site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type:content-transfer-encoding; bh=jDqzuW9CSdzKVNeWThnvHV2NFC6IacNpjDZj3wUJbqA=; b=GvTMm5EeMq2AAys2ISiiXhp973slaE/GEtgdH67swwDa+ScMEVBQwXXS5NeM9JMaPs NAkHBYor15zytRoCDOF3MwMY3wz9LSXLN5VdUnLmh0PssTWLhtBCk8kEampibCZ2buLL 2ecWnARAAdHviX4OjBP355HnQHmlx/e2EiFio= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=GX1+rTo3Sqv/KQ1clP2++kZBKKLsG9h+9Xe9ZGScvYO1kDTnC2+oLrW+MgMD6BIiF8 NkkW5VeddIUv6vApVMHm4AdiPGisUCy9rBP69EeTuq+EmaRh9xTkcfbY8vckzPFF5rDe UENviUubsaJrnDWPVxl/LyMj5hKlz/tyeKM58= On Thu, May 12, 2011 at 1:23 PM, Quinn "The Eskimo!" <eskimo1@apple.com> wrote:

You can't call the code signing API directly from your KEXT.  The traditional approach is to have a user space helper process that performs code signature verification on your behalf.  Your KEXT can then cache the code signing result for the lifetime of the process

This user-space-helper approach is something I feel queasy about, although it is probably caused by my lack of understanding. Simply put, isn't it way too slow? I'm under the impression that when one of the socket filter's callbacks gets called, it should return with an answer as quickly as possible. Sending a kernel control socket message to the userland daemon and waiting for an answer sounds like unacceptably sloppy behavior from a kernel-level socket filter. Is my speed concern valid? Perhaps I am thinking about the kext-daemon communication in a wrong way. Also, thanks for your answer about the code signing API. It does indeed look like the right way to do app identification. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com