First page Back Continue Last page Overview Graphics
A Bit About Labels
Policy requirements for labeling vary
- Type of the label (int, structure, reference-counted structure, ...)
- Subjects/objects that are labeled
Framework is label type agnostic
- 'struct label' consists of a fixed-size array of union {long, void*} which may be allocated and managed by policies
- Policies have access to initialization and destruction events for objects
- mac_vnode_init(), mac_vnode_destroy(), ...