Hi!
> > > +/**
> > > + * aa_activate_profile - unpack a serialized profile
> > > + * @e: serialized data extent information
> > > + * @error: error code returned if unpacking fails
> > > + */
> > > +static struct aaprofile *aa_activate_profile(struct aa_ext *e, ssize_t *error)
> > > +{
> > > + struct aaprofile *profile = NULL;
> > > + const char *rulename = "";
> > > + const char *error_string = "Invalid Profile";
> > > +
> > > + *error = -EPROTO;
> > > +
> > > + profile = alloc_aaprofile();
> > > + if (!profile) {
> > > + error_string = "Could not allocate profile";
> > > + *error = -ENOMEM;
> > > + goto fail;
> > > + }
> > > +
> > > + /* check that we have the right struct being passed */
> > > + AA_READ_X(e, AA_STRUCT, NULL, "profile");
> > > + AA_READ_X(e, AA_DYN_STRING, &profile->name, NULL);
> > > +
> > > + error_string = "Invalid flags";
> > > + /* per profile debug flags (debug, complain, audit) */
> > > + AA_READ_X(e, AA_STRUCT, NULL, "flags");
> > > + AA_READ_X(e, AA_U32, &(profile->flags.debug), "profile.flags.debug");
> > > + AA_READ_X(e, AA_U32, &(profile->flags.complain),
> > > + "profile.flags.complain");
> > > + AA_READ_X(e, AA_U32, &(profile->flags.audit), "profile.flags.audit");
> > > + AA_READ_X(e, AA_STRUCTEND, NULL, NULL);
> > > +
> > > + error_string = "Invalid capabilities";
> > > + AA_READ_X(e, AA_U32, &(profile->capabilities), "profile.capabilities");
> > > +
> > > + /* get the file entries. */
> > > + AA_ENTRY_LIST("pgent"); /* pcre rules */
> > > + AA_ENTRY_LIST("sgent"); /* simple globs */
> > > + AA_ENTRY_LIST("fent"); /* regular file entries */
> > > +
> > > + /* get the net entries */
> > > + if (aa_is_nameX(e, AA_LIST, NULL, "net")) {
> > > + error_string = "Invalid net entry";
> > > + while (!aa_is_nameX(e, AA_LISTEND, NULL, NULL)) {
> > > + if (!aa_activate_net_entry(e))
> > > + goto fail;
> > > + }
> > > + }
> > > + rulename = "";
> > > +
> > > + /* get subprofiles */
> > > + if (aa_is_nameX(e, AA_LIST, NULL, "hats")) {
> > > + error_string = "Invalid profile hat";
> > > + while (!aa_is_nameX(e, AA_LISTEND, NULL, NULL)) {
> > > + struct aaprofile *subprofile;
> > > + subprofile = aa_activate_profile(e, error);
> > > + if (!subprofile)
> > > + goto fail;
> > > + subprofile->parent = profile;
> > > + list_add(&subprofile->list, &profile->sub);
> > > + }
> > > + }
> > > +
> > > + error_string = "Invalid end of profile";
> > > + AA_READ_X(e, AA_STRUCTEND, NULL, NULL);
> > > +
> > > + return profile;
> >
> > Is this kind of transltion neccessary?
>
> Don't understand. Please expand/clarify. The code serializes the profile data
> from userspace.
Yes, and it looks quite complex; would it be possible to get rid of
this serializing code? Could some existing infrastructure be used? One
file per value? Just pass the structure and make sure userspace is
matched to kernel? Something else?
Pavel
--
Thanks for all the (sleeping) penguins.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
