int
acl_syscall_get_file(char *path, acl_type_t type, struct acl *aclp);
int
acl_syscall_set_file(char *path, acl_type_t type, struct acl *aclp);
int
acl_syscall_get_fd(int filedes, acl_type_t type, struct acl *aclp);
int
acl_syscall_set_fd(int filedes, acl_type_t type, struct acl *aclp);
int
acl_syscall_delete_def_file(const char *path_p);
int
acl_syscall_delete_def_fd(int filedes);

These syscalls generally accept a path or file descriptor, an ACL type
indicating which ACL associated with the path or file descriptor, and an
ACL to apply, or to retrieve to.  Remove the _syscall_ to get the POSIX.1e
version, which is present in libposix1e_acl as a wrapper.  In general,
the wrapper fixes up memory allocation issues, does some checking, etc, etc.
Unlike POSIX.1e, we allow the deleting of a default ACL based on file
descriptor -- in POSIX, they do not define what happens if you have an
fd open on a directory, so only allow setting of directory ACLs by path.

All of these routines are implemented in sys/kern/kern_acl.c


