- Break out many of the paragraphs in the "Kernel Architecture" section

of the MAC Framework chapter of the Developer's Handbook into their
  own <sect2> sections.

- Re-order the Policy Elements sect2 to the end of the section since
  most of the remainder of the subsections talk about parts of the
  Framework, not module structure.

- Add text relating to the support for persistent labeling using
  extended attributes on supporting file systems.

- Add concurrency/synchronization primitives to the list of framework
  elements.

This section needs more work, and will probably grow sub-sections on
most of the major elements in the element list.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

en_US.ISO8859-1/books/arch-handbook/mac/chapter.sgml

@@ -168,11 +168,17 @@
       access control modules.  If multiple policies are
       simultaneously loaded, the MAC Framework will usefully (for
       some definition of useful) compose the results of the
-      policies.  The MAC Framework contains a number of kernel
-      elements:</para>
+      policies.</para>
+
+    <sect2 id="mac-kernel-arch-elements">
+      <title>MAC Framework Kernel Elements</title>
+
+      <para>The MAC Framework contains a number of kernel elements:</para>
 
       <itemizedlist>
 	<listitem><para>Framework management interfaces</para></listitem>
+	<listitem><para>Concurrency and synchronizatoin management
+	  primitives.</para></listitem>
 	<listitem><para>Policy registration and management</para></listitem>
 	<listitem><para>Extensible security label for kernel
 	  objects</para></listitem>
@@ -192,30 +198,74 @@
 	<listitem><para>Various security policies implemented as MAC
 	  policy modules</para></listitem>
       </itemizedlist>
+    </sect2>
 
-    <para>Kernel services interact with the MAC Framework in two ways:
-      they invoke a series of APIs to notify the framework of relevant
-      events, and they a policy-agnostic label structure in
-      security-relevent objects.  This label structure is maintained by
-      the MAC Framework via label management entry points, and permits
-      the Framework to offer a labeling service to policy modules
-      through relatively uninvasive changes to the kernel subsystem
-      maintaining the object.  For example, label structures have been
-      added to processes, process credentials, sockets, pipes, vnodes,
-      mbufs, network interfaces, IP reassembly queues, and a variety
-      of other security-relevant structures.  Kernel services also
-      invoke the MAC Framework when they perform important security
-      decisions, permitting policy modules to augment those decisions
-      based on their own criteria (possibly including data stored in
-      security labels).</para>
+    <sect2 id="mac-kernel-arch-entrypoints">
+      <title>MAC Framework Entry Points</title>
 
-    <para>Security policies are either linked directly into the kernel,
-      or compiled into loadable kernel modules that may be loaded at
-      boot, or dynamically using the module loading system calls at
-      runtime.  Policy modules interact with the system through a
-      set of declared entry points, providing access to a stream of
-      system events and permitting the policy to influence access
-      control decisions.  Each policy contains a number of elements:</para>
+      <para>Kernel services interact with the MAC Framework in two ways:
+	they invoke a series of APIs to notify the framework of relevant
+	events, and they a policy-agnostic label structure in
+	security-relevent objects.  This label structure is maintained by
+	the MAC Framework via label management entry points, and permits
+	the Framework to offer a labeling service to policy modules
+	through relatively uninvasive changes to the kernel subsystem
+	maintaining the object.  For example, label structures have been
+	added to processes, process credentials, sockets, pipes, vnodes,
+	mbufs, network interfaces, IP reassembly queues, and a variety
+	of other security-relevant structures.  Kernel services also
+	invoke the MAC Framework when they perform important security
+	decisions, permitting policy modules to augment those decisions
+	based on their own criteria (possibly including data stored in
+	security labels).</para>
+    </sect2>
+
+    <sect2 id="mac-kernel-arch-composition">
+      <title>MAC Framework Policy Composition</title>
+
+      <para>When more than one policy module is loaded into the kernel
+	at a time, the results of the policy modules will be composed
+	by the framework using a composition operator.  This operator
+	is currently hard-coded, and requires that all active policies
+	must approve a request for it to occur.  As policies may
+	return a variety of error conditions (success, access denied,
+	object doesn't exist, ...), a precedence operator selects the
+	resulting error from the set of errors returned by policies.
+	While it is not guaranteed that the resulting composition will
+	be useful or secure, we've found that it is for many useful
+	selections of policies.</para>
+    </sect2>
+
+    <sect2 id="mac-kernel-arch-labels">
+      <title>MAC Framework Labeling Support</title>
+
+      <para>As many interesting access control extensions rely on
+	security labels on objects, the MAC Framework provides a set
+	of policy-agnostic label management system calls covering
+	a variety of user-exposed objects.  Common label types
+	include partition identifiers, sensitivity labels, integrity
+	labels, compartments, domains, roles, and types.  Policy
+	modules participate in the internalization and externalization
+	of string-based labels provides by user applications, and can
+	expose multiple label elements to applications if desired.</para>
+
+      <para>In the case of file system labels, special support is
+	provided for the persistent storage of security labels in
+	extended attributes.  Where available, EA transactions
+	are used to permit consistent compound updates of
+	security labels on vnodes.</para>
+    </sect2>
+
+    <sect2 id="mac-kernel-arch-policy-elements">
+      <title>MAC Framework Policy Elements</title>
+
+      <para>Security policies are either linked directly into the kernel,
+	or compiled into loadable kernel modules that may be loaded at
+	boot, or dynamically using the module loading system calls at
+	runtime.  Policy modules interact with the system through a
+	set of declared entry points, providing access to a stream of
+	system events and permitting the policy to influence access
+	control decisions.  Each policy contains a number of elements:</para>
 
       <itemizedlist>
 	<listitem><para>Optional configuration parameters for
@@ -233,28 +283,8 @@
 	<listitem><para>Declaration of poicy identity, module entry
 	  points, and policy properties.</para></listitem>
       </itemizedlist>
+    </sect2>
 
-    <para>When more than one policy module is loaded into the kernel
-      at a time, the results of the policy modules will be composed
-      by the framework using a composition operator.  This operator
-      is currently hard-coded, and requires that all active policies
-      must approve a request for it to occur.  As policies may
-      return a variety of error conditions (success, access denied,
-      object doesn't exist, ...), a precedence operator selects the
-      resulting error from the set of errors returned by policies.
-      While it is not guaranteed that the resulting composition will
-      be useful or secure, we've found that it is for many useful
-      selections of policies.</para>
-
-    <para>As many interesting access control extensions rely on
-      security labels on objects, the MAC Framework provides a set
-      of policy-agnostic label management system calls covering
-      a variety of user-exposed objects.  Common label types
-      include partition identifiers, sensitivity labels, integrity
-      labels, compartments, domains, roles, and types.  Policy
-      modules participate in the internalization and externalization
-      of string-based labels provides by user applications, and can
-      expose multiple label elements to applications if desired.</para>
   </sect1>
 
   <sect1 id="mac-userland-arch">

en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml

@@ -168,11 +168,17 @@
       access control modules.  If multiple policies are
       simultaneously loaded, the MAC Framework will usefully (for
       some definition of useful) compose the results of the
-      policies.  The MAC Framework contains a number of kernel
-      elements:</para>
+      policies.</para>
+
+    <sect2 id="mac-kernel-arch-elements">
+      <title>MAC Framework Kernel Elements</title>
+
+      <para>The MAC Framework contains a number of kernel elements:</para>
 
       <itemizedlist>
 	<listitem><para>Framework management interfaces</para></listitem>
+	<listitem><para>Concurrency and synchronizatoin management
+	  primitives.</para></listitem>
 	<listitem><para>Policy registration and management</para></listitem>
 	<listitem><para>Extensible security label for kernel
 	  objects</para></listitem>
@@ -192,30 +198,74 @@
 	<listitem><para>Various security policies implemented as MAC
 	  policy modules</para></listitem>
       </itemizedlist>
+    </sect2>
 
-    <para>Kernel services interact with the MAC Framework in two ways:
-      they invoke a series of APIs to notify the framework of relevant
-      events, and they a policy-agnostic label structure in
-      security-relevent objects.  This label structure is maintained by
-      the MAC Framework via label management entry points, and permits
-      the Framework to offer a labeling service to policy modules
-      through relatively uninvasive changes to the kernel subsystem
-      maintaining the object.  For example, label structures have been
-      added to processes, process credentials, sockets, pipes, vnodes,
-      mbufs, network interfaces, IP reassembly queues, and a variety
-      of other security-relevant structures.  Kernel services also
-      invoke the MAC Framework when they perform important security
-      decisions, permitting policy modules to augment those decisions
-      based on their own criteria (possibly including data stored in
-      security labels).</para>
+    <sect2 id="mac-kernel-arch-entrypoints">
+      <title>MAC Framework Entry Points</title>
 
-    <para>Security policies are either linked directly into the kernel,
-      or compiled into loadable kernel modules that may be loaded at
-      boot, or dynamically using the module loading system calls at
-      runtime.  Policy modules interact with the system through a
-      set of declared entry points, providing access to a stream of
-      system events and permitting the policy to influence access
-      control decisions.  Each policy contains a number of elements:</para>
+      <para>Kernel services interact with the MAC Framework in two ways:
+	they invoke a series of APIs to notify the framework of relevant
+	events, and they a policy-agnostic label structure in
+	security-relevent objects.  This label structure is maintained by
+	the MAC Framework via label management entry points, and permits
+	the Framework to offer a labeling service to policy modules
+	through relatively uninvasive changes to the kernel subsystem
+	maintaining the object.  For example, label structures have been
+	added to processes, process credentials, sockets, pipes, vnodes,
+	mbufs, network interfaces, IP reassembly queues, and a variety
+	of other security-relevant structures.  Kernel services also
+	invoke the MAC Framework when they perform important security
+	decisions, permitting policy modules to augment those decisions
+	based on their own criteria (possibly including data stored in
+	security labels).</para>
+    </sect2>
+
+    <sect2 id="mac-kernel-arch-composition">
+      <title>MAC Framework Policy Composition</title>
+
+      <para>When more than one policy module is loaded into the kernel
+	at a time, the results of the policy modules will be composed
+	by the framework using a composition operator.  This operator
+	is currently hard-coded, and requires that all active policies
+	must approve a request for it to occur.  As policies may
+	return a variety of error conditions (success, access denied,
+	object doesn't exist, ...), a precedence operator selects the
+	resulting error from the set of errors returned by policies.
+	While it is not guaranteed that the resulting composition will
+	be useful or secure, we've found that it is for many useful
+	selections of policies.</para>
+    </sect2>
+
+    <sect2 id="mac-kernel-arch-labels">
+      <title>MAC Framework Labeling Support</title>
+
+      <para>As many interesting access control extensions rely on
+	security labels on objects, the MAC Framework provides a set
+	of policy-agnostic label management system calls covering
+	a variety of user-exposed objects.  Common label types
+	include partition identifiers, sensitivity labels, integrity
+	labels, compartments, domains, roles, and types.  Policy
+	modules participate in the internalization and externalization
+	of string-based labels provides by user applications, and can
+	expose multiple label elements to applications if desired.</para>
+
+      <para>In the case of file system labels, special support is
+	provided for the persistent storage of security labels in
+	extended attributes.  Where available, EA transactions
+	are used to permit consistent compound updates of
+	security labels on vnodes.</para>
+    </sect2>
+
+    <sect2 id="mac-kernel-arch-policy-elements">
+      <title>MAC Framework Policy Elements</title>
+
+      <para>Security policies are either linked directly into the kernel,
+	or compiled into loadable kernel modules that may be loaded at
+	boot, or dynamically using the module loading system calls at
+	runtime.  Policy modules interact with the system through a
+	set of declared entry points, providing access to a stream of
+	system events and permitting the policy to influence access
+	control decisions.  Each policy contains a number of elements:</para>
 
       <itemizedlist>
 	<listitem><para>Optional configuration parameters for
@@ -233,28 +283,8 @@
 	<listitem><para>Declaration of poicy identity, module entry
 	  points, and policy properties.</para></listitem>
       </itemizedlist>
+    </sect2>
 
-    <para>When more than one policy module is loaded into the kernel
-      at a time, the results of the policy modules will be composed
-      by the framework using a composition operator.  This operator
-      is currently hard-coded, and requires that all active policies
-      must approve a request for it to occur.  As policies may
-      return a variety of error conditions (success, access denied,
-      object doesn't exist, ...), a precedence operator selects the
-      resulting error from the set of errors returned by policies.
-      While it is not guaranteed that the resulting composition will
-      be useful or secure, we've found that it is for many useful
-      selections of policies.</para>
-
-    <para>As many interesting access control extensions rely on
-      security labels on objects, the MAC Framework provides a set
-      of policy-agnostic label management system calls covering
-      a variety of user-exposed objects.  Common label types
-      include partition identifiers, sensitivity labels, integrity
-      labels, compartments, domains, roles, and types.  Policy
-      modules participate in the internalization and externalization
-      of string-based labels provides by user applications, and can
-      expose multiple label elements to applications if desired.</para>
   </sect1>
 
   <sect1 id="mac-userland-arch">