<!-- $FreeBSD$ -->
<!ENTITY mac.mpo "mpo">
<!ENTITY mac.thead '
<colspec colname="first" colwidth="0">
<colspec colwidth="0">
<colspec colname="last" colwidth="0">
<thead>
<row>
<entry>Parameter</entry>
<entry>Description</entry>
<entry>Locking</entry>
</row>
</thead>
'>
<!ENTITY mac.externalize.paramdefs '
<paramdef>struct label *<parameter>label</parameter></paramdef>
<paramdef>char *<parameter>element_name</parameter></paramdef>
<paramdef>struct sbuf *<parameter>sb</parameter></paramdef>
<paramdef>int <parameter>*claimed</parameter></paramdef>
'>
<!ENTITY mac.externalize.tbody '
<tbody>
<row>
<entry><parameter>label</parameter></entry>
<entry>Label to be externalized</entry>
</row>
<row>
<entry><parameter>element_name</parameter>
<entry>Name of the policy whose label should be externalized</entry>
</row>
<row>
<entry><parameter>sb</parameter>
<entry>String buffer to be filled with a text representation of
label</entry>
</row>
<row>
<entry><parameter>claimed</parameter></entry>
<entry>Should be incremented when <parameter>element_data</parameter>
can be filled in.</entry>
</row>
</tbody>
'>
<!ENTITY mac.externalize.para "
<para>Produce an externalized label based on the label structure passed.
An externalized label consists of a text representation of the label
contents that can be used with userland applications and read by the
user. Currently, all policies' <function>externalize</function> entry
points will be called, so the implementation should check the contents
of <parameter>element_name</parameter> before attempting to fill in
<parameter>sb</parameter>. If
<parameter>element_name</parameter> does not match the name of your
policy, simply return <returnvalue>0</returnvalue>. Only return nonzero
if an error occurs while externalizing the label data. Once the policy
fills in <parameter>element_data</parameter>, <varname>*claimed</varname>
should be incremented.</para>
">
<!ENTITY mac.internalize.paramdefs '
<paramdef>struct label *<parameter>label</parameter></paramdef>
<paramdef>char *<parameter>element_name</parameter></paramdef>
<paramdef>char *<parameter>element_data</parameter></paramdef>
<paramdef>int *<parameter>claimed</parameter></paramdef>
'>
<!ENTITY mac.internalize.tbody '
<tbody>
<row>
<entry><parameter>label</parameter></entry>
<entry>Label to be filled in</entry>
</row>
<row>
<entry><parameter>element_name</parameter></entry>
<entry>Name of the policy whose label should be internalized</entry>
</row>
<row>
<entry><parameter>element_data</parameter></entry>
<entry>Text data to be internalized</entry>
</row>
<row>
<entry><parameter>claimed</parameter></entry>
<entry>Should be incremented when data can be successfully
internalized.</entry>
</row>
</tbody>
'>
<!ENTITY mac.internalize.para "
<para>Produce an internal label structure based on externalized label data
in text format. Currently, all policies' <function>internalize</function>
entry points are called when internalization is requested, so the
implementation should compare the contents of
<parameter>element_name</parameter> to its own name in order to be sure
it should be internalizing the data in <parameter>element_data</parameter>.
Just as in the <function>externalize</function> entry points, the entry
point should return <returnvalue>0</returnvalue> if
<parameter>element_name</parameter> does not match its own name, or when
data can successfully be internalized, in which case
<varname>*claimed</varname> should be incremented.</para>
">