16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
151   space for policy-specific data.  In most cases, it is permitted to
152   sleep during label initialization operations; it will be noted when
153   it is not permitted.
157   creation, where a label is made specific to the object it is associated
248   storage associated with the label so that it may be destroyed.
319   @warning Even if a policy returns 0, it should behave correctly in
430   storage associated with the label so that it may be destroyed.
627   with the label so that it may be destroyed.
928  label so that it may be destroyed.
1014  label so that it may be destroyed.
1146  label so that it may be destroyed.
1166   rather than destroy the inpcb as it will be reused later.
1308  label so that it may be destroyed.
1509  Label an mbuf based on the interface from which it was received.
1524  Label an mbuf based on the inpcb from which it was derived.
1540   fragment reassembly queue (ipq) from which it was generated.
1576  generated from the existing passed datagram when it is processed
1614   When an application sends data to a socket or a pipe, it is wrapped
1647   internal storage associated with the label so that it may be
1660   @warning Since it is possible for the flags to be set to
1848   internal storage associated with the label so that it may be
1886   or are read-only (such as CD-ROMs), it is often necessary to store
2136   label so that it may be destroyed.
2251   Since the kernel BSD services are not yet available, it is possible
2300   it should call the necessary signal access control checks to invoke
2472   recipient); it does not actually inhibit the message from being sent or
2618   @param it Task label of issuer
2628 	struct label *it,
2672   with the label so that it may be destroyed.
2709   Label a kernel port based on the type of object behind it. The
2712   mpo_port_label_associate_kernel, or because it is a task port and has a label
2828   associated with the label so that it may be destroyed.
2977   internal storage associated with the label so that it may be
3016  MAC policy it would not be able to perform.  Privileged operations are
3021  credential, this hook raises the privilege of a credential when it
3319   associated with the label so that it may be destroyed.
3333   store a label in the process structure until it is safe to update
3440   on the wire, it eventually gets deposited into this queue, which the
3450   the remote if the check rejects it.  Placing the check after the counters
3461   For example, one options is to sanitize the mbuf such that it is acceptable,
3462   then accept it.  That may require negotiation between policies as the
3715   with the label so that it may be destroyed.
3750   call.  It it not always safe to sleep during this entry point.
3752   @warning Since it is possible for the waitok flags to be set to
3816   @warning Because this can affect performance significantly, it has
3819   clobbering existing values.  In this case, it is too inefficient to
3821   Instead, it is up to the policies to determine how to replace the label data.
3841   Note that this call is only made on connection; it is currently not updated
3856   with the label so that it may be destroyed.
3891   initialization call.  It it not always safe to sleep during this
3894   @warning Since it is possible for the waitok flags to be set to
4145   associated with the label so that it may be destroyed.
4253   and it is a public queue, this check will be performed before the
4316   associated with the label so that it may be destroyed.
4424   associated with the label so that it may be destroyed.
4549   internal storage associated with the label so that it may be
4617  that it is untrusted (eg unidentified / modified code).
4636   If there is an associated BSD process structure, it will be labelled
4682   with the label so that it may be destroyed.
4790   storage associated with the label so that it may be destroyed.
5652   extended attribute, sometimes it is acceptible to fallback to using
5655   If the policy requires vnodes to have a valid label elsewhere it
5806   label so that it may be destroyed.
5860   vnode label.  While it is necessary to allocate space for a
5861   kernel-resident vnode label, it is not yet necessary to link this vnode
5939   name.  If it does, the kernel is has either replaced or removed the
5947   it cannot return a failure.  However, the operation is preceded by

Indexes created Wed Sep 11 23:09:49 MDT 2024