* Tim Hollebeek (thollebeekat_private) wrote: > > > > Note my proposal earlier for special cases of hooks: > > > int check_foo(args); // pre-hook, for checking policy > > (can return -EPERM) > > > void before_foo(args); // pre-hook, for maintaining state > > > void after_foo(args); // post-hook, for maintaining state > > > Much of the Janus functionality falls into some combination > > > of these three simple categories, without needing interposition > > > in full generality. > > > > is it possible to collapse before_foo into check_foo? just > > trying to be judicious with the interface. > > it actually makes the interface a bit more complex, since check_foo() is > now overloaded with two tasks. In addition, every implementation of > check_foo() has to make sure the appropriate before tasks appear on every > control flow path that contains a successful return. > > With the three-function interface, it is much simpler to guarantee the > invariant that before_foo() runs iff check_foo() is true. i'm sorry, i don't understand this argument. static int do_check_foo(args); static void do_before_foo(args); int module_check_foo(args) { int ret = do_check_foo(args); if (!ret) do_before_foo(args); return ret; } this does not seem too complex and required only check_foo support in the interface, not penalizing those that have no need for before_foo. -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 14:08:12 PDT