 		    struct shmid_kernel *shmsegptr,
 		    struct label *shmseglabel, int shmflg);
-typedef int	(*mpo_check_sysv_shmctl_t)(struct ucred *cred,
+typedef int	(*mpo_sysvshm_check_shmctl_t)(struct ucred *cred,
 		    struct shmid_kernel *shmsegptr,
 		    struct label *shmseglabel, int cmd);
-typedef int	(*mpo_check_sysv_shmdt_t)(struct ucred *cred,
+typedef int	(*mpo_sysvshm_check_shmdt_t)(struct ucred *cred,
 		    struct shmid_kernel *shmsegptr,
 		    struct label *shmseglabel);
-typedef int	(*mpo_check_sysv_shmget_t)(struct ucred *cred,
+typedef int	(*mpo_sysvshm_check_shmget_t)(struct ucred *cred,
 		    struct shmid_kernel *shmsegptr,
 		    struct label *shmseglabel, int shmflg);
-typedef int	(*mpo_check_kenv_dump_t)(struct ucred *cred);
-typedef int	(*mpo_check_kenv_get_t)(struct ucred *cred, char *name);
-typedef int	(*mpo_check_kenv_set_t)(struct ucred *cred, char *name,
+typedef int	(*mpo_kenv_check_dump_t)(struct ucred *cred);
+typedef int	(*mpo_kenv_check_get_t)(struct ucred *cred, char *name);
+typedef int	(*mpo_kenv_check_set_t)(struct ucred *cred, char *name,
 		    char *value);
-typedef int	(*mpo_check_kenv_unset_t)(struct ucred *cred, char *name);
-typedef int	(*mpo_check_kld_load_t)(struct ucred *cred, struct vnode *vp,
+typedef int	(*mpo_kenv_check_unset_t)(struct ucred *cred, char *name);
+typedef int	(*mpo_kld_check_load_t)(struct ucred *cred, struct vnode *vp,
 		    struct label *vplabel);
-typedef int	(*mpo_check_kld_stat_t)(struct ucred *cred);
+typedef int	(*mpo_kld_check_stat_t)(struct ucred *cred);
 typedef int	(*mpo_mpo_placeholder19_t)(void);
 typedef int	(*mpo_mpo_placeholder20_t)(void);
-typedef int	(*mpo_check_mount_stat_t)(struct ucred *cred,
+typedef int	(*mpo_mount_check_stat_t)(struct ucred *cred,
 		    struct mount *mp, struct label *mplabel);
 typedef int	(*mpo_mpo_placeholder21_t)(void);
-typedef int	(*mpo_check_pipe_ioctl_t)(struct ucred *cred,
+typedef int	(*mpo_pipe_check_ioctl_t)(struct ucred *cred,
 		    struct pipepair *pp, struct label *pplabel,
 		    unsigned long cmd, void *data);
-typedef int	(*mpo_check_pipe_poll_t)(struct ucred *cred,
+typedef int	(*mpo_pipe_check_poll_t)(struct ucred *cred,
 		    struct pipepair *pp, struct label *pplabel);
-typedef int	(*mpo_check_pipe_read_t)(struct ucred *cred,
+typedef int	(*mpo_pipe_check_read_t)(struct ucred *cred,
 		    struct pipepair *pp, struct label *pplabel);
-typedef int	(*mpo_check_pipe_relabel_t)(struct ucred *cred,
+typedef int	(*mpo_pipe_check_relabel_t)(struct ucred *cred,
 		    struct pipepair *pp, struct label *pplabel,
 		    struct label *newlabel);
-typedef int	(*mpo_check_pipe_stat_t)(struct ucred *cred,
+typedef int	(*mpo_pipe_check_stat_t)(struct ucred *cred,
 		    struct pipepair *pp, struct label *pplabel);
-typedef int	(*mpo_check_pipe_write_t)(struct ucred *cred,
+typedef int	(*mpo_pipe_check_write_t)(struct ucred *cred,
 		    struct pipepair *pp, struct label *pplabel);
-typedef int	(*mpo_check_posix_sem_destroy_t)(struct ucred *cred,
+typedef int	(*mpo_posixsem_check_destroy_t)(struct ucred *cred,
 		    struct ksem *ks, struct label *kslabel);
-typedef int	(*mpo_check_posix_sem_getvalue_t)(struct ucred *cred,
+typedef int	(*mpo_posixsem_check_getvalue_t)(struct ucred *cred,
 		    struct ksem *ks, struct label *kslabel);
-typedef int	(*mpo_check_posix_sem_open_t)(struct ucred *cred,
+typedef int	(*mpo_posixsem_check_open_t)(struct ucred *cred,
 		    struct ksem *ks, struct label *kslabel);
-typedef int	(*mpo_check_posix_sem_post_t)(struct ucred *cred,
+typedef int	(*mpo_posixsem_check_post_t)(struct ucred *cred,
 		    struct ksem *ks, struct label *kslabel);
-typedef int	(*mpo_check_posix_sem_unlink_t)(struct ucred *cred,
+typedef int	(*mpo_posixsem_check_unlink_t)(struct ucred *cred,
 		    struct ksem *ks, struct label *kslabel);
-typedef int	(*mpo_check_posix_sem_wait_t)(struct ucred *cred,
+typedef int	(*mpo_posixsem_check_wait_t)(struct ucred *cred,
 		    struct ksem *ks, struct label *kslabel);
-typedef int	(*mpo_check_proc_debug_t)(struct ucred *cred,
+typedef int	(*mpo_proc_check_debug_t)(struct ucred *cred,
 		    struct proc *p);
-typedef int	(*mpo_check_proc_sched_t)(struct ucred *cred,
+typedef int	(*mpo_proc_check_sched_t)(struct ucred *cred,
 		    struct proc *p);
-typedef int	(*mpo_check_proc_setaudit_t)(struct ucred *cred,
+typedef int	(*mpo_proc_check_setaudit_t)(struct ucred *cred,
 		    struct auditinfo *ai);
-typedef int	(*mpo_check_proc_setaudit_addr_t)(struct ucred *cred,
+typedef int	(*mpo_proc_check_setaudit_addr_t)(struct ucred *cred,
 		    struct auditinfo_addr *aia);
-typedef int	(*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid);
-typedef int	(*mpo_check_proc_setuid_t)(struct ucred *cred, uid_t uid);
-typedef int	(*mpo_check_proc_seteuid_t)(struct ucred *cred, uid_t euid);
-typedef int	(*mpo_check_proc_setgid_t)(struct ucred *cred, gid_t gid);
-typedef int	(*mpo_check_proc_setegid_t)(struct ucred *cred, gid_t egid);
-typedef int	(*mpo_check_proc_setgroups_t)(struct ucred *cred, int ngroups,
+typedef int	(*mpo_proc_check_setauid_t)(struct ucred *cred, uid_t auid);
+typedef int	(*mpo_proc_check_setuid_t)(struct ucred *cred, uid_t uid);
+typedef int	(*mpo_proc_check_seteuid_t)(struct ucred *cred, uid_t euid);
+typedef int	(*mpo_proc_check_setgid_t)(struct ucred *cred, gid_t gid);
+typedef int	(*mpo_proc_check_setegid_t)(struct ucred *cred, gid_t egid);
+typedef int	(*mpo_proc_check_setgroups_t)(struct ucred *cred, int ngroups,
 		    gid_t *gidset);
-typedef int	(*mpo_check_proc_setreuid_t)(struct ucred *cred, uid_t ruid,
+typedef int	(*mpo_proc_check_setreuid_t)(struct ucred *cred, uid_t ruid,
 		    uid_t euid);
-typedef int	(*mpo_check_proc_setregid_t)(struct ucred *cred, gid_t rgid,
+typedef int	(*mpo_proc_check_setregid_t)(struct ucred *cred, gid_t rgid,
 		    gid_t egid);
-typedef int	(*mpo_check_proc_setresuid_t)(struct ucred *cred, uid_t ruid,
+typedef int	(*mpo_proc_check_setresuid_t)(struct ucred *cred, uid_t ruid,
 		    uid_t euid, uid_t suid);
-typedef int	(*mpo_check_proc_setresgid_t)(struct ucred *cred, gid_t rgid,
+typedef int	(*mpo_proc_check_setresgid_t)(struct ucred *cred, gid_t rgid,
 		    gid_t egid, gid_t sgid);
-typedef int	(*mpo_check_proc_signal_t)(struct ucred *cred,
+typedef int	(*mpo_proc_check_signal_t)(struct ucred *cred,
 		    struct proc *proc, int signum);
-typedef int	(*mpo_check_proc_wait_t)(struct ucred *cred,
+typedef int	(*mpo_proc_check_wait_t)(struct ucred *cred,
 		    struct proc *proc);
-typedef int	(*mpo_check_socket_accept_t)(struct ucred *cred,
+typedef int	(*mpo_socket_check_accept_t)(struct ucred *cred,
 		    struct socket *so, struct label *solabel);
-typedef int	(*mpo_check_socket_bind_t)(struct ucred *cred,
+typedef int	(*mpo_socket_check_bind_t)(struct ucred *cred,
 		    struct socket *so, struct label *solabel,
 		    struct sockaddr *sa);
-typedef int	(*mpo_check_socket_connect_t)(struct ucred *cred,
+typedef int	(*mpo_socket_check_connect_t)(struct ucred *cred,
 		    struct socket *so, struct label *solabel,
 		    struct sockaddr *sa);
-typedef int	(*mpo_check_socket_create_t)(struct ucred *cred, int domain,
+typedef int	(*mpo_socket_check_create_t)(struct ucred *cred, int domain,
 		    int type, int protocol);
-typedef int	(*mpo_check_socket_deliver_t)(struct socket *so,
+typedef int	(*mpo_socket_check_deliver_t)(struct socket *so,
 		    struct label *solabel, struct mbuf *m,
 		    struct label *mlabel);
-typedef int	(*mpo_check_socket_listen_t)(struct ucred *cred,
+typedef int	(*mpo_socket_check_listen_t)(struct ucred *cred,
 		    struct socket *so, struct label *solabel);
-typedef int	(*mpo_check_socket_poll_t)(struct ucred *cred,
+typedef int	(*mpo_socket_check_poll_t)(struct ucred *cred,
 		    struct socket *so, struct label *solabel);
-typedef int	(*mpo_check_socket_receive_t)(struct ucred *cred,
+typedef int	(*mpo_socket_check_receive_t)(struct ucred *cred,
 		    struct socket *so, struct label *solabel);
-typedef int	(*mpo_check_socket_relabel_t)(struct ucred *cred,
+typedef int	(*mpo_socket_check_relabel_t)(struct ucred *cred,
 		    struct socket *so, struct label *solabel,
 		    struct label *newlabel);
-typedef int	(*mpo_check_socket_send_t)(struct ucred *cred,
+typedef int	(*mpo_socket_check_send_t)(struct ucred *cred,
 		    struct socket *so, struct label *solabel);
-typedef int	(*mpo_check_socket_stat_t)(struct ucred *cred,
+typedef int	(*mpo_socket_check_stat_t)(struct ucred *cred,
 		    struct socket *so, struct label *solabel);
-typedef int	(*mpo_check_socket_visible_t)(struct ucred *cred,
+typedef int	(*mpo_socket_check_visible_t)(struct ucred *cred,
 		    struct socket *so, struct label *solabel);
-typedef int	(*mpo_check_system_acct_t)(struct ucred *cred,
+typedef int	(*mpo_system_check_acct_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel);
-typedef int	(*mpo_check_system_audit_t)(struct ucred *cred, void *record,
+typedef int	(*mpo_system_check_audit_t)(struct ucred *cred, void *record,
 		    int length);
-typedef int	(*mpo_check_system_auditctl_t)(struct ucred *cred,
+typedef int	(*mpo_system_check_auditctl_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel);
-typedef int	(*mpo_check_system_auditon_t)(struct ucred *cred, int cmd);
-typedef int	(*mpo_check_system_reboot_t)(struct ucred *cred, int howto);
-typedef int	(*mpo_check_system_swapon_t)(struct ucred *cred,
+typedef int	(*mpo_system_check_auditon_t)(struct ucred *cred, int cmd);
+typedef int	(*mpo_system_check_reboot_t)(struct ucred *cred, int howto);
+typedef int	(*mpo_system_check_swapon_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel);
-typedef int	(*mpo_check_system_swapoff_t)(struct ucred *cred,
+typedef int	(*mpo_system_check_swapoff_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel);
-typedef int	(*mpo_check_system_sysctl_t)(struct ucred *cred,
+typedef int	(*mpo_system_check_sysctl_t)(struct ucred *cred,
 		    struct sysctl_oid *oidp, void *arg1, int arg2,
 		    struct sysctl_req *req);
-typedef int	(*mpo_check_vnode_access_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_access_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel, int acc_mode);
-typedef int	(*mpo_check_vnode_chdir_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_chdir_t)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dvplabel);
-typedef int	(*mpo_check_vnode_chroot_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_chroot_t)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dvplabel);
-typedef int	(*mpo_check_vnode_create_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_create_t)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dvplabel,
 		    struct componentname *cnp, struct vattr *vap);
-typedef int	(*mpo_check_vnode_deleteacl_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_deleteacl_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel,
 		    acl_type_t type);
-typedef int	(*mpo_check_vnode_deleteextattr_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_deleteextattr_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel,
 		    int attrnamespace, const char *name);
-typedef int	(*mpo_check_vnode_exec_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_exec_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel,
 		    struct image_params *imgp, struct label *execlabel);
-typedef int	(*mpo_check_vnode_getacl_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_getacl_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel,
 		    acl_type_t type);
-typedef int	(*mpo_check_vnode_getextattr_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_getextattr_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel,
 		    int attrnamespace, const char *name, struct uio *uio);
-typedef int	(*mpo_check_vnode_link_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_link_t)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dvplabel,
 		    struct vnode *vp, struct label *vplabel,
 		    struct componentname *cnp);
-typedef int	(*mpo_check_vnode_listextattr_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_listextattr_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel,
 		    int attrnamespace);
-typedef int	(*mpo_check_vnode_lookup_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_lookup_t)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dvplabel,
 		    struct componentname *cnp);
-typedef int	(*mpo_check_vnode_mmap_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_mmap_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *label, int prot,
 		    int flags);
-typedef void	(*mpo_check_vnode_mmap_downgrade_t)(struct ucred *cred,
+typedef void	(*mpo_vnode_check_mmap_downgrade_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel, int *prot);
-typedef int	(*mpo_check_vnode_mprotect_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_mprotect_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel, int prot);
-typedef int	(*mpo_check_vnode_open_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_open_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel, int acc_mode);
-typedef int	(*mpo_check_vnode_poll_t)(struct ucred *active_cred,
+typedef int	(*mpo_vnode_check_poll_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
 		    struct label *vplabel);
-typedef int	(*mpo_check_vnode_read_t)(struct ucred *active_cred,
+typedef int	(*mpo_vnode_check_read_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
 		    struct label *vplabel);
-typedef int	(*mpo_check_vnode_readdir_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_readdir_t)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dvplabel);
-typedef int	(*mpo_check_vnode_readlink_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_readlink_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel);
-typedef int	(*mpo_check_vnode_relabel_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_relabel_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel,
 		    struct label *newlabel);
-typedef int	(*mpo_check_vnode_rename_from_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_rename_from_t)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dvplabel,
 		    struct vnode *vp, struct label *vplabel,
 		    struct componentname *cnp);
-typedef int	(*mpo_check_vnode_rename_to_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_rename_to_t)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dvplabel,
 		    struct vnode *vp, struct label *vplabel, int samedir,
 		    struct componentname *cnp);
-typedef int	(*mpo_check_vnode_revoke_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_revoke_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel);
-typedef int	(*mpo_check_vnode_setacl_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_setacl_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel, acl_type_t type,
 		    struct acl *acl);
-typedef int	(*mpo_check_vnode_setextattr_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_setextattr_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel,
 		    int attrnamespace, const char *name, struct uio *uio);
-typedef int	(*mpo_check_vnode_setflags_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_setflags_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel, u_long flags);
-typedef int	(*mpo_check_vnode_setmode_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_setmode_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel, mode_t mode);
-typedef int	(*mpo_check_vnode_setowner_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_setowner_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel, uid_t uid,
 		    gid_t gid);
-typedef int	(*mpo_check_vnode_setutimes_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_setutimes_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vplabel,
 		    struct timespec atime, struct timespec mtime);
-typedef int	(*mpo_check_vnode_stat_t)(struct ucred *active_cred,
+typedef int	(*mpo_vnode_check_stat_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
 		    struct label *vplabel);
-typedef int	(*mpo_check_vnode_unlink_t)(struct ucred *cred,
+typedef int	(*mpo_vnode_check_unlink_t)(struct ucred *cred,
 		    struct vnode *dvp, struct label *dvplabel,
 		    struct vnode *vp, struct label *vplabel,
 		    struct componentname *cnp);
-typedef int	(*mpo_check_vnode_write_t)(struct ucred *active_cred,
+typedef int	(*mpo_vnode_check_write_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
 		    struct label *vplabel);
 typedef void	(*mpo_associate_nfsd_label_t)(struct ucred *cred);
@@ -631,151 +631,151 @@ struct mac_policy_ops {
 	 * initialized storage, and externalize/internalize from/to
 	 * initialized storage.
 	 */
-	mpo_init_bpfdesc_label_t		mpo_init_bpfdesc_label;
-	mpo_init_cred_label_t			mpo_init_cred_label;
-	mpo_init_devfs_label_t			mpo_init_devfs_label;
+	mpo_bpfdesc_init_label_t		mpo_bpfdesc_init_label;
+	mpo_cred_init_label_t			mpo_cred_init_label;
+	mpo_devfs_init_label_t			mpo_devfs_init_label;
 	mpo_placeholder_t			_mpo_placeholder0;
-	mpo_init_ifnet_label_t			mpo_init_ifnet_label;
-	mpo_init_inpcb_label_t			mpo_init_inpcb_label;
-	mpo_init_sysv_msgmsg_label_t		mpo_init_sysv_msgmsg_label;
-	mpo_init_sysv_msgqueue_label_t		mpo_init_sysv_msgqueue_label;
-	mpo_init_sysv_sem_label_t		mpo_init_sysv_sem_label;
-	mpo_init_sysv_shm_label_t		mpo_init_sysv_shm_label;
-	mpo_init_ipq_label_t			mpo_init_ipq_label;
-	mpo_init_mbuf_label_t			mpo_init_mbuf_label;
-	mpo_init_mount_label_t			mpo_init_mount_label;
-	mpo_init_socket_label_t			mpo_init_socket_label;
-	mpo_init_socket_peer_label_t		mpo_init_socket_peer_label;
-	mpo_init_pipe_label_t			mpo_init_pipe_label;
-	mpo_init_posix_sem_label_t		mpo_init_posix_sem_label;
-	mpo_init_proc_label_t			mpo_init_proc_label;
-	mpo_init_vnode_label_t			mpo_init_vnode_label;
-	mpo_destroy_bpfdesc_label_t		mpo_destroy_bpfdesc_label;
-	mpo_destroy_cred_label_t		mpo_destroy_cred_label;
-	mpo_destroy_devfs_label_t		mpo_destroy_devfs_label;
+	mpo_ifnet_init_label_t			mpo_ifnet_init_label;
+	mpo_inpcb_init_label_t			mpo_inpcb_init_label;
+	mpo_sysvmsg_init_label_t		mpo_sysvmsg_init_label;
+	mpo_sysvmsq_init_label_t		mpo_sysvmsq_init_label;
+	mpo_sysvsem_init_label_t		mpo_sysvsem_init_label;
+	mpo_sysvshm_init_label_t		mpo_sysvshm_init_label;
+	mpo_ipq_init_label_t			mpo_ipq_init_label;
+	mpo_mbuf_init_label_t			mpo_mbuf_init_label;
+	mpo_mount_init_label_t			mpo_mount_init_label;
+	mpo_socket_init_label_t			mpo_socket_init_label;
+	mpo_socketpeer_init_label_t		mpo_socketpeer_init_label;
+	mpo_pipe_init_label_t			mpo_pipe_init_label;
+	mpo_posixsem_init_label_t		mpo_posixsem_init_label;
+	mpo_proc_init_label_t			mpo_proc_init_label;
+	mpo_vnode_init_label_t			mpo_vnode_init_label;
+	mpo_bpfdesc_destroy_label_t		mpo_bpfdesc_destroy_label;
+	mpo_cred_destroy_label_t		mpo_cred_destroy_label;
+	mpo_devfs_destroy_label_t		mpo_devfs_destroy_label;
 	mpo_placeholder_t			_mpo_placeholder1;
-	mpo_destroy_ifnet_label_t		mpo_destroy_ifnet_label;
-	mpo_destroy_inpcb_label_t		mpo_destroy_inpcb_label;
-	mpo_destroy_sysv_msgmsg_label_t		mpo_destroy_sysv_msgmsg_label;
-	mpo_destroy_sysv_msgqueue_label_t	mpo_destroy_sysv_msgqueue_label;
-	mpo_destroy_sysv_sem_label_t		mpo_destroy_sysv_sem_label;
-	mpo_destroy_sysv_shm_label_t		mpo_destroy_sysv_shm_label;
-	mpo_destroy_ipq_label_t			mpo_destroy_ipq_label;
-	mpo_destroy_mbuf_label_t		mpo_destroy_mbuf_label;
-	mpo_destroy_mount_label_t		mpo_destroy_mount_label;
-	mpo_destroy_socket_label_t		mpo_destroy_socket_label;
-	mpo_destroy_socket_peer_label_t		mpo_destroy_socket_peer_label;
-	mpo_destroy_pipe_label_t		mpo_destroy_pipe_label;
-	mpo_destroy_posix_sem_label_t		mpo_destroy_posix_sem_label;
-	mpo_destroy_proc_label_t		mpo_destroy_proc_label;
-	mpo_destroy_vnode_label_t		mpo_destroy_vnode_label;
-	mpo_cleanup_sysv_msgmsg_t		mpo_cleanup_sysv_msgmsg;
-	mpo_cleanup_sysv_msgqueue_t		mpo_cleanup_sysv_msgqueue;
-	mpo_cleanup_sysv_sem_t			mpo_cleanup_sysv_sem;
-	mpo_cleanup_sysv_shm_t			mpo_cleanup_sysv_shm;
-	mpo_copy_cred_label_t			mpo_copy_cred_label;
-	mpo_copy_ifnet_label_t			mpo_copy_ifnet_label;
-	mpo_copy_mbuf_label_t			mpo_copy_mbuf_label;
+	mpo_ifnet_destroy_label_t		mpo_ifnet_destroy_label;
+	mpo_inpcb_destroy_label_t		mpo_inpcb_destroy_label;
+	mpo_sysvmsg_destroy_label_t		mpo_sysvmsg_destroy_label;
+	mpo_sysvmsq_destroy_label_t		mpo_sysvmsq_destroy_label;
+	mpo_sysvsem_destroy_label_t		mpo_sysvsem_destroy_label;
+	mpo_sysvshm_destroy_label_t		mpo_sysvshm_destroy_label;
+	mpo_ipq_destroy_label_t			mpo_ipq_destroy_label;
+	mpo_mbuf_destroy_label_t		mpo_mbuf_destroy_label;
+	mpo_mount_destroy_label_t		mpo_mount_destroy_label;
+	mpo_socket_destroy_label_t		mpo_socket_destroy_label;
+	mpo_socketpeer_destroy_label_t		mpo_socketpeer_destroy_label;
+	mpo_pipe_destroy_label_t		mpo_pipe_destroy_label;
+	mpo_posixsem_destroy_label_t		mpo_posixsem_destroy_label;
+	mpo_proc_destroy_label_t		mpo_proc_destroy_label;
+	mpo_vnode_destroy_label_t		mpo_vnode_destroy_label;
+	mpo_sysvmsg_cleanup_t			mpo_sysvmsg_cleanup;
+	mpo_sysvmsq_cleanup_t			mpo_sysvmsq_cleanup;
+	mpo_sysvsem_cleanup_t			mpo_sysvsem_cleanup;
+	mpo_sysvshm_cleanup_t			mpo_sysvshm_cleanup;
+	mpo_cred_copy_label_t			mpo_cred_copy_label;
+	mpo_ifnet_copy_label_t			mpo_ifnet_copy_label;
+	mpo_mbuf_copy_label_t			mpo_mbuf_copy_label;
 	mpo_placeholder_t			_mpo_placeholder2;
-	mpo_copy_pipe_label_t			mpo_copy_pipe_label;
-	mpo_copy_socket_label_t			mpo_copy_socket_label;
-	mpo_copy_vnode_label_t			mpo_copy_vnode_label;
-	mpo_externalize_cred_label_t		mpo_externalize_cred_label;
-	mpo_externalize_ifnet_label_t		mpo_externalize_ifnet_label;
+	mpo_pipe_copy_label_t			mpo_pipe_copy_label;
+	mpo_socket_copy_label_t			mpo_socket_copy_label;
+	mpo_vnode_copy_label_t			mpo_vnode_copy_label;
+	mpo_cred_externalize_label_t		mpo_cred_externalize_label;
+	mpo_ifnet_externalize_label_t		mpo_ifnet_externalize_label;
 	mpo_placeholder_t			_mpo_placeholder3;
-	mpo_externalize_pipe_label_t		mpo_externalize_pipe_label;
-	mpo_externalize_socket_label_t		mpo_externalize_socket_label;
-	mpo_externalize_socket_peer_label_t	mpo_externalize_socket_peer_label;
-	mpo_externalize_vnode_label_t		mpo_externalize_vnode_label;
-	mpo_internalize_cred_label_t		mpo_internalize_cred_label;
-	mpo_internalize_ifnet_label_t		mpo_internalize_ifnet_label;
+	mpo_pipe_externalize_label_t		mpo_pipe_externalize_label;
+	mpo_socket_externalize_label_t		mpo_socket_externalize_label;
+	mpo_socketpeer_externalize_label_t	mpo_socketpeer_externalize_label;
+	mpo_vnode_externalize_label_t		mpo_vnode_externalize_label;
+	mpo_cred_internalize_label_t		mpo_cred_internalize_label;
+	mpo_ifnet_internalize_label_t		mpo_ifnet_internalize_label;
 	mpo_placeholder_t			_mpo_placeholder4;
-	mpo_internalize_pipe_label_t		mpo_internalize_pipe_label;
-	mpo_internalize_socket_label_t		mpo_internalize_socket_label;
-	mpo_internalize_vnode_label_t		mpo_internalize_vnode_label;
+	mpo_pipe_internalize_label_t		mpo_pipe_internalize_label;
+	mpo_socket_internalize_label_t		mpo_socket_internalize_label;
+	mpo_vnode_internalize_label_t		mpo_vnode_internalize_label;
 
 	/*
 	 * Labeling event operations: file system objects, and things that
 	 * look a lot like file system objects.
 	 */
-	mpo_associate_vnode_devfs_t		mpo_associate_vnode_devfs;
-	mpo_associate_vnode_extattr_t		mpo_associate_vnode_extattr;
-	mpo_associate_vnode_singlelabel_t	mpo_associate_vnode_singlelabel;
-	mpo_create_devfs_device_t		mpo_create_devfs_device;
-	mpo_create_devfs_directory_t		mpo_create_devfs_directory;
-	mpo_create_devfs_symlink_t		mpo_create_devfs_symlink;
+	mpo_devfs_vnode_associate_t		mpo_devfs_vnode_associate;
+	mpo_vnode_associate_extattr_t		mpo_vnode_associate_extattr;
+	mpo_vnode_associate_singlelabel_t	mpo_vnode_associate_singlelabel;
+	mpo_devfs_create_device_t		mpo_devfs_create_device;
+	mpo_devfs_create_directory_t		mpo_devfs_create_directory;
+	mpo_devfs_create_symlink_t		mpo_devfs_create_symlink;
 	mpo_placeholder_t			_mpo_placeholder5;
-	mpo_create_vnode_extattr_t		mpo_create_vnode_extattr;
-	mpo_create_mount_t			mpo_create_mount;
-	mpo_relabel_vnode_t			mpo_relabel_vnode;
-	mpo_setlabel_vnode_extattr_t		mpo_setlabel_vnode_extattr;
-	mpo_update_devfs_t			mpo_update_devfs;
+	mpo_vnode_create_extattr_t		mpo_vnode_create_extattr;
+	mpo_mount_create_t			mpo_mount_create;
+	mpo_vnode_relabel_t			mpo_vnode_relabel;
+	mpo_vnode_setlabel_extattr_t		mpo_vnode_setlabel_extattr;
+	mpo_devfs_update_t			mpo_devfs_update;
 
 	/*
 	 * Labeling event operations: IPC objects.
 	 */
-	mpo_create_mbuf_from_socket_t		mpo_create_mbuf_from_socket;
-	mpo_create_socket_t			mpo_create_socket;
-	mpo_create_socket_from_socket_t		mpo_create_socket_from_socket;
-	mpo_relabel_socket_t			mpo_relabel_socket;
-	mpo_relabel_pipe_t			mpo_relabel_pipe;
-	mpo_set_socket_peer_from_mbuf_t		mpo_set_socket_peer_from_mbuf;
-	mpo_set_socket_peer_from_socket_t	mpo_set_socket_peer_from_socket;
-	mpo_create_pipe_t			mpo_create_pipe;
+	mpo_socket_create_mbuf_t		mpo_socket_create_mbuf;
+	mpo_socket_create_t			mpo_socket_create;
+	mpo_socket_newconn_t			mpo_socket_newconn;
+	mpo_socket_relabel_t			mpo_socket_relabel;
+	mpo_pipe_relabel_t			mpo_pipe_relabel;
+	mpo_socketpeer_set_from_mbuf_t		mpo_socketpeer_set_from_mbuf;
+	mpo_socketpeer_set_from_socket_t	mpo_socketpeer_set_from_socket;
+	mpo_pipe_create_t			mpo_pipe_create;
 
 	/*
 	 * Labeling event operations: System V IPC primitives.
 	 */
-	mpo_create_sysv_msgmsg_t		mpo_create_sysv_msgmsg;
-	mpo_create_sysv_msgqueue_t		mpo_create_sysv_msgqueue;
-	mpo_create_sysv_sem_t			mpo_create_sysv_sem;
-	mpo_create_sysv_shm_t			mpo_create_sysv_shm;
+	mpo_sysvmsg_create_t			mpo_sysvmsg_create;
+	mpo_sysvmsq_create_t			mpo_sysvmsq_create;
+	mpo_sysvsem_create_t			mpo_sysvsem_create;
+	mpo_sysvshm_create_t			mpo_sysvshm_create;
 
 	/*
 	 * Labeling event operations: POSIX (global/inter-process) semaphores.
 	 */
-	mpo_create_posix_sem_t			mpo_create_posix_sem;
+	mpo_posixsem_create_t			mpo_posixsem_create;
 
 	/*
 	 * Labeling event operations: network objects.
 	 */
-	mpo_create_bpfdesc_t			mpo_create_bpfdesc;
-	mpo_create_ifnet_t			mpo_create_ifnet;
-	mpo_create_inpcb_from_socket_t		mpo_create_inpcb_from_socket;
-	mpo_create_ipq_t			mpo_create_ipq;
-	mpo_create_datagram_from_ipq		mpo_create_datagram_from_ipq;
-	mpo_create_fragment_t			mpo_create_fragment;
-	mpo_create_mbuf_from_inpcb_t		mpo_create_mbuf_from_inpcb;
+	mpo_bpfdesc_create_t			mpo_bpfdesc_create;
+	mpo_ifnet_create_t			mpo_ifnet_create;
+	mpo_inpcb_create_t			mpo_inpcb_create;
+	mpo_ipq_create_t			mpo_ipq_create;
+	mpo_ipq_reassemble			mpo_ipq_reassemble;
+	mpo_netinet_fragment_t			mpo_netinet_fragment;
+	mpo_inpcb_create_mbuf_t			mpo_inpcb_create_mbuf;
 	mpo_create_mbuf_linklayer_t		mpo_create_mbuf_linklayer;
-	mpo_create_mbuf_from_bpfdesc_t		mpo_create_mbuf_from_bpfdesc;
-	mpo_create_mbuf_from_ifnet_t		mpo_create_mbuf_from_ifnet;
-	mpo_create_mbuf_multicast_encap_t	mpo_create_mbuf_multicast_encap;
-	mpo_create_mbuf_netlayer_t		mpo_create_mbuf_netlayer;
-	mpo_fragment_match_t			mpo_fragment_match;
-	mpo_reflect_mbuf_icmp_t			mpo_reflect_mbuf_icmp;
-	mpo_reflect_mbuf_tcp_t			mpo_reflect_mbuf_tcp;
-	mpo_relabel_ifnet_t			mpo_relabel_ifnet;
-	mpo_update_ipq_t			mpo_update_ipq;
+	mpo_bpfdesc_create_mbuf_t		mpo_bpfdesc_create_mbuf;
+	mpo_ifnet_create_mbuf_t			mpo_ifnet_create_mbuf;
+	mpo_mbuf_create_multicast_encap_t	mpo_mbuf_create_multicast_encap;
+	mpo_mbuf_create_netlayer_t		mpo_mbuf_create_netlayer;
+	mpo_ipq_match_t				mpo_ipq_match;
+	mpo_netinet_icmp_reply_t		mpo_netinet_icmp_reply;
+	mpo_netinet_tcp_reply_t			mpo_netinet_tcp_reply;
+	mpo_ifnet_relabel_t			mpo_ifnet_relabel;
+	mpo_ipq_update_t			mpo_ipq_update;
 	mpo_inpcb_sosetlabel_t			mpo_inpcb_sosetlabel;
 
 	/*
 	 * Labeling event operations: processes.
 	 */
-	mpo_execve_transition_t			mpo_execve_transition;
-	mpo_execve_will_transition_t		mpo_execve_will_transition;
-	mpo_create_proc0_t			mpo_create_proc0;
-	mpo_create_proc1_t			mpo_create_proc1;
-	mpo_relabel_cred_t			mpo_relabel_cred;
+	mpo_vnode_execve_transition_t		mpo_vnode_execve_transition;
+	mpo_vnode_execve_will_transition_t	mpo_vnode_execve_will_transition;
+	mpo_proc_create_swapper_t		mpo_proc_create_swapper;
+	mpo_proc_create_init_t			mpo_proc_create_init;
+	mpo_cred_relabel_t			mpo_cred_relabel;
 	mpo_placeholder_t			_mpo_placeholder6;
 	mpo_thread_userret_t			mpo_thread_userret;
 
 	/*
 	 * Access control checks.
 	 */
-	mpo_check_bpfdesc_receive_t		mpo_check_bpfdesc_receive;
+	mpo_bpfdesc_check_receive_t		mpo_bpfdesc_check_receive;
 	mpo_placeholder_t			_mpo_placeholder7;
-	mpo_check_cred_relabel_t		mpo_check_cred_relabel;
-	mpo_check_cred_visible_t		mpo_check_cred_visible;
+	mpo_cred_check_relabel_t		mpo_cred_check_relabel;
+	mpo_cred_check_visible_t		mpo_cred_check_visible;
 	mpo_placeholder_t			_mpo_placeholder8;
 	mpo_placeholder_t			_mpo_placeholder9;
 	mpo_placeholder_t			_mpo_placeholder10;
@@ -787,119 +787,119 @@ struct mac_policy_ops {
 	mpo_placeholder_t			_mpo_placeholder16;
 	mpo_placeholder_t			_mpo_placeholder17;
 	mpo_placeholder_t			_mpo_placeholder18;
-	mpo_check_ifnet_relabel_t		mpo_check_ifnet_relabel;
-	mpo_check_ifnet_transmit_t		mpo_check_ifnet_transmit;
-	mpo_check_inpcb_deliver_t		mpo_check_inpcb_deliver;
-	mpo_check_sysv_msgmsq_t			mpo_check_sysv_msgmsq;
-	mpo_check_sysv_msgrcv_t			mpo_check_sysv_msgrcv;
-	mpo_check_sysv_msgrmid_t		mpo_check_sysv_msgrmid;
-	mpo_check_sysv_msqget_t			mpo_check_sysv_msqget;
-	mpo_check_sysv_msqsnd_t			mpo_check_sysv_msqsnd;
-	mpo_check_sysv_msqrcv_t			mpo_check_sysv_msqrcv;
-	mpo_check_sysv_msqctl_t			mpo_check_sysv_msqctl;
-	mpo_check_sysv_semctl_t			mpo_check_sysv_semctl;
-	mpo_check_sysv_semget_t			mpo_check_sysv_semget;
-	mpo_check_sysv_semop_t			mpo_check_sysv_semop;
-	mpo_check_sysv_shmat_t			mpo_check_sysv_shmat;
-	mpo_check_sysv_shmctl_t			mpo_check_sysv_shmctl;
-	mpo_check_sysv_shmdt_t			mpo_check_sysv_shmdt;
-	mpo_check_sysv_shmget_t			mpo_check_sysv_shmget;
-	mpo_check_kenv_dump_t			mpo_check_kenv_dump;
-	mpo_check_kenv_get_t			mpo_check_kenv_get;
-	mpo_check_kenv_set_t			mpo_check_kenv_set;
-	mpo_check_kenv_unset_t			mpo_check_kenv_unset;
-	mpo_check_kld_load_t			mpo_check_kld_load;
-	mpo_check_kld_stat_t			mpo_check_kld_stat;
+	mpo_ifnet_check_relabel_t		mpo_ifnet_check_relabel;
+	mpo_ifnet_check_transmit_t		mpo_ifnet_check_transmit;
+	mpo_inpcb_check_deliver_t		mpo_inpcb_check_deliver;
+	mpo_sysvmsq_check_msgmsq_t		mpo_sysvmsq_check_msgmsq;
+	mpo_sysvmsq_check_msgrcv_t		mpo_sysvmsq_check_msgrcv;
+	mpo_sysvmsq_check_msgrmid_t		mpo_sysvmsq_check_msgrmid;
+	mpo_sysvmsq_check_msqget_t		mpo_sysvmsq_check_msqget;
+	mpo_sysvmsq_check_msqsnd_t		mpo_sysvmsq_check_msqsnd;
+	mpo_sysvmsq_check_msqrcv_t		mpo_sysvmsq_check_msqrcv;
+	mpo_sysvmsq_check_msqctl_t		mpo_sysvmsq_check_msqctl;
+	mpo_sysvsem_check_semctl_t		mpo_sysvsem_check_semctl;
+	mpo_sysvsem_check_semget_t		mpo_sysvsem_check_semget;
+	mpo_sysvsem_check_semop_t		mpo_sysvsem_check_semop;
+	mpo_sysvshm_check_shmat_t		mpo_sysvshm_check_shmat;
+	mpo_sysvshm_check_shmctl_t		mpo_sysvshm_check_shmctl;
+	mpo_sysvshm_check_shmdt_t		mpo_sysvshm_check_shmdt;
+	mpo_sysvshm_check_shmget_t		mpo_sysvshm_check_shmget;
+	mpo_kenv_check_dump_t			mpo_kenv_check_dump;
+	mpo_kenv_check_get_t			mpo_kenv_check_get;
+	mpo_kenv_check_set_t			mpo_kenv_check_set;
+	mpo_kenv_check_unset_t			mpo_kenv_check_unset;
+	mpo_kld_check_load_t			mpo_kld_check_load;
+	mpo_kld_check_stat_t			mpo_kld_check_stat;
 	mpo_placeholder_t			_mpo_placeholder19;
 	mpo_placeholder_t			_mpo_placeholder20;
-	mpo_check_mount_stat_t			mpo_check_mount_stat;
+	mpo_mount_check_stat_t			mpo_mount_check_stat;
 	mpo_placeholder_t			_mpo_placeholder_21;
-	mpo_check_pipe_ioctl_t			mpo_check_pipe_ioctl;
-	mpo_check_pipe_poll_t			mpo_check_pipe_poll;
-	mpo_check_pipe_read_t			mpo_check_pipe_read;
-	mpo_check_pipe_relabel_t		mpo_check_pipe_relabel;
-	mpo_check_pipe_stat_t			mpo_check_pipe_stat;
-	mpo_check_pipe_write_t			mpo_check_pipe_write;
-	mpo_check_posix_sem_destroy_t		mpo_check_posix_sem_destroy;
-	mpo_check_posix_sem_getvalue_t		mpo_check_posix_sem_getvalue;
-	mpo_check_posix_sem_open_t		mpo_check_posix_sem_open;
-	mpo_check_posix_sem_post_t		mpo_check_posix_sem_post;
-	mpo_check_posix_sem_unlink_t		mpo_check_posix_sem_unlink;
-	mpo_check_posix_sem_wait_t		mpo_check_posix_sem_wait;
-	mpo_check_proc_debug_t			mpo_check_proc_debug;
-	mpo_check_proc_sched_t			mpo_check_proc_sched;
-	mpo_check_proc_setaudit_t		mpo_check_proc_setaudit;
-	mpo_check_proc_setaudit_addr_t		mpo_check_proc_setaudit_addr;
-	mpo_check_proc_setauid_t		mpo_check_proc_setauid;
-	mpo_check_proc_setuid_t			mpo_check_proc_setuid;
-	mpo_check_proc_seteuid_t		mpo_check_proc_seteuid;
-	mpo_check_proc_setgid_t			mpo_check_proc_setgid;
-	mpo_check_proc_setegid_t		mpo_check_proc_setegid;
-	mpo_check_proc_setgroups_t		mpo_check_proc_setgroups;
-	mpo_check_proc_setreuid_t		mpo_check_proc_setreuid;
-	mpo_check_proc_setregid_t		mpo_check_proc_setregid;
-	mpo_check_proc_setresuid_t		mpo_check_proc_setresuid;
-	mpo_check_proc_setresgid_t		mpo_check_proc_setresgid;
-	mpo_check_proc_signal_t			mpo_check_proc_signal;
-	mpo_check_proc_wait_t			mpo_check_proc_wait;
-	mpo_check_socket_accept_t		mpo_check_socket_accept;
-	mpo_check_socket_bind_t			mpo_check_socket_bind;
-	mpo_check_socket_connect_t		mpo_check_socket_connect;
-	mpo_check_socket_create_t		mpo_check_socket_create;
-	mpo_check_socket_deliver_t		mpo_check_socket_deliver;
+	mpo_pipe_check_ioctl_t			mpo_pipe_check_ioctl;
+	mpo_pipe_check_poll_t			mpo_pipe_check_poll;
+	mpo_pipe_check_read_t			mpo_pipe_check_read;
+	mpo_pipe_check_relabel_t		mpo_pipe_check_relabel;
+	mpo_pipe_check_stat_t			mpo_pipe_check_stat;
+	mpo_pipe_check_write_t			mpo_pipe_check_write;
+	mpo_posixsem_check_destroy_t		mpo_posixsem_check_destroy;
+	mpo_posixsem_check_getvalue_t		mpo_posixsem_check_getvalue;
+	mpo_posixsem_check_open_t		mpo_posixsem_check_open;
+	mpo_posixsem_check_post_t		mpo_posixsem_check_post;
+	mpo_posixsem_check_unlink_t		mpo_posixsem_check_unlink;
+	mpo_posixsem_check_wait_t		mpo_posixsem_check_wait;
+	mpo_proc_check_debug_t			mpo_proc_check_debug;
+	mpo_proc_check_sched_t			mpo_proc_check_sched;
+	mpo_proc_check_setaudit_t		mpo_proc_check_setaudit;
+	mpo_proc_check_setaudit_addr_t		mpo_proc_check_setaudit_addr;
+	mpo_proc_check_setauid_t		mpo_proc_check_setauid;
+	mpo_proc_check_setuid_t			mpo_proc_check_setuid;
+	mpo_proc_check_seteuid_t		mpo_proc_check_seteuid;
+	mpo_proc_check_setgid_t			mpo_proc_check_setgid;
+	mpo_proc_check_setegid_t		mpo_proc_check_setegid;
+	mpo_proc_check_setgroups_t		mpo_proc_check_setgroups;
+	mpo_proc_check_setreuid_t		mpo_proc_check_setreuid;
+	mpo_proc_check_setregid_t		mpo_proc_check_setregid;
+	mpo_proc_check_setresuid_t		mpo_proc_check_setresuid;
+	mpo_proc_check_setresgid_t		mpo_proc_check_setresgid;
+	mpo_proc_check_signal_t			mpo_proc_check_signal;
+	mpo_proc_check_wait_t			mpo_proc_check_wait;
+	mpo_socket_check_accept_t		mpo_socket_check_accept;
+	mpo_socket_check_bind_t			mpo_socket_check_bind;
+	mpo_socket_check_connect_t		mpo_socket_check_connect;
+	mpo_socket_check_create_t		mpo_socket_check_create;
+	mpo_socket_check_deliver_t		mpo_socket_check_deliver;
 	mpo_placeholder_t			_mpo_placeholder22;
-	mpo_check_socket_listen_t		mpo_check_socket_listen;
-	mpo_check_socket_poll_t			mpo_check_socket_poll;
-	mpo_check_socket_receive_t		mpo_check_socket_receive;
-	mpo_check_socket_relabel_t		mpo_check_socket_relabel;
-	mpo_check_socket_send_t			mpo_check_socket_send;
-	mpo_check_socket_stat_t			mpo_check_socket_stat;
-	mpo_check_socket_visible_t		mpo_check_socket_visible;
-	mpo_check_system_acct_t			mpo_check_system_acct;
-	mpo_check_system_audit_t		mpo_check_system_audit;
-	mpo_check_system_auditctl_t		mpo_check_system_auditctl;
-	mpo_check_system_auditon_t		mpo_check_system_auditon;
-	mpo_check_system_reboot_t		mpo_check_system_reboot;
-	mpo_check_system_swapon_t		mpo_check_system_swapon;
-	mpo_check_system_swapoff_t		mpo_check_system_swapoff;
-	mpo_check_system_sysctl_t		mpo_check_system_sysctl;
+	mpo_socket_check_listen_t		mpo_socket_check_listen;
+	mpo_socket_check_poll_t			mpo_socket_check_poll;
+	mpo_socket_check_receive_t		mpo_socket_check_receive;
+	mpo_socket_check_relabel_t		mpo_socket_check_relabel;
+	mpo_socket_check_send_t			mpo_socket_check_send;
+	mpo_socket_check_stat_t			mpo_socket_check_stat;
+	mpo_socket_check_visible_t		mpo_socket_check_visible;
+	mpo_system_check_acct_t			mpo_system_check_acct;
+	mpo_system_check_audit_t		mpo_system_check_audit;
+	mpo_system_check_auditctl_t		mpo_system_check_auditctl;
+	mpo_system_check_auditon_t		mpo_system_check_auditon;
+	mpo_system_check_reboot_t		mpo_system_check_reboot;
+	mpo_system_check_swapon_t		mpo_system_check_swapon;
+	mpo_system_check_swapoff_t		mpo_system_check_swapoff;
+	mpo_system_check_sysctl_t		mpo_system_check_sysctl;
 	mpo_placeholder_t			_mpo_placeholder23;
-	mpo_check_vnode_access_t		mpo_check_vnode_access;
-	mpo_check_vnode_chdir_t			mpo_check_vnode_chdir;
-	mpo_check_vnode_chroot_t		mpo_check_vnode_chroot;
-	mpo_check_vnode_create_t		mpo_check_vnode_create;
-	mpo_check_vnode_deleteacl_t		mpo_check_vnode_deleteacl;
-	mpo_check_vnode_deleteextattr_t		mpo_check_vnode_deleteextattr;
-	mpo_check_vnode_exec_t			mpo_check_vnode_exec;
-	mpo_check_vnode_getacl_t		mpo_check_vnode_getacl;
-	mpo_check_vnode_getextattr_t		mpo_check_vnode_getextattr;
+	mpo_vnode_check_access_t		mpo_vnode_check_access;
+	mpo_vnode_check_chdir_t			mpo_vnode_check_chdir;
+	mpo_vnode_check_chroot_t		mpo_vnode_check_chroot;
+	mpo_vnode_check_create_t		mpo_vnode_check_create;
+	mpo_vnode_check_deleteacl_t		mpo_vnode_check_deleteacl;
+	mpo_vnode_check_deleteextattr_t		mpo_vnode_check_deleteextattr;
+	mpo_vnode_check_exec_t			mpo_vnode_check_exec;
+	mpo_vnode_check_getacl_t		mpo_vnode_check_getacl;
+	mpo_vnode_check_getextattr_t		mpo_vnode_check_getextattr;
 	mpo_placeholder_t			_mpo_placeholder24;
-	mpo_check_vnode_link_t			mpo_check_vnode_link;
-	mpo_check_vnode_listextattr_t		mpo_check_vnode_listextattr;
-	mpo_check_vnode_lookup_t		mpo_check_vnode_lookup;
-	mpo_check_vnode_mmap_t			mpo_check_vnode_mmap;
-	mpo_check_vnode_mmap_downgrade_t	mpo_check_vnode_mmap_downgrade;
-	mpo_check_vnode_mprotect_t		mpo_check_vnode_mprotect;
-	mpo_check_vnode_open_t			mpo_check_vnode_open;
-	mpo_check_vnode_poll_t			mpo_check_vnode_poll;
-	mpo_check_vnode_read_t			mpo_check_vnode_read;
-	mpo_check_vnode_readdir_t		mpo_check_vnode_readdir;
-	mpo_check_vnode_readlink_t		mpo_check_vnode_readlink;
-	mpo_check_vnode_relabel_t		mpo_check_vnode_relabel;
-	mpo_check_vnode_rename_from_t		mpo_check_vnode_rename_from;
-	mpo_check_vnode_rename_to_t		mpo_check_vnode_rename_to;
-	mpo_check_vnode_revoke_t		mpo_check_vnode_revoke;
-	mpo_check_vnode_setacl_t		mpo_check_vnode_setacl;
-	mpo_check_vnode_setextattr_t		mpo_check_vnode_setextattr;
-	mpo_check_vnode_setflags_t		mpo_check_vnode_setflags;
-	mpo_check_vnode_setmode_t		mpo_check_vnode_setmode;
-	mpo_check_vnode_setowner_t		mpo_check_vnode_setowner;
-	mpo_check_vnode_setutimes_t		mpo_check_vnode_setutimes;
-	mpo_check_vnode_stat_t			mpo_check_vnode_stat;
-	mpo_check_vnode_unlink_t		mpo_check_vnode_unlink;
-	mpo_check_vnode_write_t			mpo_check_vnode_write;
+	mpo_vnode_check_link_t			mpo_vnode_check_link;
+	mpo_vnode_check_listextattr_t		mpo_vnode_check_listextattr;
+	mpo_vnode_check_lookup_t		mpo_vnode_check_lookup;
+	mpo_vnode_check_mmap_t			mpo_vnode_check_mmap;
+	mpo_vnode_check_mmap_downgrade_t	mpo_vnode_check_mmap_downgrade;
+	mpo_vnode_check_mprotect_t		mpo_vnode_check_mprotect;
+	mpo_vnode_check_open_t			mpo_vnode_check_open;
+	mpo_vnode_check_poll_t			mpo_vnode_check_poll;
+	mpo_vnode_check_read_t			mpo_vnode_check_read;
+	mpo_vnode_check_readdir_t		mpo_vnode_check_readdir;
+	mpo_vnode_check_readlink_t		mpo_vnode_check_readlink;
+	mpo_vnode_check_relabel_t		mpo_vnode_check_relabel;
+	mpo_vnode_check_rename_from_t		mpo_vnode_check_rename_from;
+	mpo_vnode_check_rename_to_t		mpo_vnode_check_rename_to;
+	mpo_vnode_check_revoke_t		mpo_vnode_check_revoke;
+	mpo_vnode_check_setacl_t		mpo_vnode_check_setacl;
+	mpo_vnode_check_setextattr_t		mpo_vnode_check_setextattr;
+	mpo_vnode_check_setflags_t		mpo_vnode_check_setflags;
+	mpo_vnode_check_setmode_t		mpo_vnode_check_setmode;
+	mpo_vnode_check_setowner_t		mpo_vnode_check_setowner;
+	mpo_vnode_check_setutimes_t		mpo_vnode_check_setutimes;
+	mpo_vnode_check_stat_t			mpo_vnode_check_stat;
+	mpo_vnode_check_unlink_t		mpo_vnode_check_unlink;
+	mpo_vnode_check_write_t			mpo_vnode_check_write;
 	mpo_associate_nfsd_label_t		mpo_associate_nfsd_label;
-	mpo_create_mbuf_from_firewall_t		mpo_create_mbuf_from_firewall;
+	mpo_mbuf_create_from_firewall_t		mpo_mbuf_create_from_firewall;
 	mpo_init_syncache_label_t		mpo_init_syncache_label;
 	mpo_destroy_syncache_label_t		mpo_destroy_syncache_label;
 	mpo_init_syncache_from_inpcb_t		mpo_init_syncache_from_inpcb;
author	rwatson <rwatson@FreeBSD.org>	2007-10-24 19:04:04 +0000
committer	rwatson <rwatson@FreeBSD.org>	2007-10-24 19:04:04 +0000
commit	60570a92bf794d255e5f8ed235b49c553776ad92 (patch)
tree	fea282db79628eed98808fd38cc46445b2f97ca5 /sys/security/mac/mac_policy.h
parent	7781c2181af1113baab38322a55a90b5469cba03 (diff)
download	FreeBSD-src-60570a92bf794d255e5f8ed235b49c553776ad92.zip FreeBSD-src-60570a92bf794d255e5f8ed235b49c553776ad92.tar.gz