Hi All,
I have few questions regarding IOCTLs. Use case is as follows:
1. I have a driver D1.ko which implements 10 IOCTLs(IC1, IC2,.., IC10).
2. There are 3 user space processes(APP1, APP2, APP3) which access these 10
IOCTLs.
3. APP1 uses IC1, IC2, IC3. APP2 uses IC4, IC5, IC6, APP3 uses IC7 to IC10.
4. APP1 has no business accessing IC4 to IC10 and so on for other APPs.
5. /dev/D1 is the underlying device that needs to be opened before IOCTLs
can be served.
I can write a rule to prevent access to any other app to access IOCTLs
implemented by D1.ko using following rule(Please don't mind syntax error):
allow APP1 /dev/D1 { read, write, ioctl }
allow APP2 /dev/D1 { read, write, ioctl }
allow APP3 /dev/D1 { read, write, ioctl }
These rule satisfies my all requirements except 4.
One solution is I divide my driver into 3 parts and each part implements
corresponding IOCTLs i.e. D1 implements IC1 to IC3 and so on and write
separate rules.
Is there any other better way of writing the rule to achieve the same goal
i.e. step 4
Thanks,
Dinesh
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
