> > Note my proposal earlier for special cases of hooks: > > int check_foo(args); // pre-hook, for checking policy > (can return -EPERM) > > void before_foo(args); // pre-hook, for maintaining state > > void after_foo(args); // post-hook, for maintaining state > > Much of the Janus functionality falls into some combination > > of these three simple categories, without needing interposition > > in full generality. > > is it possible to collapse before_foo into check_foo? just > trying to be judicious with the interface. it actually makes the interface a bit more complex, since check_foo() is now overloaded with two tasks. In addition, every implementation of check_foo() has to make sure the appropriate before tasks appear on every control flow path that contains a successful return. With the three-function interface, it is much simpler to guarantee the invariant that before_foo() runs iff check_foo() is true. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 12:20:47 PDT