[rsbac] feature request: rsbac restrictions in address accessing to /dev/mem.
Amon Ott
ao at rsbac.org
Fri Jan 16 09:25:39 CET 2009
Am Dunnersdag 15 Januor 2009 schrieb Javier J. Martínez Cabezón:
> Do you want mean that you should do the check as for example in READ
> or WRITE instead of OPEN? could be done in a way that if required
> write could be done too? ( I'm looking for good reasons to write in
> raw mode in memory areas, as maybe memory corruption).
> For example: writting to /dev/mem you make:
>
> -one open call to /dev/mem
> -one seek and one read or write call
>
> so if access granted to /dev/mem then
> if request == READ AND address == within_video memory
> then if not READ right in SCD.videomem
> return EPERM;
> if request== WRITE AND address ==within_video memory
> then if not WRITE right in SCD.videomem
> return EPERM;
> else do_whateveryouwant
>
> if request == READ AND address==out_video_memory
> then if not READ right in SCD.kmem
> return EPERM;
>
> if request == WRITE AND address==out_video_memory
> then if not WRITE right in SCD.kmem
> return EPERM;
> else do_whatever_you_want.
>
> Do you want mean something like this?
On SCD, we have GET_STATUS_DATA for read and MODIFY_SYSTEM_DATA for write
accesses. So it would be those requests, otherwise like you wrote.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list