[snip] >> The major one is we cannot handle them in a sindle lock section. >> When the application is callbacked via AVC_CALLBACK_SETENFORCE, >> it will change the state of enforcing/permissive, and it resets >> its own avc on AVC_CALLBACK_RESET. But I would like to handle >> these operations in a single lock section. >> >> If we reset the avc on AVC_CALLBACK_SETENFORCE, it finally >> resets the avc twice on a single message. It is also unconfortable. >> >> The design of callbacks (via selinux_set_callback()) can be >> considerable, but I don't think it is a good idea to hide >> the netlink stuff here. >> >> In my patch, it adds SELINUX_CB_NETLINK for any messages. >> But, if it would be SELINUX_CB_SETENFORCE and SELINUX_CB_POLICYLOAD, >> we don't need to refer any netlink related stuffs from applications. >> >> What is your opinion? >> > > > Considering your point, I'd rather create SETENFORCE and POLICYLOAD > callbacks for selinux_set_callback(). However, they should be called in > addition to the normal processing in avc_netlink_process(), not > replacing the code flow. The savings from not updating a few globals and > calling avc_ss_reset (which returns immediately if the userspace AVC is > not running) are not that big. It seems to me fair enough. > You could optionally make avc_netlink_open() and avc_netlink_close() > public functions, which would allow to avoid calling avc_init(). In addition, avc_netlink_loop() also. I'll submit a revised patch on the Monday. Please wait for a while. Thanks, -- KaiGai Kohei <kaigai@xxxxxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
