From 8425ae1208391ffa963ca1ee0a309dc11c356be1 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Wed, 20 Dec 2006 23:41:59 +0000 Subject: [PATCH] Comment LABEL_TO_SLOT() macro, including observing that we'd like to improve this policy API to avoid encoding struct label binary layout in policy modules. Obtained from: TrustedBSD Project --- sys/security/mac/mac_policy.h | 8 ++++++++ sys/sys/mac_policy.h | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index e75a1e3fc348..62ebfcba6aba 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -948,6 +948,14 @@ struct mac_policy_conf { int mac_policy_modevent(module_t mod, int type, void *data); +/* + * Policy interface to map a struct label pointer to per-policy data. + * Typically, policies wrap this in their own accessor macro that casts a + * void pointer to a policy-specific data type. + * + * XXXRW: It might be preferable to provide get/set methods via functions to + * avoid encoding the struct label layout in compiled modules. + */ #define LABEL_TO_SLOT(l, s) (l)->l_perpolicy[s] #endif /* !_SYS_MAC_POLICY_H_ */ diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h index e75a1e3fc348..62ebfcba6aba 100644 --- a/sys/sys/mac_policy.h +++ b/sys/sys/mac_policy.h @@ -948,6 +948,14 @@ struct mac_policy_conf { int mac_policy_modevent(module_t mod, int type, void *data); +/* + * Policy interface to map a struct label pointer to per-policy data. + * Typically, policies wrap this in their own accessor macro that casts a + * void pointer to a policy-specific data type. + * + * XXXRW: It might be preferable to provide get/set methods via functions to + * avoid encoding the struct label layout in compiled modules. + */ #define LABEL_TO_SLOT(l, s) (l)->l_perpolicy[s] #endif /* !_SYS_MAC_POLICY_H_ */