site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com

Waiting for your response..

You know ... I find that for many things in this realm, you have to read the kernel sources yourself.

1. When I create a new file I get KAUTH_VNODE_ADD_FILE. Here vp is returned as the directory in which the file gets created and dvp is NULL. Is there a way for me to get the name of the newly created file.

It would seem the answer is ... no. At least not via kauth. It looks like it would require some changes internally; right now you would need to get passed in the struct nameidata down, and vnode_authorize only takes two vnodes as arguments.

2. When I open a file I get the KAUTH_VNODE_READ_DATA action. I get the same action when I read the file. Is is possible to identify when in KAUTH_VNODE_READ_DATA, whether the event took place because of reading the file or because of opening the file. I want to differentiate the read operation from open operation as I need to do separate activities in case of each event.

I think, however, the answer to this one is "maybe". But it's not in vnode scope; I think what you want is KAUTH_FILEOP_OPEN. That's notificaton only, though; the return from that is ignored. You'll still get the KAUTH_VNODE_READ_DATA, though. --Ken _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com