adam at os.inf.tu-dresden.de
Tue Dec 9 01:00:10 CET 2014
On Mon Dec 08, 2014 at 22:10:40 +0800, li94575 wrote:
> At 2014-12-07 07:36:38, "Adam Lackorzynski" <adam at os.inf.tu-dresden.de> wrote:
> >On Sat Dec 06, 2014 at 22:24:20 +0800, li94575 wrote:
> >> As I know, we can set access permissions for the kernel objects, and
> >> access to user-level objects is through IPC_Gate.
> >> So, can I set access permissions for user-level objects through the
> >> IPC_Gate?
> >Yes. This is done by giving the appropriate rights flags on mapping. In
> >Ned's scripting, there are those ':mode("...")' statements (typically
> >abbreviated with just ':m("...")' or just 'svr()' that define those
> >permissions. However, bits to be used by user-level implementations are
> >just the write bit.
> If I only map a capability with reading permission for server object, but I actually perform a writing operation on the object with the capability, can you tell me where the kernel do the permission checking?and for the objects, how to define the reading and writing operation?
For caps, the kernel does not care about the write bit, however, it's
visible on the server side and can be used there. The first parameter
for the typical dispatch function is that 'l4_umword_t obj', which is
actually the label. The lower bits of that obj also encode the 'W' bit.
So by testing 'obj & L4_CAP_FPAGE_W' you see whether the caller (client)
has the cap with or without the W bit mapped.
Adam adam at os.inf.tu-dresden.de
More information about the l4-hackers