On Mon, 21 May 2007, Christopher J. PeBenito wrote:

> From: Christopher J. PeBenito <cpebenito@tresys.com>
>
> The structure is as follows (relative to selinuxfs root):
>
> /class/file/index
> /class/file/perms/read
> /class/file/perms/write
> ...
>
> Each class is allocated 33 inodes, 1 for the class index and 32 for
> permissions. Relative to SEL_CLASS_INO_OFFSET, the inode of the index file
> DIV 33 is the class number. The inode of the permission file % 33 is the
> index of the permission for that class.

Keep in mind that any of these may need to be 64-bit at some point, so be careful about hard-coding any 32-bit assumptions into the kernel/user API.

> +#define NVECTORS 32

Macro name is too generic.

> +#define DIV(a, b) ((a) / (b) - ((a) % (b) < 0))

Also too generic, and should be a static inline.

I think you should also make static inline wrappers:

sel_ino_to_class()
sel_ino_to_perm()

to make it all clearer to others.

> + inode->i_ino = (classindex * (NVECTORS+1) + i + 1) | SEL_CLASS_INO_OFFSET;

> + inode->i_ino = (index * (NVECTORS+1)) | SEL_CLASS_INO_OFFSET;

Add wrappers for these, too.

> +static void sel_remove_classes(void)
> +{
> + struct list_head *class_node;
> +
> + list_for_each(class_node, &class_dir->d_subdirs) {
> + struct dentry *class_subdir = list_entry(class_node, struct dentry, d_u.d_child);
> + struct list_head *class_subdir_node;

Coding style: max. 80 columns for body of function (similar issue elsewhere in the patches).

-- 
James Morris
<jmorris@namei.org>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.