Blocking file access within KAUTH
Blocking file access within KAUTH
- Subject: Blocking file access within KAUTH
- From: "Damir Dezeljin" <email@hidden>
- Date: Sun, 25 Nov 2007 00:32:09 +0100
Hi,
By reading the TN2127 and list posts I managed to develop a KEXT 'KAUTH_SCOPE_FILEOP' on OS X 10.4 that send file paths on open to user space and blocks the execution until when the reply is received. This is fine; however, I would need to block certain access to files. As I know (TN2127 states it) this is not possible withing KAUTH_SCOPE_FILEOP as the return value is ignored.
So it seems I have to use the KAUTH_SCOPE_VNODE scope. However, as I know, it is impossible to 'filter' only open operations (access) in the VNODE scope. Am I right? Well, my concern is I want to minimize the kernel <-> user space trafic and so I would like to request user-space processing only once per file open lifetime (until the close() ).
Please, can anyone give me a suggestion how to address this issue?
Another thing I'm looking for is the posibility to attach some kind of 'file context' to the file on open. This would help a lot as I would be able to do the user-space processing on KAUTH_SCOPE_FILEOP and attach results for all subsequential VNODE callbacks related to the mentioned file. However; I guess this is not possible, but please correct me if I'm wrong.
Additionally - is there any way how to avoid calling vn_getpath() for every vnode callback (e.g. if it was already called for the opened file)?
And the last question for today -> I found two or three different VNODE callback parameters explanations on the internet. Where can I get the 'official' (the correct) one?
Thanks and best regards,
Damir
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden