Normalize variable naming in the MAC Framework by adopting the normal

variable name conventions for arguments passed into the framework -- for example, name network interfaces 'ifp', sockets 'so', mounts 'mp', mbufs 'm', processes 'p', etc, wherever possible. Previously there was significant variation in this regard. Normalize copyright lists to ranges where sensible.
2007-04-22 19:55:56 +00:00 · 2007-04-22 19:55:56 +00:00 · 26ae2b86b6
commit 26ae2b86b6
parent eb542415c0
8 changed files with 384 additions and 395 deletions
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@ -93,23 +93,23 @@ void	mac_init_bpfdesc(struct bpf_d *);
 void	mac_init_cred(struct ucred *);
 void	mac_init_devfsdirent(struct devfs_dirent *);
 void	mac_init_ifnet(struct ifnet *);
-int	mac_init_inpcb(struct inpcb *, int flag);
+int	mac_init_inpcb(struct inpcb *, int);
 void	mac_init_sysv_msgmsg(struct msg *);
-void	mac_init_sysv_msgqueue(struct msqid_kernel*);
+void	mac_init_sysv_msgqueue(struct msqid_kernel *);
-void	mac_init_sysv_sem(struct semid_kernel*);
+void	mac_init_sysv_sem(struct semid_kernel *);
-void	mac_init_sysv_shm(struct shmid_kernel*);
+void	mac_init_sysv_shm(struct shmid_kernel *);
-int	mac_init_ipq(struct ipq *, int flag);
+int	mac_init_ipq(struct ipq *, int);
-int	mac_init_socket(struct socket *, int flag);
+int	mac_init_socket(struct socket *, int);
 void	mac_init_pipe(struct pipepair *);
 void	mac_init_posix_sem(struct ksem *);
-int	mac_init_mbuf(struct mbuf *mbuf, int flag);
+int	mac_init_mbuf(struct mbuf *, int);
-int	mac_init_mbuf_tag(struct m_tag *, int flag);
+int	mac_init_mbuf_tag(struct m_tag *, int);
 void	mac_init_mount(struct mount *);
 void	mac_init_proc(struct proc *);
 void	mac_init_vnode(struct vnode *);
-void	mac_copy_mbuf(struct mbuf *m_from, struct mbuf *m_to);
+void	mac_copy_mbuf(struct mbuf *, struct mbuf *);
 void	mac_copy_mbuf_tag(struct m_tag *, struct m_tag *);
-void	mac_copy_vnode_label(struct label *, struct label *label);
+void	mac_copy_vnode_label(struct label *, struct label *);
 void	mac_destroy_bpfdesc(struct bpf_d *);
 void	mac_destroy_cred(struct ucred *);
 void	mac_destroy_devfsdirent(struct devfs_dirent *);
@ -129,9 +129,9 @@ void	mac_destroy_mount(struct mount *);
 void	mac_destroy_vnode(struct vnode *);
 struct label	*mac_cred_label_alloc(void);
-void		 mac_cred_label_free(struct label *label);
+void		 mac_cred_label_free(struct label *);
 struct label	*mac_vnode_label_alloc(void);
-void		 mac_vnode_label_free(struct label *label);
+void		 mac_vnode_label_free(struct label *);
 /*
 * Labeling event operations: file system objects, and things that look a lot
@ -159,13 +159,12 @@ void	mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
 * Labeling event operations: IPC objects.
 */
 void	mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m);
-void	mac_create_socket(struct ucred *cred, struct socket *socket);
+void	mac_create_socket(struct ucred *cred, struct socket *so);
-void	mac_create_socket_from_socket(struct socket *oldsocket,
+void	mac_create_socket_from_socket(struct socket *oldso,
-	    struct socket *newsocket);
+	    struct socket *newso);
-void	mac_set_socket_peer_from_mbuf(struct mbuf *mbuf,
+void	mac_set_socket_peer_from_mbuf(struct mbuf *m, struct socket *so);
-	    struct socket *socket);
+void	mac_set_socket_peer_from_socket(struct socket *oldso,
-void	mac_set_socket_peer_from_socket(struct socket *oldsocket,
+	    struct socket *newso);
 	    struct socket *newsocket);
 void	mac_create_pipe(struct ucred *cred, struct pipepair *pp);
 /*
@ -188,29 +187,29 @@ void 	mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr);
 /*
 * Labeling event operations: network objects.
 */
-void	mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d);
+void	mac_create_bpfdesc(struct ucred *cred, struct bpf_d *d);
 void	mac_create_ifnet(struct ifnet *ifp);
 void	mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp);
-void	mac_create_ipq(struct mbuf *fragment, struct ipq *ipq);
+void	mac_create_ipq(struct mbuf *m, struct ipq *ipq);
-void	mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram);
+void	mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *m);
-void	mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment);
+void	mac_create_fragment(struct mbuf *m, struct mbuf *frag);
 void	mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m);
-void	mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *m);
+void	mac_create_mbuf_linklayer(struct ifnet *ifp, struct mbuf *m);
-void	mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
+void	mac_create_mbuf_from_bpfdesc(struct bpf_d *d, struct mbuf *m);
-void	mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m);
+void	mac_create_mbuf_from_ifnet(struct ifnet *ifp, struct mbuf *m);
-void	mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
+void	mac_create_mbuf_multicast_encap(struct mbuf *m, struct ifnet *ifp,
-	    struct ifnet *ifnet, struct mbuf *newmbuf);
+	    struct mbuf *mnew);
-void	mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf);
+void	mac_create_mbuf_netlayer(struct mbuf *m, struct mbuf *mnew);
-int	mac_fragment_match(struct mbuf *fragment, struct ipq *ipq);
+int	mac_fragment_match(struct mbuf *m, struct ipq *ipq);
 void	mac_reflect_mbuf_icmp(struct mbuf *m);
 void	mac_reflect_mbuf_tcp(struct mbuf *m);
-void	mac_update_ipq(struct mbuf *fragment, struct ipq *ipq);
+void	mac_update_ipq(struct mbuf *m, struct ipq *ipq);
 void	mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp);
 void	mac_create_mbuf_from_firewall(struct mbuf *m);
-void	mac_destroy_syncache(struct label **label);
+void	mac_destroy_syncache(struct label **l);
-int	mac_init_syncache(struct label **label);
+int	mac_init_syncache(struct label **l);
-void	mac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp);
+void	mac_init_syncache_from_inpcb(struct label *l, struct inpcb *inp);
-void	mac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m);
+void	mac_create_mbuf_from_syncache(struct label *l, struct mbuf *m);
 /*
 * Labeling event operations: processes.
@ -218,10 +217,10 @@ void	mac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m);
 void	mac_copy_cred(struct ucred *cr1, struct ucred *cr2);
 int	mac_execve_enter(struct image_params *imgp, struct mac *mac_p);
 void	mac_execve_exit(struct image_params *imgp);
-void	mac_execve_transition(struct ucred *old, struct ucred *new,
+void	mac_execve_transition(struct ucred *oldcred, struct ucred *newcred,
 	    struct vnode *vp, struct label *interpvnodelabel,
 	    struct image_params *imgp);
-int	mac_execve_will_transition(struct ucred *old, struct vnode *vp,
+int	mac_execve_will_transition(struct ucred *cred, struct vnode *vp,
 	    struct label *interpvnodelabel, struct image_params *imgp);
 void	mac_create_proc0(struct ucred *cred);
 void	mac_create_proc1(struct ucred *cred);
@ -246,9 +245,9 @@ void	mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr);
 /*
 * Access control checks.
 */
-int	mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
+int	mac_check_bpfdesc_receive(struct bpf_d *d, struct ifnet *ifp);
-int	mac_check_cred_visible(struct ucred *u1, struct ucred *u2);
+int	mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2);
-int	mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m);
+int	mac_check_ifnet_transmit(struct ifnet *ifp, struct mbuf *m);
 int	mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m);
 int	mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
 	    struct msqid_kernel *msqkptr);
@ -295,38 +294,38 @@ int	mac_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr);
 int	mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr);
 int	mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr);
 int	mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr);
-int	mac_check_proc_debug(struct ucred *cred, struct proc *proc);
+int	mac_check_proc_debug(struct ucred *cred, struct proc *p);
-int	mac_check_proc_sched(struct ucred *cred, struct proc *proc);
+int	mac_check_proc_sched(struct ucred *cred, struct proc *p);
 int	mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai);
 int	mac_check_proc_setauid(struct ucred *cred, uid_t auid);
-int	mac_check_proc_setuid(struct proc *proc,  struct ucred *cred,
+int	mac_check_proc_setuid(struct proc *p,  struct ucred *cred,
 	    uid_t uid);
-int	mac_check_proc_seteuid(struct proc *proc, struct ucred *cred,
+int	mac_check_proc_seteuid(struct proc *p, struct ucred *cred,
 	    uid_t euid);
-int	mac_check_proc_setgid(struct proc *proc, struct ucred *cred,
+int	mac_check_proc_setgid(struct proc *p, struct ucred *cred,
 	    gid_t gid);
-int	mac_check_proc_setegid(struct proc *proc, struct ucred *cred,
+int	mac_check_proc_setegid(struct proc *p, struct ucred *cred,
 	    gid_t egid);
-int	mac_check_proc_setgroups(struct proc *proc, struct ucred *cred,
+int	mac_check_proc_setgroups(struct proc *p, struct ucred *cred,
 	    int ngroups, gid_t *gidset);
-int	mac_check_proc_setreuid(struct proc *proc, struct ucred *cred,
+int	mac_check_proc_setreuid(struct proc *p, struct ucred *cred,
 	    uid_t ruid, uid_t euid);
-int	mac_check_proc_setregid(struct proc *proc, struct ucred *cred,
+int	mac_check_proc_setregid(struct proc *p, struct ucred *cred,
 	    gid_t rgid, gid_t egid);
-int	mac_check_proc_setresuid(struct proc *proc, struct ucred *cred,
+int	mac_check_proc_setresuid(struct proc *p, struct ucred *cred,
 	    uid_t ruid, uid_t euid, uid_t suid);
-int	mac_check_proc_setresgid(struct proc *proc, struct ucred *cred,
+int	mac_check_proc_setresgid(struct proc *p, struct ucred *cred,
 	    gid_t rgid, gid_t egid, gid_t sgid);
-int	mac_check_proc_signal(struct ucred *cred, struct proc *proc,
+int	mac_check_proc_signal(struct ucred *cred, struct proc *p,
 	    int signum);
-int	mac_check_proc_wait(struct ucred *cred, struct proc *proc);
+int	mac_check_proc_wait(struct ucred *cred, struct proc *p);
 int	mac_check_socket_accept(struct ucred *cred, struct socket *so);
 int	mac_check_socket_bind(struct ucred *cred, struct socket *so,
-	    struct sockaddr *sockaddr);
+	    struct sockaddr *sa);
 int	mac_check_socket_connect(struct ucred *cred, struct socket *so,
-	    struct sockaddr *sockaddr);
+	    struct sockaddr *sa);
 int	mac_check_socket_create(struct ucred *cred, int domain, int type,
-	    int protocol);
+	    int proto);
 int	mac_check_socket_deliver(struct socket *so, struct mbuf *m);
 int	mac_check_socket_listen(struct ucred *cred, struct socket *so);
 int	mac_check_socket_poll(struct ucred *cred, struct socket *so);
@ -367,8 +366,8 @@ int	mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
 	    int attrnamespace);
 int	mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
 	    struct componentname *cnp);
-int	mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
+int	mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, int prot,
-	    int prot, int flags);
+	    int flags);
 int	mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
 	    int prot);
 int	mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
@ -405,9 +404,9 @@ int	mac_getsockopt_label(struct ucred *cred, struct socket *so,
 int	mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
 	    struct mac *extmac);
 int	mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
-	    struct ifnet *ifnet);
+	    struct ifnet *ifp);
 int	mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
-	    struct ifnet *ifnet);
+	    struct ifnet *ifp);
 int	mac_setsockopt_label(struct ucred *cred, struct socket *so,
 	    struct mac *extmac);
 int	mac_pipe_label_set(struct ucred *cred, struct pipepair *pp,
--- a/sys/security/mac/mac_inet.c
+++ b/sys/security/mac/mac_inet.c
@ -163,36 +163,34 @@ mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp)
 }
 void
-mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram)
+mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *m)
 {
 	struct label *label;
-	label = mac_mbuf_to_label(datagram);
+	label = mac_mbuf_to_label(m);
-	MAC_PERFORM(create_datagram_from_ipq, ipq, ipq->ipq_label,
+	MAC_PERFORM(create_datagram_from_ipq, ipq, ipq->ipq_label, m, label);
 	    datagram, label);
 }
 void
-mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment)
+mac_create_fragment(struct mbuf *m, struct mbuf *frag)
 {
-	struct label *datagramlabel, *fragmentlabel;
+	struct label *mlabel, *fraglabel;
-	datagramlabel = mac_mbuf_to_label(datagram);
+	mlabel = mac_mbuf_to_label(m);
-	fragmentlabel = mac_mbuf_to_label(fragment);
+	fraglabel = mac_mbuf_to_label(frag);
-	MAC_PERFORM(create_fragment, datagram, datagramlabel, fragment,
+	MAC_PERFORM(create_fragment, m, mlabel, frag, fraglabel);
 	    fragmentlabel);
 }
 void
-mac_create_ipq(struct mbuf *fragment, struct ipq *ipq)
+mac_create_ipq(struct mbuf *m, struct ipq *ipq)
 {
 	struct label *label;
-	label = mac_mbuf_to_label(fragment);
+	label = mac_mbuf_to_label(m);
-	MAC_PERFORM(create_ipq, fragment, label, ipq, ipq->ipq_label);
+	MAC_PERFORM(create_ipq, m, label, ipq, ipq->ipq_label);
 }
 void
@ -207,16 +205,15 @@ mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m)
 }
 int
-mac_fragment_match(struct mbuf *fragment, struct ipq *ipq)
+mac_fragment_match(struct mbuf *m, struct ipq *ipq)
 {
 	struct label *label;
 	int result;
-	label = mac_mbuf_to_label(fragment);
+	label = mac_mbuf_to_label(m);
 	result = 1;
-	MAC_BOOLEAN(fragment_match, &&, fragment, label, ipq,
+	MAC_BOOLEAN(fragment_match, &&, m, label, ipq, ipq->ipq_label);
 	    ipq->ipq_label);
 	return (result);
 }
@ -230,6 +227,7 @@ mac_reflect_mbuf_icmp(struct mbuf *m)
 	MAC_PERFORM(reflect_mbuf_icmp, m, label);
 }
 void
 mac_reflect_mbuf_tcp(struct mbuf *m)
 {
@ -241,13 +239,13 @@ mac_reflect_mbuf_tcp(struct mbuf *m)
 }
 void
-mac_update_ipq(struct mbuf *fragment, struct ipq *ipq)
+mac_update_ipq(struct mbuf *m, struct ipq *ipq)
 {
 	struct label *label;
-	label = mac_mbuf_to_label(fragment);
+	label = mac_mbuf_to_label(m);
-	MAC_PERFORM(update_ipq, fragment, label, ipq, ipq->ipq_label);
+	MAC_PERFORM(update_ipq, m, label, ipq, ipq->ipq_label);
 }
 int
@ -331,9 +329,9 @@ mac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
 void
 mac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m)
 {
-	struct label *mbuf_label;
+	struct label *mlabel;
 	M_ASSERTPKTHDR(m);
-	mbuf_label = mac_mbuf_to_label(m);
+	mlabel = mac_mbuf_to_label(m);
-	MAC_PERFORM(create_mbuf_from_syncache, sc_label, m, mbuf_label);
+	MAC_PERFORM(create_mbuf_from_syncache, sc_label, m, mlabel);
 }
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@ -82,14 +82,14 @@ MTX_SYSINIT(mac_ifnet_mtx, &mac_ifnet_mtx, "mac_ifnet", MTX_DEF);
 * early loading.
 */
 struct label *
-mac_mbuf_to_label(struct mbuf *mbuf)
+mac_mbuf_to_label(struct mbuf *m)
 {
 	struct m_tag *tag;
 	struct label *label;
-	if (mbuf == NULL)
+	if (m == NULL)
 		return (NULL);
-	tag = m_tag_find(mbuf, PACKET_TAG_MACLABEL, NULL);
+	tag = m_tag_find(m, PACKET_TAG_MACLABEL, NULL);
 	if (tag == NULL)
 		return (NULL);
 	label = (struct label *)(tag+1);
@ -107,10 +107,10 @@ mac_bpfdesc_label_alloc(void)
 }
 void
-mac_init_bpfdesc(struct bpf_d *bpf_d)
+mac_init_bpfdesc(struct bpf_d *d)
 {
-	bpf_d->bd_label = mac_bpfdesc_label_alloc();
+	d->bd_label = mac_bpfdesc_label_alloc();
 }
 static struct label *
@ -185,11 +185,11 @@ mac_bpfdesc_label_free(struct label *label)
 }
 void
-mac_destroy_bpfdesc(struct bpf_d *bpf_d)
+mac_destroy_bpfdesc(struct bpf_d *d)
 {
-	mac_bpfdesc_label_free(bpf_d->bd_label);
+	mac_bpfdesc_label_free(d->bd_label);
-	bpf_d->bd_label = NULL;
+	d->bd_label = NULL;
 }
 static void
@ -278,123 +278,117 @@ mac_internalize_ifnet_label(struct label *label, char *string)
 }
 void
-mac_create_ifnet(struct ifnet *ifnet)
+mac_create_ifnet(struct ifnet *ifp)
 {
-	MAC_IFNET_LOCK(ifnet);
+	MAC_IFNET_LOCK(ifp);
-	MAC_PERFORM(create_ifnet, ifnet, ifnet->if_label);
+	MAC_PERFORM(create_ifnet, ifp, ifp->if_label);
-	MAC_IFNET_UNLOCK(ifnet);
+	MAC_IFNET_UNLOCK(ifp);
 }
 void
-mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d)
+mac_create_bpfdesc(struct ucred *cred, struct bpf_d *d)
 {
-	MAC_PERFORM(create_bpfdesc, cred, bpf_d, bpf_d->bd_label);
+	MAC_PERFORM(create_bpfdesc, cred, d, d->bd_label);
 }
 void
-mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf)
+mac_create_mbuf_from_bpfdesc(struct bpf_d *d, struct mbuf *m)
 {
 	struct label *label;
-	BPFD_LOCK_ASSERT(bpf_d);
+	BPFD_LOCK_ASSERT(d);
-	label = mac_mbuf_to_label(mbuf);
+	label = mac_mbuf_to_label(m);
-	MAC_PERFORM(create_mbuf_from_bpfdesc, bpf_d, bpf_d->bd_label, mbuf,
+	MAC_PERFORM(create_mbuf_from_bpfdesc, d, d->bd_label, m, label);
 	    label);
 }
 void
-mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *mbuf)
+mac_create_mbuf_linklayer(struct ifnet *ifp, struct mbuf *m)
 {
 	struct label *label;
-	label = mac_mbuf_to_label(mbuf);
+	label = mac_mbuf_to_label(m);
-	MAC_IFNET_LOCK(ifnet);
+	MAC_IFNET_LOCK(ifp);
-	MAC_PERFORM(create_mbuf_linklayer, ifnet, ifnet->if_label, mbuf,
+	MAC_PERFORM(create_mbuf_linklayer, ifp, ifp->if_label, m, label);
-	    label);
+	MAC_IFNET_UNLOCK(ifp);
 	MAC_IFNET_UNLOCK(ifnet);
 }
 void
-mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *mbuf)
+mac_create_mbuf_from_ifnet(struct ifnet *ifp, struct mbuf *m)
 {
 	struct label *label;
-	label = mac_mbuf_to_label(mbuf);
+	label = mac_mbuf_to_label(m);
-	MAC_IFNET_LOCK(ifnet);
+	MAC_IFNET_LOCK(ifp);
-	MAC_PERFORM(create_mbuf_from_ifnet, ifnet, ifnet->if_label, mbuf,
+	MAC_PERFORM(create_mbuf_from_ifnet, ifp, ifp->if_label, m, label);
-	    label);
+	MAC_IFNET_UNLOCK(ifp);
 	MAC_IFNET_UNLOCK(ifnet);
 }
 void
-mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf, struct ifnet *ifnet,
+mac_create_mbuf_multicast_encap(struct mbuf *m, struct ifnet *ifp,
-    struct mbuf *newmbuf)
+    struct mbuf *mnew)
 {
-	struct label *oldmbuflabel, *newmbuflabel;
+	struct label *mlabel, *mnewlabel;
-	oldmbuflabel = mac_mbuf_to_label(oldmbuf);
+	mlabel = mac_mbuf_to_label(m);
-	newmbuflabel = mac_mbuf_to_label(newmbuf);
+	mnewlabel = mac_mbuf_to_label(mnew);
-	MAC_IFNET_LOCK(ifnet);
+	MAC_IFNET_LOCK(ifp);
-	MAC_PERFORM(create_mbuf_multicast_encap, oldmbuf, oldmbuflabel,
+	MAC_PERFORM(create_mbuf_multicast_encap, m, mlabel, ifp,
-	    ifnet, ifnet->if_label, newmbuf, newmbuflabel);
+	    ifp->if_label, mnew, mnewlabel);
-	MAC_IFNET_UNLOCK(ifnet);
+	MAC_IFNET_UNLOCK(ifp);
 }
 void
-mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf)
+mac_create_mbuf_netlayer(struct mbuf *m, struct mbuf *mnew)
 {
-	struct label *oldmbuflabel, *newmbuflabel;
+	struct label *mlabel, *mnewlabel;
-	oldmbuflabel = mac_mbuf_to_label(oldmbuf);
+	mlabel = mac_mbuf_to_label(m);
-	newmbuflabel = mac_mbuf_to_label(newmbuf);
+	mnewlabel = mac_mbuf_to_label(mnew);
-	MAC_PERFORM(create_mbuf_netlayer, oldmbuf, oldmbuflabel, newmbuf,
+	MAC_PERFORM(create_mbuf_netlayer, m, mlabel, mnew, mnewlabel);
 	    newmbuflabel);
 }
 int
-mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet)
+mac_check_bpfdesc_receive(struct bpf_d *d, struct ifnet *ifp)
 {
 	int error;
-	BPFD_LOCK_ASSERT(bpf_d);
+	BPFD_LOCK_ASSERT(d);
-	MAC_IFNET_LOCK(ifnet);
+	MAC_IFNET_LOCK(ifp);
-	MAC_CHECK(check_bpfdesc_receive, bpf_d, bpf_d->bd_label, ifnet,
+	MAC_CHECK(check_bpfdesc_receive, d, d->bd_label, ifp, ifp->if_label);
-	    ifnet->if_label);
+	MAC_IFNET_UNLOCK(ifp);
 	MAC_IFNET_UNLOCK(ifnet);
 	return (error);
 }
 int
-mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *mbuf)
+mac_check_ifnet_transmit(struct ifnet *ifp, struct mbuf *m)
 {
 	struct label *label;
 	int error;
-	M_ASSERTPKTHDR(mbuf);
+	M_ASSERTPKTHDR(m);
-	label = mac_mbuf_to_label(mbuf);
+	label = mac_mbuf_to_label(m);
-	MAC_IFNET_LOCK(ifnet);
+	MAC_IFNET_LOCK(ifp);
-	MAC_CHECK(check_ifnet_transmit, ifnet, ifnet->if_label, mbuf,
+	MAC_CHECK(check_ifnet_transmit, ifp, ifp->if_label, m, label);
-	    label);
+	MAC_IFNET_UNLOCK(ifp);
 	MAC_IFNET_UNLOCK(ifnet);
 	return (error);
 }
 int
 mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
-    struct ifnet *ifnet)
+    struct ifnet *ifp)
 {
 	char *elements, *buffer;
 	struct label *intlabel;
@ -418,9 +412,9 @@ mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
 	buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
 	intlabel = mac_ifnet_label_alloc();
-	MAC_IFNET_LOCK(ifnet);
+	MAC_IFNET_LOCK(ifp);
-	mac_copy_ifnet_label(ifnet->if_label, intlabel);
+	mac_copy_ifnet_label(ifp->if_label, intlabel);
-	MAC_IFNET_UNLOCK(ifnet);
+	MAC_IFNET_UNLOCK(ifp);
 	error = mac_externalize_ifnet_label(intlabel, elements, buffer,
 	    mac.m_buflen);
 	mac_ifnet_label_free(intlabel);
@ -434,8 +428,7 @@ mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
 }
 int
-mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
+mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifp)
    struct ifnet *ifnet)
 {
 	struct label *intlabel;
 	struct mac mac;
@ -476,17 +469,16 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
 		return (error);
 	}
-	MAC_IFNET_LOCK(ifnet);
+	MAC_IFNET_LOCK(ifp);
-	MAC_CHECK(check_ifnet_relabel, cred, ifnet, ifnet->if_label,
+	MAC_CHECK(check_ifnet_relabel, cred, ifp, ifp->if_label, intlabel);
 	    intlabel);
 	if (error) {
-		MAC_IFNET_UNLOCK(ifnet);
+		MAC_IFNET_UNLOCK(ifp);
 		mac_ifnet_label_free(intlabel);
 		return (error);
 	}
-	MAC_PERFORM(relabel_ifnet, cred, ifnet, ifnet->if_label, intlabel);
+	MAC_PERFORM(relabel_ifnet, cred, ifp, ifp->if_label, intlabel);
-	MAC_IFNET_UNLOCK(ifnet);
+	MAC_IFNET_UNLOCK(ifp);
 	mac_ifnet_label_free(intlabel);
 	return (0);
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2002, 2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
 * All rights reserved.
 *
 * This software was developed for the FreeBSD Project in part by Network
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@ -196,65 +196,64 @@ typedef int	(*mpo_internalize_vnode_label_t)(struct label *label,
 * like file system objects.
 */
 typedef void	(*mpo_associate_vnode_devfs_t)(struct mount *mp,
-		    struct label *mntlabel, struct devfs_dirent *de,
+		    struct label *mplabel, struct devfs_dirent *de,
 		    struct label *delabel, struct vnode *vp,
-		    struct label *vlabel);
+		    struct label *vplabel);
 typedef int	(*mpo_associate_vnode_extattr_t)(struct mount *mp,
-		    struct label *mntlabel, struct vnode *vp,
+		    struct label *mplabel, struct vnode *vp,
-		    struct label *vlabel);
+		    struct label *vplabel);
 typedef void	(*mpo_associate_vnode_singlelabel_t)(struct mount *mp,
-		    struct label *mntlabel, struct vnode *vp,
+		    struct label *mplabel, struct vnode *vp,
-		    struct label *vlabel);
+		    struct label *vplabel);
 typedef void	(*mpo_create_devfs_device_t)(struct ucred *cred,
 		    struct mount *mp, struct cdev *dev,
-		    struct devfs_dirent *de, struct label *label);
+		    struct devfs_dirent *de, struct label *delabel);
 typedef void	(*mpo_create_devfs_directory_t)(struct mount *mp,
 		    char *dirname, int dirnamelen, struct devfs_dirent *de,
-		    struct label *label);
+		    struct label *delabel);
 typedef void	(*mpo_create_devfs_symlink_t)(struct ucred *cred,
 		    struct mount *mp, struct devfs_dirent *dd,
 		    struct label *ddlabel, struct devfs_dirent *de,
 		    struct label *delabel);
 typedef int	(*mpo_create_vnode_extattr_t)(struct ucred *cred,
-		    struct mount *mp, struct label *mntlabel,
+		    struct mount *mp, struct label *mplabel,
-		    struct vnode *dvp, struct label *dlabel,
+		    struct vnode *dvp, struct label *dvplabel,
-		    struct vnode *vp, struct label *vlabel,
+		    struct vnode *vp, struct label *vplabel,
 		    struct componentname *cnp);
 typedef void	(*mpo_create_mount_t)(struct ucred *cred, struct mount *mp,
-		    struct label *mntlabel);
+		    struct label *mplabel);
 typedef void	(*mpo_relabel_vnode_t)(struct ucred *cred, struct vnode *vp,
-		    struct label *vnodelabel, struct label *label);
+		    struct label *vplabel, struct label *label);
 typedef int	(*mpo_setlabel_vnode_extattr_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *vlabel,
+		    struct vnode *vp, struct label *vplabel,
 		    struct label *intlabel);
 typedef void	(*mpo_update_devfsdirent_t)(struct mount *mp,
-		    struct devfs_dirent *devfs_dirent,
+		    struct devfs_dirent *de, struct label *delabel,
-		    struct label *direntlabel, struct vnode *vp,
+		    struct vnode *vp, struct label *vplabel);
 		    struct label *vnodelabel);
 /*
 * Labeling event operations: IPC objects.
 */
 typedef void	(*mpo_create_mbuf_from_socket_t)(struct socket *so,
-		    struct label *socketlabel, struct mbuf *m,
+		    struct label *solabel, struct mbuf *m,
-		    struct label *mbuflabel);
+		    struct label *mlabel);
 typedef void	(*mpo_create_socket_t)(struct ucred *cred, struct socket *so,
-		    struct label *socketlabel);
+		    struct label *solabel);
-typedef void	(*mpo_create_socket_from_socket_t)(struct socket *oldsocket,
+typedef void	(*mpo_create_socket_from_socket_t)(struct socket *oldso,
-		    struct label *oldsocketlabel, struct socket *newsocket,
+		    struct label *oldsolabel, struct socket *newso,
-		    struct label *newsocketlabel);
+		    struct label *newsolabel);
 typedef void	(*mpo_relabel_socket_t)(struct ucred *cred, struct socket *so,
 		    struct label *oldlabel, struct label *newlabel);
 typedef void	(*mpo_relabel_pipe_t)(struct ucred *cred, struct pipepair *pp,
 		    struct label *oldlabel, struct label *newlabel);
-typedef void	(*mpo_set_socket_peer_from_mbuf_t)(struct mbuf *mbuf,
+typedef void	(*mpo_set_socket_peer_from_mbuf_t)(struct mbuf *m,
-		    struct label *mbuflabel, struct socket *so,
+		    struct label *mlabel, struct socket *so,
-		    struct label *socketpeerlabel);
+		    struct label *sopeerlabel);
-typedef void	(*mpo_set_socket_peer_from_socket_t)(struct socket *oldsocket,
+typedef void	(*mpo_set_socket_peer_from_socket_t)(struct socket *oldso,
-		    struct label *oldsocketlabel, struct socket *newsocket,
+		    struct label *oldsolabel, struct socket *newso,
-		    struct label *newsocketpeerlabel);
+		    struct label *newsopeerlabel);
 typedef void	(*mpo_create_pipe_t)(struct ucred *cred, struct pipepair *pp,
-		    struct label *pipelabel);
+		    struct label *pplabel);
 /*
 * Labeling event operations: System V IPC primitives.
@ -279,53 +278,49 @@ typedef void	(*mpo_create_posix_sem_t)(struct ucred *cred,
 * Labeling event operations: network objects.
 */
 typedef void	(*mpo_create_bpfdesc_t)(struct ucred *cred,
-		    struct bpf_d *bpf_d, struct label *bpflabel);
+		    struct bpf_d *d, struct label *dlabel);
-typedef void	(*mpo_create_ifnet_t)(struct ifnet *ifnet,
+typedef void	(*mpo_create_ifnet_t)(struct ifnet *ifp,
-		    struct label *ifnetlabel);
+		    struct label *ifplabel);
 typedef void	(*mpo_create_inpcb_from_socket_t)(struct socket *so,
 		    struct label *solabel, struct inpcb *inp,
 		    struct label *inplabel);
-typedef void	(*mpo_create_ipq_t)(struct mbuf *fragment,
+typedef void	(*mpo_create_ipq_t)(struct mbuf *m, struct label *mlabel,
-		    struct label *fragmentlabel, struct ipq *ipq,
+		    struct ipq *ipq, struct label *ipqlabel);
 		    struct label *ipqlabel);
 typedef void	(*mpo_create_datagram_from_ipq)
-		    (struct ipq *ipq, struct label *ipqlabel,
+		    (struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
-		    struct mbuf *datagram, struct label *datagramlabel);
+		    struct label *mlabel);
-typedef void	(*mpo_create_fragment_t)(struct mbuf *datagram,
+typedef void	(*mpo_create_fragment_t)(struct mbuf *m,
-		    struct label *datagramlabel, struct mbuf *fragment,
+		    struct label *mlabel, struct mbuf *frag,
-		    struct label *fragmentlabel);
+		    struct label *fraglabel);
 typedef void	(*mpo_create_mbuf_from_inpcb_t)(struct inpcb *inp,
 		    struct label *inplabel, struct mbuf *m,
 		    struct label *mlabel);
-typedef void	(*mpo_create_mbuf_linklayer_t)(struct ifnet *ifnet,
+typedef void	(*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp,
-		    struct label *ifnetlabel, struct mbuf *mbuf,
+		    struct label *ifplabel, struct mbuf *m,
-		    struct label *mbuflabel);
+		    struct label *mlabel);
-typedef void	(*mpo_create_mbuf_from_bpfdesc_t)(struct bpf_d *bpf_d,
+typedef void	(*mpo_create_mbuf_from_bpfdesc_t)(struct bpf_d *d,
-		    struct label *bpflabel, struct mbuf *mbuf,
+		    struct label *dlabel, struct mbuf *m,
-		    struct label *mbuflabel);
+		    struct label *mlabel);
-typedef void	(*mpo_create_mbuf_from_ifnet_t)(struct ifnet *ifnet,
+typedef void	(*mpo_create_mbuf_from_ifnet_t)(struct ifnet *ifp,
-		    struct label *ifnetlabel, struct mbuf *mbuf,
+		    struct label *ifplabel, struct mbuf *m,
-		    struct label *mbuflabel);
+		    struct label *mlabel);
-typedef void	(*mpo_create_mbuf_multicast_encap_t)(struct mbuf *oldmbuf,
+typedef void	(*mpo_create_mbuf_multicast_encap_t)(struct mbuf *m,
-		    struct label *oldmbuflabel, struct ifnet *ifnet,
+		    struct label *mlabel, struct ifnet *ifp,
-		    struct label *ifnetlabel, struct mbuf *newmbuf,
+		    struct label *ifplabel, struct mbuf *mnew,
-		    struct label *newmbuflabel);
+		    struct label *mnewlabel);
-typedef void	(*mpo_create_mbuf_netlayer_t)(struct mbuf *oldmbuf,
+typedef void	(*mpo_create_mbuf_netlayer_t)(struct mbuf *m,
-		    struct label *oldmbuflabel, struct mbuf *newmbuf,
+		    struct label *mlabel, struct mbuf *mnew,
-		    struct label *newmbuflabel);
+		    struct label *mnewlabel);
-typedef int	(*mpo_fragment_match_t)(struct mbuf *fragment,
+typedef int	(*mpo_fragment_match_t)(struct mbuf *m, struct label *mlabel,
-		    struct label *fragmentlabel, struct ipq *ipq,
+		    struct ipq *ipq, struct label *ipqlabel);
 		    struct label *ipqlabel);
 typedef void	(*mpo_reflect_mbuf_icmp_t)(struct mbuf *m,
 		    struct label *mlabel);
 typedef void	(*mpo_reflect_mbuf_tcp_t)(struct mbuf *m,
 		    struct label *mlabel);
-typedef void	(*mpo_relabel_ifnet_t)(struct ucred *cred,
+typedef void	(*mpo_relabel_ifnet_t)(struct ucred *cred, struct ifnet *ifp,
-		    struct ifnet *ifnet, struct label *ifnetlabel,
+		    struct label *ifplabel, struct label *newlabel);
-		    struct label *newlabel);
+typedef void	(*mpo_update_ipq_t)(struct mbuf *m, struct label *mlabel,
-typedef void	(*mpo_update_ipq_t)(struct mbuf *fragment,
+		    struct ipq *ipq, struct label *ipqlabel);
 		    struct label *fragmentlabel, struct ipq *ipq,
 		    struct label *ipqlabel);
 typedef void	(*mpo_inpcb_sosetlabel_t)(struct socket *so,
 		    struct label *label, struct inpcb *inp,
 		    struct label *inplabel);
@ -337,16 +332,16 @@ typedef int	(*mpo_init_syncache_label_t)(struct label *label, int flag);
 typedef void	(*mpo_init_syncache_from_inpcb_t)(struct label *label,
 		    struct inpcb *inp);
 typedef void	(*mpo_create_mbuf_from_syncache_t)(struct label *sc_label,
-		    struct mbuf *m, struct label *mbuf_label);
+		    struct mbuf *m, struct label *mlabel);
 /*
 * Labeling event operations: processes.
 */
 typedef void	(*mpo_execve_transition_t)(struct ucred *old,
 		    struct ucred *new, struct vnode *vp,
-		    struct label *vnodelabel, struct label *interpvnodelabel,
+		    struct label *vplabel, struct label *interpvnodelabel,
 		    struct image_params *imgp, struct label *execlabel);
 typedef int	(*mpo_execve_will_transition_t)(struct ucred *old,
-		    struct vnode *vp, struct label *vnodelabel,
+		    struct vnode *vp, struct label *vplabel,
 		    struct label *interpvnodelabel,
 		    struct image_params *imgp, struct label *execlabel);
 typedef void	(*mpo_create_proc0_t)(struct ucred *cred);
@ -358,19 +353,19 @@ typedef void	(*mpo_thread_userret_t)(struct thread *thread);
 /*
 * Access control checks.
 */
-typedef	int	(*mpo_check_bpfdesc_receive_t)(struct bpf_d *bpf_d,
+typedef	int	(*mpo_check_bpfdesc_receive_t)(struct bpf_d *d,
-		    struct label *bpflabel, struct ifnet *ifnet,
+		    struct label *dlabel, struct ifnet *ifp,
-		    struct label *ifnetlabel);
+		    struct label *ifplabel);
 typedef int	(*mpo_check_cred_relabel_t)(struct ucred *cred,
 		    struct label *newlabel);
-typedef int	(*mpo_check_cred_visible_t)(struct ucred *u1,
+typedef int	(*mpo_check_cred_visible_t)(struct ucred *cr1,
-		    struct ucred *u2);
+		    struct ucred *cr2);
 typedef int	(*mpo_check_ifnet_relabel_t)(struct ucred *cred,
-		    struct ifnet *ifnet, struct label *ifnetlabel,
+		    struct ifnet *ifp, struct label *ifplabel,
 		    struct label *newlabel);
-typedef int	(*mpo_check_ifnet_transmit_t)(struct ifnet *ifnet,
+typedef int	(*mpo_check_ifnet_transmit_t)(struct ifnet *ifp,
-		    struct label *ifnetlabel, struct mbuf *m,
+		    struct label *ifplabel, struct mbuf *m,
-		    struct label *mbuflabel);
+		    struct label *mlabel);
 typedef int	(*mpo_check_inpcb_deliver_t)(struct inpcb *inp,
 		    struct label *inplabel, struct mbuf *m,
 		    struct label *mlabel);
@ -416,27 +411,27 @@ typedef int	(*mpo_check_kenv_set_t)(struct ucred *cred, char *name,
 		    char *value);
 typedef int	(*mpo_check_kenv_unset_t)(struct ucred *cred, char *name);
 typedef int	(*mpo_check_kld_load_t)(struct ucred *cred, struct vnode *vp,
-		    struct label *vlabel);
+		    struct label *vplabel);
 typedef int	(*mpo_check_kld_stat_t)(struct ucred *cred);
 typedef int	(*mpo_mpo_placeholder19_t)(void);
 typedef int	(*mpo_mpo_placeholder20_t)(void);
 typedef int	(*mpo_check_mount_stat_t)(struct ucred *cred,
-		    struct mount *mp, struct label *mntlabel);
+		    struct mount *mp, struct label *mplabel);
 typedef int	(*mpo_mpo_placeholder21_t)(void);
 typedef int	(*mpo_check_pipe_ioctl_t)(struct ucred *cred,
-		    struct pipepair *pp, struct label *pipelabel,
+		    struct pipepair *pp, struct label *pplabel,
 		    unsigned long cmd, void *data);
 typedef int	(*mpo_check_pipe_poll_t)(struct ucred *cred,
-		    struct pipepair *pp, struct label *pipelabel);
+		    struct pipepair *pp, struct label *pplabel);
 typedef int	(*mpo_check_pipe_read_t)(struct ucred *cred,
-		    struct pipepair *pp, struct label *pipelabel);
+		    struct pipepair *pp, struct label *pplabel);
 typedef int	(*mpo_check_pipe_relabel_t)(struct ucred *cred,
-		    struct pipepair *pp, struct label *pipelabel,
+		    struct pipepair *pp, struct label *pplabel,
 		    struct label *newlabel);
 typedef int	(*mpo_check_pipe_stat_t)(struct ucred *cred,
-		    struct pipepair *pp, struct label *pipelabel);
+		    struct pipepair *pp, struct label *pplabel);
 typedef int	(*mpo_check_pipe_write_t)(struct ucred *cred,
-		    struct pipepair *pp, struct label *pipelabel);
+		    struct pipepair *pp, struct label *pplabel);
 typedef int	(*mpo_check_posix_sem_destroy_t)(struct ucred *cred,
 		    struct ksem *ksemptr, struct label *ks_label);
 typedef int	(*mpo_check_posix_sem_getvalue_t)(struct ucred *cred,
@ -450,9 +445,9 @@ typedef int	(*mpo_check_posix_sem_unlink_t)(struct ucred *cred,
 typedef int	(*mpo_check_posix_sem_wait_t)(struct ucred *cred,
 		    struct ksem *ksemptr, struct label *ks_label);
 typedef int	(*mpo_check_proc_debug_t)(struct ucred *cred,
-		    struct proc *proc);
+		    struct proc *p);
 typedef int	(*mpo_check_proc_sched_t)(struct ucred *cred,
-		    struct proc *proc);
+		    struct proc *p);
 typedef int	(*mpo_check_proc_setaudit_t)(struct ucred *cred,
 		    struct auditinfo *ai);
 typedef int	(*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid);
@ -475,35 +470,35 @@ typedef int	(*mpo_check_proc_signal_t)(struct ucred *cred,
 typedef int	(*mpo_check_proc_wait_t)(struct ucred *cred,
 		    struct proc *proc);
 typedef int	(*mpo_check_socket_accept_t)(struct ucred *cred,
-		    struct socket *so, struct label *socketlabel);
+		    struct socket *so, struct label *solabel);
 typedef int	(*mpo_check_socket_bind_t)(struct ucred *cred,
-		    struct socket *so, struct label *socketlabel,
+		    struct socket *so, struct label *solabel,
-		    struct sockaddr *sockaddr);
+		    struct sockaddr *sa);
 typedef int	(*mpo_check_socket_connect_t)(struct ucred *cred,
-		    struct socket *so, struct label *socketlabel,
+		    struct socket *so, struct label *solabel,
-		    struct sockaddr *sockaddr);
+		    struct sockaddr *sa);
 typedef int	(*mpo_check_socket_create_t)(struct ucred *cred, int domain,
 		    int type, int protocol);
 typedef int	(*mpo_check_socket_deliver_t)(struct socket *so,
-		    struct label *socketlabel, struct mbuf *m,
+		    struct label *solabel, struct mbuf *m,
-		    struct label *mbuflabel);
+		    struct label *mlabel);
 typedef int	(*mpo_check_socket_listen_t)(struct ucred *cred,
-		    struct socket *so, struct label *socketlabel);
+		    struct socket *so, struct label *solabel);
 typedef int	(*mpo_check_socket_poll_t)(struct ucred *cred,
-		    struct socket *so, struct label *socketlabel);
+		    struct socket *so, struct label *solabel);
 typedef int	(*mpo_check_socket_receive_t)(struct ucred *cred,
-		    struct socket *so, struct label *socketlabel);
+		    struct socket *so, struct label *solabel);
 typedef int	(*mpo_check_socket_relabel_t)(struct ucred *cred,
-		    struct socket *so, struct label *socketlabel,
+		    struct socket *so, struct label *solabel,
 		    struct label *newlabel);
 typedef int	(*mpo_check_socket_send_t)(struct ucred *cred,
-		    struct socket *so, struct label *socketlabel);
+		    struct socket *so, struct label *solabel);
 typedef int	(*mpo_check_socket_stat_t)(struct ucred *cred,
-		    struct socket *so, struct label *socketlabel);
+		    struct socket *so, struct label *solabel);
 typedef int	(*mpo_check_socket_visible_t)(struct ucred *cred,
-		    struct socket *so, struct label *socketlabel);
+		    struct socket *so, struct label *solabel);
 typedef int	(*mpo_check_system_acct_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *vlabel);
+		    struct vnode *vp, struct label *vplabel);
 typedef int	(*mpo_check_system_audit_t)(struct ucred *cred, void *record,
 		    int length);
 typedef int	(*mpo_check_system_auditctl_t)(struct ucred *cred,
@ -511,101 +506,104 @@ typedef int	(*mpo_check_system_auditctl_t)(struct ucred *cred,
 typedef int	(*mpo_check_system_auditon_t)(struct ucred *cred, int cmd);
 typedef int	(*mpo_check_system_reboot_t)(struct ucred *cred, int howto);
 typedef int	(*mpo_check_system_swapon_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label);
+		    struct vnode *vp, struct label *vplabel);
 typedef int	(*mpo_check_system_swapoff_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label);
+		    struct vnode *vp, struct label *vplabel);
 typedef int	(*mpo_check_system_sysctl_t)(struct ucred *cred,
 		    struct sysctl_oid *oidp, void *arg1, int arg2,
 		    struct sysctl_req *req);
 typedef int	(*mpo_check_vnode_access_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, int acc_mode);
+		    struct vnode *vp, struct label *vplabel, int acc_mode);
 typedef int	(*mpo_check_vnode_chdir_t)(struct ucred *cred,
-		    struct vnode *dvp, struct label *dlabel);
+		    struct vnode *dvp, struct label *dvplabel);
 typedef int	(*mpo_check_vnode_chroot_t)(struct ucred *cred,
-		    struct vnode *dvp, struct label *dlabel);
+		    struct vnode *dvp, struct label *dvplabel);
 typedef int	(*mpo_check_vnode_create_t)(struct ucred *cred,
-		    struct vnode *dvp, struct label *dlabel,
+		    struct vnode *dvp, struct label *dvplabel,
 		    struct componentname *cnp, struct vattr *vap);
 typedef int	(*mpo_check_vnode_delete_t)(struct ucred *cred,
-		    struct vnode *dvp, struct label *dlabel,
+		    struct vnode *dvp, struct label *dvplabel,
-		    struct vnode *vp, struct label *label,
+		    struct vnode *vp, struct label *vplabel,
 		    struct componentname *cnp);
 typedef int	(*mpo_check_vnode_deleteacl_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, acl_type_t type);
+		    struct vnode *vp, struct label *vplabel,
 		    acl_type_t type);
 typedef int	(*mpo_check_vnode_deleteextattr_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, int attrnamespace,
+		    struct vnode *vp, struct label *vplabel,
-		    const char *name);
+		    int attrnamespace, const char *name);
 typedef int	(*mpo_check_vnode_exec_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label,
+		    struct vnode *vp, struct label *vplabel,
 		    struct image_params *imgp, struct label *execlabel);
 typedef int	(*mpo_check_vnode_getacl_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, acl_type_t type);
+		    struct vnode *vp, struct label *vplabel,
 		    acl_type_t type);
 typedef int	(*mpo_check_vnode_getextattr_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, int attrnamespace,
+		    struct vnode *vp, struct label *vplabel,
-		    const char *name, struct uio *uio);
+		    int attrnamespace, const char *name, struct uio *uio);
 typedef int	(*mpo_check_vnode_link_t)(struct ucred *cred,
-		    struct vnode *dvp, struct label *dlabel, struct vnode *vp,
+		    struct vnode *dvp, struct label *dvplabel,
-		    struct label *label, struct componentname *cnp);
+		    struct vnode *vp, struct label *vplabel,
 		    struct componentname *cnp);
 typedef int	(*mpo_check_vnode_listextattr_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label,
+		    struct vnode *vp, struct label *vplabel,
 		    int attrnamespace);
 typedef int	(*mpo_check_vnode_lookup_t)(struct ucred *cred,
-		    struct vnode *dvp, struct label *dlabel,
+		    struct vnode *dvp, struct label *dvplabel,
 		    struct componentname *cnp);
 typedef int	(*mpo_check_vnode_mmap_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *label, int prot,
 		    int flags);
 typedef void	(*mpo_check_vnode_mmap_downgrade_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, int *prot);
+		    struct vnode *vp, struct label *vplabel, int *prot);
 typedef int	(*mpo_check_vnode_mprotect_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, int prot);
+		    struct vnode *vp, struct label *vplabel, int prot);
 typedef int	(*mpo_check_vnode_open_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, int acc_mode);
+		    struct vnode *vp, struct label *vplabel, int acc_mode);
 typedef int	(*mpo_check_vnode_poll_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
-		    struct label *label);
+		    struct label *vplabel);
 typedef int	(*mpo_check_vnode_read_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
-		    struct label *label);
+		    struct label *vplabel);
 typedef int	(*mpo_check_vnode_readdir_t)(struct ucred *cred,
-		    struct vnode *dvp, struct label *dlabel);
+		    struct vnode *dvp, struct label *dvplabel);
 typedef int	(*mpo_check_vnode_readlink_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label);
+		    struct vnode *vp, struct label *vplabel);
 typedef int	(*mpo_check_vnode_relabel_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *vnodelabel,
+		    struct vnode *vp, struct label *vplabel,
 		    struct label *newlabel);
 typedef int	(*mpo_check_vnode_rename_from_t)(struct ucred *cred,
-		    struct vnode *dvp, struct label *dlabel,
+		    struct vnode *dvp, struct label *dvplabel,
-		    struct vnode *vp, struct label *label,
+		    struct vnode *vp, struct label *vplabel,
 		    struct componentname *cnp);
 typedef int	(*mpo_check_vnode_rename_to_t)(struct ucred *cred,
-		    struct vnode *dvp, struct label *dlabel,
+		    struct vnode *dvp, struct label *dvplabel,
-		    struct vnode *vp, struct label *label, int samedir,
+		    struct vnode *vp, struct label *vplabel, int samedir,
 		    struct componentname *cnp);
 typedef int	(*mpo_check_vnode_revoke_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label);
+		    struct vnode *vp, struct label *vplabel);
 typedef int	(*mpo_check_vnode_setacl_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, acl_type_t type,
+		    struct vnode *vp, struct label *vplabel, acl_type_t type,
 		    struct acl *acl);
 typedef int	(*mpo_check_vnode_setextattr_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, int attrnamespace,
+		    struct vnode *vp, struct label *vplabel,
-		    const char *name, struct uio *uio);
+		    int attrnamespace, const char *name, struct uio *uio);
 typedef int	(*mpo_check_vnode_setflags_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, u_long flags);
+		    struct vnode *vp, struct label *vplabel, u_long flags);
 typedef int	(*mpo_check_vnode_setmode_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, mode_t mode);
+		    struct vnode *vp, struct label *vplabel, mode_t mode);
 typedef int	(*mpo_check_vnode_setowner_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label, uid_t uid,
+		    struct vnode *vp, struct label *vplabel, uid_t uid,
 		    gid_t gid);
 typedef int	(*mpo_check_vnode_setutimes_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *label,
+		    struct vnode *vp, struct label *vplabel,
 		    struct timespec atime, struct timespec mtime);
 typedef int	(*mpo_check_vnode_stat_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
-		    struct label *label);
+		    struct label *vplabel);
 typedef int	(*mpo_check_vnode_write_t)(struct ucred *active_cred,
 		    struct ucred *file_cred, struct vnode *vp,
-		    struct label *label);
+		    struct label *vplabel);
 typedef void	(*mpo_associate_nfsd_label_t)(struct ucred *cred);
 typedef int	(*mpo_priv_check_t)(struct ucred *cred, int priv);
 typedef int	(*mpo_priv_grant_t)(struct ucred *cred, int priv);
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@ -446,163 +446,168 @@ mac_check_cred_relabel(struct ucred *cred, struct label *newlabel)
 }
 int
-mac_check_cred_visible(struct ucred *u1, struct ucred *u2)
+mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2)
 {
 	int error;
-	MAC_CHECK(check_cred_visible, u1, u2);
+	MAC_CHECK(check_cred_visible, cr1, cr2);
 	return (error);
 }
 int
-mac_check_proc_debug(struct ucred *cred, struct proc *proc)
+mac_check_proc_debug(struct ucred *cred, struct proc *p)
 {
 	int error;
-	PROC_LOCK_ASSERT(proc, MA_OWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
-	MAC_CHECK(check_proc_debug, cred, proc);
+	MAC_CHECK(check_proc_debug, cred, p);
 	return (error);
 }
 int
-mac_check_proc_sched(struct ucred *cred, struct proc *proc)
+mac_check_proc_sched(struct ucred *cred, struct proc *p)
 {
 	int error;
-	PROC_LOCK_ASSERT(proc, MA_OWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
-	MAC_CHECK(check_proc_sched, cred, proc);
+	MAC_CHECK(check_proc_sched, cred, p);
 	return (error);
 }
 int
-mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
+mac_check_proc_signal(struct ucred *cred, struct proc *p, int signum)
 {
 	int error;
-	PROC_LOCK_ASSERT(proc, MA_OWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
-	MAC_CHECK(check_proc_signal, cred, proc, signum);
+	MAC_CHECK(check_proc_signal, cred, p, signum);
 	return (error);
 }
 int
-mac_check_proc_setuid(struct proc *proc, struct ucred *cred, uid_t uid)
+mac_check_proc_setuid(struct proc *p, struct ucred *cred, uid_t uid)
 {
 	int error;
-	PROC_LOCK_ASSERT(proc, MA_OWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
 	MAC_CHECK(check_proc_setuid, cred, uid);
 	return (error);
 }
 int
-mac_check_proc_seteuid(struct proc *proc, struct ucred *cred, uid_t euid)
+mac_check_proc_seteuid(struct proc *p, struct ucred *cred, uid_t euid)
 {
 	int error;
-	PROC_LOCK_ASSERT(proc, MA_OWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
 	MAC_CHECK(check_proc_seteuid, cred, euid);
 	return (error);
 }
 int
-mac_check_proc_setgid(struct proc *proc, struct ucred *cred, gid_t gid)
+mac_check_proc_setgid(struct proc *p, struct ucred *cred, gid_t gid)
 {
 	int error;
-	PROC_LOCK_ASSERT(proc, MA_OWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
 	MAC_CHECK(check_proc_setgid, cred, gid);
 	return (error);
 }
 int
-mac_check_proc_setegid(struct proc *proc, struct ucred *cred, gid_t egid)
+mac_check_proc_setegid(struct proc *p, struct ucred *cred, gid_t egid)
 {
 	int error;
-	PROC_LOCK_ASSERT(proc, MA_OWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
 	MAC_CHECK(check_proc_setegid, cred, egid);
 	return (error);
 }
 int
-mac_check_proc_setgroups(struct proc *proc, struct ucred *cred,
+mac_check_proc_setgroups(struct proc *p, struct ucred *cred, int ngroups,
-	int ngroups, gid_t *gidset)
+    gid_t *gidset)
 {
 	int error;
-	PROC_LOCK_ASSERT(proc, MA_OWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
 	MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset);
 	return (error);
 }
 int
-mac_check_proc_setreuid(struct proc *proc, struct ucred *cred, uid_t ruid,
+mac_check_proc_setreuid(struct proc *p, struct ucred *cred, uid_t ruid,
-	uid_t euid)
+    uid_t euid)
 {
 	int error;
-	PROC_LOCK_ASSERT(proc, MA_OWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
 	MAC_CHECK(check_proc_setreuid, cred, ruid, euid);
 	return (error);
 }
 int
 mac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid,
-	gid_t egid)
+    gid_t egid)
 {
 	int error;
 	PROC_LOCK_ASSERT(proc, MA_OWNED);
 	MAC_CHECK(check_proc_setregid, cred, rgid, egid);
 	return (error);
 }
 int
-mac_check_proc_setresuid(struct proc *proc, struct ucred *cred, uid_t ruid,
+mac_check_proc_setresuid(struct proc *p, struct ucred *cred, uid_t ruid,
-	uid_t euid, uid_t suid)
+    uid_t euid, uid_t suid)
 {
 	int error;
-	PROC_LOCK_ASSERT(proc, MA_OWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
 	MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid);
 	return (error);
 }
 int
-mac_check_proc_setresgid(struct proc *proc, struct ucred *cred, gid_t rgid,
+mac_check_proc_setresgid(struct proc *p, struct ucred *cred, gid_t rgid,
-	gid_t egid, gid_t sgid)
+    gid_t egid, gid_t sgid)
 {
 	int error;
-	PROC_LOCK_ASSERT(proc, MA_OWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
 	MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid);
 	return (error);
 }
 int
-mac_check_proc_wait(struct ucred *cred, struct proc *proc)
+mac_check_proc_wait(struct ucred *cred, struct proc *p)
 {
 	int error;
-	PROC_LOCK_ASSERT(proc, MA_OWNED);
+	PROC_LOCK_ASSERT(p, MA_OWNED);
-	MAC_CHECK(check_proc_wait, cred, proc);
+	MAC_CHECK(check_proc_wait, cred, p);
 	return (error);
 }
--- a/sys/security/mac/mac_socket.c
+++ b/sys/security/mac/mac_socket.c
@ -155,13 +155,13 @@ mac_socket_peer_label_free(struct label *label)
 }
 void
-mac_destroy_socket(struct socket *socket)
+mac_destroy_socket(struct socket *so)
 {
-	mac_socket_label_free(socket->so_label);
+	mac_socket_label_free(so->so_label);
-	socket->so_label = NULL;
+	so->so_label = NULL;
-	mac_socket_peer_label_free(socket->so_peerlabel);
+	mac_socket_peer_label_free(so->so_peerlabel);
-	socket->so_peerlabel = NULL;
+	so->so_peerlabel = NULL;
 }
 void
@ -204,47 +204,47 @@ mac_internalize_socket_label(struct label *label, char *string)
 }
 void
-mac_create_socket(struct ucred *cred, struct socket *socket)
+mac_create_socket(struct ucred *cred, struct socket *so)
 {
-	MAC_PERFORM(create_socket, cred, socket, socket->so_label);
+	MAC_PERFORM(create_socket, cred, so, so->so_label);
 }
 void
-mac_create_socket_from_socket(struct socket *oldsocket,
+mac_create_socket_from_socket(struct socket *oldso, struct socket *newso)
    struct socket *newsocket)
 {
-	SOCK_LOCK_ASSERT(oldsocket);
+	SOCK_LOCK_ASSERT(oldso);
-	MAC_PERFORM(create_socket_from_socket, oldsocket, oldsocket->so_label,
+
-	    newsocket, newsocket->so_label);
+	MAC_PERFORM(create_socket_from_socket, oldso, oldso->so_label, newso,
 	    newso->so_label);
 }
 static void
-mac_relabel_socket(struct ucred *cred, struct socket *socket,
+mac_relabel_socket(struct ucred *cred, struct socket *so,
    struct label *newlabel)
 {
-	SOCK_LOCK_ASSERT(socket);
+	SOCK_LOCK_ASSERT(so);
-	MAC_PERFORM(relabel_socket, cred, socket, socket->so_label, newlabel);
+
 	MAC_PERFORM(relabel_socket, cred, so, so->so_label, newlabel);
 }
 void
-mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket)
+mac_set_socket_peer_from_mbuf(struct mbuf *m, struct socket *so)
 {
 	struct label *label;
-	SOCK_LOCK_ASSERT(socket);
+	SOCK_LOCK_ASSERT(so);
-	label = mac_mbuf_to_label(mbuf);
+	label = mac_mbuf_to_label(m);
-	MAC_PERFORM(set_socket_peer_from_mbuf, mbuf, label, socket,
+	MAC_PERFORM(set_socket_peer_from_mbuf, m, label, so,
-	    socket->so_peerlabel);
+	    so->so_peerlabel);
 }
 void
-mac_set_socket_peer_from_socket(struct socket *oldsocket,
+mac_set_socket_peer_from_socket(struct socket *oldso, struct socket *newso)
    struct socket *newsocket)
 {
 	/*
@ -252,97 +252,94 @@ mac_set_socket_peer_from_socket(struct socket *oldsocket,
 	 * is the original, and one is the new.  However, it's called in both
 	 * directions, so we can't assert the lock here currently.
 	 */
-	MAC_PERFORM(set_socket_peer_from_socket, oldsocket,
+	MAC_PERFORM(set_socket_peer_from_socket, oldso, oldso->so_label,
-	    oldsocket->so_label, newsocket, newsocket->so_peerlabel);
+	    newso, newso->so_peerlabel);
 }
 void
-mac_create_mbuf_from_socket(struct socket *socket, struct mbuf *mbuf)
+mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m)
 {
 	struct label *label;
-	label = mac_mbuf_to_label(mbuf);
+	SOCK_LOCK_ASSERT(so);
-	SOCK_LOCK_ASSERT(socket);
+	label = mac_mbuf_to_label(m);
-	MAC_PERFORM(create_mbuf_from_socket, socket, socket->so_label, mbuf,
+
-	    label);
+	MAC_PERFORM(create_mbuf_from_socket, so, so->so_label, m, label);
 }
 int
-mac_check_socket_accept(struct ucred *cred, struct socket *socket)
+mac_check_socket_accept(struct ucred *cred, struct socket *so)
 {
 	int error;
-	SOCK_LOCK_ASSERT(socket);
+	SOCK_LOCK_ASSERT(so);
-	MAC_CHECK(check_socket_accept, cred, socket, socket->so_label);
+	MAC_CHECK(check_socket_accept, cred, so, so->so_label);
 	return (error);
 }
 int
-mac_check_socket_bind(struct ucred *ucred, struct socket *socket,
+mac_check_socket_bind(struct ucred *ucred, struct socket *so,
-    struct sockaddr *sockaddr)
+    struct sockaddr *sa)
 {
 	int error;
-	SOCK_LOCK_ASSERT(socket);
+	SOCK_LOCK_ASSERT(so);
-	MAC_CHECK(check_socket_bind, ucred, socket, socket->so_label,
+	MAC_CHECK(check_socket_bind, ucred, so, so->so_label, sa);
 	    sockaddr);
 	return (error);
 }
 int
-mac_check_socket_connect(struct ucred *cred, struct socket *socket,
+mac_check_socket_connect(struct ucred *cred, struct socket *so,
-    struct sockaddr *sockaddr)
+    struct sockaddr *sa)
 {
 	int error;
-	SOCK_LOCK_ASSERT(socket);
+	SOCK_LOCK_ASSERT(so);
-	MAC_CHECK(check_socket_connect, cred, socket, socket->so_label,
+	MAC_CHECK(check_socket_connect, cred, so, so->so_label, sa);
 	    sockaddr);
 	return (error);
 }
 int
-mac_check_socket_create(struct ucred *cred, int domain, int type,
+mac_check_socket_create(struct ucred *cred, int domain, int type, int proto)
    int protocol)
 {
 	int error;
-	MAC_CHECK(check_socket_create, cred, domain, type, protocol);
+	MAC_CHECK(check_socket_create, cred, domain, type, proto);
 	return (error);
 }
 int
-mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf)
+mac_check_socket_deliver(struct socket *so, struct mbuf *m)
 {
 	struct label *label;
 	int error;
-	SOCK_LOCK_ASSERT(socket);
+	SOCK_LOCK_ASSERT(so);
-	label = mac_mbuf_to_label(mbuf);
+	label = mac_mbuf_to_label(m);
-	MAC_CHECK(check_socket_deliver, socket, socket->so_label, mbuf,
+	MAC_CHECK(check_socket_deliver, so, so->so_label, m, label);
 	    label);
 	return (error);
 }
 int
-mac_check_socket_listen(struct ucred *cred, struct socket *socket)
+mac_check_socket_listen(struct ucred *cred, struct socket *so)
 {
 	int error;
-	SOCK_LOCK_ASSERT(socket);
+	SOCK_LOCK_ASSERT(so);
 	MAC_CHECK(check_socket_listen, cred, so, so->so_label);
 	MAC_CHECK(check_socket_listen, cred, socket, socket->so_label);
 	return (error);
 }
@ -354,6 +351,7 @@ mac_check_socket_poll(struct ucred *cred, struct socket *so)
 	SOCK_LOCK_ASSERT(so);
 	MAC_CHECK(check_socket_poll, cred, so, so->so_label);
 	return (error);
 }
@ -370,15 +368,14 @@ mac_check_socket_receive(struct ucred *cred, struct socket *so)
 }
 static int
-mac_check_socket_relabel(struct ucred *cred, struct socket *socket,
+mac_check_socket_relabel(struct ucred *cred, struct socket *so,
    struct label *newlabel)
 {
 	int error;
-	SOCK_LOCK_ASSERT(socket);
+	SOCK_LOCK_ASSERT(so);
-	MAC_CHECK(check_socket_relabel, cred, socket, socket->so_label,
+	MAC_CHECK(check_socket_relabel, cred, so, so->so_label, newlabel);
 	    newlabel);
 	return (error);
 }
@ -408,13 +405,13 @@ mac_check_socket_stat(struct ucred *cred, struct socket *so)
 }
 int
-mac_check_socket_visible(struct ucred *cred, struct socket *socket)
+mac_check_socket_visible(struct ucred *cred, struct socket *so)
 {
 	int error;
-	SOCK_LOCK_ASSERT(socket);
+	SOCK_LOCK_ASSERT(so);
-	MAC_CHECK(check_socket_visible, cred, socket, socket->so_label);
+	MAC_CHECK(check_socket_visible, cred, so, so->so_label);
 	return (error);
 }
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2002, 2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2002-2003 Networks Associates Technology, Inc.
 * Copyright (c) 2007 Robert N. M. Watson
 * All rights reserved.
 *