X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/316670eb35587141e969394ae8537d66b9211e80..3903760236c30e3b5ace7a4eefac3a269d68957c:/security/mac.h

diff --git a/security/mac.h b/security/mac.h
index 480d1a30b..9563a7796 100644
--- a/security/mac.h
+++ b/security/mac.h
@@ -97,6 +97,19 @@ struct mac {
 typedef struct mac	*mac_t;
 
 #ifdef KERNEL
+
+#ifndef PRIVATE
+#warning "MAC policy is not KPI, see Technical Q&A QA1574"
+#endif
+
+#if DEBUG
+#define SECURITY_MAC_CTLFLAGS (CTLFLAG_RW | CTLFLAG_LOCKED)
+#define SECURITY_MAC_CHECK_ENFORCE 1
+#else
+#define SECURITY_MAC_CTLFLAGS (CTLFLAG_RD | CTLFLAG_LOCKED)
+#define SECURITY_MAC_CHECK_ENFORCE 0
+#endif
+
 struct user_mac {
 	user_size_t	m_buflen;
 	user_addr_t	m_string;
@@ -167,14 +180,11 @@ __BEGIN_DECLS
 int	 __mac_execve(char *fname, char **argv, char **envv, mac_t _label);
 int	 __mac_get_fd(int _fd, mac_t _label);
 int	 __mac_get_file(const char *_path, mac_t _label);
-int	 __mac_get_lcid(pid_t _lcid, mac_t _label);
-int	 __mac_get_lctx(mac_t _label);
 int	 __mac_get_link(const char *_path, mac_t _label);
 int	 __mac_get_pid(pid_t _pid, mac_t _label);
 int	 __mac_get_proc(mac_t _label);
 int	 __mac_set_fd(int _fildes, const mac_t _label);
 int	 __mac_set_file(const char *_path, mac_t _label);
-int	 __mac_set_lctx(mac_t _label);
 int	 __mac_set_link(const char *_path, mac_t _label);
 int	 __mac_mount(const char *type, const char *path, int flags, void *data,
     struct mac *label);