[U-Boot] [PATCH 10/12] env: acl: Add environment variable access control list
Joe Hershberger
joe.hershberger at gmail.com
Fri Sep 14 04:24:53 CEST 2012
Hi Wolfgang,
I guess you didn't see this the last time I sent it to you off list...
On Thu, Sep 13, 2012 at 3:13 PM, Wolfgang Denk <wd at denx.de> wrote:
> Dear Joe Hershberger,
>
> In message <1345236586-19076-11-git-send-email-joe.hershberger at ni.com> you wrote:
>> Currently just validates variable types as decimal, hexidecimal,
>> boolean, ip address, and mac address. Call
>> env_acl_validate_setenv_params() from setenv() in both cmd_nvedit.c
>> and fw_env.c.
>>
>> If the entry is not found in the env ACL, then look in the static one.
>> This allows the env to override the static definitions, but prevents
>> the need to have every definition in the environment distracting you.
>
> I have to admid that I haven't tested your code at all, but here are
> a few comments anyway:
>
> - It appears you will store all access related information in the ACL
> variable (or a copy of it), i. e. in linearized form. Are you not
> concerned that this will make variable access slow?
At least in my uses so far, there are not so many variables that it is
noticeably slower.
> - Encoding type information in a variable named "acl" doesn;t look
> really elegant to me. Of course, chosing another name is a trivial
> thing to do.
For sure. I accept that this is only one of the things it does and
it's not really access control in the typical sense (with users and
what not).
> - There have been discussions that it would be nice to have a
> "volatile" variable type, for example for variables like "filesize"
> or "loadaddr" - such variables would not be stored to the persistent
> storage by the "saveenv" command. Thi sis something that should be
> fairly wasy to add to your code.
I was one of the proponents of this when we last discussed this some
years ago. I left it out because you convinced me I should just use
other variables and overwrite the special ones in a script when I need
to. I still think supporting a volatile variable would be cleaner
than that. I'm glad you changed your mind.
> - It would be nice if we could group variables; for example, assume we
> could define a group "network" which includes things like ethaddr,
> ipaddr, netmask, hostname etc. - and we could then do something like
> "env print -g network" to print all variables of such a group.
I agree that would be nice.
> - We have the situation that certain variables need specific handling
> when they get assigned to - baudrate, ethaddr etc. come to mind.
> But the code to implement this is scattered all over the place, nd
> doesn't really scale.
I agree wholeheartedly.
> I've been thinking about similar features for some time, but the
> implementation I had in mind was way different. This is what I had in
> mind:
>
> - Like you, I wanted to use plain environment variables for
> persistent storage of all such information. The format you chose
> looks fine for me, too.
>
> - I would like to flag these variables as special by using special
> names for them. All such special vailables would start with a dot,
> i. e. instead of "acl" I had planned to call this ".flags".
OK... I like the prepended '.'. I'm not sure that "flags" is a very
good name for something so specific from a user point of view, but I
see why you chose it based on how you plan to store it in the hash.
> Normally "env print" etc. would not show such specal variables, but
> "env print -a" would.
That makes sense.
> Similarly, grous of variables could be defined in a ".groups"
> variable, etc.
OK.
> - Instead of parsing the ".flags" variable again and again when
> accessing variables, my idea was to extend the hash table: so far,
> the struct entry (see "include/search.h") holds only pointers to the
> key (variable name) and data (variable value). I suggest to
> extend this struct:
This seems like a good idea for the most part. Are you concerned that
the hast table will take twice the space? Should this be optional?
> * By adding a field "flags" (u32) we could easily encode access
> permission type information (like read-only, write-once,
> volatile, ...), and of course also type information (hex, dec,
> string, IP addr, MAC addr, ...).
>
> * By adding a field "callbacks" (int foo(const char *)) we could
> register pointers to a function which gets called whenever the
> respective variable value gets changed.
>
> We would still need a compile time mapping from strings to
> pointers, but at least this would allow to generalize and unify
> the existing code. For example, setting up a mapping of string
> "ethaddr" to function env_set_ethaddr() would allow to create
> something like a special variable
>
> .callbacks=ethaddr:ethaddr,eth1addr,ath2addr;baudrate:baudrate;...
One of the things I've run into with baudrate and silent specifically
is wanting to control if the special callback is made on set and/or on
env relocation, and/or on initial load, and/or on import. I think
there should be a field in the flags for when to check the callback.
> This way we could even enale user specific callbacks without need
> to modify any common code.
Would the user be able to define other callbacks somehow?
> And any "env set" would just have to check if the callback
> function pointer is non-NULL ...
>
>
> What do you think?
I think is sounds very nice. And it's not too far from what I've
done. I'll look into implementing some of it.
Cheers,
-Joe
More information about the U-Boot
mailing list