• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
RE: Using File Operation Scope (KAUTH_SCOPE_FILEOP)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Using File Operation Scope (KAUTH_SCOPE_FILEOP)

  • Subject: RE: Using File Operation Scope (KAUTH_SCOPE_FILEOP)
  • From: Oliver Donald <email@hidden>
  • Date: Tue, 29 Nov 2005 17:26:29 -0000
Title: Re: Using File Operation Scope (KAUTH_SCOPE_FILEOP)
Thanks for the clarification! I found most of this out myself reading the docs more carefully, but I was still interested to hear why the FILEOP scope was only for notification.
 
Thanks again,
Oli
-----Original Message-----
From: Quinn [mailto:email@hidden]
Sent: 29 November 2005 17:18
To: email@hidden
Subject: Re: Using File Operation Scope (KAUTH_SCOPE_FILEOP)

At 10:29 +0000 29/11/05, Oliver Donald wrote:
But my main question is, why does the KAUTH_SCOPE_FILEOP scope not allow me to deny?

That's just the way it's designed.  KAUTH_SCOPE_FILEOP is for notification, KAUTH_SCOPE_VNODE is for checking.

Is there any chance of this being implemented in the future?

No.

My second plan would be to use the KAUTH_SCOPE_VNODE scope, but this is too late,

Why do you say that?  Vnode scope authorization is requested when the file is opened, not for each individual read or write (that would be /way/ too expensive).  A vnode scope listener is the correct place to add extra security checks.  In fact, the default listener for the vnode scope is responsible for implementing the system's built-in permissions checking.

S+E
--
Quinn "The Eskimo!"                    <http://www.apple.com/developer/>
Apple Developer Technical Support * Networking, Communications, Hardware


DISCLAIMER: The information contained in this e-mail is confidential and may be privileged. It is intended for the addressee only. If you are not the intended recipient, please delete this e-mail immediately. The contents of this email must not be disclosed or copied without the sender's consent. We cannot accept any responsibility for viruses, so please scan all attachments. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. The company does not take any responsibility for the views of the author. 


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Using File Operation Scope (KAUTH_SCOPE_FILEOP)
      • From: Mike Smith <email@hidden>
    • Re: Using File Operation Scope (KAUTH_SCOPE_FILEOP)
      • From: Terry Lambert <email@hidden>
  • Prev by Date: Re: Using File Operation Scope (KAUTH_SCOPE_FILEOP)
  • Next by Date: Re: Using File Operation Scope (KAUTH_SCOPE_FILEOP)
  • Previous by thread: Re: Using File Operation Scope (KAUTH_SCOPE_FILEOP)
  • Next by thread: Re: Using File Operation Scope (KAUTH_SCOPE_FILEOP)
  • Index(es):
    • Date
    • Thread