See the Overview section above for header-level documentation.
These are the entry points corresponding to the life cycle events for kernel objects, such as initialization, creation, and destruction.
Most policies (that use labels) will initialize labels by allocating space for policy-specific data. In most cases, it is permitted to sleep during label initialization operations; it will be noted when it is not permitted.
Initialization usually will not require doing more than allocating a generic label for the given object. What follows initialization is creation, where a label is made specific to the object it is associated with. Destruction occurs when the label is no longer needed, such as when the corresponding object is destroyed. All necessary cleanup should be performed in label destroy operations.
Where possible, the label entry points have identical parameters. If the policy module does not require structure-specific label information, the same function may be registered in the policy operation vector. Many policies will implement two such generic allocation calls: one to handle sleepable requests, and one to handle potentially non-sleepable requests.