Hello.
> Look at it this way: What format do you use for your in-memory > datastructures? TOMOYO Linux doesn't allocate a contiguous memory block for in-memory datastructure. TOMOYO Linux has "learning mode" feature that helps administrator develop ACL (access control list). Since the "learning mode" automatically appends entries to in-memory datastructure, it is impossible to calculate how much memory is needed for keeping all entries at the moment of reading policy file upon boot. Thus, TOMOYO Linux implements in-memory datastructure using a singly-linked list and allocates memory as needed. The kernel stores all in-memory datastructures in a kind of DBMS(DataBase Management System). This DBMS supports only subset of DML (Data Manipulation Language), i.e. "insert" "select" "delete" operations. Purpose 1: Use of DBMS allows "learning mode" to append entries without userspace's assistance. Purpose 2: Use of DBMS allows the administrator to directly edit entries in kernel using a policy editor. This DBMS has uniqueness constraint, i.e. don't allow existence of two entries that has the same data. Purpose 1: This constraint saves memory used by ACL entries because same entry (i.e. same pathnames) tends to appear multiple times. Purpose 2: This constraint speeds up adding/deleting/searching ACL entries by replacing memcmp() with address comparison. > This would be the "right" user<=>kernel format, (modulo using offset- > from-start-of-policy instead of pointers). The kernel may receive multiple requests of appending ACL entries concurrently. There is no way to know the location of in-memory datastructure (i.e. offset-from-start-of-policy) before the datastructure is actually stored in kernel's DBMS. Use of DML in policy file allows appending entries without knowing the location of in-memory datastructure. The ACL in kernel's DBMS is the up-to-date data, and the ACL in the policy file is a backup. The policy file consists of instructions for reproducing a snapshot of ACL entries in kernel's DBMS which was saved in the past. It is a list of "insert" requests written using DML. /sys/kernel/security/tomoyo/ is an interface for sending/receiving these instructions. The policy editor uses this interface for editing ACL entries in kernel's DBMS. Functions handling this interface are "text based policy parser in kernel" we are discussing now. May be I should call these functions "DML parser in kernel". These functions merely split lines by '\n' and ' ', and pass them to kernel's DBMS functions. These functions have no complicated pointer manipulation you are worrying. The kernel's DBMS functions handle pointer manipulations, but it is quite simple because all in-memory datastructures are implemented using a singly-linked list and no datastructures are removed from the singly-linked list (set is_deleted flag instead of removing). So, don't worry about pointer-manipulation-bugs anyway. Regards. - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html