Introduce support for Mandatory Access Control and extensible

kernel access control.

Document the kernel side of the MAC policy architecture.  This
is a little out of date at the moment.  Some parts to be filled
in as things are developed, and much is subject to change.  It
will, however, give developers a good idea of how things work.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

en_US.ISO8859-1/books/arch-handbook/Makefile

@@ -36,6 +36,7 @@ SRCS+= kerneldebug/chapter.sgml
 SRCS+= kobj/chapter.sgml
 SRCS+= l10n/chapter.sgml
 SRCS+= locking/chapter.sgml
+SRCS+= mac/chapter.sgml
 SRCS+= pci/chapter.sgml
 SRCS+= policies/chapter.sgml
 SRCS+= scsi/chapter.sgml

en_US.ISO8859-1/books/arch-handbook/book.sgml

@@ -10,6 +10,7 @@
 <!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN">
 %man;
 <!ENTITY % chapters SYSTEM "chapters.ent"> %chapters;
+<!ENTITY % mac-entities SYSTEM "mac.ent"> %mac-entities;
 <!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN"> %authors
 <!ENTITY % mailing-lists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN"> %mailing-lists;
 <!ENTITY % chap.index "IGNORE">
@@ -85,6 +86,7 @@
     &chap.kobj;
     &chap.jail;
     &chap.sysinit;
+    &chap.mac;
     &chap.vm;
     &chap.dma;
     &chap.kerneldebug;

en_US.ISO8859-1/books/arch-handbook/chapters.ent

@@ -29,6 +29,7 @@
 <!ENTITY chap.dma			SYSTEM "dma/chapter.sgml">
 <!ENTITY chap.kerneldebug		SYSTEM "kerneldebug/chapter.sgml">
 <!ENTITY chap.jail			SYSTEM "jail/chapter.sgml">
+<!ENTITY chap.mac			SYSTEM "mac/chapter.sgml">
 
 <!-- Part four - Device Drivers -->
 <!ENTITY chap.driverbasics		SYSTEM "driverbasics/chapter.sgml">

en_US.ISO8859-1/books/arch-handbook/mac.ent

@@ -0,0 +1,18 @@
+<!--
+    $FreeBSD$
+ -->
+
+<!ENTITY mac.mpo "mpo">
+<!ENTITY mac.thead '
+  <colspec colname="first" colwidth="0">
+  <colspec colwidth="0">
+  <colspec colname="last" colwidth="0">
+
+  <thead>
+    <row>
+      <entry>Parameter</entry>
+      <entry>Description</entry>
+      <entry>Locking</entry>
+    </row>
+  </thead>
+'>

en_US.ISO8859-1/books/developers-handbook/Makefile

@@ -36,6 +36,7 @@ SRCS+= kerneldebug/chapter.sgml
 SRCS+= kobj/chapter.sgml
 SRCS+= l10n/chapter.sgml
 SRCS+= locking/chapter.sgml
+SRCS+= mac/chapter.sgml
 SRCS+= pci/chapter.sgml
 SRCS+= policies/chapter.sgml
 SRCS+= scsi/chapter.sgml

en_US.ISO8859-1/books/developers-handbook/book.sgml

@@ -10,6 +10,7 @@
 <!ENTITY % man PUBLIC "-//FreeBSD//ENTITIES DocBook Manual Page Entities//EN">
 %man;
 <!ENTITY % chapters SYSTEM "chapters.ent"> %chapters;
+<!ENTITY % mac-entities SYSTEM "mac.ent"> %mac-entities;
 <!ENTITY % authors PUBLIC "-//FreeBSD//ENTITIES DocBook Author Entities//EN"> %authors
 <!ENTITY % mailing-lists PUBLIC "-//FreeBSD//ENTITIES DocBook Mailing List Entities//EN"> %mailing-lists;
 <!ENTITY % chap.index "IGNORE">
@@ -85,6 +86,7 @@
     &chap.kobj;
     &chap.jail;
     &chap.sysinit;
+    &chap.mac;
     &chap.vm;
     &chap.dma;
     &chap.kerneldebug;

en_US.ISO8859-1/books/developers-handbook/chapters.ent

@@ -29,6 +29,7 @@
 <!ENTITY chap.dma			SYSTEM "dma/chapter.sgml">
 <!ENTITY chap.kerneldebug		SYSTEM "kerneldebug/chapter.sgml">
 <!ENTITY chap.jail			SYSTEM "jail/chapter.sgml">
+<!ENTITY chap.mac			SYSTEM "mac/chapter.sgml">
 
 <!-- Part four - Device Drivers -->
 <!ENTITY chap.driverbasics		SYSTEM "driverbasics/chapter.sgml">

en_US.ISO8859-1/books/developers-handbook/mac.ent

@@ -0,0 +1,18 @@
+<!--
+    $FreeBSD$
+ -->
+
+<!ENTITY mac.mpo "mpo">
+<!ENTITY mac.thead '
+  <colspec colname="first" colwidth="0">
+  <colspec colwidth="0">
+  <colspec colname="last" colwidth="0">
+
+  <thead>
+    <row>
+      <entry>Parameter</entry>
+      <entry>Description</entry>
+      <entry>Locking</entry>
+    </row>
+  </thead>
+'>