Re: [PATCH v2 10/10] scripts/check-aclrules.py: check ACL for domain_driver.c ACL callers

On a Tuesday in 2021, Daniel Henrique Barboza wrote: > This script works under two specific conditions. For each opened file, > search for all functions that has ACL calls and store them, and see > if there is a vir*DriverPtr struct declared in it. For each implementation > found, check if there is an ACL verification inside it, and error out if > none was found. The script also supports the concept of stub, where another > function takes the responsibility for the ACL call instead of the > original API. > > Unfortunately this is not enough to cover the new scenario we have now, > with domain_driver.c containing helper functions that execute the ACL > calls. The script does not store state between files because, until now, > it wasn't needed to - APIs and stubs and vir*DriverPtr declarations were > always in the same file. Also, the script will not check for ACL in functions > that does not belong to a vir*DriverPtr interface. What we have now in > domain_driver.c breaks both assumptions: the functions are in a different > file, and there is no vir*DriverPtr being implemented in the file that > uses these functions. > > This patch changes check-aclrules.py to accomodate this scenario. The helpers > that have ACL checks are stored beforehand in aclFuncHelpers, allowing other > files to use them to recognize a stub situation. In case the current file > being analyzed is domain_driver.c itself, we'll do a manual check using > aclFuncHelpers to verify that these functions indeed have ACL checks. > > Signed-off-by: Daniel Henrique Barboza <danielhb413(a)gmail.com&gt; > --- > scripts/check-aclrules.py  | 25 ++++++++++++++++++++++++- > src/hypervisor/meson.build |  2 ++ > 2 files changed, 26 insertions(+), 1 deletion(-) > Reviewed-by: Ján Tomko <jtomko(a)redhat.com&gt; Also, consider suppressing cc's in your .gitconfig: [sendemail]     suppresscc = all     signedoffbycc = no (Sadly I don't remember whether the last line is actually needed) Usually I delete the copies of patches I get via cc: and only deal with the copies sent to the mailing list, but it looks like here you CC'd me only on the patches I've already reviewed, which does not seem useful :)

Jano