MAC: mac_policy.h: Declare common MAC sysctl and jail parameters' nodes

Do this only when the headers for these functionalities were included
prior to this one.  Indeed, if they need to be included, style(9)
mandates they should have been so before this one.

Remove the common MAC sysctl declaration from
<security/mac/mac_internal.h>, as it is now redundant (all its includers
also include <security/mac/mac_policy.h>).

Remove local such declarations from all policies' files.

Reviewed by:    jamie
Approved by:    markj (mentor)
MFC after:      5 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D46903

(cherry picked from commit db33c6f3ae)

The original changes in 'sys/security/mac_grantbylabel/mac_grantbylabel.c' were
removed as MAC/grantbylabel has not been MFCed.

sys/security/mac/mac_internal.h

@@ -56,13 +56,6 @@
 #include <sys/lock.h>
 #include <sys/rmlock.h>
 
-/*
- * MAC Framework sysctl namespace.
- */
-#ifdef SYSCTL_DECL
-SYSCTL_DECL(_security_mac);
-#endif /* SYSCTL_DECL */
-
 /*
  * MAC Framework SDT DTrace probe namespace, macros for declaring entry
  * point probes, macros for invoking them.

sys/security/mac/mac_policy.h

@@ -1064,4 +1064,19 @@ int	mac_policy_modevent(module_t mod, int type, void *data);
 intptr_t	mac_label_get(struct label *l, int slot);
 void		mac_label_set(struct label *l, int slot, intptr_t v);
 
+/*
+ * Common MAC Framework's sysctl and jail parameters' sysctl nodes' declarations.
+ *
+ * Headers <sys/jail.h> and <sys/sysctl.h> normally have to be included before
+ * this header as style(9) hints to.  If they weren't, just forego the
+ * corresponding declarations, assuming they are not needed.
+ */
+#ifdef SYSCTL_DECL
+SYSCTL_DECL(_security_mac);
+#endif
+
+#ifdef SYSCTL_JAIL_PARAM_DECL
+SYSCTL_JAIL_PARAM_DECL(mac);
+#endif
+
 #endif /* !_SECURITY_MAC_MAC_POLICY_H_ */

sys/security/mac_biba/mac_biba.c

@@ -88,8 +88,6 @@
 #include <security/mac/mac_policy.h>
 #include <security/mac_biba/mac_biba.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, biba,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_biba policy controls");

sys/security/mac_bsdextended/mac_bsdextended.c

@@ -68,8 +68,6 @@
 
 static struct mtx ugidfw_mtx;
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, bsdextended,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD extended BSD MAC policy controls");

sys/security/mac_ifoff/mac_ifoff.c

@@ -58,8 +58,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, ifoff,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_ifoff policy controls");

sys/security/mac_ipacl/mac_ipacl.c

@@ -70,8 +70,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, ipacl, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_ipacl policy controls");
 

sys/security/mac_lomac/mac_lomac.c

@@ -89,8 +89,6 @@ struct mac_lomac_proc {
 	struct mtx mtx;
 };
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, lomac,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_lomac policy controls");

sys/security/mac_mls/mac_mls.c

@@ -89,8 +89,6 @@
 #include <security/mac/mac_policy.h>
 #include <security/mac_mls/mac_mls.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, mls,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_mls policy controls");

sys/security/mac_ntpd/mac_ntpd.c

@@ -34,8 +34,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, ntpd,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "mac_ntpd policy controls");

sys/security/mac_partition/mac_partition.c

@@ -61,8 +61,6 @@
 #include <security/mac/mac_policy.h>
 #include <security/mac_partition/mac_partition.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, partition,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_partition policy controls");

sys/security/mac_pimd/mac_pimd.c

@@ -35,8 +35,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, pimd,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "mac_pimd policy controls");

sys/security/mac_portacl/mac_portacl.c

@@ -79,8 +79,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, portacl,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_portacl policy controls");

sys/security/mac_priority/mac_priority.c

@@ -35,8 +35,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, priority,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "mac_priority policy controls");

sys/security/mac_seeotheruids/mac_seeotheruids.c

@@ -59,8 +59,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, seeotheruids,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_seeotheruids policy controls");

sys/security/mac_stub/mac_stub.c

@@ -88,8 +88,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, stub,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_stub policy controls");

sys/security/mac_test/mac_test.c

@@ -78,8 +78,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, test,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_test policy controls");

sys/security/mac_veriexec/mac_veriexec.c

@@ -81,8 +81,6 @@ static int sysctl_mac_veriexec_state(SYSCTL_HANDLER_ARGS);
 static int sysctl_mac_veriexec_db(SYSCTL_HANDLER_ARGS);
 static struct mac_policy_ops mac_veriexec_ops;
 
-SYSCTL_DECL(_security_mac);
-
 SYSCTL_NODE(_security_mac, OID_AUTO, veriexec, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "MAC/veriexec policy controls");