set access permission for service object

li94575 li94575 at ...176...
Wed Dec 10 14:29:32 CET 2014


At 2014-12-10 05:42:53, "Christian Helmuth" <christian.helmuth at ...1...> wrote:
>Hi,
>
>On Tue, Dec 09, 2014 at 11:12:24PM +0800, li94575 wrote:
>> If I only give the reading permission for the object, How to perform
>> permission checking on server side? 
>
>Why do you want to do that? In Genode the Ipc_gate information is used
>only as a key to lookup the corresponding Rpc_object. The Rpc_object
>contains all relevant information about the server resource the client
>is about to access. The right bits of base-foc stay unused in Genode.
Actually, I'm considering introducing a multi-level security policy for genode,  as a job of my master's thesis. 
I just want to add some additional restrictions on the basis of the existing access control mechanism. For example, assigning a security label for each process (except for Core and Init), and performing the rule of " write up and read down ". Of course, I will test it simply(not all drivers), such as in the hello_tutorial.
Can it be achieved? or how much the workload?Thank you!>
>Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
>Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
>
>------------------------------------------------------------------------------
>Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>with Interactivity, Sharing, Native Excel Exports, App Integration & more
>Get technology previously reserved for billion-dollar corporations, FREE
>http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
>_______________________________________________
>genode-main mailing list
>genode-main at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/genode-main
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20141210/36f76a64/attachment.html>


More information about the users mailing list