From: Ivan Gyurdiev <ivg2@cornell.edu>
To: Kevin Carr <kcarr@tresys.com>
Cc: sds@tycho.nsa.gov, selinux@tycho.nsa.gov,
"'Selinux-Dev'" <selinux-dev@tresys.com>
Subject: Re: [RFC][PATCH] extending the libsepol API
Date: Mon, 27 Mar 2006 19:53:42 -0500 [thread overview]
Message-ID: <44288916.9080804@cornell.edu> (raw)
In-Reply-To: <200603221555.k2MFtoNq001984@gotham.columbia.tresys.com>
> In the current implementation there is an issue of who owns the memory in a
> key. The key_create() functions just copy the pointer and not the contents
> of the string, so a key 'object' can live longer than the string used to
> create it and thus is easily misused by users of the library.
Yes, that was probably a design mistake... anyway, the keys are
record-specific, so I'm not sure it's necessary to follow the same
pattern for future keys [ except maybe for consistency ].
> Additionally,
> we thought the memory and programming overhead involved in creating, and
> destroying the keys was undesirable and not necessary. For example when we
> start iterating over all the types in all the rules of the policy, using
> keys can get expensive.
>
A key is used to locate data. Iteration does not involve locating data [
at least the current implementation loops over all the data in order ],
so no keys are used anywhere. There is overhead involved in converting
from base representation to an opaque record, and that's the price for
encapsulation / policy independence. You can probably get rid of the
overhead while keeping encapsulation [ with smarter record
implementation]... but independence of the record from policy seems to
require copying/expanding the data.
I think the existing records would best stay independent from policy,
esp. if they'll be serialized to go over the wire for the policy server.
New records could work differently...
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-03-28 0:53 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-21 22:46 [RFC][PATCH] extending the libsepol API Kevin Carr
2006-03-22 12:51 ` Stephen Smalley
2006-03-22 15:55 ` Kevin Carr
2006-03-28 0:53 ` Ivan Gyurdiev [this message]
2006-03-23 20:41 ` Stephen Smalley
2006-03-27 23:59 ` Ivan Gyurdiev
[not found] <1143123154.28120.300.camel@moss-spartans.epoch.ncsc.mil>
2006-03-23 19:23 ` Kevin Carr
2006-03-23 19:58 ` Stephen Smalley
2006-03-24 13:37 ` Stephen Smalley
2006-03-24 17:24 ` Kevin Carr
2006-03-28 0:27 ` Ivan Gyurdiev
2006-03-28 0:42 ` Ivan Gyurdiev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44288916.9080804@cornell.edu \
--to=ivg2@cornell.edu \
--cc=kcarr@tresys.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux-dev@tresys.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.