SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: policyrep questions This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Stephen Smalley <sds_at_tycho.nsa.gov> Date: Wed, 09 May 2007 11:29:15 -0400 On Tue, 2007-05-08 at 18:29 -0400, Karl MacMillan wrote: > I have a few questions as I continue to do the policyrep patches. > > 1) The free functions for the objects may need to return an error (which > I hate, but there is no good way to avoid this). This will break > compatibility with the existing string based sepol objects (like > sepol_bool). Any problems breaking this compatibility? Not a problem (.so version has already changed in -policyrep and we have already made other incompatible changes). OTOH, what could/would a caller do if a free function failed? At that point, it will leak memory unless it aborts altogether, right? So possibly we gain nothing from returning an error status to the caller? What do other libraries do under similar conditions? Or do they avoid it through different data structure and API design? > 2) The general form of the free functions will be: > > int sepol_object_free(struct sepol_handle h, struct sepol_object o); > > Is the handle necessary? The general form is to pass a handle wherever > an error is possible, but it seems like overkill in this case. Only if you plan to generate an error message from within the function. > 3) The existing objects copy the passed in strings where I was hoping to > avoid the copy. Any opinions either way? I'm currently leaning towards > copying because that kind of change will create hard to track down bugs > for no good reason. Yes, I think copying the data and managing its lifecycle within the library is safer. > 4) We assume NULL-terminated strings all over the place - should we be > providing apis with length? Alternatively, should we provide a better > string object (since we are currently re-inventing the wheel, why not?). > We could pull in something like James Antills Vstr library - > http://www.and.org/vstr/ (read and be amazed at the diligence of James). > It just seems crazy that our apis are not the safest. I'm not clear that tracking length separately is advantageous for these APIs. What specific advantages would accrue to libsepol from using vstr? What is the cost (incl. dependencies)? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Wed 9 May 2007 - 11:29:16 EDT This message: [ Message body ] Next message: Karl MacMillan: "Re: policyrep questions" Previous message: Stephen Smalley: "Re: policyrep questions" In reply to: Karl MacMillan: "policyrep questions" Next in thread: Karl MacMillan: "Re: policyrep questions" Reply: Karl MacMillan: "Re: policyrep questions" Reply: James Antill: "Re: policyrep questions" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom