Hi, all Genode gives all the access permission for the object when it does capability mapping(I use fiasco.oc as the base platform), like this: Capability_map::insert_map(int id, addr_t kcap) { ..... /* map the given cap to our registry entry */ l4_task_map(L4_BASE_TASK_CAP, L4_BASE_TASK_CAP, l4_obj_fpage(kcap, 0, L4_FPAGE_RWX), i->kcap() | L4_ITEM_MAP | L4_MAP_ITEM_GRANT); ..... } If I only give the reading permission for the object, How to perform permission checking on server side?
Hi,
On Tue, Dec 09, 2014 at 11:12:24PM +0800, li94575 wrote:
If I only give the reading permission for the object, How to perform permission checking on server side?
Why do you want to do that? In Genode the Ipc_gate information is used only as a key to lookup the corresponding Rpc_object. The Rpc_object contains all relevant information about the server resource the client is about to access. The right bits of base-foc stay unused in Genode.
Greets
At 2014-12-10 05:42:53, "Christian Helmuth" <christian.helmuth@...1...> wrote:
Hi,
On Tue, Dec 09, 2014 at 11:12:24PM +0800, li94575 wrote:
If I only give the reading permission for the object, How to perform permission checking on server side?
Why do you want to do that? In Genode the Ipc_gate information is used only as a key to lookup the corresponding Rpc_object. The Rpc_object contains all relevant information about the server resource the client is about to access. The right bits of base-foc stay unused in Genode.
Actually, I'm considering introducing a multi-level security policy for genode, as a job of my master's thesis. I just want to add some additional restrictions on the basis of the existing access control mechanism. For example, assigning a security label for each process (except for Core and Init), and performing the rule of " write up and read down ". Of course, I will test it simply(not all drivers), such as in the hello_tutorial. Can it be achieved? or how much the workload?Thank you!>
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.cl... _______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
Hello li94575,
On Wed, Dec 10, 2014 at 09:29:32PM +0800, li94575 wrote:
Actually, I'm considering introducing a multi-level security policy for genode, as a job of my master's thesis. I just want to add some additional restrictions on the basis of the existing access control mechanism. For example, assigning a security label for each process (except for Core and Init), and performing the rule of " write up and read down ". Of course, I will test it simply(not all drivers), such as in the hello_tutorial.
Have you considered to use Genode's mechanisms (sessions, RPC, recursive structure, init concept, config files) to achieve your goal? In my view, this sounds more natural than to just wedge something into the current implementation of these mechanism on base-foc. Genode capabilities provide a wonderful tool to implement arbitrary access-control policies incl. MAC.
Regards
-
Christian Helmuth -
li94575