MAC Framework KPI changes on the way in 8-CURRENT

[Robert Watson]

Dear all,

Per prior e-mail on trustedbsd-discuss (a rather long time ago) I'll be 
introducing a set of interface changes for the TrustedBSD MAC Framework in 
8-CURRENT.  These synchronize the MAC Framework KPI, at least to some extent, 
with the MAC Framework in Mac OS X, and is based on cleanup work I did for 
SPARTA a year or two ago.  It will require updating all policy modules, 
although source updates can be performed mechanically with a set of regexp's 
in most cases.  All policies shipped with the base OS will be update as part 
of the commits.  It will go in in a couple of phases, beginning with 
normalizing entry point names.

I'll post regexp's to trustedbsd-discuss in a few days once it's all sorted 
through.  I realize this is somewhat disruptive for policy maintainers, and 
apologize with that.  However, the new naming scheme is both significantly 
more sensible than the old one (which was evolved rather than designed), and 
also will allow us to more easily make use of Mac OS X security policy modules 
that may be made available as open source.  If you are a policy maintainer and 
have any trouble getting over the bump, please let me know and I'll be happy 
to lend a hand.  I had hoped to get these changes in for 7.x, but due to some 
rather unfortunate timing of things outside the FreeBSD world, that was not 
possible.

This will be, FYI, version 4 of the MAC Framework ABI/API in FreeBSD. 
Policies compiled against the old version will be rejected by the kernel at 
load-time.

Robert N M Watson
Computer Laboratory
University of Cambridge