From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: Re: [PATCH 3/8] libflask: Add boolean manipulation functions
Date: Thu, 02 Feb 2012 09:28:52 -0500 [thread overview]
Message-ID: <4F2A9DA4.7090500@tycho.nsa.gov> (raw)
In-Reply-To: <1328173562.17444.108.camel@zakaz.uk.xensource.com>
On 02/02/2012 04:06 AM, Ian Campbell wrote:
> On Wed, 2012-02-01 at 19:09 +0000, Daniel De Graaf wrote:
>> Add wrappers for getting and setting policy booleans by name or ID.
>>
>> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
>> ---
>> tools/flask/libflask/flask_op.c | 59 +++++++++++++++++++++++++++++++
>> tools/flask/libflask/include/libflask.h | 3 ++
>> 2 files changed, 62 insertions(+), 0 deletions(-)
>>
>> diff --git a/tools/flask/libflask/flask_op.c b/tools/flask/libflask/flask_op.c
>> index d4b8ef0..412a05d 100644
>> --- a/tools/flask/libflask/flask_op.c
>> +++ b/tools/flask/libflask/flask_op.c
>> @@ -109,6 +109,65 @@ int flask_setenforce(xc_interface *xc_handle, int mode)
>> return 0;
>> }
>>
>> +int flask_getbool_byid(xc_interface *xc_handle, int id, char *name, int *curr, int *pend)
>> +{
>> + flask_op_t op;
>> + char buf[255];
>> + int rv;
>> +
>> + op.cmd = FLASK_GETBOOL2;
>> + op.buf = buf;
>> + op.size = 255;
>
> sizeof(buf)? Here and elsewhere (including a few existing locations in
> flask_op.c).
>
>> +
>> + snprintf(buf, sizeof buf, "%i", id);
>> +
>> + rv = xc_flask_op(xc_handle, &op);
>> +
>> + if ( rv )
>> + return rv;
>> +
>> + sscanf(buf, "%i %i %s", curr, pend, name);
>
> Do you care about sscanf failures?
A failure here would be a sign of the hypervisor having made a format change
that is not backwards compatible. Checking it would be more complete, however.
> It seems from other uses in the file that buf can contain binary data so
> would it make sense to make this two ints as binary followed by a
> string? That would remove string parsing here and in the hypervisor
> (which seems more critical to me?)
That also seems far simpler to me; however, all the current FLASK hypercalls
are done via string parsing so deviating from this for new operations would
make them inconsistent.
If we didn't have to care about backwards compatibility I would convert the
entire flask_op hypercall to use a union-of-structures similar to domctl
because the string parsing introduces unneeded complexity.
> Is there a defined maximum for the length of "name"?
INITCONTEXTLEN = 256.
next prev parent reply other threads:[~2012-02-02 14:28 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-31 21:26 [PATCH 00/10] FLASK updates: MSI interrupts, cleanups Daniel De Graaf
2012-01-31 21:26 ` [PATCH 01/10] xsm: Add security labels to event-channel dump Daniel De Graaf
2012-01-31 21:26 ` [PATCH 02/10] xsm: Add security label to IRQ debug output Daniel De Graaf
2012-01-31 21:26 ` [PATCH 03/10] xsm/flask: Use PCI device label for PCI-MSI IRQs Daniel De Graaf
2012-01-31 21:26 ` [PATCH 04/10] xsm: Add xsm_map_domain_pirq hook Daniel De Graaf
2012-01-31 21:26 ` [PATCH 05/10] xsm: Use mapped IRQ not PIRQ in unmap_domain_pirq Daniel De Graaf
2012-01-31 21:26 ` [PATCH 06/10] xsm/flask: Improve error reporting for ocontexts Daniel De Graaf
2012-01-31 21:26 ` [PATCH 07/10] xsm/flask: Remove useless back pointers Daniel De Graaf
2012-01-31 21:26 ` [PATCH 08/10] flask/policy: Policy build updates Daniel De Graaf
2012-01-31 21:26 ` [PATCH 09/10] flask/policy: Add user and constraint examples Daniel De Graaf
2012-01-31 21:26 ` [PATCH 10/10] flask/policy: use declare_domain for dom0_t Daniel De Graaf
2012-02-01 19:09 ` [PATCH 0/8] XSM/FLASK updates part 2: booleans, stubdoms Daniel De Graaf
2012-02-01 19:09 ` [PATCH 1/8] xen/xsm: fix incorrect handling of XSM hook return Daniel De Graaf
2012-02-01 19:09 ` [PATCH 2/8] xsm/flask: allow policy booleans to be addressed by name Daniel De Graaf
2012-02-01 19:09 ` [PATCH 3/8] libflask: Add boolean manipulation functions Daniel De Graaf
2012-02-02 9:06 ` Ian Campbell
2012-02-02 14:28 ` Daniel De Graaf [this message]
2012-02-02 14:50 ` Ian Campbell
2012-02-02 15:22 ` Daniel De Graaf
2012-02-01 19:09 ` [PATCH 4/8] flask: add flask-{get,set}-bool tools Daniel De Graaf
2012-02-01 19:09 ` [PATCH 5/8] flask/policy: Add boolean example Daniel De Graaf
2012-02-01 19:09 ` [PATCH 6/8] libxl: Add device_model_stubdomain_seclabel Daniel De Graaf
2012-02-02 15:28 ` Keir Fraser
2012-02-09 18:25 ` Ian Jackson
2012-02-01 19:09 ` [PATCH 7/8] flask/policy: add device model types to example policy Daniel De Graaf
2012-02-09 18:25 ` Ian Jackson
2012-02-01 19:09 ` [PATCH 8/8] xsm/flask: Improve domain ID auditing in AVCs Daniel De Graaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F2A9DA4.7090500@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=Ian.Campbell@citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.