From: Ivan Gyurdiev <ivg2@cornell.edu>
To: Kevin Carr <kcarr@tresys.com>
Cc: sds@tycho.nsa.gov, selinux@tycho.nsa.gov, SELinux-dev@tresys.com
Subject: Re: [RFC][PATCH] extending the libsepol API
Date: Mon, 27 Mar 2006 19:27:33 -0500 [thread overview]
Message-ID: <442882F5.5010506@cornell.edu> (raw)
In-Reply-To: <200603241724.k2OHOlNq024142@gotham.columbia.tresys.com>
> imagine a user
> down the line wants a swig wrapper for libsepol. Function pointers are a
> bad idea to have in the API.
Is it fundamentally impossible to write a swig wrapper for a function
pointer?
I'm not so sure about that...
>> But that doesn't mean that no user of the library will want to use
>> key-based interfaces for lookups, ala an encapsulated form of the
>> avtab_search interface, or that we shouldn't provide such interfaces.
>>
>
> A key cannot be constructed for a rule that will return a single record.
> The key would contain all parts of the rule.
That depends on your record representation and what you're trying to
accomplish. Why can't a key be a (src_type, target_type, target_class)
triple, with the different access vectors being part of the data? What
do you imagine a "rule record" will look like?
The point of the key is to uniquely identify an object, for the purpose
of add/remove/modify -type management interface. Maybe such an interface
doesn't make sense in the case of rules - I'm not sure of what
higher-level goals you have. When I was thinking about writing a "rule
record" my goal was to support small changes to policy that users might
want to do - that was later superceded by loadable modules, so I didn't
have to worry about rule records - the module became the record instead,
as the unit of management.
> As I said, reimplementing these functions with new ones will allow these
> functions to continue working.
Which functions exactly are being discussed for deprecation? You want to
replace the _iterate functions with an explicit iterator object?
Does it really matter which one is chosen - they do pretty much the same
thing, don't they?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-03-28 0:27 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1143123154.28120.300.camel@moss-spartans.epoch.ncsc.mil>
2006-03-23 19:23 ` [RFC][PATCH] extending the libsepol API Kevin Carr
2006-03-23 19:58 ` Stephen Smalley
2006-03-24 13:37 ` Stephen Smalley
2006-03-24 17:24 ` Kevin Carr
2006-03-28 0:27 ` Ivan Gyurdiev [this message]
2006-03-28 0:42 ` Ivan Gyurdiev
2006-03-21 22:46 Kevin Carr
2006-03-22 12:51 ` Stephen Smalley
2006-03-22 15:55 ` Kevin Carr
2006-03-28 0:53 ` Ivan Gyurdiev
2006-03-23 20:41 ` Stephen Smalley
2006-03-27 23:59 ` Ivan Gyurdiev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=442882F5.5010506@cornell.edu \
--to=ivg2@cornell.edu \
--cc=SELinux-dev@tresys.com \
--cc=kcarr@tresys.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.