[10 / 9] [ SEMANAGE ] FIx placement of function table

[10 / 9] [ SEMANAGE ] FIx placement of function table

[Ivan Gyurdiev]

[-- Attachment #1: Type: text/plain, Size: 1295 bytes --]

In one of my patches I broke up semanage_private.h into pieces.  
However, I've placed things incorrectly, because I misunderstood what 
things were supposed to do.

This corrects one of the problems - it moves the function table into a 
new file called policy_connection.h. It also renames that structure, 
because I use at least 3 or 4 different types of func_tables in my 
code.  For consistency this should go into interfaces.h, but perhaps I 
should split up interfaces.h into several headers instead (?)

The other problem is the connection object - module_conn_t. I put that 
in modules.h, because it said "module", but it doesn't look like it 
belongs there. Karl, where should I move this? Should it go into 
direct_api.h ? I see the semanage_store makes use of that... is the 
semanage_store specific to the direct API?

On a related note, where can I put policydb pointers - I need two of 
them for starters - ACTIVE, and LOCAL_MOD... the actual policydb objects 
will be created on demand (say when the user decides to query 
something), or when commit decides to re-create the active policy from 
scratch, but I need the pointers to them in a data structure linked into 
the handle (that's specific to direct api?) Should this go into 
conn.module (renaming that to conn.direct ?)


[-- Attachment #2: libsemanage.policy.poly.diff --]
[-- Type: text/x-patch, Size: 4381 bytes --]

diff -Naur libsemanage/src/direct_api.c libsemanage.new/src/direct_api.c
--- libsemanage/src/direct_api.c	2005-09-29 17:54:40.000000000 -0400
+++ libsemanage.new/src/direct_api.c	2005-09-30 16:10:57.000000000 -0400
@@ -31,6 +31,7 @@
 #include "modules.h"
 #include "direct_api.h"
 #include "semanage_store.h"
+#include "policy_connection.h"
 
 static void semanage_direct_destroy(semanage_handle_t *sh);
 static int semanage_direct_disconnect(semanage_handle_t *sh);
@@ -46,7 +47,7 @@
 static int semanage_direct_list(semanage_handle_t *sh,
 				semanage_module_info_t **modinfo, int *num_modules);
 
-static struct semanage_func_table direct_funcs = {
+static struct semanage_policy_table direct_funcs = {
 	.destroy = semanage_direct_destroy,
 	.disconnect = semanage_direct_disconnect,
 	.begin_trans = semanage_direct_begintrans,
diff -Naur libsemanage/src/handle.h libsemanage.new/src/handle.h
--- libsemanage/src/handle.h	2005-09-29 17:54:40.000000000 -0400
+++ libsemanage.new/src/handle.h	2005-09-30 16:19:10.000000000 -0400
@@ -27,23 +27,11 @@
 #include <semanage/handle.h>
 #include "modules.h"
 #include "semanage_conf.h"
+#include "policy_connection.h"
 
 /* Can't include - circular dependency */
 struct dbase;
 
-/* FIXME: Some of this needs to go into modules.h */
-struct semanage_func_table {
-	void (*destroy)(semanage_handle_t *);
-	int (*disconnect)(semanage_handle_t *);
-	int (*begin_trans)(semanage_handle_t *);
-	int (*commit)(semanage_handle_t *);
-	int (*install)(semanage_handle_t *, char *, size_t);
-	int (*upgrade)(semanage_handle_t *, char *, size_t);
-	int (*install_base)(semanage_handle_t *, char *, size_t);
-	int (*remove)(semanage_handle_t *, char *);
-	int (*list)(semanage_handle_t *, semanage_module_info_t **, int *);
-};
-
 struct semanage_handle {
 	int con_id;             /* Connection ID */
 	int policy_serial;      /* Policy serial number at connect time */
@@ -72,7 +60,7 @@
 	/* these function pointers will point to the appropriate
 	 * routine given the connection type.  think of these as
 	 * simulating polymorphism for non-OO languages. */
-	struct semanage_func_table *funcs;
+	struct semanage_policy_table* funcs;
 
 	/* Object databases */
 #define DBASE_COUNT 2
diff -Naur libsemanage/src/policy_connection.h libsemanage.new/src/policy_connection.h
--- libsemanage/src/policy_connection.h	1969-12-31 19:00:00.000000000 -0500
+++ libsemanage.new/src/policy_connection.h	2005-09-30 16:19:53.000000000 -0400
@@ -0,0 +1,55 @@
+/* Author: Joshua Brindle <jbrindle@tresys.com>
+ *         Jason Tang     <jtang@tresys.com>
+ *
+ * Copyright (C) 2005 Tresys Technology, LLC
+ * Copyright (C) 2005 Red Hat Inc.
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation; either
+ *  version 2.1 of the License, or (at your option) any later version.
+ *
+ *  This library is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ *  Lesser General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Lesser General Public
+ *  License along with this library; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#ifndef _SEMANAGE_POLICY_CONNECTION_INTERNAL_H_
+#define _SEMANAGE_POLICY_CONNECTION_INTERNAL_H_
+
+struct semanage_policy_table {
+
+	/* Destroy a connection */	
+        void (*destroy)(semanage_handle_t *);
+
+	/* Disconnect from policy */
+        int (*disconnect)(semanage_handle_t *);
+
+	/* Begin a policy transaction */
+        int (*begin_trans)(semanage_handle_t *);
+
+	/* Commit a policy transaction */
+        int (*commit)(semanage_handle_t *);
+
+	/* Install a policy module */
+        int (*install)(semanage_handle_t *, char *, size_t);
+
+	/* Upgrade a policy module */
+        int (*upgrade)(semanage_handle_t *, char *, size_t);
+
+	/* Remove a policy module */
+	int (*remove)(semanage_handle_t *, char *);
+
+	/* List policy modules */
+	int (*list)(semanage_handle_t *, semanage_module_info_t **, int *);
+
+	/* Install base policy */
+        int (*install_base)(semanage_handle_t *, char *, size_t);
+};
+
+#endif

Re: [10 / 9] [ SEMANAGE ] FIx placement of function table

[Stephen Smalley]

On Fri, 2005-09-30 at 16:30 -0400, Ivan Gyurdiev wrote:
> In one of my patches I broke up semanage_private.h into pieces.  
> However, I've placed things incorrectly, because I misunderstood what 
> things were supposed to do.
> 
> This corrects one of the problems - it moves the function table into a 
> new file called policy_connection.h. It also renames that structure, 
> because I use at least 3 or 4 different types of func_tables in my 
> code.  For consistency this should go into interfaces.h, but perhaps I 
> should split up interfaces.h into several headers instead (?)
> 
> The other problem is the connection object - module_conn_t. I put that 
> in modules.h, because it said "module", but it doesn't look like it 
> belongs there. Karl, where should I move this? Should it go into 
> direct_api.h ? I see the semanage_store makes use of that... is the 
> semanage_store specific to the direct API?
> 
> On a related note, where can I put policydb pointers - I need two of 
> them for starters - ACTIVE, and LOCAL_MOD... the actual policydb objects 
> will be created on demand (say when the user decides to query 
> something), or when commit decides to re-create the active policy from 
> scratch, but I need the pointers to them in a data structure linked into 
> the handle (that's specific to direct api?) Should this go into 
> conn.module (renaming that to conn.direct ?)

Hmmm...I just got done merging the others (available in the sourceforge
CVS), although naturally all of this is still open to debate and can be
reverted at any time.

I think at this point I'll wait for clarification from Karl et al on
whether this patch (and the prior ones as well) are consistent with
their plans for libsemanage.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [10 / 9] [ SEMANAGE ] FIx placement of function table

[Ivan Gyurdiev]

>Hmmm...I just got done merging the others (available in the sourceforge
>CVS), although naturally all of this is still open to debate and can be
>reverted at any time.
>
>I think at this point I'll wait for clarification from Karl et al on
>whether this patch (and the prior ones as well) are consistent with
>their plans for libsemanage.
>  
>
Okay...

It's just a question of where things are supposed to be placed. I think 
Karl agreed earlier that headers should follow the code, and that's what 
I was thinking about, but my first patch moved things to the wrong places.

----
The policy function table being discussed is an interface (to be used 
for the purposes of polymorphism). Because this is an interface, there 
is no associated code - implementations use the specific type, and 
include a header to fill the table . At the same time, 
semanage_private.h was containing random things, so this is probably 
better off on its own, which this patch sets up (or bundled with the 
rest of interfaces.h, but handle.h is probably the wrong place for it).

The other thing I moved was handle code (that's fine IMHO), debug code 
(fine), and a conn object. I can't figure out exactly what the conn 
object is planned for, so that's why I asked... I suspect it's the 
connection state object for direct API (so it goes in direct_api.h)

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEMANAGE ] [ SEPOL ] Backend iterate function

[Ivan Gyurdiev]

[-- Attachment #1: Type: text/plain, Size: 1819 bytes --]

Well, while you figure out if you want to merge the last patch I sent, 
here's a couple of other patches.

List() is basically a special case of iterate. As I mentioned in my 
other email, we *need* iterate functionality for large databases, 
because it won't be practical to load them in memory (at least in 
expanded form) - one such database is the list of all rules in base policy.

---

The first patch here replaces the user list() function which I just 
wrote with an iterate() one. This exercise wasn't useless - most of the 
code is exactly the same - we just don't put the users in an array, and 
we call a handler. List is removed, because it can be implemented on top 
of iterate. In fact, most of the other functions in the sepol 
users/interfaces/ports API should be removed once semanage is properly 
functioning. I've also added iterate() on interfaces, ports, and 
booleans. Tried this, and it seems to work fine - print handler prints 
out all the data.

The second patch corrects the corresponding table in semanage (the 
record_direct_table_t), and sets those functions in the tables for users 
and ports. It also adds an iterate() function to the backend table, and 
stubs for that. Finally, it adds cacheable parameter to each database, 
that will indicate whether the database should be cached. If it says 0, 
then .... it will fallback to implementation via iterate() in the 
backend (without making a list of records)) (I haven't set this up yet). 
Currently all databases are cacheable.

Again, the point of this is :
- for large POLICY databases (list of rules), not to expand the shared 
list of strings into an array of stand-alone records, which will take up 
tons of space.

- for large FILE databases, not to load the contents of the FILE in 
memory (not sure if I'll implement this).



[-- Attachment #2: libsepol.01.iterate.diff --]
[-- Type: text/x-patch, Size: 10541 bytes --]

diff -Naur libsepol/include/sepol/booleans.h libsepol.new/include/sepol/booleans.h
--- libsepol/include/sepol/booleans.h	2005-09-30 16:19:08.000000000 -0400
+++ libsepol.new/include/sepol/booleans.h	2005-09-30 18:59:14.000000000 -0400
@@ -16,4 +16,17 @@
 	sepol_bool_t** bool_arr,
 	size_t bool_arr_len);
 
+/* Iterate the booleans
+ * The handler may return:
+ * -1 to signal an error condition,
+ * 1 to signal successful exit
+ * 0 to signal continue */
+
+extern int sepol_bool_iterate(
+	policydb_t* policydb,
+	int (*fn)(
+		sepol_bool_t* boolean,
+		void* fn_arg),
+	void* arg);
+
 #endif
diff -Naur libsepol/include/sepol/interfaces.h libsepol.new/include/sepol/interfaces.h
--- libsepol/include/sepol/interfaces.h	2005-09-30 16:19:08.000000000 -0400
+++ libsepol.new/include/sepol/interfaces.h	2005-09-30 18:47:14.000000000 -0400
@@ -17,4 +17,17 @@
 	policydb_t* policydb,
 	sepol_iface_t* data);
 
+/* Iterate the interfaces
+ * The handler may return:
+ * -1 to signal an error condition,
+ * 1 to signal successful exit
+ * 0 to signal continue */
+
+extern int sepol_iface_iterate(
+	policydb_t* policydb,
+	int (*fn)(
+		sepol_iface_t* iface,
+		void* fn_arg),
+	void* arg);
+
 #endif
diff -Naur libsepol/include/sepol/ports.h libsepol.new/include/sepol/ports.h
--- libsepol/include/sepol/ports.h	2005-09-30 16:19:08.000000000 -0400
+++ libsepol.new/include/sepol/ports.h	2005-09-30 18:57:14.000000000 -0400
@@ -19,4 +19,17 @@
 	policydb_t* policydb, 
 	sepol_port_t* data);
 
+/* Iterate the ports 
+ * The handler may return:
+ * -1 to signal an error condition,
+ * 1 to signal successful exit
+ * 0 to signal continue */
+
+extern int sepol_port_iterate(
+	policydb_t* policydb,
+	int (*fn)(
+		sepol_port_t* port,
+		void* fn_arg),
+	void* arg);
+
 #endif
diff -Naur libsepol/include/sepol/users.h libsepol.new/include/sepol/users.h
--- libsepol/include/sepol/users.h	2005-09-30 16:19:08.000000000 -0400
+++ libsepol.new/include/sepol/users.h	2005-09-30 18:47:00.000000000 -0400
@@ -32,11 +32,18 @@
 	policydb_t* policydb,
 	const char* role);
 
-/* Obtain the user list */
-extern int sepol_user_list(
+/* Iterate the users
+ * The handler may return:
+ * -1 to signal an error condition,
+ * 1 to signal successful exit
+ * 0 to signal continue */
+
+extern int sepol_user_iterate(
 	policydb_t* policydb,
-	sepol_user_t*** users,
-	size_t* nusers);
+	int (*fn)(
+		sepol_user_t* user,
+		void* fn_arg),
+	void* arg);
 
 extern int sepol_get_valid_roles(
 	policydb_t* policydb, 
diff -Naur libsepol/src/booleans.c libsepol.new/src/booleans.c
--- libsepol/src/booleans.c	2005-09-30 16:19:08.000000000 -0400
+++ libsepol.new/src/booleans.c	2005-09-30 19:28:56.000000000 -0400
@@ -93,3 +93,51 @@
 	DEBUG(__FUNCTION__, "error while loading booleans\n");
 	return STATUS_ERR;
 }
+
+int sepol_bool_iterate(
+	policydb_t* policydb,
+	int (*fn)(
+		sepol_bool_t* boolean,
+		void* fn_arg),
+	void* arg) {
+
+	size_t nbools = policydb->p_bools.nprim;
+	sepol_bool_t* boolean = NULL;
+	size_t i;
+
+	/* For each boolean */
+	for (i = 0; i < nbools; i++) {
+
+		int status;
+		const char* name = policydb->p_bool_val_to_name[i];
+		cond_bool_datum_t* booldatum = policydb->bool_val_to_struct[i];
+		int value = booldatum->state;
+
+		if (sepol_bool_create(&boolean) < 0)
+			goto err;
+
+		if (sepol_bool_set_name(boolean, name) < 0)
+			goto err;
+
+		sepol_bool_set_value(boolean, value);
+
+		/* Invoke handler */
+		status = fn(boolean, arg);
+		if (status < 0)
+			goto err;
+
+		sepol_bool_free(boolean);
+		boolean = NULL;
+
+		/* Handler requested exit */
+		if (status > 0)
+			break;
+	}
+
+	return STATUS_SUCCESS;
+
+	err:
+	DEBUG(__FUNCTION__, "could not iterate over booleans\n");
+	sepol_bool_free(boolean);
+	return STATUS_ERR;
+}
diff -Naur libsepol/src/interfaces.c libsepol.new/src/interfaces.c
--- libsepol/src/interfaces.c	2005-09-30 16:19:08.000000000 -0400
+++ libsepol.new/src/interfaces.c	2005-09-30 19:01:12.000000000 -0400
@@ -131,3 +131,82 @@
 	free(iface);
 	return STATUS_ERR;
 }
+
+int sepol_iface_iterate(
+	policydb_t* policydb,
+	int (*fn)(
+		sepol_iface_t* iface,
+		void* fn_arg),
+	void* arg) {
+
+	ocontext_t *c, *l, *head;
+	sepol_iface_t* iface = NULL;
+	char* tmp_con_str = NULL;
+	size_t tmp_con_ssize;
+	sepol_context_t* tmp_con = NULL;
+
+	head = policydb->ocontexts[OCON_NETIF];
+	for (l = NULL, c = head; c; l = c, c = c->next) {
+
+		int status;
+		char* name = c->u.name;
+		context_struct_t* ifcon = &c->context[0];
+		context_struct_t* msgcon = &c->context[1];
+
+		if (sepol_iface_create(&iface) < 0)
+			goto err;
+	
+		if (sepol_iface_set_name(iface, name) < 0)
+			goto err;
+
+		/* Interface context */
+		if (sepol_ctx_struct_to_string(policydb, ifcon,
+			&tmp_con_str, &tmp_con_ssize) < 0)
+			goto err;
+
+		if (sepol_context_from_string(tmp_con_str, &tmp_con) < 0)
+			goto err;
+		free(tmp_con_str);
+		tmp_con_str = NULL;
+
+		if (sepol_iface_set_ifcon(iface, tmp_con) < 0)
+			goto err;
+		tmp_con = NULL;
+
+		/* Message context */
+		if (sepol_ctx_struct_to_string(policydb, msgcon,
+			&tmp_con_str, &tmp_con_ssize) < 0)
+			goto err;
+
+		if (sepol_context_from_string(tmp_con_str, &tmp_con) < 0)
+			goto err;
+		free(tmp_con_str);
+		tmp_con_str = NULL;
+
+		if (sepol_iface_set_msgcon(iface, tmp_con) < 0)
+			goto err;
+		tmp_con = NULL;
+
+		/* Invoke handler */
+		status = fn(iface, arg);
+		if (status < 0)
+			goto err;
+
+		sepol_iface_free(iface);
+		iface = NULL;
+
+		/* Handler requested exit */
+		if (status > 0)
+			break;
+	}
+
+	return STATUS_SUCCESS;
+
+	err:
+	DEBUG(__FUNCTION__, "could not iterate over interfaces\n");
+	free(tmp_con_str);
+	sepol_context_free(tmp_con);
+	sepol_iface_free(iface);
+	return STATUS_ERR;
+}
+
diff -Naur libsepol/src/ports.c libsepol.new/src/ports.c
--- libsepol/src/ports.c	2005-09-30 16:19:08.000000000 -0400
+++ libsepol.new/src/ports.c	2005-09-30 19:01:22.000000000 -0400
@@ -19,7 +19,20 @@
 		default:
 			DEBUG(__FUNCTION__, "unsupported protocol %d\n",
                                 proto);
-			return -1;
+			return STATUS_ERR;
+	}
+}
+
+static int ipproto2sepol(int proto) {
+	switch(proto) {
+		case IPPROTO_TCP:
+			return SEPOL_PROTO_TCP;
+		case IPPROTO_UDP:
+			return SEPOL_PROTO_UDP;
+		default:
+			DEBUG(__FUNCTION__, "invalid protocol %d "
+				"found in policy\n", proto);
+			return STATUS_ERR;
 	}
 }
 
@@ -158,3 +171,71 @@
 	free(port);
 	return STATUS_ERR;
 }
+
+int sepol_port_iterate(
+	policydb_t* policydb,
+	int (*fn)(
+		sepol_port_t* port,
+		void* fn_arg),
+	void* arg) {
+
+	ocontext_t *c, *l, *head;
+	sepol_port_t* port = NULL;	
+	char* tmp_con_str = NULL;
+	size_t tmp_con_ssize;
+	sepol_context_t* tmp_con = NULL; 	
+
+	head = policydb->ocontexts[OCON_PORT];
+	for (l = NULL, c = head; c; l = c, c = c->next) {
+
+		int status;
+		int proto = c->u.port.protocol;
+		int low = c->u.port.low_port;
+		int high = c->u.port.high_port;
+		context_struct_t* con = &c->context[0];
+
+		if (sepol_port_create(&port) < 0)
+			goto err;
+
+		if (sepol_port_set_proto(port, ipproto2sepol(proto)) < 0)
+			goto err;
+
+		if (sepol_port_set_range(port, low, high) < 0)
+			goto err;
+		
+		if (sepol_ctx_struct_to_string(policydb, con, 
+			&tmp_con_str, &tmp_con_ssize) < 0)
+			goto err;
+
+		if (sepol_context_from_string(tmp_con_str, &tmp_con) < 0)
+			goto err;
+		free(tmp_con_str);
+		tmp_con_str = NULL;			
+
+		if (sepol_port_set_con(port, tmp_con) < 0)
+			goto err;
+		tmp_con = NULL;
+	
+		/* Invoke handler */	
+		status = fn(port, arg);
+		if (status < 0)
+			goto err;
+		
+		sepol_port_free(port);
+		port = NULL;
+
+		/* Handler requested exit */
+		if (status > 0) 
+			break;
+	}
+
+
+	return STATUS_SUCCESS;
+
+	err:
+	DEBUG(__FUNCTION__, "could not iterate over ports\n");
+	free(tmp_con_str);
+	sepol_context_free(tmp_con);
+	sepol_port_free(port);
+	return STATUS_ERR;
+}
diff -Naur libsepol/src/users.c libsepol.new/src/users.c
--- libsepol/src/users.c	2005-09-30 16:19:08.000000000 -0400
+++ libsepol.new/src/users.c	2005-09-30 18:57:34.000000000 -0400
@@ -365,40 +365,38 @@
 
 /* Fill an array with all valid users */
 
-int sepol_user_list(
+int sepol_user_iterate(
 	policydb_t* policydb, 
-	sepol_user_t*** users,
-	size_t* nusers) {
+	int (*fn)(
+		sepol_user_t* user,
+		void* fn_arg),
+	void* arg) {
 
-	size_t tmp_nusers = policydb->p_users.nprim;
-	sepol_user_t** tmp_users = 
-		(sepol_user_t**) calloc(tmp_nusers, sizeof(sepol_user_t*));
-
-	sepol_user_t** ptr;
+	size_t nusers = policydb->p_users.nprim;
+	sepol_user_t* user = NULL;
 	size_t i;
-	if (!tmp_users)
-		goto omem;
 
 	/* For each user */	
-	for (i = 0; i < tmp_nusers; i++) {
-			
+	for (i = 0; i < nusers; i++) {
+
+		int status;
 		const char* name = policydb->p_user_val_to_name[i];
 		user_datum_t* usrdatum = policydb->user_val_to_struct[i];
 		ebitmap_t* roles = &(usrdatum->roles.roles);
 		ebitmap_node_t* rnode;
 		unsigned bit;
 
-		if (sepol_user_create(&tmp_users[i]) < 0)
+		if (sepol_user_create(&user) < 0)
 			goto err;
 
-		if (sepol_user_set_name(tmp_users[i], name) < 0)
+		if (sepol_user_set_name(user, name) < 0)
 			goto err; 
 
 		/* Extract roles */
 		ebitmap_for_each_bit(roles, rnode, bit) {
 			if (ebitmap_node_get_bit(rnode, bit)) {
 				char* role = policydb->p_role_val_to_name[bit];
-				if (sepol_user_add_role(tmp_users[i], role) < 0)
+				if (sepol_user_add_role(user, role) < 0)
 					goto err;
 			}
 		}
@@ -417,7 +415,7 @@
 			if (mls_struct_to_string(policydb, &context, &str) < 0)
 				goto err;
 	
-			if (sepol_user_set_mlslevel(tmp_users[i], str) < 0 ) {
+			if (sepol_user_set_mlslevel(user, str) < 0 ) {
 				free(str);
 				goto err;
 			}
@@ -429,29 +427,31 @@
 			if (mls_struct_to_string(policydb, &context, &str) < 0)
 				goto err;
 
-			if (sepol_user_set_mlsrange(tmp_users[i], str) < 0) {
+			if (sepol_user_set_mlsrange(user, str) < 0) {
 				free(str);
 				goto err;
 			}
 			free(str);
 		}
-	}
 
-	*nusers = tmp_nusers;
-	*users = tmp_users;
+		/* Invoke handler */
+		status = fn(user, arg);
+		if (status < 0) 
+			goto err;
 
-	return STATUS_SUCCESS;
+		sepol_user_free(user);		
+		user = NULL;
 
-	omem:
-	DEBUG(__FUNCTION__, "out of memory\n");
+		/* Handler requested exit */
+		if (status > 0)
+			break;
+	}
 
-	err:
-	DEBUG(__FUNCTION__, "could not enumerate users\n");
+	return STATUS_SUCCESS;
 
-	ptr = tmp_users;
-	while (ptr && (*ptr != NULL)) 
-		sepol_user_free(*ptr++);
-	free(tmp_users);
+	err:
+	DEBUG(__FUNCTION__, "could not iterate over users\n");
+	sepol_user_free(user);
 	return STATUS_ERR;
 }
 

[-- Attachment #3: libsemanage.02.iterate.diff --]
[-- Type: text/x-patch, Size: 9854 bytes --]

diff -Naur libsemanage/src/database.c libsemanage.new/src/database.c
--- libsemanage/src/database.c	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/database.c	2005-09-30 19:45:28.000000000 -0400
@@ -10,6 +10,7 @@
 	record_table_t* rtable,
 	dbase_backend_t* backend,
 	dbase_backend_table_t* btable,
+	int cacheable,
 	dbase_t** dbase) {
 
 	dbase_t* tmp_dbase =
@@ -25,6 +26,7 @@
 	tmp_dbase->cache_sz = 0;
 	tmp_dbase->cached = 0;
 	tmp_dbase->cache_invalid = 0;
+	tmp_dbase->cacheable = cacheable;
 
 	*dbase = tmp_dbase;
 	return STATUS_SUCCESS;
@@ -54,15 +56,17 @@
 void dbase_invalidate_cache(
 	dbase_t* dbase) {
 
-	dbase->cache_invalid = 1;
+	if (dbase->cacheable)
+		dbase->cache_invalid = 1;
 }
 
 /* Flush the database cache */
 int dbase_flush(
 	dbase_t* dbase) {
 
-	if (dbase->btable->flush(dbase, dbase->backend) < 0)
-		return STATUS_ERR;
+	if (dbase->cacheable) 
+		if (dbase->btable->flush(dbase, dbase->backend) < 0)
+			return STATUS_ERR;
 
 	return STATUS_SUCCESS;
 }
@@ -93,6 +97,7 @@
 	
 	cache_entry_t* ptr;
 
+	/* FIXME: respect cacheable */
 	if (dbase->btable->cache(dbase, dbase->backend) < 0)
 		goto err;
 
@@ -117,6 +122,7 @@
 
 	int exists;
 
+	/* FIXME: respect cacheable */
 	if (dbase->btable->cache(dbase, dbase->backend) < 0)
 		goto err;
 
@@ -148,6 +154,7 @@
 	cache_entry_t* entry;
 	int status;
 
+	/* FIXME: respect cacheable */
 	if (dbase->btable->cache(dbase, dbase->backend) < 0)
 		goto err;
 
@@ -174,6 +181,7 @@
 
 	cache_entry_t *ptr, *prev = NULL;
 
+	/* FIXME: respect cacheable */
 	if (dbase->btable->cache(dbase, dbase->backend) < 0)
 		goto err;
 
@@ -209,6 +217,7 @@
 	cache_entry_t* entry;
 	int status;
 
+	/* FIXME: respect cacheable */
 	if (dbase->btable->cache(dbase, dbase->backend) < 0)
 		goto err;
 
@@ -235,6 +244,7 @@
 	cache_entry_t* entry;
 	int status;
 
+	/* FIXME: respect cacheable */
 	if (dbase->btable->cache(dbase, dbase->backend) < 0)
 		goto err;
 
@@ -256,6 +266,7 @@
 	dbase_t* dbase,
 	int* response) {
 
+	/* FIXME: respect cacheable */
 	if (dbase->btable->cache(dbase, dbase->backend) < 0)
 		goto err;
 
@@ -277,6 +288,7 @@
 	int status;	
 	cache_entry_t* ptr;
 	
+	/* FIXME: respect cacheable */
 	if (dbase->btable->cache(dbase, dbase->backend) < 0)
 		goto err;
 
@@ -308,6 +320,7 @@
 	size_t tmp_count;
 	int i = 0;
 	
+	/* FIXME: respect cacheable */
 	if (dbase->btable->cache(dbase, dbase->backend) < 0)
 		goto err;
 
diff -Naur libsemanage/src/database_direct.c libsemanage.new/src/database_direct.c
--- libsemanage/src/database_direct.c	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/database_direct.c	2005-09-30 19:51:01.000000000 -0400
@@ -87,8 +87,23 @@
 	free(backend);
 }
 
+/* Iterate over backend */
+int dbase_direct_iterate(
+	dbase_direct_backend_t* backend,
+	int (*fn) (record_t* record, void* fn_arg),
+	void* arg) {
+
+	/* Stub */
+	backend = NULL;
+	fn = NULL;
+	arg = NULL;
+
+        return STATUS_SUCCESS;
+}
+
 /* DIRECT POLICY backend - method table implementation */
 dbase_backend_table_t SEMANAGE_DIRECT_BTABLE = {
 	.cache = dbase_direct_cache,
 	.flush = dbase_direct_flush,
+	.iterate = dbase_direct_iterate,
 };
diff -Naur libsemanage/src/database_file.c libsemanage.new/src/database_file.c
--- libsemanage/src/database_file.c	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/database_file.c	2005-09-30 19:49:58.000000000 -0400
@@ -136,8 +136,23 @@
 	free(backend);
 }
 
+/* Iterate over backend */
+int dbase_file_iterate(
+	dbase_file_backend_t* backend, 
+	int (*fn) (record_t* record, void* fn_arg),
+	void* arg) {
+
+	/* Stub */
+	backend = NULL;
+	fn = NULL;
+	arg = NULL;
+
+	return STATUS_SUCCESS;
+}
+
 /* FILE backend - method table implementation */
 dbase_backend_table_t SEMANAGE_FILE_BTABLE = {
 	.cache = dbase_file_cache,
 	.flush = dbase_file_flush,
+	.iterate = dbase_file_iterate,
 };
diff -Naur libsemanage/src/database.h libsemanage.new/src/database.h
--- libsemanage/src/database.h	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/database.h	2005-09-30 19:38:26.000000000 -0400
@@ -44,6 +44,7 @@
         size_t cache_sz;
         int cached;
         int cache_invalid;
+	int cacheable;
 } dbase_t;
 
 /* Add a record to the database cache */
@@ -60,6 +61,7 @@
 	record_table_t* rtable,
 	dbase_backend_t* backend,
 	dbase_backend_table_t* btable,
+	int cacheable,
 	dbase_t** dbase);
 
 /* Get back the backend object  */
diff -Naur libsemanage/src/interfaces.h libsemanage.new/src/interfaces.h
--- libsemanage/src/interfaces.h	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/interfaces.h	2005-09-30 19:48:01.000000000 -0400
@@ -74,11 +74,14 @@
 /* POLICY DIRECT extension to RECORD interface - method table */
 typedef struct record_direct_table {
 
-	/* Load record into policy store */
+	/* Load record into the policy database  */
 	int (*load) (policydb_t* policy, record_t* record); 
 
-	/* Extract records from policy store */
-	int (*list) (policydb_t* policy, record_t*** records, size_t* nrecords);
+	/* Iterate over records */
+	int (*iterate) (
+		policydb_t* policydb,
+		int (*fn)(record_t* record, void* fn_arg),
+		void* arg);
 
 } record_direct_table_t;
 
@@ -91,6 +94,12 @@
 	/* Flush dbase to backend */
 	int (*flush) (struct dbase* dbase, dbase_backend_t* backend);
 
+	/* Iterate over backend */
+	int (*iterate) (
+		dbase_backend_t* backend,
+		int (*fn)(record_t* record, void* fn_arg),
+		void* arg);
+
 } dbase_backend_table_t;
 
 #endif 
diff -Naur libsemanage/src/ports_direct.c libsemanage.new/src/ports_direct.c
--- libsemanage/src/ports_direct.c	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/ports_direct.c	2005-09-30 19:54:48.000000000 -0400
@@ -25,23 +25,24 @@
 /* PORT RECORD (SEPOL): POLICY DIRECT extension : method table */
 record_direct_table_t SEMANAGE_PORT_DIRECT_RTABLE = {
 	.load        = sepol_port_load,
-	.list        = NULL, /* sepol_port_list,  */      
+	.iterate     = sepol_port_iterate,
 };
 
 int port_direct_dbase_init(dbase_t** dbase) {
 	dbase_direct_backend_t* backend;
 
 	if (dbase_direct_init(
-		NULL, /* FIXME */
-		NULL, /* FIXME */
-		&SEMANAGE_PORT_DIRECT_RTABLE,
-		&backend) < 0)
+		NULL,                         /* FIXME: backing file         */
+		NULL,                         /* FIXME: policydb pointer     */
+		&SEMANAGE_PORT_DIRECT_RTABLE, /* record backend method table */
+		&backend) < 0) 
 		return STATUS_ERR;
 
 	return dbase_init(
-		&SEPOL_PORT_RTABLE,
-		backend,
-		&SEMANAGE_DIRECT_BTABLE,
+		&SEPOL_PORT_RTABLE,           /* record base method table    */
+		backend,                      /* backend                     */
+		&SEMANAGE_DIRECT_BTABLE,      /* backend method table        */
+		1,                            /* cacheable                   */
 		dbase);
 }
 
diff -Naur libsemanage/src/ports_file.c libsemanage.new/src/ports_file.c
--- libsemanage/src/ports_file.c	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/ports_file.c	2005-09-30 19:54:33.000000000 -0400
@@ -48,15 +48,16 @@
 	dbase_file_backend_t* backend;
 
 	if (dbase_file_init(
-		NULL, /* FIXME */
-		&SEMANAGE_PORT_FILE_RTABLE, 
+		NULL,                         /* FIXME: backing file         */
+		&SEMANAGE_PORT_FILE_RTABLE,   /* record backend method table */
 		&backend) < 0)
 		return STATUS_ERR;
 
 	return dbase_init(
-		&SEMANAGE_PORT_RTABLE,
-		backend,
-		&SEMANAGE_FILE_BTABLE,
+		&SEMANAGE_PORT_RTABLE,        /* record base method table   */ 
+		backend,                      /* backend                    */
+		&SEMANAGE_FILE_BTABLE,        /* backend method table       */
+		1,                            /* cacheable                  */
 		dbase);
 }
 
diff -Naur libsemanage/src/users_direct.c libsemanage.new/src/users_direct.c
--- libsemanage/src/users_direct.c	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/users_direct.c	2005-09-30 19:54:58.000000000 -0400
@@ -25,23 +25,24 @@
 /* USER RECRORD (SEPOL): POLICY DIRECT extension: method table */
 record_direct_table_t SEMANAGE_USER_DIRECT_RTABLE = {
 	.load        = sepol_user_load,
-	.list        = NULL, /* sepol_user_list */      
+	.iterate     = sepol_user_iterate,
 };
 
 int user_direct_dbase_init(dbase_t** dbase) {
 	dbase_direct_backend_t* backend;
 
 	if (dbase_direct_init(
-		NULL, /* FIXME */
-		NULL, /* FIXME */
-		&SEMANAGE_USER_DIRECT_RTABLE,
+		NULL,                         /* FIXME: backing file         */
+		NULL,                         /* FIXME: policydb pointer     */
+		&SEMANAGE_USER_DIRECT_RTABLE, /* record backend method table */
 		&backend) < 0)
 		return STATUS_ERR;
 
 	return dbase_init(
-		&SEPOL_USER_RTABLE,
-		backend,
-		&SEMANAGE_DIRECT_BTABLE,
+		&SEPOL_USER_RTABLE,           /* record base method table   */
+		backend,                      /* backend                    */
+		&SEMANAGE_DIRECT_BTABLE,      /* backend method table       */
+		1,                            /* cacheable                  */
 		dbase);
 }
 
diff -Naur libsemanage/src/users_file.c libsemanage.new/src/users_file.c
--- libsemanage/src/users_file.c	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/users_file.c	2005-09-30 19:54:24.000000000 -0400
@@ -47,15 +47,16 @@
 	dbase_file_backend_t* backend;
 	
 	if (dbase_file_init(
-		NULL, /* FIXME */
-		&SEMANAGE_USER_FILE_RTABLE,
+		NULL,                          /* FIXME: backing file         */
+		&SEMANAGE_USER_FILE_RTABLE,    /* record backend method table */
 		&backend) < 0)
 		return STATUS_ERR;
 
 	return dbase_init(
-		&SEMANAGE_USER_RTABLE,
-		backend,
-		&SEMANAGE_FILE_BTABLE,
+		&SEMANAGE_USER_RTABLE,         /* record base method table    */
+		backend,                       /* backend                     */
+		&SEMANAGE_FILE_BTABLE,         /* backend method table        */
+		1,                             /* cacheable                   */
 		dbase);
 }
 

Re: [ SEMANAGE ] Break up interfaces.h, implement parsing helpers

[Ivan Gyurdiev]

[-- Attachment #1: Type: text/plain, Size: 702 bytes --]

Here's one more.

Patch redistributes interfaces.h back into database.h, database_file.h, 
database_direct.h.
I promise I'll stop moving functionality around now - I'm very happy 
with where it's at (for now :)

Moves parse stuff into parse_utils.[c,h]. Implement parsing helpers that 
will be used for  the user parser (and others). Testing?
It used to work (and pass valgrind) back when I was implementing it for 
libselinux and libsepol. Haven't tested it since then, but nothing's 
changed. Since nothing's using this code, I thought it'd be okay to 
merge - even if it has bugs (which it shouldn't). I'll do more testing 
when I get the rest of the framework set up, so I can read the files.






[-- Attachment #2: libsemanage.redistribute.diff --]
[-- Type: text/x-patch, Size: 24357 bytes --]

diff -Naur libsemanage/src/database.c libsemanage.new/src/database.c
--- libsemanage/src/database.c	2005-09-30 21:38:51.000000000 -0400
+++ libsemanage.new/src/database.c	2005-09-30 20:47:59.000000000 -0400
@@ -2,7 +2,6 @@
 #include <stddef.h>
 #include "debug.h"
 #include "database.h"
-#include "interfaces.h"
 #include "handle.h"
 
 /* Initialize a database */
diff -Naur libsemanage/src/database_direct.c libsemanage.new/src/database_direct.c
--- libsemanage/src/database_direct.c	2005-09-30 21:38:51.000000000 -0400
+++ libsemanage.new/src/database_direct.c	2005-09-30 20:47:44.000000000 -0400
@@ -1,11 +1,10 @@
 struct dbase_direct_backend;
 typedef struct dbase_direct_backend dbase_backend_t;
-#define BACKEND_DEFINED
+#define DBASE_BACKEND_DEFINED
 
 #include <stdlib.h>
 #include <sepol/policydb.h>
 #include "database_direct.h"
-#include "interfaces.h"
 #include "debug.h"
 
 /* POLICY DIRECT backend */
diff -Naur libsemanage/src/database_direct.h libsemanage.new/src/database_direct.h
--- libsemanage/src/database_direct.h	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/database_direct.h	2005-09-30 21:29:42.000000000 -0400
@@ -1,12 +1,26 @@
 #ifndef _SEMANAGE_DATABASE_DIRECT_INTERNAL_H_
 #define _SEMANAGE_DATABASE_DIRECT_INTERNAL_H_
 
+#include <sepol/policydb.h>
 #include "database.h"
-#include "interfaces.h"
 
 struct dbase_direct_backend;
 typedef struct dbase_direct_backend dbase_direct_backend_t;
 
+/* POLICY DIRECT extension to RECORD interface - method table */
+typedef struct record_direct_table {
+
+	/* Load record into the policy database  */
+	int (*load) (policydb_t* policy, record_t* record);
+
+	/* Iterate over records */
+	int (*iterate) (
+		policydb_t* policydb,
+		int (*fn)(record_t* record, void* fn_arg),
+	void* arg);
+
+} record_direct_table_t;
+
 /* POLICY DIRECT backend - initialization */
 extern int dbase_direct_init(
 	const char* filename,
diff -Naur libsemanage/src/database_file.c libsemanage.new/src/database_file.c
--- libsemanage/src/database_file.c	2005-09-30 21:38:51.000000000 -0400
+++ libsemanage.new/src/database_file.c	2005-09-30 20:50:48.000000000 -0400
@@ -1,13 +1,10 @@
 struct dbase_file_backend;
 typedef struct dbase_file_backend dbase_backend_t;
-#define BACKEND_DEFINED
+#define DBASE_BACKEND_DEFINED
 
-#include <stdio.h>
 #include <stdlib.h>
-#include <errno.h>
-#include <stdio_ext.h>
 #include "debug.h"
-#include "interfaces.h"
+#include "parse_utils.h"
 #include "database_file.h"
 
 /* FILE backend */ 
@@ -20,25 +17,6 @@
 	record_file_table_t* rftable;
 };
 
-static int dbase_file_open(parse_info_t* info) {
-
-	info->file_stream = fopen(info->filename, "r");
-	if (!info->file_stream && (errno != ENOENT)) {
-		/* FIXME: handle error condition */
-		return STATUS_ERR;
-	}
-	if (info->file_stream)
-		__fsetlocking(info->file_stream, FSETLOCKING_BYCALLER);
-
-	return STATUS_SUCCESS;
-}
-
-static void dbase_file_close(parse_info_t* info) {
-	if (info->file_stream && (fclose(info->file_stream) < 0))
-		/* FIXME: handle error condition */
-	info->file_stream = NULL;
-}
-
 static int dbase_file_cache(
 	dbase_t* dbase,
 	dbase_file_backend_t* backend) {
@@ -57,7 +35,7 @@
 	parse_info.parse_arg = NULL;
 	/* FIXME: pass from caller? */
 
-	if (dbase_file_open(&parse_info) < 0)
+	if (parse_open(&parse_info) < 0)
                 goto err;
 
 	/* Main processing loop */
@@ -83,7 +61,7 @@
 
 	} while (pstatus != STATUS_NODATA);
 
-	dbase_file_close(&parse_info);
+	parse_close(&parse_info);
 	dbase->cached = 1;
 	dbase->cache_invalid = 0;
 	return STATUS_SUCCESS;
@@ -91,7 +69,7 @@
 	err:
 	/* FIXME: handle failure */
 	dbase->rtable->free(process_record);
-	dbase_file_close(&parse_info);
+	parse_close(&parse_info);
 	return STATUS_ERR;
 }
 
diff -Naur libsemanage/src/database_file.h libsemanage.new/src/database_file.h
--- libsemanage/src/database_file.h	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/database_file.h	2005-09-30 20:51:37.000000000 -0400
@@ -1,12 +1,26 @@
 #ifndef _SEMANAGE_DATABASE_FILE_INTERNAL_H_
 #define _SEMANAGE_DATABASE_FILE_INTERNAL_H_
 
+#include <stdio.h>
 #include "database.h"
-#include "interfaces.h"
+#include "parse_utils.h"
 
 struct dbase_file_backend;
 typedef struct dbase_file_backend dbase_file_backend_t;
 
+/* FILE extension to RECORD interface - method table */
+typedef struct record_file_table {
+
+	/* Fill record structuure based on supplied parse info.
+	 * Parser must return STATUS_NODATA when EOF is encountered.
+	 * Parser must handle NULL file stream correctly */
+	int (*parse) (parse_info_t* info, record_t* record);
+
+	/* Print record to stream */
+	int (*print) (record_t* record, FILE* str);
+
+} record_file_table_t;
+
 /* FILE backend - initialization */
 extern int dbase_file_init(
 	const char* filename,
diff -Naur libsemanage/src/database.h libsemanage.new/src/database.h
--- libsemanage/src/database.h	2005-09-30 21:38:51.000000000 -0400
+++ libsemanage.new/src/database.h	2005-09-30 21:29:30.000000000 -0400
@@ -1,20 +1,25 @@
 #ifndef _SEMANAGE_DATABASE_H_
 #define _SEMANAGE_DATABASE_H_
 
-#ifndef RECORD_DEFINED
+#ifndef DBASE_RECORD_DEFINED
 typedef void* record_t;
 typedef void* record_key_t;
-#define RECORD_DEFINED
+#define DBASE_RECORD_DEFINED
 #endif
 
-#ifndef BACKEND_DEFINED
+#ifndef DBASE_BACKEND_DEFINED
 typedef void* dbase_backend_t;
-#define BACKEND_DEFINED
+#define DBASE_BACKEND_DEFINED
 #endif
 
 #include <stddef.h>
 #include "handle.h"
-#include "interfaces.h"
+
+struct record_table;
+typedef struct record_table record_table_t;
+
+struct dbase_backend_table;
+typedef struct dbase_backend_table dbase_backend_table_t;
 
 /* ==========================================
    Internal representation of the database.
@@ -56,6 +61,48 @@
    API for use elsewhere:
   ======================================= */
 
+/* RECORD interface - method table */
+struct record_table {
+
+	/* Create a record */
+	int (*create) (record_t** rec);
+
+	/* Extract key from record */
+	int (*key_extract) (record_t* rec, record_key_t** key);
+
+	/* Free record key */
+	void (*key_free) (record_key_t* key);
+
+	/* Return 0 if record can be matched against key,
+	 * and 1 otherwise */
+	int (*compare) (record_t* rec, record_key_t* key);
+
+	/* Deep-copy clone of this record */
+	int (*clone) (record_t* rec, record_t** new_rec);
+
+	/* Deallocate record resources. Must
+	 * sucessfully handle NULL. */
+	void (*free) (record_t* rec);
+
+};
+
+/* DBASE_BACKEND interface - method table */
+struct dbase_backend_table {
+
+	/* Cache backend into dbase */
+	int (*cache) (dbase_t* dbase, dbase_backend_t* backend);
+
+	/* Flush dbase to backend */
+	int (*flush) (dbase_t* dbase, dbase_backend_t* backend);
+
+	/* Iterate over backend */
+	int (*iterate) (
+		dbase_backend_t* backend,
+		int (*fn)(record_t* record, void* fn_arg),
+		void* arg);
+
+};
+
 /* Initialize a database */
 extern int dbase_init(
 	record_table_t* rtable,
diff -Naur libsemanage/src/interfaces.h libsemanage.new/src/interfaces.h
--- libsemanage/src/interfaces.h	2005-09-30 21:38:51.000000000 -0400
+++ libsemanage.new/src/interfaces.h	1969-12-31 19:00:00.000000000 -0500
@@ -1,105 +0,0 @@
-#ifndef _SEMANAGE_RECORD_FILE_H_
-#define _SEMANAGE_RECORD_FILE_H_
-
-/* The interfaces below are used for polymorphism */
-
-#ifndef RECORD_DEFINED
-typedef void* record_t;
-typedef void* record_key_t;
-#define RECORD_DEFINED
-#endif
-
-#ifndef BACKEND_DEFINED
-typedef void* dbase_backend_t;
-#define BACKEND_DEFINED
-#endif
-
-#include <stdio.h>
-#include <sepol/policydb.h>
-
-/* Circular dependency - can't include database.h */
-struct dbase;
-
-/* Structure available during parsing (created internally) */
-typedef struct parse_info {
-	/* Parser controlled */
-	/* Stub */
-
-	/* Engine-controlled */
-	const char* filename;   /* Input stream file name */
-	FILE* file_stream;      /* Input stream handle */
-
-	/* Caller supplied */
-	void* parse_arg;
-} parse_info_t;
-
-/* RECORD interface - method table */
-typedef struct record_table {
-
-	/* Create a record */
-	int (*create) (record_t** rec);
-
-	/* Extract key from record */
-	int (*key_extract) (record_t* rec, record_key_t** key);
-	
-	/* Free record key */
-	void (*key_free) (record_key_t* key);
-
-	/* Return 0 if record can be matched against key,
-	 * and 1 otherwise */
-	int (*compare) (record_t* rec, record_key_t* key);
-
-	/* Deep-copy clone of this record */
-	int (*clone) (record_t* rec, record_t** new_rec);
-
-	/* Deallocate record resources. Must
-	 * sucessfully handle NULL. */
-	void (*free) (record_t* rec);
-
-} record_table_t;
-
-/* FILE extension to RECORD interface - method table */
-typedef struct record_file_table {
-
-	/* Fill record structuure based on supplied parse info.
-	 * Parser must return STATUS_NODATA when EOF is encountered.
-	 * Parser must handle NULL file stream correctly */
-	int (*parse) (parse_info_t* info, record_t* record);
-
-	/* Print record to stream */
-	int (*print) (record_t* record, FILE* str);
-
-} record_file_table_t;
-
-/* POLICY DIRECT extension to RECORD interface - method table */
-typedef struct record_direct_table {
-
-	/* Load record into the policy database  */
-	int (*load) (policydb_t* policy, record_t* record); 
-
-	/* Iterate over records */
-	int (*iterate) (
-		policydb_t* policydb,
-		int (*fn)(record_t* record, void* fn_arg),
-		void* arg);
-
-} record_direct_table_t;
-
-/* DBASE_BACKEND interface - method table */
-typedef struct dbase_backend_table {
-
-	/* Cache backend into dbase */
-	int (*cache) (struct dbase* dbase, dbase_backend_t* backend);	
-
-	/* Flush dbase to backend */
-	int (*flush) (struct dbase* dbase, dbase_backend_t* backend);
-
-	/* Iterate over backend */
-	int (*iterate) (
-		dbase_backend_t* backend,
-		int (*fn)(record_t* record, void* fn_arg),
-		void* arg);
-
-} dbase_backend_table_t;
-
-#endif 
diff -Naur libsemanage/src/parse_utils.c libsemanage.new/src/parse_utils.c
--- libsemanage/src/parse_utils.c	1969-12-31 19:00:00.000000000 -0500
+++ libsemanage.new/src/parse_utils.c	2005-09-30 21:37:35.000000000 -0400
@@ -0,0 +1,268 @@
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include "parse_utils.h"
+#include "debug.h"
+
+int parse_init(
+	const char* filename,
+	void* parse_arg,
+	parse_info_t** info) {
+	
+	parse_info_t* tmp_info = 
+		(parse_info_t*) malloc(sizeof(parse_info_t));
+		
+	if (!tmp_info) {
+		/* FIXME: handle error condition */
+		return STATUS_ERR;
+	}
+
+	tmp_info->filename = filename;
+	tmp_info->file_stream = NULL;
+	tmp_info->working_copy = NULL;
+	tmp_info->orig_line = NULL;
+	tmp_info->ptr = NULL;
+	tmp_info->lineno = 0;
+	tmp_info->parse_arg = parse_arg;
+
+	*info = tmp_info;
+	return STATUS_SUCCESS;
+}
+
+void parse_release(parse_info_t* info) {
+	parse_close(info);
+	parse_dispose_line(info);
+	free(info);
+}
+
+int parse_open(parse_info_t* info) {
+	
+	info->file_stream = fopen(info->filename, "r");
+	if (!info->file_stream && (errno != ENOENT)) {
+		/* FIXME: handle error condition */
+		return STATUS_ERR;
+	}
+	if (info->file_stream)
+		__fsetlocking(info->file_stream, FSETLOCKING_BYCALLER);
+
+	return STATUS_SUCCESS;
+}
+
+void parse_close(parse_info_t* info) {
+	if (info->file_stream && (fclose(info->file_stream) < 0)) {
+		/* FIXME: handle error condition */
+	}
+	info->file_stream = NULL;
+}
+
+void parse_dispose_line(parse_info_t* info) {
+	if (info->orig_line) {
+		free(info->orig_line);
+		info->orig_line = NULL;
+	}
+
+	if (info->working_copy) {
+		free(info->working_copy);
+		info->working_copy = NULL;
+	}
+
+        info->ptr = NULL;
+}
+
+int parse_skip_space(parse_info_t* info) {
+	size_t len = 0;
+	int lineno = info->lineno;
+	char* buffer = NULL;
+	char* ptr;
+
+	if (info->ptr) {
+		while (*(info->ptr) && isspace(*(info->ptr)))
+			info->ptr++;
+
+		if (*(info->ptr))
+			return STATUS_SUCCESS;
+	}
+
+	parse_dispose_line(info);
+
+	while (info->file_stream &&
+		(getline(&buffer, &len, info->file_stream) > 0)) {
+
+		lineno++;
+
+		/* Eat newline, preceding whitespace */
+		len = strlen(buffer);
+		if (buffer[len - 1] == '\n')
+			buffer[len - 1] = '\0';
+
+		ptr = buffer;
+		while (*ptr && isspace(*ptr))
+			ptr++;
+
+		/* Skip comments and blank lines */
+		if (!(*ptr) || *ptr == '#')
+			goto next;
+
+		else {
+			char* tmp = strdup(buffer);
+			if (!tmp)
+				goto omem;
+
+			info -> lineno = lineno;
+			info -> working_copy = buffer;
+			info -> orig_line = tmp;
+			info -> ptr = ptr;
+
+			return STATUS_SUCCESS;
+		}
+
+		next:
+		free(buffer);
+		buffer = NULL;
+	}
+
+	free(buffer);
+	buffer = NULL;
+
+	return STATUS_SUCCESS;
+
+	omem:
+	/* DEBUG(__FUNCTION__, "out of memory\n"); */
+	free(buffer);
+	return STATUS_ERR;
+}
+
+int parse_assert_noeof(parse_info_t* info) {
+	if (!info->ptr) {
+		/* DEBUG(__FUNCTION__, "unexpected end of file\n"); */
+		return STATUS_ERR;
+	}
+
+	return STATUS_SUCCESS;
+}
+
+int parse_assert_space(parse_info_t* info) {
+	if (!isspace(*(info->ptr))) {
+		/* DEBUG(__FUNCTION__, "malformed line %u in %s: \n%s\n",
+			info->lineno, info->filename, info->orig_line); */
+		return STATUS_ERR;
+	}
+	return STATUS_SUCCESS;
+}
+
+
+int parse_assert_ch(parse_info_t* info, const char ch) {
+	if (parse_assert_noeof(info) < 0)
+		return STATUS_ERR;
+
+	if (*(info->ptr) != ch) {
+		/* DEBUG(__FUNCTION__, "malformed line %u, char %u,"
+			" in %s: \n%s\n expected character \'%c\', but "
+			"found \'%c\'\n",
+			info->lineno, (info->ptr - info->working_copy),
+			info->filename, info->orig_line, ch, *(info->ptr)); */
+		return STATUS_ERR;
+	}
+
+	return STATUS_SUCCESS;
+}
+
+int parse_assert_str(parse_info_t* info, const char* assert_str) {
+
+	if (parse_assert_noeof(info) < 0)
+		return STATUS_ERR;
+
+	if (strncmp(info->ptr, assert_str, strlen(assert_str))) {
+		/* DEBUG(__FUNCTION__, "malformed line %u in %s: \n%s\n"
+		"expected string \"%s\", but found \"%s\"\n",
+		info->lineno, info->filename, info->orig_line, assert_str,
+		info->ptr); */
+
+		return STATUS_ERR;
+	}
+
+	info->ptr += strlen(assert_str);
+	return STATUS_SUCCESS;
+}
+
+int parse_optional_ch(parse_info_t* info, const char ch) {
+	if ((info->ptr) && (*(info->ptr) != ch))
+		return STATUS_NODATA;
+	else {
+		info->ptr++;
+		return STATUS_SUCCESS;
+	}
+}
+
+int parse_optional_str(parse_info_t* info, const char* str) {
+	if (strncmp(info->ptr, str, strlen(str)))
+		return STATUS_NODATA;
+	else {
+		info->ptr += strlen(str);
+		return STATUS_SUCCESS;
+	}
+}
+
+char* parse_filter_space_until(parse_info_t* info, const char* substr) {
+
+	char* buffer = NULL, *wr, *tmp;
+	int len = strlen(substr);
+	int used = 0;
+	int csize = 0;
+
+	wr = buffer;
+	do {
+		/* If content is not a space, copy to buffer */
+		if (!isspace(info->ptr)) {
+
+			/* If we're out of space, increase by 15 */
+			if (used + 1 >= csize) {
+				csize += 15;
+				tmp = realloc(buffer, csize);
+				if (!tmp)
+					goto omem;
+				buffer = tmp;
+			}
+			*wr++ = *info->ptr;
+			used++;
+		}
+		info->ptr++;
+
+		if (parse_skip_space(info) < 0)
+			goto err;
+		if (parse_assert_noeof(info) < 0)
+			goto err;
+
+	} while(!strncasecmp(info->ptr, substr, len));
+
+	if (!buffer) {
+		buffer = malloc(1);
+		if (!buffer)
+			goto omem;
+	}
+
+	*wr = '\0';
+
+	return buffer;
+
+	omem:
+	/* DEBUG(__FUNCTION__, "out of memory\n"); */
+
+	err:
+	free(buffer);
+	return NULL;
+}
+
+
+char* parse_fetch_string_inplace(parse_info_t* info) {
+	char* start = info->ptr;
+
+	while (*(info->ptr) && !isspace(*(info->ptr)))
+		info->ptr++;
+	*(info->ptr)++ = '\0';
+
+	return start;
+} 
diff -Naur libsemanage/src/parse_utils.h libsemanage.new/src/parse_utils.h
--- libsemanage/src/parse_utils.h	1969-12-31 19:00:00.000000000 -0500
+++ libsemanage.new/src/parse_utils.h	2005-09-30 21:27:31.000000000 -0400
@@ -0,0 +1,90 @@
+#ifndef _SEMANAGE_PARSE_UTILS_INTERNAL_H_
+#define _SEMANAGE_PARSE_UTILS_INTERNAL_H_
+
+#include <stdio.h>
+
+typedef struct parse_info {
+	unsigned int lineno;    /* Current line number */
+	char* orig_line;        /* Original copy of the line being parsed */
+	char* working_copy;     /* Working copy of the line being parsed */
+	char* ptr;              /* Current parsing location */
+
+	const char* filename;   /* Input stream file name */
+	FILE* file_stream;      /* Input stream handle */
+
+	void* parse_arg;        /* Caller supplied argument */
+} parse_info_t;
+
+/* Initialize structure */
+extern int parse_init(
+	const char* filename, 
+	void* parse_arg, 
+	parse_info_t** info);
+
+/* Release structure */
+extern void parse_release(
+	parse_info_t* info);
+
+/* Open file */
+extern int parse_open(
+	parse_info_t* info);
+
+/* Close file */
+extern void parse_close(
+	parse_info_t* info);
+
+/* Release resources for current line */
+extern void parse_dispose_line(
+	parse_info_t* info);
+
+/* Skip all whitespace and comments */
+extern int parse_skip_space(
+	parse_info_t* info);
+
+/* Throw an error if we're at the EOF */
+extern int parse_assert_noeof(
+	parse_info_t* info);
+	
+/* Throw an error if no whitespace follows */
+extern int parse_assert_space(
+	parse_info_t* info);
+
+/* Throw an error if the specified character 
+ * does not follow  */
+extern int parse_assert_ch(
+	parse_info_t* info, 
+	const char ch);
+
+/* Throw an error if the specified string 
+ * does not follow is not found */
+extern int parse_assert_str(
+	parse_info_t* info, 
+	const char* assert_str);
+
+/* Eat the optional character, if found,
+ * or return STATUS_NODATA */
+extern int parse_optional_ch(
+	parse_info_t* info, 
+	const char ch);
+
+/* Eat the optional string, if found,
+ * or return STATUS_NODATA */
+extern int parse_optional_str(
+	parse_info_t* info, 
+	const char* str);
+
+/* Buffer a string, filtering all 
+ * whitespace, until substring is encountered,
+ * at which point return the buffered string */ 
+extern char* parse_filter_space_until(
+	parse_info_t* info,
+	const char* substr);
+
+/* Extract the next string (delimited by 
+ * whitespace), and move the read pointer past it. 
+ * This string is overwritten when the next line 
+ * is read (inplace storage) */
+extern char* parse_fetch_string_inplace(
+	parse_info_t* info);
+
+#endif
diff -Naur libsemanage/src/ports.c libsemanage.new/src/ports.c
--- libsemanage/src/ports.c	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/ports.c	2005-09-30 20:48:31.000000000 -0400
@@ -6,14 +6,13 @@
 
 typedef semanage_port_key_t record_key_t;
 typedef semanage_port_t record_t;
-#define RECORD_DEFINED
+#define DBASE_RECORD_DEFINED
 
 #include <stddef.h>
 #include <stdlib.h>
 #include <semanage/ports.h>
 #include "database.h"
 #include "handle.h"
-#include "interfaces.h"
 
 /* Port base functions */
 record_table_t SEMANAGE_PORT_RTABLE = {
diff -Naur libsemanage/src/ports_direct.c libsemanage.new/src/ports_direct.c
--- libsemanage/src/ports_direct.c	2005-09-30 21:38:51.000000000 -0400
+++ libsemanage.new/src/ports_direct.c	2005-09-30 20:47:33.000000000 -0400
@@ -5,18 +5,17 @@
 
 typedef sepol_port_t record_t;
 typedef sepol_port_key_t record_key_t;
-#define RECORD_DEFINED
+#define DBASE_RECORD_DEFINED
 
 struct dbase_direct_backend;
 typedef struct dbase_direct_backend dbase_backend_t;
-#define BACKEND_DEFINED
+#define DBASE_BACKEND_DEFINED
 
 #include <stddef.h>
 #include <sepol/ports.h>
 #include <sepol/policydb.h>
 #include "ports_direct.h"
 #include "debug.h"
-#include "interfaces.h"
 #include "database_direct.h"
 
 /* PORT RECORD (SEPOL): method table (ports_policy.c) */
diff -Naur libsemanage/src/ports_file.c libsemanage.new/src/ports_file.c
--- libsemanage/src/ports_file.c	2005-09-30 21:38:51.000000000 -0400
+++ libsemanage.new/src/ports_file.c	2005-09-30 20:51:10.000000000 -0400
@@ -2,16 +2,16 @@
 
 typedef semanage_port_t record_t;
 typedef semanage_port_key_t record_key_t;
-#define RECORD_DEFINED
+#define DBASE_RECORD_DEFINED
 
 struct dbase_file_backend;
 typedef struct dbase_file_backend dbase_backend_t;
-#define BACKEND_DEFINED
+#define DBASE_BACKEND_DEFINED
 
 #include <stdlib.h>
 #include <stdio.h>
-#include "interfaces.h"
 #include "database_file.h"
+#include "parse_utils.h"
 #include "debug.h"
 
 static int port_print(
diff -Naur libsemanage/src/ports_policy.c libsemanage.new/src/ports_policy.c
--- libsemanage/src/ports_policy.c	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/ports_policy.c	2005-09-30 20:47:05.000000000 -0400
@@ -6,14 +6,13 @@
 
 typedef sepol_port_key_t record_key_t;
 typedef sepol_port_t record_t;
-#define RECORD_DEFINED
+#define DBASE_RECORD_DEFINED
 
 #include <semanage/port_record.h>
 #include <stddef.h>
 #include <stdlib.h>
 #include "handle.h"
 #include "database.h"
-#include "interfaces.h"
 #include "ports_policy.h"
 #include "debug.h"
 
diff -Naur libsemanage/src/record.h libsemanage.new/src/record.h
--- libsemanage/src/record.h	1969-12-31 19:00:00.000000000 -0500
+++ libsemanage.new/src/record.h	2005-09-30 20:45:50.000000000 -0400
@@ -0,0 +1,35 @@
+#ifndef _SEMANAGE_RECORD_H_
+#define _SEMANAGE_RECORD_H_
+
+#ifndef RECORD_DEFINED
+typedef void* record_t;
+typedef void* record_key_t;
+#define RECORD_DEFINED
+#endif
+
+/* RECORD interface - method table */
+typedef struct record_table {
+
+	/* Create a record */
+	int (*create) (record_t** rec);
+
+	/* Extract key from record */
+	int (*key_extract) (record_t* rec, record_key_t** key);
+	
+	/* Free record key */
+	void (*key_free) (record_key_t* key);
+
+	/* Return 0 if record can be matched against key,
+	 * and 1 otherwise */
+	int (*compare) (record_t* rec, record_key_t* key);
+
+	/* Deep-copy clone of this record */
+	int (*clone) (record_t* rec, record_t** new_rec);
+
+	/* Deallocate record resources. Must
+	 * sucessfully handle NULL. */
+	void (*free) (record_t* rec);
+
+} record_table_t;
+
+#endif 
diff -Naur libsemanage/src/users.c libsemanage.new/src/users.c
--- libsemanage/src/users.c	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/users.c	2005-09-30 20:48:40.000000000 -0400
@@ -6,14 +6,13 @@
 
 typedef semanage_user_key_t record_key_t;
 typedef semanage_user_t record_t;
-#define RECORD_DEFINED
+#define DBASE_RECORD_DEFINED
 
 #include <stddef.h>
 #include <stdlib.h>
 #include <semanage/users.h>
 #include "handle.h"
 #include "database.h"
-#include "interfaces.h"
 
 /* Record base functions */
 record_table_t SEMANAGE_USER_RTABLE = {
diff -Naur libsemanage/src/users_direct.c libsemanage.new/src/users_direct.c
--- libsemanage/src/users_direct.c	2005-09-30 21:38:51.000000000 -0400
+++ libsemanage.new/src/users_direct.c	2005-09-30 20:46:55.000000000 -0400
@@ -5,18 +5,17 @@
 
 typedef sepol_user_t record_t;
 typedef sepol_user_key_t record_key_t;
-#define RECORD_DEFINED
+#define DBASE_RECORD_DEFINED
 
 struct dbase_direct_backend;
 typedef struct dbase_direct_backend dbase_backend_t;
-#define BACKEND_DEFINED
+#define DBASE_BACKEND_DEFINED
 
 #include <stddef.h>
 #include <sepol/users.h>
 #include <sepol/policydb.h>
 #include "users_direct.h"
 #include "debug.h"
-#include "interfaces.h"
 #include "database_direct.h"
 
 /* USER RECORD (SEPOL): method table (users_policy.c) */
diff -Naur libsemanage/src/users_file.c libsemanage.new/src/users_file.c
--- libsemanage/src/users_file.c	2005-09-30 21:38:51.000000000 -0400
+++ libsemanage.new/src/users_file.c	2005-09-30 20:51:28.000000000 -0400
@@ -2,16 +2,16 @@
 
 typedef semanage_user_t record_t;
 typedef semanage_user_key_t record_key_t;
-#define RECORD_DEFINED
+#define DBASE_RECORD_DEFINED
 
 struct dbase_file_backend;
 typedef struct dbase_file_backend dbase_backend_t;
-#define BACKEND_DEFINED 
+#define DBASE_BACKEND_DEFINED 
 
 #include <stdlib.h>
 #include <stdio.h>
-#include "interfaces.h"
 #include "database_file.h"
+#include "parse_utils.h"
 #include "debug.h"
 
 static int user_print(
diff -Naur libsemanage/src/users_policy.c libsemanage.new/src/users_policy.c
--- libsemanage/src/users_policy.c	2005-09-30 16:19:07.000000000 -0400
+++ libsemanage.new/src/users_policy.c	2005-09-30 20:48:51.000000000 -0400
@@ -6,14 +6,13 @@
 
 typedef sepol_user_key_t record_key_t;
 typedef sepol_user_t record_t;
-#define RECORD_DEFINED
+#define DBASE_RECORD_DEFINED
 
 #include <stddef.h>
 #include <stdlib.h>
 #include <semanage/user_record.h>
 #include "handle.h"
 #include "database.h"
-#include "interfaces.h"
 #include "users_policy.h"
 #include "debug.h"
 

Re: [ SEMANAGE ] Break up interfaces.h, implement parsing helpers

[Stephen Smalley]

On Fri, 2005-09-30 at 21:49 -0400, Ivan Gyurdiev wrote:
> Patch redistributes interfaces.h back into database.h, database_file.h, 
> database_direct.h.
> I promise I'll stop moving functionality around now - I'm very happy 
> with where it's at (for now :)
> 
> Moves parse stuff into parse_utils.[c,h]. Implement parsing helpers that 
> will be used for  the user parser (and others). Testing?
> It used to work (and pass valgrind) back when I was implementing it for 
> libselinux and libsepol. Haven't tested it since then, but nothing's 
> changed. Since nothing's using this code, I thought it'd be okay to 
> merge - even if it has bugs (which it shouldn't). I'll do more testing 
> when I get the rest of the framework set up, so I can read the files.

Merged.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEMANAGE ] [ SEPOL ] Backend iterate function

[Stephen Smalley]

On Fri, 2005-09-30 at 20:19 -0400, Ivan Gyurdiev wrote:
> The first patch here replaces the user list() function which I just 
> wrote with an iterate() one. This exercise wasn't useless - most of the 
> code is exactly the same - we just don't put the users in an array, and 
> we call a handler. List is removed, because it can be implemented on top 
> of iterate. In fact, most of the other functions in the sepol 
> users/interfaces/ports API should be removed once semanage is properly 
> functioning. I've also added iterate() on interfaces, ports, and 
> booleans. Tried this, and it seems to work fine - print handler prints 
> out all the data.
> 
> The second patch corrects the corresponding table in semanage (the 
> record_direct_table_t), and sets those functions in the tables for users 
> and ports. It also adds an iterate() function to the backend table, and 
> stubs for that. Finally, it adds cacheable parameter to each database, 
> that will indicate whether the database should be cached. If it says 0, 
> then .... it will fallback to implementation via iterate() in the 
> backend (without making a list of records)) (I haven't set this up yet). 
> Currently all databases are cacheable.

Merged.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [10 / 9] [ SEMANAGE ] FIx placement of function table

[Karl MacMillan]

> -----Original Message-----
> From: Stephen Smalley [mailto:sds@tycho.nsa.gov]
> Sent: Friday, September 30, 2005 4:28 PM
> To: Ivan Gyurdiev
> Cc: selinux@tycho.nsa.gov; Karl MacMillan
> Subject: Re: [10 / 9] [ SEMANAGE ] FIx placement of function table
> 
> On Fri, 2005-09-30 at 16:30 -0400, Ivan Gyurdiev wrote:
> > In one of my patches I broke up semanage_private.h into pieces.
> > However, I've placed things incorrectly, because I misunderstood what
> > things were supposed to do.
> >
> > This corrects one of the problems - it moves the function table into a
> > new file called policy_connection.h. It also renames that structure,
> > because I use at least 3 or 4 different types of func_tables in my
> > code.  For consistency this should go into interfaces.h, but perhaps I
> > should split up interfaces.h into several headers instead (?)
> >
> > The other problem is the connection object - module_conn_t. I put that
> > in modules.h, because it said "module", but it doesn't look like it
> > belongs there. Karl, where should I move this? Should it go into
> > direct_api.h ? I see the semanage_store makes use of that... is the
> > semanage_store specific to the direct API?
> >
> > On a related note, where can I put policydb pointers - I need two of
> > them for starters - ACTIVE, and LOCAL_MOD... the actual policydb objects
> > will be created on demand (say when the user decides to query
> > something), or when commit decides to re-create the active policy from
> > scratch, but I need the pointers to them in a data structure linked into
> > the handle (that's specific to direct api?) Should this go into
> > conn.module (renaming that to conn.direct ?)
> 
> Hmmm...I just got done merging the others (available in the sourceforge
> CVS), although naturally all of this is still open to debate and can be
> reverted at any time.
> 
> I think at this point I'll wait for clarification from Karl et al on
> whether this patch (and the prior ones as well) are consistent with
> their plans for libsemanage.
> 

We're looking - should have some thoughts later today.

Karl

------
Karl MacMillan
Tresys Technology
http://www.tresys.com

> --
> Stephen Smalley
> National Security Agency



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [10 / 9] [ SEMANAGE ] FIx placement of function table

[Stephen Smalley]

On Fri, 2005-09-30 at 16:30 -0400, Ivan Gyurdiev wrote:
> In one of my patches I broke up semanage_private.h into pieces.  
> However, I've placed things incorrectly, because I misunderstood what 
> things were supposed to do.
> 
> This corrects one of the problems - it moves the function table into a 
> new file called policy_connection.h. It also renames that structure, 
> because I use at least 3 or 4 different types of func_tables in my 
> code.  For consistency this should go into interfaces.h, but perhaps I 
> should split up interfaces.h into several headers instead (?)
> 
> The other problem is the connection object - module_conn_t. I put that 
> in modules.h, because it said "module", but it doesn't look like it 
> belongs there. Karl, where should I move this? Should it go into 
> direct_api.h ? I see the semanage_store makes use of that... is the 
> semanage_store specific to the direct API?
> 
> On a related note, where can I put policydb pointers - I need two of 
> them for starters - ACTIVE, and LOCAL_MOD... the actual policydb objects 
> will be created on demand (say when the user decides to query 
> something), or when commit decides to re-create the active policy from 
> scratch, but I need the pointers to them in a data structure linked into 
> the handle (that's specific to direct api?) Should this go into 
> conn.module (renaming that to conn.direct ?)

Merged.  Karl, did you have any opinions on the above questions?

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Synchronization/Caching

[Ivan Gyurdiev]

>> The other problem is the connection object - module_conn_t. I put that 
>> in modules.h, because it said "module", but it doesn't look like it 
>> belongs there. Karl, where should I move this? Should it go into 
>> direct_api.h ? I see the semanage_store makes use of that... is the 
>> semanage_store specific to the direct API?
>>
>> On a related note, where can I put policydb pointers - I need two of 
>> them for starters - ACTIVE, and LOCAL_MOD... the actual policydb objects 
>> will be created on demand (say when the user decides to query 
>> something), or when commit decides to re-create the active policy from 
>> scratch, but I need the pointers to them in a data structure linked into 
>> the handle (that's specific to direct api?) Should this go into 
>> conn.module (renaming that to conn.direct ?)
>>     
>
> Merged.  Karl, did you have any opinions on the above questions?
>   
I am still interested in the answer to the first question (where should 
conn be placed?).

The second question.... is a bit more complicated than I originally 
thought, because having a policydb in memory (or a linked list in memory 
for the contents of a file) is kind of a problem - it requires 
synchronization. It brings up the issue of whether queries will be done 
outside of transaction, on the active sandbox (and if so, what kind of 
cache procedures will be implemented (none - drop the cache on function 
exit?)), or inside of transaction, on the tmp sandbox, with the 
transaction lock held. Also, I'm not sure when and where the read lock 
is to be used.

Also, I don't particularly like the way the current direct_databse takes 
a pointer to a policydb elsewhere - that's kind of a hack, that's 
intended to get multiple dbase views to share the same in-memory 
policydb object, but I doubt it's going to work, so I think I'll get rid 
of it for now, and figure out how to implement this properly - will we 
even have a persistent cache of policy/files across functions outside of 
transaction mode?


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.