Hello.
> Look at it this way: What format do you use for your in-memory
> datastructures?
TOMOYO Linux doesn't allocate a contiguous memory block for in-memory
datastructure.
TOMOYO Linux has "learning mode" feature that helps administrator
develop ACL (access control list).
Since the "learning mode" automatically appends entries to in-memory
datastructure,
it is impossible to calculate how much memory is needed for keeping all
entries
at the moment of reading policy file upon boot.
Thus, TOMOYO Linux implements in-memory datastructure using a singly-linked
list
and allocates memory as needed.
The kernel stores all in-memory datastructures in a kind of DBMS(DataBase
Management System).
This DBMS supports only subset of DML (Data Manipulation Language),
i.e. "insert" "select" "delete" operations.
Purpose 1: Use of DBMS allows "learning mode" to append entries
without userspace's assistance.
Purpose 2: Use of DBMS allows the administrator to directly edit entries in
kernel
using a policy editor.
This DBMS has uniqueness constraint,
i.e. don't allow existence of two entries that has the same data.
Purpose 1: This constraint saves memory used by ACL entries
because same entry (i.e. same pathnames) tends to appear
multiple times.
Purpose 2: This constraint speeds up adding/deleting/searching ACL entries
by replacing memcmp() with address comparison.
> This would be the "right" user<=>kernel format, (modulo using offset-
> from-start-of-policy instead of pointers).
The kernel may receive multiple requests of appending ACL entries concurrently.
There is no way to know the location of in-memory datastructure (i.e.
offset-from-start-of-policy)
before the datastructure is actually stored in kernel's DBMS.
Use of DML in policy file allows appending entries
without knowing the location of in-memory datastructure.
The ACL in kernel's DBMS is the up-to-date data, and the ACL in the policy file
is a backup.
The policy file consists of instructions for reproducing a snapshot of ACL
entries in kernel's DBMS
which was saved in the past.
It is a list of "insert" requests written using DML.
/sys/kernel/security/tomoyo/ is an interface for sending/receiving these
instructions.
The policy editor uses this interface for editing ACL entries in kernel's
DBMS.
Functions handling this interface are "text based policy parser in kernel" we
are discussing now.
May be I should call these functions "DML parser in kernel".
These functions merely split lines by '\n' and ' ', and pass them to
kernel's DBMS functions.
These functions have no complicated pointer manipulation you are worrying.
The kernel's DBMS functions handle pointer manipulations, but it is quite
simple
because all in-memory datastructures are implemented using a singly-linked
list and
no datastructures are removed from the singly-linked list (set is_deleted
flag instead of removing).
So, don't worry about pointer-manipulation-bugs anyway.
Regards.
-
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
