Move to C99 sparse structure initialization for the mac_policy_ops

structure definition, rather than using an operation vector
we translate into the structure.  Originally, we used a vector
for two reasons:

(1) We wanted to define the structure sparsely, which wasn't
    supported by the C compiler for structures.  For a policy
    with five entry points, you don't want to have to stick in
    a few hundred NULL function pointers.

(2) We thought it would improve ABI compatibility allowing modules
    to work with kernels that had a superset of the entry points
    defined in the module, even if the kernel had changed its
    entry point set.

Both of these no longer apply:

(1) C99 gives us a way to sparsely define a static structure.

(2) The ABI problems existed anyway, due to enumeration numbers,
    argument changes, and semantic mismatches.  Since the going
    rule for FreeBSD is that you really need your modules to
    pretty closely match your kernel, it's not worth the
    complexity.

This submit eliminates the operation vector, dynamic allocation
of the operation structure, copying of the vector to the
structure, and redoes the vectors in each policy to direct
structure definitions.  One enourmous benefit of this change
is that we now get decent type checking on policy entry point
implementation arguments.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

1 files changed, 17 insertions, 33 deletions

diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c
index 6636bef67b53..c1167ea59b02 100644
--- a/sys/security/mac_partition/mac_partition.c
+++ b/sys/security/mac_partition/mac_partition.c
@@ -249,40 +249,24 @@ mac_partition_check_socket_visible(struct ucred *cred, struct socket *socket,
 	return (error ? ENOENT : 0);
 }
 
-static struct mac_policy_op_entry mac_partition_ops[] =
+static struct mac_policy_ops mac_partition_ops =
 {
-	{ MAC_INIT,
-	    (macop_t)mac_partition_init },
-	{ MAC_INIT_CRED_LABEL,
-	    (macop_t)mac_partition_init_label },
-	{ MAC_DESTROY_CRED_LABEL,
-	    (macop_t)mac_partition_destroy_label },
-	{ MAC_EXTERNALIZE_CRED_LABEL,
-	    (macop_t)mac_partition_externalize_label },
-	{ MAC_INTERNALIZE_CRED_LABEL,
-	    (macop_t)mac_partition_internalize_label },
-	{ MAC_CREATE_CRED,
-	    (macop_t)mac_partition_create_cred },
-	{ MAC_CREATE_PROC0,
-	    (macop_t)mac_partition_create_proc0 },
-	{ MAC_CREATE_PROC1,
-	    (macop_t)mac_partition_create_proc1 },
-	{ MAC_RELABEL_CRED,
-	    (macop_t)mac_partition_relabel_cred },
-	{ MAC_CHECK_CRED_RELABEL,
-	    (macop_t)mac_partition_check_cred_relabel },
-	{ MAC_CHECK_CRED_VISIBLE,
-	    (macop_t)mac_partition_check_cred_visible },
-	{ MAC_CHECK_PROC_DEBUG,
-	    (macop_t)mac_partition_check_proc_debug },
-	{ MAC_CHECK_PROC_SCHED,
-	    (macop_t)mac_partition_check_proc_sched },
-	{ MAC_CHECK_PROC_SIGNAL,
-	    (macop_t)mac_partition_check_proc_signal },
-	{ MAC_CHECK_SOCKET_VISIBLE,
-	    (macop_t)mac_partition_check_socket_visible },
-	{ MAC_OP_LAST, NULL }
+	.mpo_init = mac_partition_init,
+	.mpo_init_cred_label = mac_partition_init_label,
+	.mpo_destroy_cred_label = mac_partition_destroy_label,
+	.mpo_externalize_cred_label = mac_partition_externalize_label,
+	.mpo_internalize_cred_label = mac_partition_internalize_label,
+	.mpo_create_cred = mac_partition_create_cred,
+	.mpo_create_proc0 = mac_partition_create_proc0,
+	.mpo_create_proc1 = mac_partition_create_proc1,
+	.mpo_relabel_cred = mac_partition_relabel_cred,
+	.mpo_check_cred_relabel = mac_partition_check_cred_relabel,
+	.mpo_check_cred_visible = mac_partition_check_cred_visible,
+	.mpo_check_proc_debug = mac_partition_check_proc_debug,
+	.mpo_check_proc_sched = mac_partition_check_proc_sched,
+	.mpo_check_proc_signal = mac_partition_check_proc_signal,
+	.mpo_check_socket_visible = mac_partition_check_socket_visible,
 };
 
-MAC_POLICY_SET(mac_partition_ops, trustedbsd_mac_partition,
+MAC_POLICY_SET(&mac_partition_ops, trustedbsd_mac_partition,
     "TrustedBSD MAC/Partition", MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot);