SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [RFC][PATCH] extending the libsepol API This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Stephen Smalley <sds_at_tycho.nsa.gov> Date: Thu, 23 Mar 2006 15:41:22 -0500 On Tue, 2006-03-21 at 17:46 -0500, Kevin Carr wrote: > To make our changes we have been working on some API additions for libsepol. > The attached diff adds some header files that represent how we plan to > export a new shared API for accessing types/attribs. The patch is the first > of many aimed at fleshing out the shared API. The diff contains just the > headers as we would like to get some feedback from the community at this > point. > > The patch adds two files: "include/iterator.h" and "include/type_query.h". Aside from concerns about not introducing an orthogonal set of APIs into libsepol, other comments: diff -purN --exclude=.svn trunk/libsepol/include/sepol/type_query.h branch/setools_export-types/libsepol/include/sepol/type_query.h --- trunk/libsepol/include/sepol/type_query.h 1969-12-31 19:00:00.000000000 -0500 +++ branch/setools_export-types/libsepol/include/sepol/type_query.h 2006-03-12 04:31:39.000000000 -0500 @@ -0,0 +1,159 @@ <snip> +#include <stddef.h> +#include <stdint.h> +#include <sepol/handle.h> +#include <sepol/policydb.h> +#include <sepol/iterator.h> + +typedef struct sepol_type_datum sepol_type_datum_t; Just struct sepol_type / sepol_type_t would seem sufficient. datum doesn't add anything here; an unfortunate choice in the internal headers that we don't to export to the stable interface. +extern int sepol_policydb_get_type_by_name(sepol_handle_t handle, sepol_policydb_t policy, const char name, sepol_type_datum_t datum); Rather verbose. How about sepol_type_query() instead, like the existing APIs. And mark the policydb arguments as const for the read-only interfaces. +extern int sepol_type_datum_get_value(sepol_handle_t handle, sepol_policydb_t policy, sepol_type_datum_t datum, uint32_t value); Likewise => sepol_type_get_value(). Ditto for other interfaces. +extern int sepol_type_datum_get_name(sepol_handle_t handle, sepol_policydb_t policy, sepol_type_datum_t datum, char **name); Seems strange to query the datum for the name. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 23 Mar 2006 - 15:36:38 EST This message: [ Message body ] Next message: Daniel J Walsh: "Re: Latest Diffs. This is a big one because we were frozen for so long." Previous message: Stephen Smalley: "Re: How can modular policy ever have worked? [patch]" In reply to: Kevin Carr: "[RFC][PATCH] extending the libsepol API" Next in thread: Ivan Gyurdiev: "Re: [RFC][PATCH] extending the libsepol API" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom