From 122a6b9ad2a52d909b8df15d6f593b8aaf8dcf55 Mon Sep 17 00:00:00 2001 From: rwatson Date: Wed, 30 Oct 2002 18:48:51 +0000 Subject: Move to C99 sparse structure initialization for the mac_policy_ops structure definition, rather than using an operation vector we translate into the structure. Originally, we used a vector for two reasons: (1) We wanted to define the structure sparsely, which wasn't supported by the C compiler for structures. For a policy with five entry points, you don't want to have to stick in a few hundred NULL function pointers. (2) We thought it would improve ABI compatibility allowing modules to work with kernels that had a superset of the entry points defined in the module, even if the kernel had changed its entry point set. Both of these no longer apply: (1) C99 gives us a way to sparsely define a static structure. (2) The ABI problems existed anyway, due to enumeration numbers, argument changes, and semantic mismatches. Since the going rule for FreeBSD is that you really need your modules to pretty closely match your kernel, it's not worth the complexity. This submit eliminates the operation vector, dynamic allocation of the operation structure, copying of the vector to the structure, and redoes the vectors in each policy to direct structure definitions. One enourmous benefit of this change is that we now get decent type checking on policy entry point implementation arguments. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories --- sys/security/mac_mls/mac_mls.c | 391 ++++++++++++++--------------------------- 1 file changed, 131 insertions(+), 260 deletions(-) (limited to 'sys/security/mac_mls') diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 21b97a0..329c85b 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -2372,266 +2372,137 @@ mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, return (0); } -static struct mac_policy_op_entry mac_mls_ops[] = -{ - { MAC_DESTROY, - (macop_t)mac_mls_destroy }, - { MAC_INIT, - (macop_t)mac_mls_init }, - { MAC_INIT_BPFDESC_LABEL, - (macop_t)mac_mls_init_label }, - { MAC_INIT_CRED_LABEL, - (macop_t)mac_mls_init_label }, - { MAC_INIT_DEVFSDIRENT_LABEL, - (macop_t)mac_mls_init_label }, - { MAC_INIT_IFNET_LABEL, - (macop_t)mac_mls_init_label }, - { MAC_INIT_IPQ_LABEL, - (macop_t)mac_mls_init_label }, - { MAC_INIT_MBUF_LABEL, - (macop_t)mac_mls_init_label_waitcheck }, - { MAC_INIT_MOUNT_LABEL, - (macop_t)mac_mls_init_label }, - { MAC_INIT_MOUNT_FS_LABEL, - (macop_t)mac_mls_init_label }, - { MAC_INIT_PIPE_LABEL, - (macop_t)mac_mls_init_label }, - { MAC_INIT_SOCKET_LABEL, - (macop_t)mac_mls_init_label_waitcheck }, - { MAC_INIT_SOCKET_PEER_LABEL, - (macop_t)mac_mls_init_label_waitcheck }, - { MAC_INIT_VNODE_LABEL, - (macop_t)mac_mls_init_label }, - { MAC_DESTROY_BPFDESC_LABEL, - (macop_t)mac_mls_destroy_label }, - { MAC_DESTROY_CRED_LABEL, - (macop_t)mac_mls_destroy_label }, - { MAC_DESTROY_DEVFSDIRENT_LABEL, - (macop_t)mac_mls_destroy_label }, - { MAC_DESTROY_IFNET_LABEL, - (macop_t)mac_mls_destroy_label }, - { MAC_DESTROY_IPQ_LABEL, - (macop_t)mac_mls_destroy_label }, - { MAC_DESTROY_MBUF_LABEL, - (macop_t)mac_mls_destroy_label }, - { MAC_DESTROY_MOUNT_LABEL, - (macop_t)mac_mls_destroy_label }, - { MAC_DESTROY_MOUNT_FS_LABEL, - (macop_t)mac_mls_destroy_label }, - { MAC_DESTROY_PIPE_LABEL, - (macop_t)mac_mls_destroy_label }, - { MAC_DESTROY_SOCKET_LABEL, - (macop_t)mac_mls_destroy_label }, - { MAC_DESTROY_SOCKET_PEER_LABEL, - (macop_t)mac_mls_destroy_label }, - { MAC_DESTROY_VNODE_LABEL, - (macop_t)mac_mls_destroy_label }, - { MAC_COPY_PIPE_LABEL, - (macop_t)mac_mls_copy_label }, - { MAC_COPY_VNODE_LABEL, - (macop_t)mac_mls_copy_label }, - { MAC_EXTERNALIZE_CRED_LABEL, - (macop_t)mac_mls_externalize_label }, - { MAC_EXTERNALIZE_IFNET_LABEL, - (macop_t)mac_mls_externalize_label }, - { MAC_EXTERNALIZE_PIPE_LABEL, - (macop_t)mac_mls_externalize_label }, - { MAC_EXTERNALIZE_SOCKET_LABEL, - (macop_t)mac_mls_externalize_label }, - { MAC_EXTERNALIZE_SOCKET_PEER_LABEL, - (macop_t)mac_mls_externalize_label }, - { MAC_EXTERNALIZE_VNODE_LABEL, - (macop_t)mac_mls_externalize_label }, - { MAC_INTERNALIZE_CRED_LABEL, - (macop_t)mac_mls_internalize_label }, - { MAC_INTERNALIZE_IFNET_LABEL, - (macop_t)mac_mls_internalize_label }, - { MAC_INTERNALIZE_PIPE_LABEL, - (macop_t)mac_mls_internalize_label }, - { MAC_INTERNALIZE_SOCKET_LABEL, - (macop_t)mac_mls_internalize_label }, - { MAC_INTERNALIZE_VNODE_LABEL, - (macop_t)mac_mls_internalize_label }, - { MAC_CREATE_DEVFS_DEVICE, - (macop_t)mac_mls_create_devfs_device }, - { MAC_CREATE_DEVFS_DIRECTORY, - (macop_t)mac_mls_create_devfs_directory }, - { MAC_CREATE_DEVFS_SYMLINK, - (macop_t)mac_mls_create_devfs_symlink }, - { MAC_CREATE_DEVFS_VNODE, - (macop_t)mac_mls_create_devfs_vnode }, - { MAC_CREATE_MOUNT, - (macop_t)mac_mls_create_mount }, - { MAC_CREATE_ROOT_MOUNT, - (macop_t)mac_mls_create_root_mount }, - { MAC_RELABEL_VNODE, - (macop_t)mac_mls_relabel_vnode }, - { MAC_UPDATE_DEVFSDIRENT, - (macop_t)mac_mls_update_devfsdirent }, - { MAC_ASSOCIATE_VNODE_DEVFS, - (macop_t)mac_mls_associate_vnode_devfs }, - { MAC_ASSOCIATE_VNODE_EXTATTR, - (macop_t)mac_mls_associate_vnode_extattr }, - { MAC_ASSOCIATE_VNODE_SINGLELABEL, - (macop_t)mac_mls_associate_vnode_singlelabel }, - { MAC_CREATE_VNODE_EXTATTR, - (macop_t)mac_mls_create_vnode_extattr }, - { MAC_SETLABEL_VNODE_EXTATTR, - (macop_t)mac_mls_setlabel_vnode_extattr }, - { MAC_CREATE_MBUF_FROM_SOCKET, - (macop_t)mac_mls_create_mbuf_from_socket }, - { MAC_CREATE_PIPE, - (macop_t)mac_mls_create_pipe }, - { MAC_CREATE_SOCKET, - (macop_t)mac_mls_create_socket }, - { MAC_CREATE_SOCKET_FROM_SOCKET, - (macop_t)mac_mls_create_socket_from_socket }, - { MAC_RELABEL_PIPE, - (macop_t)mac_mls_relabel_pipe }, - { MAC_RELABEL_SOCKET, - (macop_t)mac_mls_relabel_socket }, - { MAC_SET_SOCKET_PEER_FROM_MBUF, - (macop_t)mac_mls_set_socket_peer_from_mbuf }, - { MAC_SET_SOCKET_PEER_FROM_SOCKET, - (macop_t)mac_mls_set_socket_peer_from_socket }, - { MAC_CREATE_BPFDESC, - (macop_t)mac_mls_create_bpfdesc }, - { MAC_CREATE_DATAGRAM_FROM_IPQ, - (macop_t)mac_mls_create_datagram_from_ipq }, - { MAC_CREATE_FRAGMENT, - (macop_t)mac_mls_create_fragment }, - { MAC_CREATE_IFNET, - (macop_t)mac_mls_create_ifnet }, - { MAC_CREATE_IPQ, - (macop_t)mac_mls_create_ipq }, - { MAC_CREATE_MBUF_FROM_MBUF, - (macop_t)mac_mls_create_mbuf_from_mbuf }, - { MAC_CREATE_MBUF_LINKLAYER, - (macop_t)mac_mls_create_mbuf_linklayer }, - { MAC_CREATE_MBUF_FROM_BPFDESC, - (macop_t)mac_mls_create_mbuf_from_bpfdesc }, - { MAC_CREATE_MBUF_FROM_IFNET, - (macop_t)mac_mls_create_mbuf_from_ifnet }, - { MAC_CREATE_MBUF_MULTICAST_ENCAP, - (macop_t)mac_mls_create_mbuf_multicast_encap }, - { MAC_CREATE_MBUF_NETLAYER, - (macop_t)mac_mls_create_mbuf_netlayer }, - { MAC_FRAGMENT_MATCH, - (macop_t)mac_mls_fragment_match }, - { MAC_RELABEL_IFNET, - (macop_t)mac_mls_relabel_ifnet }, - { MAC_UPDATE_IPQ, - (macop_t)mac_mls_update_ipq }, - { MAC_CREATE_CRED, - (macop_t)mac_mls_create_cred }, - { MAC_EXECVE_TRANSITION, - (macop_t)mac_mls_execve_transition }, - { MAC_EXECVE_WILL_TRANSITION, - (macop_t)mac_mls_execve_will_transition }, - { MAC_CREATE_PROC0, - (macop_t)mac_mls_create_proc0 }, - { MAC_CREATE_PROC1, - (macop_t)mac_mls_create_proc1 }, - { MAC_RELABEL_CRED, - (macop_t)mac_mls_relabel_cred }, - { MAC_CHECK_BPFDESC_RECEIVE, - (macop_t)mac_mls_check_bpfdesc_receive }, - { MAC_CHECK_CRED_RELABEL, - (macop_t)mac_mls_check_cred_relabel }, - { MAC_CHECK_CRED_VISIBLE, - (macop_t)mac_mls_check_cred_visible }, - { MAC_CHECK_IFNET_RELABEL, - (macop_t)mac_mls_check_ifnet_relabel }, - { MAC_CHECK_IFNET_TRANSMIT, - (macop_t)mac_mls_check_ifnet_transmit }, - { MAC_CHECK_MOUNT_STAT, - (macop_t)mac_mls_check_mount_stat }, - { MAC_CHECK_PIPE_IOCTL, - (macop_t)mac_mls_check_pipe_ioctl }, - { MAC_CHECK_PIPE_POLL, - (macop_t)mac_mls_check_pipe_poll }, - { MAC_CHECK_PIPE_READ, - (macop_t)mac_mls_check_pipe_read }, - { MAC_CHECK_PIPE_RELABEL, - (macop_t)mac_mls_check_pipe_relabel }, - { MAC_CHECK_PIPE_STAT, - (macop_t)mac_mls_check_pipe_stat }, - { MAC_CHECK_PIPE_WRITE, - (macop_t)mac_mls_check_pipe_write }, - { MAC_CHECK_PROC_DEBUG, - (macop_t)mac_mls_check_proc_debug }, - { MAC_CHECK_PROC_SCHED, - (macop_t)mac_mls_check_proc_sched }, - { MAC_CHECK_PROC_SIGNAL, - (macop_t)mac_mls_check_proc_signal }, - { MAC_CHECK_SOCKET_DELIVER, - (macop_t)mac_mls_check_socket_deliver }, - { MAC_CHECK_SOCKET_RELABEL, - (macop_t)mac_mls_check_socket_relabel }, - { MAC_CHECK_SOCKET_VISIBLE, - (macop_t)mac_mls_check_socket_visible }, - { MAC_CHECK_VNODE_ACCESS, - (macop_t)mac_mls_check_vnode_open }, - { MAC_CHECK_VNODE_CHDIR, - (macop_t)mac_mls_check_vnode_chdir }, - { MAC_CHECK_VNODE_CHROOT, - (macop_t)mac_mls_check_vnode_chroot }, - { MAC_CHECK_VNODE_CREATE, - (macop_t)mac_mls_check_vnode_create }, - { MAC_CHECK_VNODE_DELETE, - (macop_t)mac_mls_check_vnode_delete }, - { MAC_CHECK_VNODE_DELETEACL, - (macop_t)mac_mls_check_vnode_deleteacl }, - { MAC_CHECK_VNODE_EXEC, - (macop_t)mac_mls_check_vnode_exec }, - { MAC_CHECK_VNODE_GETACL, - (macop_t)mac_mls_check_vnode_getacl }, - { MAC_CHECK_VNODE_GETEXTATTR, - (macop_t)mac_mls_check_vnode_getextattr }, - { MAC_CHECK_VNODE_LINK, - (macop_t)mac_mls_check_vnode_link }, - { MAC_CHECK_VNODE_LOOKUP, - (macop_t)mac_mls_check_vnode_lookup }, - { MAC_CHECK_VNODE_MMAP, - (macop_t)mac_mls_check_vnode_mmap }, - { MAC_CHECK_VNODE_MPROTECT, - (macop_t)mac_mls_check_vnode_mmap }, - { MAC_CHECK_VNODE_OPEN, - (macop_t)mac_mls_check_vnode_open }, - { MAC_CHECK_VNODE_POLL, - (macop_t)mac_mls_check_vnode_poll }, - { MAC_CHECK_VNODE_READ, - (macop_t)mac_mls_check_vnode_read }, - { MAC_CHECK_VNODE_READDIR, - (macop_t)mac_mls_check_vnode_readdir }, - { MAC_CHECK_VNODE_READLINK, - (macop_t)mac_mls_check_vnode_readlink }, - { MAC_CHECK_VNODE_RELABEL, - (macop_t)mac_mls_check_vnode_relabel }, - { MAC_CHECK_VNODE_RENAME_FROM, - (macop_t)mac_mls_check_vnode_rename_from }, - { MAC_CHECK_VNODE_RENAME_TO, - (macop_t)mac_mls_check_vnode_rename_to }, - { MAC_CHECK_VNODE_REVOKE, - (macop_t)mac_mls_check_vnode_revoke }, - { MAC_CHECK_VNODE_SETACL, - (macop_t)mac_mls_check_vnode_setacl }, - { MAC_CHECK_VNODE_SETEXTATTR, - (macop_t)mac_mls_check_vnode_setextattr }, - { MAC_CHECK_VNODE_SETFLAGS, - (macop_t)mac_mls_check_vnode_setflags }, - { MAC_CHECK_VNODE_SETMODE, - (macop_t)mac_mls_check_vnode_setmode }, - { MAC_CHECK_VNODE_SETOWNER, - (macop_t)mac_mls_check_vnode_setowner }, - { MAC_CHECK_VNODE_SETUTIMES, - (macop_t)mac_mls_check_vnode_setutimes }, - { MAC_CHECK_VNODE_STAT, - (macop_t)mac_mls_check_vnode_stat }, - { MAC_CHECK_VNODE_WRITE, - (macop_t)mac_mls_check_vnode_write }, - { MAC_OP_LAST, NULL } +static struct mac_policy_ops mac_mls_ops = +{ + .mpo_destroy = mac_mls_destroy, + .mpo_init = mac_mls_init, + .mpo_init_bpfdesc_label = mac_mls_init_label, + .mpo_init_cred_label = mac_mls_init_label, + .mpo_init_devfsdirent_label = mac_mls_init_label, + .mpo_init_ifnet_label = mac_mls_init_label, + .mpo_init_ipq_label = mac_mls_init_label, + .mpo_init_mbuf_label = mac_mls_init_label_waitcheck, + .mpo_init_mount_label = mac_mls_init_label, + .mpo_init_mount_fs_label = mac_mls_init_label, + .mpo_init_pipe_label = mac_mls_init_label, + .mpo_init_socket_label = mac_mls_init_label_waitcheck, + .mpo_init_socket_peer_label = mac_mls_init_label_waitcheck, + .mpo_init_vnode_label = mac_mls_init_label, + .mpo_destroy_bpfdesc_label = mac_mls_destroy_label, + .mpo_destroy_cred_label = mac_mls_destroy_label, + .mpo_destroy_devfsdirent_label = mac_mls_destroy_label, + .mpo_destroy_ifnet_label = mac_mls_destroy_label, + .mpo_destroy_ipq_label = mac_mls_destroy_label, + .mpo_destroy_mbuf_label = mac_mls_destroy_label, + .mpo_destroy_mount_label = mac_mls_destroy_label, + .mpo_destroy_mount_fs_label = mac_mls_destroy_label, + .mpo_destroy_pipe_label = mac_mls_destroy_label, + .mpo_destroy_socket_label = mac_mls_destroy_label, + .mpo_destroy_socket_peer_label = mac_mls_destroy_label, + .mpo_destroy_vnode_label = mac_mls_destroy_label, + .mpo_copy_pipe_label = mac_mls_copy_label, + .mpo_copy_vnode_label = mac_mls_copy_label, + .mpo_externalize_cred_label = mac_mls_externalize_label, + .mpo_externalize_ifnet_label = mac_mls_externalize_label, + .mpo_externalize_pipe_label = mac_mls_externalize_label, + .mpo_externalize_socket_label = mac_mls_externalize_label, + .mpo_externalize_socket_peer_label = mac_mls_externalize_label, + .mpo_externalize_vnode_label = mac_mls_externalize_label, + .mpo_internalize_cred_label = mac_mls_internalize_label, + .mpo_internalize_ifnet_label = mac_mls_internalize_label, + .mpo_internalize_pipe_label = mac_mls_internalize_label, + .mpo_internalize_socket_label = mac_mls_internalize_label, + .mpo_internalize_vnode_label = mac_mls_internalize_label, + .mpo_create_devfs_device = mac_mls_create_devfs_device, + .mpo_create_devfs_directory = mac_mls_create_devfs_directory, + .mpo_create_devfs_symlink = mac_mls_create_devfs_symlink, + .mpo_create_devfs_vnode = mac_mls_create_devfs_vnode, + .mpo_create_mount = mac_mls_create_mount, + .mpo_create_root_mount = mac_mls_create_root_mount, + .mpo_relabel_vnode = mac_mls_relabel_vnode, + .mpo_update_devfsdirent = mac_mls_update_devfsdirent, + .mpo_associate_vnode_devfs = mac_mls_associate_vnode_devfs, + .mpo_associate_vnode_extattr = mac_mls_associate_vnode_extattr, + .mpo_associate_vnode_singlelabel = mac_mls_associate_vnode_singlelabel, + .mpo_create_vnode_extattr = mac_mls_create_vnode_extattr, + .mpo_setlabel_vnode_extattr = mac_mls_setlabel_vnode_extattr, + .mpo_create_mbuf_from_socket = mac_mls_create_mbuf_from_socket, + .mpo_create_pipe = mac_mls_create_pipe, + .mpo_create_socket = mac_mls_create_socket, + .mpo_create_socket_from_socket = mac_mls_create_socket_from_socket, + .mpo_relabel_pipe = mac_mls_relabel_pipe, + .mpo_relabel_socket = mac_mls_relabel_socket, + .mpo_set_socket_peer_from_mbuf = mac_mls_set_socket_peer_from_mbuf, + .mpo_set_socket_peer_from_socket = mac_mls_set_socket_peer_from_socket, + .mpo_create_bpfdesc = mac_mls_create_bpfdesc, + .mpo_create_datagram_from_ipq = mac_mls_create_datagram_from_ipq, + .mpo_create_fragment = mac_mls_create_fragment, + .mpo_create_ifnet = mac_mls_create_ifnet, + .mpo_create_ipq = mac_mls_create_ipq, + .mpo_create_mbuf_from_mbuf = mac_mls_create_mbuf_from_mbuf, + .mpo_create_mbuf_linklayer = mac_mls_create_mbuf_linklayer, + .mpo_create_mbuf_from_bpfdesc = mac_mls_create_mbuf_from_bpfdesc, + .mpo_create_mbuf_from_ifnet = mac_mls_create_mbuf_from_ifnet, + .mpo_create_mbuf_multicast_encap = mac_mls_create_mbuf_multicast_encap, + .mpo_create_mbuf_netlayer = mac_mls_create_mbuf_netlayer, + .mpo_fragment_match = mac_mls_fragment_match, + .mpo_relabel_ifnet = mac_mls_relabel_ifnet, + .mpo_update_ipq = mac_mls_update_ipq, + .mpo_create_cred = mac_mls_create_cred, + .mpo_execve_transition = mac_mls_execve_transition, + .mpo_execve_will_transition = mac_mls_execve_will_transition, + .mpo_create_proc0 = mac_mls_create_proc0, + .mpo_create_proc1 = mac_mls_create_proc1, + .mpo_relabel_cred = mac_mls_relabel_cred, + .mpo_check_bpfdesc_receive = mac_mls_check_bpfdesc_receive, + .mpo_check_cred_relabel = mac_mls_check_cred_relabel, + .mpo_check_cred_visible = mac_mls_check_cred_visible, + .mpo_check_ifnet_relabel = mac_mls_check_ifnet_relabel, + .mpo_check_ifnet_transmit = mac_mls_check_ifnet_transmit, + .mpo_check_mount_stat = mac_mls_check_mount_stat, + .mpo_check_pipe_ioctl = mac_mls_check_pipe_ioctl, + .mpo_check_pipe_poll = mac_mls_check_pipe_poll, + .mpo_check_pipe_read = mac_mls_check_pipe_read, + .mpo_check_pipe_relabel = mac_mls_check_pipe_relabel, + .mpo_check_pipe_stat = mac_mls_check_pipe_stat, + .mpo_check_pipe_write = mac_mls_check_pipe_write, + .mpo_check_proc_debug = mac_mls_check_proc_debug, + .mpo_check_proc_sched = mac_mls_check_proc_sched, + .mpo_check_proc_signal = mac_mls_check_proc_signal, + .mpo_check_socket_deliver = mac_mls_check_socket_deliver, + .mpo_check_socket_relabel = mac_mls_check_socket_relabel, + .mpo_check_socket_visible = mac_mls_check_socket_visible, + .mpo_check_vnode_access = mac_mls_check_vnode_open, + .mpo_check_vnode_chdir = mac_mls_check_vnode_chdir, + .mpo_check_vnode_chroot = mac_mls_check_vnode_chroot, + .mpo_check_vnode_create = mac_mls_check_vnode_create, + .mpo_check_vnode_delete = mac_mls_check_vnode_delete, + .mpo_check_vnode_deleteacl = mac_mls_check_vnode_deleteacl, + .mpo_check_vnode_exec = mac_mls_check_vnode_exec, + .mpo_check_vnode_getacl = mac_mls_check_vnode_getacl, + .mpo_check_vnode_getextattr = mac_mls_check_vnode_getextattr, + .mpo_check_vnode_link = mac_mls_check_vnode_link, + .mpo_check_vnode_lookup = mac_mls_check_vnode_lookup, + .mpo_check_vnode_mmap = mac_mls_check_vnode_mmap, + .mpo_check_vnode_mprotect = mac_mls_check_vnode_mmap, + .mpo_check_vnode_open = mac_mls_check_vnode_open, + .mpo_check_vnode_poll = mac_mls_check_vnode_poll, + .mpo_check_vnode_read = mac_mls_check_vnode_read, + .mpo_check_vnode_readdir = mac_mls_check_vnode_readdir, + .mpo_check_vnode_readlink = mac_mls_check_vnode_readlink, + .mpo_check_vnode_relabel = mac_mls_check_vnode_relabel, + .mpo_check_vnode_rename_from = mac_mls_check_vnode_rename_from, + .mpo_check_vnode_rename_to = mac_mls_check_vnode_rename_to, + .mpo_check_vnode_revoke = mac_mls_check_vnode_revoke, + .mpo_check_vnode_setacl = mac_mls_check_vnode_setacl, + .mpo_check_vnode_setextattr = mac_mls_check_vnode_setextattr, + .mpo_check_vnode_setflags = mac_mls_check_vnode_setflags, + .mpo_check_vnode_setmode = mac_mls_check_vnode_setmode, + .mpo_check_vnode_setowner = mac_mls_check_vnode_setowner, + .mpo_check_vnode_setutimes = mac_mls_check_vnode_setutimes, + .mpo_check_vnode_stat = mac_mls_check_vnode_stat, + .mpo_check_vnode_write = mac_mls_check_vnode_write, }; -MAC_POLICY_SET(mac_mls_ops, trustedbsd_mac_mls, "TrustedBSD MAC/MLS", +MAC_POLICY_SET(&mac_mls_ops, trustedbsd_mac_mls, "TrustedBSD MAC/MLS", MPC_LOADTIME_FLAG_NOTLATE, &mac_mls_slot); -- cgit v1.1