Introduce accessor functions mac_label_get() and mac_label_set() to replace

LABEL_TO_SLOT() macro used by policy modules to query and set label data
in struct label.  Instead of using a union, store an intptr_t, simplifying
the API.

Update policies: in most cases this required only small tweaks to current
wrapper macros.  In two cases, a single wrapper macros had to be split into
separate get and set macros.

Move struct label definition from _label.h to mac_internal.h and remove
_label.h.  With this change, policies may now treat struct label * as
opaque, allowing us to change the layout of struct label without breaking
the policy module ABI.  For example, we could make the maximum number of
policies with labels modifiable at boot-time rather than just at
compile-time.

Obtained from:	TrustedBSD Project

sys/security/mac/mac_framework.h

@@ -50,8 +50,6 @@
 #error "no user-serviceable parts inside"
 #endif
 
-#include <sys/_label.h>
-
 struct bpf_d;
 struct cdev;
 struct componentname;
@@ -62,6 +60,7 @@ struct image_params;
 struct inpcb;
 struct ipq;
 struct ksem;
+struct label;
 struct m_tag;
 struct mac;
 struct mbuf;

sys/security/mac/mac_internal.h

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2006 Robert N. M. Watson
  * Copyright (c) 2001 Ilmar S. Habibulin
  * Copyright (c) 2001-2004 Networks Associates Technology, Inc.
  * Copyright (c) 2006 nCircle Network Security, Inc.
@@ -62,6 +62,23 @@ LIST_HEAD(mac_policy_list_head, mac_policy_conf);
 MALLOC_DECLARE(M_MACTEMP);
 #endif
 
+/*
+ * MAC labels -- in-kernel storage format.
+ *
+ * In general, struct label pointers are embedded in kernel data structures
+ * representing objects that may be labeled (and protected).  Struct label is
+ * opaque to both kernel services that invoke the MAC Framework and MAC
+ * policy modules.  In particular, we do not wish to encode the layout of the
+ * label structure into any ABIs.  Historically, the slot array contained
+ * unions of {long, void} but now contains uintptr_t.
+ */
+#define	MAC_MAX_SLOTS	4
+#define	MAC_FLAG_INITIALIZED	0x0000001	/* Is initialized for use. */
+struct label {
+	int		l_flags;
+	intptr_t	l_perpolicy[MAC_MAX_SLOTS];
+};
+
 /*
  * MAC Framework global variables.
  */

sys/security/mac/mac_label.c

@@ -1,5 +1,6 @@
 /*-
  * Copyright (c) 2003-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2007 Robert N. M. Watson
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project in part by Network
@@ -35,6 +36,7 @@ __FBSDID("$FreeBSD$");
 #include "opt_mac.h"
 
 #include <sys/param.h>
+#include <sys/module.h>
 #include <sys/sysctl.h>
 #include <sys/systm.h>
 
@@ -42,6 +44,7 @@ __FBSDID("$FreeBSD$");
 
 #include <security/mac/mac_framework.h>
 #include <security/mac/mac_internal.h>
+#include <security/mac/mac_policy.h>
 
 /*
  * zone_label is the UMA zone from which most labels are allocated.  Label
@@ -125,3 +128,24 @@ mac_labelzone_free(struct label *label)
 
 	uma_zfree(zone_label, label);
 }
+
+/*
+ * Functions used by policy modules to get and set label values.
+ */
+intptr_t
+mac_label_get(struct label *l, int slot)
+{
+
+	KASSERT(l != NULL, ("mac_label_get: NULL label"));
+
+	return (l->l_perpolicy[slot]);
+}
+
+void
+mac_label_set(struct label *l, int slot, intptr_t v)
+{
+
+	KASSERT(l != NULL, ("mac_label_set: NULL label"));
+
+	l->l_perpolicy[slot] = v;
+}

sys/security/mac/mac_policy.h

@@ -47,8 +47,6 @@
 #error "no user-serviceable parts inside"
 #endif
 
-#include <sys/_label.h>
-
 /*-
  * Pluggable access control policy definition structure.
  *
@@ -970,11 +968,9 @@ int	mac_policy_modevent(module_t mod, int type, void *data);
 /*
  * Policy interface to map a struct label pointer to per-policy data.
  * Typically, policies wrap this in their own accessor macro that casts a
- * void pointer to a policy-specific data type.
- *
- * XXXRW: It might be preferable to provide get/set methods via functions to
- * avoid encoding the struct label layout in compiled modules.
+ * uintptr_t to a policy-specific data type.
  */
-#define	LABEL_TO_SLOT(l, s)	(l)->l_perpolicy[s]
+intptr_t	mac_label_get(struct label *l, int slot);
+void		mac_label_set(struct label *l, int slot, intptr_t v);
 
 #endif /* !_SYS_SECURITY_MAC_MAC_POLICY_H_ */

sys/security/mac_biba/mac_biba.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
  * Copyright (c) 2001-2005 McAfee, Inc.
  * All rights reserved.
  *
@@ -132,8 +132,8 @@ SYSCTL_INT(_security_mac_biba, OID_AUTO, revocation_enabled, CTLFLAG_RW,
 TUNABLE_INT("security.mac.biba.revocation_enabled", &revocation_enabled);
 
 static int	mac_biba_slot;
-#define	SLOT(l)	((struct mac_biba *)LABEL_TO_SLOT((l), mac_biba_slot).l_ptr)
-#define	SLOT_SET(l, val) (LABEL_TO_SLOT((l), mac_biba_slot).l_ptr = (val))
+#define	SLOT(l)	((struct mac_biba *)mac_label_get((l), mac_biba_slot))
+#define	SLOT_SET(l, val) mac_label_set((l), mac_biba_slot, (uintptr_t)(val))
 
 static uma_zone_t	zone_biba;
 

sys/security/mac_lomac/mac_lomac.c

@@ -126,11 +126,11 @@ SYSCTL_INT(_security_mac_lomac, OID_AUTO, revocation_enabled, CTLFLAG_RW,
 TUNABLE_INT("security.mac.lomac.revocation_enabled", &revocation_enabled);
 
 static int	mac_lomac_slot;
-#define	SLOT(l)	((struct mac_lomac *)LABEL_TO_SLOT((l), mac_lomac_slot).l_ptr)
-#define	SLOT_SET(l, val) (LABEL_TO_SLOT((l), mac_lomac_slot).l_ptr = (val))
+#define	SLOT(l)	((struct mac_lomac *)mac_label_get((l), mac_lomac_slot))
+#define	SLOT_SET(l, val) mac_label_set((l), mac_lomac_slot, (uintptr_t)(val))
 #define	PSLOT(l) ((struct mac_lomac_proc *)				\
-    LABEL_TO_SLOT((l), mac_lomac_slot).l_ptr)
-#define	PSLOT_SET(l, val) (LABEL_TO_SLOT((l), mac_lomac_slot).l_ptr = (val))
+    mac_label_get((l), mac_lomac_slot))
+#define	PSLOT_SET(l, val) mac_label_set((l), mac_lomac_slot, (uintptr_t)(val))
 
 MALLOC_DEFINE(M_MACLOMAC, "mac_lomac_label", "MAC/LOMAC labels");
 

sys/security/mac_mls/mac_mls.c

@@ -116,8 +116,8 @@ SYSCTL_INT(_security_mac_mls, OID_AUTO, max_compartments, CTLFLAG_RD,
     &max_compartments, 0, "Maximum compartments the policy supports");
 
 static int	mac_mls_slot;
-#define	SLOT(l)	((struct mac_mls *)LABEL_TO_SLOT((l), mac_mls_slot).l_ptr)
-#define	SLOT_SET(l, val) (LABEL_TO_SLOT((l), mac_mls_slot).l_ptr = (val))
+#define	SLOT(l)	((struct mac_mls *)mac_label_get((l), mac_mls_slot))
+#define	SLOT_SET(l, val) mac_label_set((l), mac_mls_slot, (uintptr_t)(val))
 
 static uma_zone_t	zone_mls;
 

sys/security/mac_partition/mac_partition.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
  * Copyright (c) 2001-2002 Networks Associates Technology, Inc.
  * All rights reserved.
  *
@@ -79,7 +79,8 @@ SYSCTL_INT(_security_mac_partition, OID_AUTO, enabled, CTLFLAG_RW,
     &mac_partition_enabled, 0, "Enforce partition policy");
 
 static int	partition_slot;
-#define	SLOT(l)	(LABEL_TO_SLOT((l), partition_slot).l_long)
+#define	SLOT(l)	mac_label_get((l), partition_slot)
+#define	SLOT_SET(l, v)	mac_label_set((l), partition_slot, (v))
 
 static void
 mac_partition_init(struct mac_policy_conf *conf)
@@ -91,21 +92,21 @@ static void
 mac_partition_init_label(struct label *label)
 {
 
-	SLOT(label) = 0;
+	SLOT_SET(label, 0);
 }
 
 static void
 mac_partition_destroy_label(struct label *label)
 {
 
-	SLOT(label) = 0;
+	SLOT_SET(label, 0);
 }
 
 static void
 mac_partition_copy_label(struct label *src, struct label *dest)
 {
 
-	SLOT(dest) = SLOT(src);
+	SLOT_SET(dest, SLOT(src));
 }
 
 static int
@@ -118,7 +119,7 @@ mac_partition_externalize_label(struct label *label, char *element_name,
 
 	(*claimed)++;
 
-	if (sbuf_printf(sb, "%ld", SLOT(label)) == -1)
+	if (sbuf_printf(sb, "%d", SLOT(label)) == -1)
 		return (EINVAL);
 	else
 		return (0);
@@ -133,7 +134,7 @@ mac_partition_internalize_label(struct label *label, char *element_name,
 		return (0);
 
 	(*claimed)++;
-	SLOT(label) = strtol(element_data, NULL, 10);
+	SLOT_SET(label, strtol(element_data, NULL, 10));
 	return (0);
 }
 
@@ -141,14 +142,14 @@ static void
 mac_partition_create_proc0(struct ucred *cred)
 {
 
-	SLOT(cred->cr_label) = 0;
+	SLOT_SET(cred->cr_label, 0);
 }
 
 static void
 mac_partition_create_proc1(struct ucred *cred)
 {
 
-	SLOT(cred->cr_label) = 0;
+	SLOT_SET(cred->cr_label, 0);
 }
 
 static void
@@ -156,7 +157,7 @@ mac_partition_relabel_cred(struct ucred *cred, struct label *newlabel)
 {
 
 	if (SLOT(newlabel) != 0)
-		SLOT(cred->cr_label) = SLOT(newlabel);
+		SLOT_SET(cred->cr_label, SLOT(newlabel));
 }
 
 static int

sys/security/mac_test/mac_test.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
  * Copyright (c) 2001-2005 McAfee, Inc.
  * All rights reserved.
  *
@@ -102,7 +102,8 @@ SYSCTL_INT(_security_mac_test, OID_AUTO, enabled, CTLFLAG_RW,
 #define	VNODEMAGIC	0x1a67a45c
 #define	EXMAGIC		0x849ba1fd
 
-#define	SLOT(x)	LABEL_TO_SLOT((x), test_slot).l_long
+#define	SLOT(x)	mac_label_get((x), test_slot)
+#define	SLOT_SET(x, v)	mac_label_set((x), test_slot, (v))
 
 #define	ASSERT_BPF_LABEL(x)	KASSERT(SLOT(x) == BPFMAGIC ||		\
 	SLOT(x) == 0, ("%s: Bad BPF label", __func__ ))
@@ -305,7 +306,7 @@ static void
 mac_test_init_bpfdesc_label(struct label *label)
 {
 
-	SLOT(label) = BPFMAGIC;
+	SLOT_SET(label, BPFMAGIC);
 	atomic_add_int(&init_count_bpfdesc, 1);
 }
 
@@ -313,7 +314,7 @@ static void
 mac_test_init_cred_label(struct label *label)
 {
 
-	SLOT(label) = CREDMAGIC;
+	SLOT_SET(label, CREDMAGIC);
 	atomic_add_int(&init_count_cred, 1);
 }
 
@@ -321,7 +322,7 @@ static void
 mac_test_init_devfsdirent_label(struct label *label)
 {
 
-	SLOT(label) = DEVFSMAGIC;
+	SLOT_SET(label, DEVFSMAGIC);
 	atomic_add_int(&init_count_devfsdirent, 1);
 }
 
@@ -329,7 +330,7 @@ static void
 mac_test_init_ifnet_label(struct label *label)
 {
 
-	SLOT(label) = IFNETMAGIC;
+	SLOT_SET(label, IFNETMAGIC);
 	atomic_add_int(&init_count_ifnet, 1);
 }
 
@@ -342,7 +343,7 @@ mac_test_init_inpcb_label(struct label *label, int flag)
 		    "mac_test_init_inpcb_label() at %s:%d", __FILE__,
 		    __LINE__);
 
-	SLOT(label) = INPCBMAGIC;
+	SLOT_SET(label, INPCBMAGIC);
 	atomic_add_int(&init_count_inpcb, 1);
 	return (0);
 }
@@ -350,28 +351,28 @@ mac_test_init_inpcb_label(struct label *label, int flag)
 static void
 mac_test_init_sysv_msgmsg_label(struct label *label)
 {
-	SLOT(label) = SYSVIPCMSGMAGIC;
+	SLOT_SET(label, SYSVIPCMSGMAGIC);
 	atomic_add_int(&init_count_sysv_msg, 1);
 }
 
 static void
 mac_test_init_sysv_msgqueue_label(struct label *label)
 {
-	SLOT(label) = SYSVIPCMSQMAGIC;
+	SLOT_SET(label, SYSVIPCMSQMAGIC);
 	atomic_add_int(&init_count_sysv_msq, 1);
 }
 
 static void
 mac_test_init_sysv_sem_label(struct label *label)
 {
-	SLOT(label) = SYSVIPCSEMMAGIC;
+	SLOT_SET(label, SYSVIPCSEMMAGIC);
 	atomic_add_int(&init_count_sysv_sem, 1);
 }
 
 static void
 mac_test_init_sysv_shm_label(struct label *label)
 {
-	SLOT(label) = SYSVIPCSHMMAGIC;
+	SLOT_SET(label, SYSVIPCSHMMAGIC);
 	atomic_add_int(&init_count_sysv_shm, 1);
 }
 
@@ -384,7 +385,7 @@ mac_test_init_ipq_label(struct label *label, int flag)
 		    "mac_test_init_ipq_label() at %s:%d", __FILE__,
 		    __LINE__);
 
-	SLOT(label) = IPQMAGIC;
+	SLOT_SET(label, IPQMAGIC);
 	atomic_add_int(&init_count_ipq, 1);
 	return (0);
 }
@@ -398,7 +399,7 @@ mac_test_init_mbuf_label(struct label *label, int flag)
 		    "mac_test_init_mbuf_label() at %s:%d", __FILE__,
 		    __LINE__);
 
-	SLOT(label) = MBUFMAGIC;
+	SLOT_SET(label, MBUFMAGIC);
 	atomic_add_int(&init_count_mbuf, 1);
 	return (0);
 }
@@ -407,7 +408,7 @@ static void
 mac_test_init_mount_label(struct label *label)
 {
 
-	SLOT(label) = MOUNTMAGIC;
+	SLOT_SET(label, MOUNTMAGIC);
 	atomic_add_int(&init_count_mount, 1);
 }
 
@@ -415,7 +416,7 @@ static void
 mac_test_init_mount_fs_label(struct label *label)
 {
 
-	SLOT(label) = MOUNTMAGIC;
+	SLOT_SET(label, MOUNTMAGIC);
 	atomic_add_int(&init_count_mount_fslabel, 1);
 }
 
@@ -428,7 +429,7 @@ mac_test_init_socket_label(struct label *label, int flag)
 		    "mac_test_init_socket_label() at %s:%d", __FILE__,
 		    __LINE__);
 
-	SLOT(label) = SOCKETMAGIC;
+	SLOT_SET(label, SOCKETMAGIC);
 	atomic_add_int(&init_count_socket, 1);
 	return (0);
 }
@@ -442,7 +443,7 @@ mac_test_init_socket_peer_label(struct label *label, int flag)
 		    "mac_test_init_socket_peer_label() at %s:%d", __FILE__,
 		    __LINE__);
 
-	SLOT(label) = SOCKETMAGIC;
+	SLOT_SET(label, SOCKETMAGIC);
 	atomic_add_int(&init_count_socket_peerlabel, 1);
 	return (0);
 }
@@ -451,7 +452,7 @@ static void
 mac_test_init_pipe_label(struct label *label)
 {
 
-	SLOT(label) = PIPEMAGIC;
+	SLOT_SET(label, PIPEMAGIC);
 	atomic_add_int(&init_count_pipe, 1);
 }
 
@@ -459,7 +460,7 @@ static void
 mac_test_init_posix_sem_label(struct label *label)
 {
 
-	SLOT(label) = POSIXSEMMAGIC;
+	SLOT_SET(label, POSIXSEMMAGIC);
 	atomic_add_int(&init_count_posixsems, 1);
 }
 
@@ -467,7 +468,7 @@ static void
 mac_test_init_proc_label(struct label *label)
 {
 
-	SLOT(label) = PROCMAGIC;
+	SLOT_SET(label, PROCMAGIC);
 	atomic_add_int(&init_count_proc, 1);
 }
 
@@ -475,7 +476,7 @@ static void
 mac_test_init_vnode_label(struct label *label)
 {
 
-	SLOT(label) = VNODEMAGIC;
+	SLOT_SET(label, VNODEMAGIC);
 	atomic_add_int(&init_count_vnode, 1);
 }
 
@@ -485,7 +486,7 @@ mac_test_destroy_bpfdesc_label(struct label *label)
 
 	if (SLOT(label) == BPFMAGIC || SLOT(label) == 0) {
 		atomic_add_int(&destroy_count_bpfdesc, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_bpfdesc: dup destroy");
 	} else {
@@ -499,7 +500,7 @@ mac_test_destroy_cred_label(struct label *label)
 
 	if (SLOT(label) == CREDMAGIC || SLOT(label) == 0) {
 		atomic_add_int(&destroy_count_cred, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_cred: dup destroy");
 	} else {
@@ -513,7 +514,7 @@ mac_test_destroy_devfsdirent_label(struct label *label)
 
 	if (SLOT(label) == DEVFSMAGIC || SLOT(label) == 0) {
 		atomic_add_int(&destroy_count_devfsdirent, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_devfsdirent: dup destroy");
 	} else {
@@ -527,7 +528,7 @@ mac_test_destroy_ifnet_label(struct label *label)
 
 	if (SLOT(label) == IFNETMAGIC || SLOT(label) == 0) {
 		atomic_add_int(&destroy_count_ifnet, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_ifnet: dup destroy");
 	} else {
@@ -541,7 +542,7 @@ mac_test_destroy_inpcb_label(struct label *label)
 
 	if (SLOT(label) == INPCBMAGIC || SLOT(label) == 0) {
 		atomic_add_int(&destroy_count_inpcb, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_inpcb: dup destroy");
 	} else {
@@ -555,7 +556,7 @@ mac_test_destroy_sysv_msgmsg_label(struct label *label)
 
 	if (SLOT(label) == SYSVIPCMSGMAGIC || SLOT(label) == 0) {
 		atomic_add_int(&destroy_count_sysv_msg, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_sysv_msgmsg_label: dup destroy");
 	} else {
@@ -570,7 +571,7 @@ mac_test_destroy_sysv_msgqueue_label(struct label *label)
 
 	if (SLOT(label) == SYSVIPCMSQMAGIC || SLOT(label) == 0) {
 		atomic_add_int(&destroy_count_sysv_msq, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_sysv_msgqueue_label: dup destroy");
 	} else {
@@ -585,7 +586,7 @@ mac_test_destroy_sysv_sem_label(struct label *label)
 
 	if (SLOT(label) == SYSVIPCSEMMAGIC || SLOT(label) == 0) {
 		atomic_add_int(&destroy_count_sysv_sem, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_sysv_sem_label: dup destroy");
 	} else {
@@ -599,7 +600,7 @@ mac_test_destroy_sysv_shm_label(struct label *label)
 
 	if (SLOT(label) == SYSVIPCSHMMAGIC || SLOT(label) == 0) {
 		atomic_add_int(&destroy_count_sysv_shm, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_sysv_shm_label: dup destroy");
 	} else {
@@ -613,7 +614,7 @@ mac_test_destroy_ipq_label(struct label *label)
 
 	if (SLOT(label) == IPQMAGIC || SLOT(label) == 0) {
 		atomic_add_int(&destroy_count_ipq, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_ipq: dup destroy");
 	} else {
@@ -635,7 +636,7 @@ mac_test_destroy_mbuf_label(struct label *label)
 
 	if (SLOT(label) == MBUFMAGIC || SLOT(label) == 0) {
 		atomic_add_int(&destroy_count_mbuf, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_mbuf: dup destroy");
 	} else {
@@ -649,7 +650,7 @@ mac_test_destroy_mount_label(struct label *label)
 
 	if ((SLOT(label) == MOUNTMAGIC || SLOT(label) == 0)) {
 		atomic_add_int(&destroy_count_mount, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_mount: dup destroy");
 	} else {
@@ -663,7 +664,7 @@ mac_test_destroy_mount_fs_label(struct label *label)
 
 	if ((SLOT(label) == MOUNTMAGIC || SLOT(label) == 0)) {
 		atomic_add_int(&destroy_count_mount_fslabel, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_mount_fslabel: dup destroy");
 	} else {
@@ -677,7 +678,7 @@ mac_test_destroy_socket_label(struct label *label)
 
 	if ((SLOT(label) == SOCKETMAGIC || SLOT(label) == 0)) {
 		atomic_add_int(&destroy_count_socket, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_socket: dup destroy");
 	} else {
@@ -691,7 +692,7 @@ mac_test_destroy_socket_peer_label(struct label *label)
 
 	if ((SLOT(label) == SOCKETMAGIC || SLOT(label) == 0)) {
 		atomic_add_int(&destroy_count_socket_peerlabel, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_socket_peerlabel: dup destroy");
 	} else {
@@ -705,7 +706,7 @@ mac_test_destroy_pipe_label(struct label *label)
 
 	if ((SLOT(label) == PIPEMAGIC || SLOT(label) == 0)) {
 		atomic_add_int(&destroy_count_pipe, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_pipe: dup destroy");
 	} else {
@@ -719,7 +720,7 @@ mac_test_destroy_posix_sem_label(struct label *label)
 
 	if ((SLOT(label) == POSIXSEMMAGIC || SLOT(label) == 0)) {
 		atomic_add_int(&destroy_count_posixsems, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_posix_sem: dup destroy");
 	} else {
@@ -733,7 +734,7 @@ mac_test_destroy_proc_label(struct label *label)
 
 	if ((SLOT(label) == PROCMAGIC || SLOT(label) == 0)) {
 		atomic_add_int(&destroy_count_proc, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_proc: dup destroy");
 	} else {
@@ -747,7 +748,7 @@ mac_test_destroy_vnode_label(struct label *label)
 
 	if (SLOT(label) == VNODEMAGIC || SLOT(label) == 0) {
 		atomic_add_int(&destroy_count_vnode, 1);
-		SLOT(label) = EXMAGIC;
+		SLOT_SET(label, EXMAGIC);
 	} else if (SLOT(label) == EXMAGIC) {
 		DEBUGGER("mac_test_destroy_vnode: dup destroy");
 	} else {

sys/sys/_label.h

@@ -1,65 +0,0 @@
-/*-
- * Copyright (c) 1999-2002, 2006 Robert N. M. Watson
- * Copyright (c) 2001-2002 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed by Robert Watson for the TrustedBSD Project.
- *
- * This software was developed for the FreeBSD Project in part by Network
- * Associates Laboratories, the Security Research Division of Network
- * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
- * as part of the DARPA CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-#ifndef _SYS__LABEL_H_
-#define	_SYS__LABEL_H_
-
-/*
- * Definition for the 'struct label' in-kernel MAC label data structure.
- * In general, struct label pointers are embedded in kernel data structures
- * representing objects that may be labeled (and protected).  It is not
- * directly embedded in order to avoid encoding this definition into modules
- * unnecessarily.  Currently, only the MAC Framework and MAC policy modules
- * dereference this data structure.  In the future, we would like struct
- * label to also be opaque to policies.  Each policy requesting a label slot
- * can store one long or void pointer in their slot.
- *
- * XXXMAC: This shouldn't be exported to userland, but is because of ucred.h
- * and various other messes.
- */
-
-#define	MAC_MAX_SLOTS	4
-
-#define	MAC_FLAG_INITIALIZED	0x0000001	/* Is initialized for use. */
-
-struct label {
-	int	l_flags;
-	union {
-		void	*l_ptr;
-		long	 l_long;
-	}	l_perpolicy[MAC_MAX_SLOTS];
-};
-
-#endif /* !_SYS__LABEL_H_ */