Re: Deleting a file in KEXT
Re: Deleting a file in KEXT
- Subject: Re: Deleting a file in KEXT
- From: Rupesh Khetawat <email@hidden>
- Date: Mon, 23 Apr 2012 07:57:59 -0700
- Acceptlanguage: en-US
- Thread-topic: Deleting a file in KEXT
Thanks for the comments regarding Deleting a file in KEXT.
Anatol Pomozov : I looked at the VNOP_REMOVE. It appears that this function is not part of kernel framework. I could only see some comments regarding VNOP_REMOVE in vnode_if.h, but not function declaration anywhere.
It would be great if someone could provide pointer on this so that I can explore some options.
Thanks in advance.
Regards,
Rupesh
-----Original Message-----
From: darwin-kernel-bounces+rupesh_khetawat=email@hidden [mailto:darwin-kernel-bounces+rupesh_khetawat=email@hidden] On Behalf Of email@hidden
Sent: 12 April 2012 AM 12:30
To: email@hidden
Subject: Darwin-kernel Digest, Vol 9, Issue 32
Send Darwin-kernel mailing list submissions to
email@hidden
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.apple.com/mailman/listinfo/darwin-kernel
or, via email, send a message with subject or body 'help' to
email@hidden
You can reach the person managing the list at
email@hidden
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Darwin-kernel digest..."
Today's Topics:
1. Re: Deleting a file in KEXT (Anatol Pomozov)
2. monitoring syscalls (me)
----------------------------------------------------------------------
Message: 1
Date: Tue, 10 Apr 2012 13:49:47 -0700
From: Anatol Pomozov <email@hidden>
To: Rupesh Khetawat <email@hidden>
Cc: "email@hidden" <email@hidden>
Subject: Re: Deleting a file in KEXT
Message-ID:
<email@hidden>
Content-Type: text/plain; charset=UTF-8
Hi
On Mon, Apr 9, 2012 at 6:38 AM, Rupesh Khetawat
<email@hidden> wrote:
> Is there anyway a file can be deleted in KEXT?
>
>
>
> I have written KEXT where file scope listener is registered with kauth. I am
> trying to delete certain files when the action is close with modified flag.
> I looked at the documentation, but did not find anything deleting file in
> kernel mode.
>
> Can someone throw some light on this?
In kernel you do not have access to POSIX functions such as unlink().
I believe the only way to achieve the goal is to use VNOP operations
directly. In your case this will be VNOP_REMOVE.
Here is an example from XNU that removes a file
https://github.com/anatol/xnu/blob/master/bsd/vfs/vfs_xattr.c#L529
------------------------------
Message: 2
Date: Tue, 10 Apr 2012 14:06:21 -0700
From: me <email@hidden>
To: email@hidden
Subject: monitoring syscalls
Message-ID: <email@hidden>
Content-Type: text/plain; charset=us-ascii
Can anyone point me to documentation for observing syscalls from the kernel? I am currently using a KAUTH VNODE listener scope to look for file opens, but I would like to be able to know which files are being read from as they are read. I could use dtrace, but I would prefer to use system calls as opposed to another process. thanks,
Trip
------------------------------
_______________________________________________
Darwin-kernel mailing list
email@hidden
https://lists.apple.com/mailman/listinfo/darwin-kernel
End of Darwin-kernel Digest, Vol 9, Issue 32
********************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden