set access permission for service object

Christian Helmuth christian.helmuth at ...1...
Wed Dec 10 14:46:26 CET 2014

Hello li94575,

On Wed, Dec 10, 2014 at 09:29:32PM +0800, li94575 wrote:
> Actually, I'm considering introducing a multi-level security policy
> for genode,  as a job of my master's thesis. I just want to add some
> additional restrictions on the basis of the existing access control
> mechanism. For example, assigning a security label for each process
> (except for Core and Init), and performing the rule of " write up
> and read down ". Of course, I will test it simply(not all drivers),
> such as in the hello_tutorial.

Have you considered to use Genode's mechanisms (sessions, RPC,
recursive structure, init concept, config files) to achieve your goal?
In my view, this sounds more natural than to just wedge something into
the current implementation of these mechanism on base-foc. Genode
capabilities provide a wonderful tool to implement arbitrary
access-control policies incl. MAC.

Christian Helmuth
Genode Labs · · /ˈdʒiː.nəʊd/

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth

More information about the users mailing list