[PATCH v3 14/15] session_policy_ivi: Watch for changes on policy files

Patrik Flykt patrik.flykt at linux.intel.com
Tue Nov 6 02:51:44 PST 2012


	Hi,

On Fri, 2012-11-02 at 17:26 +0100, Daniel Wagner wrote:
> From: Daniel Wagner <daniel.wagner at bmw-carit.de>
> 
> Monitor changes on the config files. Either create, modify or destroy
> them according the events we get from the inotify interface.
> ---
>  plugins/session_policy_ivi.c | 63 +++++++++++++++++++++++++++++++++++++++++---
>  1 file changed, 59 insertions(+), 4 deletions(-)
> 
> diff --git a/plugins/session_policy_ivi.c b/plugins/session_policy_ivi.c
> index a34017a..5ac711f 100644
> --- a/plugins/session_policy_ivi.c
> +++ b/plugins/session_policy_ivi.c
> @@ -25,6 +25,7 @@
>  
>  #include <errno.h>
>  #include <string.h>
> +#include <sys/inotify.h>
>  
>  #include <glib.h>
>  
> @@ -35,6 +36,7 @@
>  #include <connman/log.h>
>  #include <connman/session.h>
>  #include <connman/dbus.h>
> +#include <connman/inotify.h>
>  
>  #define POLICYDIR STORAGEDIR "/session_policy_ivi"
>  
> @@ -174,10 +176,16 @@ static void selinux_context_reply(const unsigned char *context, void *user_data,
>  		goto done;
>  	}
>  
> -	policy = create_policy(ident);
> -	if (policy == NULL) {
> -		err = -ENOMEM;
> -		goto done;
> +	policy = g_hash_table_lookup(policy_hash, ident);
> +	if (policy != NULL) {
> +		policy_ref(policy);

Isn't policy != NULL just an indication that the policy was found? Do we
need to ref the policy again?

> +		policy->session = data->session;
> +	} else {
> +		policy = create_policy(ident);

What if we get an IN_DELETE and delete the original policy while looking
up a selinux context? Do we recreate it here again and why?

> +		if (policy == NULL) {
> +			err = -ENOMEM;
> +			goto done;
> +		}
>  	}
>  
>  	g_hash_table_replace(session_hash, data->session, policy);
> @@ -230,6 +238,7 @@ static void policy_ivi_destroy(struct connman_session *session)
>  
>  	policy = g_hash_table_lookup(session_hash, session);
>  	g_hash_table_remove(session_hash, session);
> +	policy->session = NULL;
>  
>  	policy_unref(policy);
>  }
> @@ -246,6 +255,44 @@ static int load_policy(struct policy_data *policy)
>  	return 0;
>  }
>  
> +static void notify_handler(struct inotify_event *event,
> +                                        const char *ident)
> +{
> +	struct policy_data *policy;
> +
> +	if (ident == NULL)
> +		return;
> +
> +	if (event->mask & IN_CREATE) {
> +		connman_info("Policy added for '%s'", ident);
> +
> +		policy = g_hash_table_lookup(policy_hash, ident);
> +		if (policy != NULL)
> +			policy_ref(policy);

I'm not following exactly how more than one create is generated for an
ident. Is the policy_ref() part ok here?

> +		else
> +			create_policy(ident);
> +	}
> +
> +	if (event->mask & IN_MODIFY) {
> +		connman_info("Policy modifed for '%s'", ident);
> +
> +		policy = g_hash_table_lookup(policy_hash, ident);
> +		if (policy != NULL) {
> +			load_policy(policy);
> +
> +			connman_session_config_update(policy->session);
> +		}
> +	}
> +
> +	if (event->mask & IN_DELETE) {
> +		connman_info("Policy deleted for '%s'", ident);
> +
> +		policy = g_hash_table_lookup(policy_hash, ident);
> +		if (policy != NULL)
> +			policy_unref(policy);
> +	}

Is the session allowed to exist after deleting its policy file? If not,
how many refs can we have for one policy? Are we sure we don't have to
also do something like terminate an ongoing session or similar? The
question partly relates to the policy_ref() comment above.

> +}
> +
>  static int read_policies(void)
>  {
>  	GDir *dir;
> @@ -274,6 +321,10 @@ static int session_policy_ivi_init(void)
>  {
>  	int err;
>  
> +	err = connman_inotify_register(POLICYDIR, notify_handler);
> +	if (err < 0)
> +		return err;
> +
>  	connection = connman_dbus_get_connection();
>  	if (connection == NULL)
>  		return -EIO;
> @@ -312,6 +363,8 @@ err:
>  
>  	dbus_connection_unref(connection);
>  
> +	connman_inotify_unregister(POLICYDIR, notify_handler);
> +
>  	return err;
>  }
>  
> @@ -323,6 +376,8 @@ static void session_policy_ivi_exit(void)
>  	connman_session_policy_unregister(&session_policy_ivi);
>  
>  	dbus_connection_unref(connection);
> +
> +	connman_inotify_unregister(POLICYDIR, notify_handler);
>  }
>  
>  CONNMAN_PLUGIN_DEFINE(session_policy_ivi,





More information about the connman mailing list