Introduce accessor functions mac_label_get() and mac_label_set() to replace

LABEL_TO_SLOT() macro used by policy modules to query and set label data
in struct label.  Instead of using a union, store an intptr_t, simplifying
the API.

Update policies: in most cases this required only small tweaks to current
wrapper macros.  In two cases, a single wrapper macros had to be split into
separate get and set macros.

Move struct label definition from _label.h to mac_internal.h and remove
_label.h.  With this change, policies may now treat struct label * as
opaque, allowing us to change the layout of struct label without breaking
the policy module ABI.  For example, we could make the maximum number of
policies with labels modifiable at boot-time rather than just at
compile-time.

Obtained from:	TrustedBSD Project

1 files changed, 4 insertions, 4 deletions

diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index 73a0226..3beb701 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -126,11 +126,11 @@ SYSCTL_INT(_security_mac_lomac, OID_AUTO, revocation_enabled, CTLFLAG_RW,
 TUNABLE_INT("security.mac.lomac.revocation_enabled", &revocation_enabled);
 
 static int	mac_lomac_slot;
-#define	SLOT(l)	((struct mac_lomac *)LABEL_TO_SLOT((l), mac_lomac_slot).l_ptr)
-#define	SLOT_SET(l, val) (LABEL_TO_SLOT((l), mac_lomac_slot).l_ptr = (val))
+#define	SLOT(l)	((struct mac_lomac *)mac_label_get((l), mac_lomac_slot))
+#define	SLOT_SET(l, val) mac_label_set((l), mac_lomac_slot, (uintptr_t)(val))
 #define	PSLOT(l) ((struct mac_lomac_proc *)				\
-    LABEL_TO_SLOT((l), mac_lomac_slot).l_ptr)
-#define	PSLOT_SET(l, val) (LABEL_TO_SLOT((l), mac_lomac_slot).l_ptr = (val))
+    mac_label_get((l), mac_lomac_slot))
+#define	PSLOT_SET(l, val) mac_label_set((l), mac_lomac_slot, (uintptr_t)(val))
 
 MALLOC_DEFINE(M_MACLOMAC, "mac_lomac_label", "MAC/LOMAC labels");