Chris Wright wrote: >* Tim Hollebeek (thollebeekat_private) wrote: >> With the three-function interface, it is much simpler to guarantee the >> invariant that before_foo() runs iff check_foo() is true. > >i'm sorry, i don't understand this argument. > >static int do_check_foo(args); >static void do_before_foo(args); >int module_check_foo(args) >{ > int ret = do_check_foo(args); > if (!ret) > do_before_foo(args); > return ret; >} A few potential drawbacks: * You have to know what method the caller of module_check_foo() uses to determine whether the call will be allowed. If it's always "if (!ret)", then you're ok, but if it is even more complex than that (e.g., MAC override; or if a call can be denied by Unix file permissions even though the module said it was ok to allow it), then the above fails. * If you introduce a second module that is structured the same way, the above fails. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 16:53:50 PDT