[PATCH v2 10/10] scripts/check-aclrules.py: check ACL for domain_driver.c ACL callers
Ján Tomko
jtomko at redhat.com
Wed Feb 17 16:41:46 UTC 2021
On a Tuesday in 2021, Daniel Henrique Barboza wrote:
>This script works under two specific conditions. For each opened file,
>search for all functions that has ACL calls and store them, and see
>if there is a vir*DriverPtr struct declared in it. For each implementation
>found, check if there is an ACL verification inside it, and error out if
>none was found. The script also supports the concept of stub, where another
>function takes the responsibility for the ACL call instead of the
>original API.
>
>Unfortunately this is not enough to cover the new scenario we have now,
>with domain_driver.c containing helper functions that execute the ACL
>calls. The script does not store state between files because, until now,
>it wasn't needed to - APIs and stubs and vir*DriverPtr declarations were
>always in the same file. Also, the script will not check for ACL in functions
>that does not belong to a vir*DriverPtr interface. What we have now in
>domain_driver.c breaks both assumptions: the functions are in a different
>file, and there is no vir*DriverPtr being implemented in the file that
>uses these functions.
>
>This patch changes check-aclrules.py to accomodate this scenario. The helpers
>that have ACL checks are stored beforehand in aclFuncHelpers, allowing other
>files to use them to recognize a stub situation. In case the current file
>being analyzed is domain_driver.c itself, we'll do a manual check using
>aclFuncHelpers to verify that these functions indeed have ACL checks.
>
>Signed-off-by: Daniel Henrique Barboza <danielhb413 at gmail.com>
>---
> scripts/check-aclrules.py | 25 ++++++++++++++++++++++++-
> src/hypervisor/meson.build | 2 ++
> 2 files changed, 26 insertions(+), 1 deletion(-)
>
Reviewed-by: Ján Tomko <jtomko at redhat.com>
Also, consider suppressing cc's in your .gitconfig:
[sendemail]
suppresscc = all
signedoffbycc = no
(Sadly I don't remember whether the last line is actually needed)
Usually I delete the copies of patches I get via cc: and only deal with
the copies sent to the mailing list, but it looks like here you CC'd me
only on the patches I've already reviewed, which does not seem useful :)
Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20210217/bfc682f6/attachment-0001.sig>
More information about the libvir-list
mailing list