SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: object class discovery userland This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Stephen Smalley <sds_at_tycho.nsa.gov> Date: Tue, 29 May 2007 14:24:27 -0400 On Fri, 2007-05-25 at 17:10 -0400, Eamon Walsh wrote: > Here's a first go at an interface. It's an init function that is a > replacement for avc_init(). It takes flags, the class/permission > mapping to use, and callback functions. > > This is trying to solve a few other problems at the same time, namely: > > - selinux prefix on the function name > - drops support for memory, threading, and locking callbacks (would just > always use malloc and pthread) > - adds type code to logging callback As you seem to be making this a generic init function, shouldn't it also handle the matchpathcon flags and init support as well? > > --- > > selinux.h \| 37 +++++++++++++++++++++++++++++++++++++ > 1 file changed, 37 insertions(+) > > > Index: libselinux/include/selinux/selinux.h > =================================================================== > --- libselinux/include/selinux/selinux.h (revision 2445) > +++ libselinux/include/selinux/selinux.h (working copy) > @@ -132,6 +132,43 @@ > unsigned int seqno; > }; > > + struct av_mapping { > + const char name;* > + const access_vector_t value; > + }; > + > + struct security_class_mapping { > + const char name;* > + const security_class_t value; > + const struct av_mapping perms;* > + }; > + > +/ Initialization routine for caching functions offered by the library / > + > + struct selinux_callbacks { > + / log the printf-style format and arguments,* > + with the type code indicating the type of message /* > + int (func_log) (int type, const char fmt, ...); > + / store a string representation of auditdata (corresponding* > + to the given security class) into msgbuf. /* > + void (func_audit) (void auditdata, security_class_t cls, > + char msgbuf, size_t msgbufsize);* > + }; > + > + extern int selinux_init(int flags, > + const struct security_class_mapping map,* > + const struct selinux_callbacks callbacks);* > + > + / Available flags / > +#define SELINUX_THREAD 1 > +#define SELINUX_AVC 2 > + > + / Logging type codes, passed to the logging callback / > +#define SELINUX_ERROR 0 > +#define SELINUX_WARNING 1 > +#define SELINUX_INFO 2 > +#define SELINUX_AVC_DENIAL 3 > + > / Compute an access decision. / > extern int security_compute_av(security_context_t scon, > security_context_t tcon, > > -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Tue 29 May 2007 - 14:24:33 EDT This message: [ Message body ] Next message: Stephen Smalley: "Re: object class discovery userland" Previous message: Stephen Smalley: "RE: object class discovery userland" In reply to: Eamon Walsh: "Re: object class discovery userland" Next in thread: Eamon Walsh: "Re: object class discovery userland" Reply: Eamon Walsh: "Re: object class discovery userland" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom