Re: Kernel authorization (Kauth) from user space
Re: Kernel authorization (Kauth) from user space
- Subject: Re: Kernel authorization (Kauth) from user space
- From: Michael Smith <email@hidden>
- Date: Fri, 12 Oct 2007 21:42:56 -0700
On Oct 11, 2007, at 6:05 AM, Liviu Andron wrote:
I have some troubles in accessing files from user space using
Kauth. Access means read or write.
It is not clear from what you've written here exactly what you are
trying to do.
I am going to assume that you have a KAUTH filter and a user-space
component that communicates with this filter. In the user-space
component, you want to read/write files that are being seen by the
filter.
1) The recommended way from the technical documentation is to read/
write in kernel, but all the mailing lists discussions say to do it
in user space.
As per Terry, I am not aware of any documentation that suggests you
should be reading/writing files from within the kernel. It is highly
discouraged.
2) Assuming that I send the path from kernel to the user space
daemon (returned by vn_getpath from the vnode parameter) , I have
the following issues:
- for files with paths longer than MATXPAHTLEN (1024) ,
which can be created with Finder:
- vn_getpath returns error 28 (KERN_INVALID_POLICY)
- the callback for OPEN/CLOSE actions is called with
empty path (arg1) or it's not called at all
As has been noted, vn_getpath operates on an arbitrary buffer supplied
by the caller. If you make your buffer bigger on seeing this error,
you should be OK.
Note that the close callback is only called for the last close on a
file.
4) Another possible solution seems to be using VNOP_READ/
VNOP_WRITE in kernel space and transfer data to daemon
This devolves to doing file I/O in the kernel again, which is still
highly discouraged.
= Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden