From: Karl MacMillan <kmacmillan@mentalrootkit.com>
To: ewalsh@tycho.nsa.gov
Cc: selinux@tycho.nsa.gov, sds@tycho.nsa.gov
Subject: Re: [PATCH 2/5] libselinux: labeling API basic front-end implementation
Date: Mon, 20 Nov 2006 10:42:17 -0500 [thread overview]
Message-ID: <4561CCD9.3050905@mentalrootkit.com> (raw)
In-Reply-To: <1163645472.15225.70.camel@moss-huskies.epoch.ncsc.mil>
Eamon Walsh wrote:
> This is the front-end implementation.
<snip>
> +
> +/* callback pointers */
> +extern void *(*label_func_malloc) (size_t) hidden;
> +extern void (*label_func_free) (void *) hidden;
> +
> +extern int (*label_func_log) (int type, const char *, ...) hidden;
> +
> +extern int (*label_func_validate) (security_class_t cls, char **ctx) hidden;
> +
> +extern void *(*label_func_alloc_lock) (void) hidden;
> +extern void (*label_func_get_lock) (void *) hidden;
> +extern void (*label_func_release_lock) (void *) hidden;
> +extern void (*label_func_free_lock) (void *) hidden;
> +
> +static inline void set_callbacks(const struct label_memory_callback *mem_cb,
> + const struct label_log_callback *log_cb,
> + const struct label_action_callback *action_cb,
> + const struct label_lock_callback *lock_cb)
> +{
> + if (mem_cb) {
> + label_func_malloc = mem_cb->func_malloc;
> + label_func_free = mem_cb->func_free;
> + }
> + if (log_cb) {
> + label_func_log = log_cb->func_log;
> + }
> + if (action_cb) {
> + label_func_validate = action_cb->func_validate;
> + }
> + if (lock_cb) {
> + label_func_alloc_lock = lock_cb->func_alloc_lock;
> + label_func_get_lock = lock_cb->func_get_lock;
> + label_func_release_lock = lock_cb->func_release_lock;
> + label_func_free_lock = lock_cb->func_free_lock;
> + }
> +}
Why is this inline in a header? Why are those callbacks global?
I was expecting at least some of those callbacks to be per backend (like
logging and validation) yet they are global. The init function implies
that the callbacks are per "prefix", yet that doesn't seem to be the case.
> +
> +/* prefix size */
> +#define LABEL_PREFIX_SIZE 128
> +
Why cap the prefix size? The API certainly didn't indicate that prefix
could only be 128 characters long.
> +/* user-supplied callback interface for avc */
> +static inline void *label_malloc(size_t size)
> +{
> + return label_func_malloc ? label_func_malloc(size) : malloc(size);
> +}
> +
Why not just set the function pointers to the defaults when none are
supplied so that you can avoid all of these inline functions (which
increase the cost significantly by introducing a branch).
Karl
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-11-20 15:42 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-16 2:25 [PATCH 0/5] libselinux: labeling API for userspace object managers Eamon Walsh
2006-11-16 2:46 ` [PATCH 1/5] libselinux: labeling API basic front-end interface Eamon Walsh
2006-11-20 15:36 ` Karl MacMillan
2006-11-27 22:23 ` Eamon Walsh
2006-11-16 2:51 ` [PATCH 2/5] libselinux: labeling API basic front-end implementation Eamon Walsh
2006-11-20 15:42 ` Karl MacMillan [this message]
2006-11-27 22:44 ` Eamon Walsh
2006-11-16 14:10 ` [PATCH 0/5] libselinux: labeling API for userspace object managers Joshua Brindle
2006-11-16 18:49 ` Eamon Walsh
2006-11-16 19:06 ` [PATCH 0/5] libselinux: labeling API for userspace objectmanagers Joshua Brindle
2006-11-16 21:12 ` Eamon Walsh
2006-11-16 21:54 ` [PATCH 3/5] libselinux: security_class_to_string helper function Eamon Walsh
2006-11-18 1:05 ` KaiGai Kohei
2006-11-27 22:45 ` Eamon Walsh
2006-11-16 22:55 ` [PATCH 4/5] libselinux: labeling API simple backend Eamon Walsh
2006-11-17 23:09 ` [PATCH 5/5] libselinux: labeling API file_contexts backend Eamon Walsh
2006-11-18 0:46 ` [PATCH 0/5] libselinux: one large patch Eamon Walsh
-- strict thread matches above, loose matches on Subject: below --
2006-11-30 3:47 [PATCH 0/5] libselinux: labeling API for userspace object managers (try 2) Eamon Walsh
2006-11-30 4:08 ` [PATCH 2/5] libselinux: labeling API basic front-end implementation Eamon Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4561CCD9.3050905@mentalrootkit.com \
--to=kmacmillan@mentalrootkit.com \
--cc=ewalsh@tycho.nsa.gov \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.