RE: A Comment from User Space

From: Tim Hollebeek (thollebeekat_private)
Date: Tue Apr 24 2001 - 12:15:19 PDT

  • Next message: Scott Leerssen: "Re: A Comment from User Space"

    > > Note my proposal earlier for special cases of hooks:
    > >   int check_foo(args);   // pre-hook, for checking policy 
    > (can return -EPERM)
    > >   void before_foo(args); // pre-hook, for maintaining state
    > >   void after_foo(args); // post-hook, for maintaining state
    > > Much of the Janus functionality falls into some combination
    > > of these three simple categories, without needing interposition
    > > in full generality.
    > 
    > is it possible to collapse before_foo into check_foo?  just 
    > trying to be judicious with the interface.
    
    it actually makes the interface a bit more complex, since check_foo() is
    now overloaded with two tasks.  In addition, every implementation of
    check_foo() has to make sure the appropriate before tasks appear on every
    control flow path that contains a successful return.
    
    With the three-function interface, it is much simpler to guarantee the
    invariant that before_foo() runs iff check_foo() is true.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 12:20:47 PDT