Date: Thu, 10 Mar 2016 14:20:33 +0530 From: pavan teja <bharghav2947@gmail.com> To: freebsd-hackers@freebsd.org Subject: Converting DAC or policy Rules into Capsicum capabilities Message-ID: <CAOMeaBSV%2BrGLYsWaXm%2BjYOan5HHLskzbk3J9zfnTTmDacJEMYQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello everyone,
I'm right now working on Implementing KDBus project into
FreeBSD project .In the KDBus we have a set of policy rules by which we can
control the bus connectivity by other processes . If viewing from the other
side policy rules appeared to me similar to DAC the security mechanism used
in Linux . Can anyone suggest me a good way to convert these DAC rules into
capabilities .I want to replace these policy rules in KDBus in my design
and replace them with some capabilities . *Example for some policy rules
are:*
KDBUS_ITEM_NAME: str='org.foo.bar'
KDBUS_ITEM_POLICY_ACCESS: type=USER, access=OWN, id=1000
KDBUS_ITEM_POLICY_ACCESS: type=USER, access=TALK, id=1001
KDBUS_ITEM_POLICY_ACCESS: type=WORLD, access=SEE
Please help me out by stating an example as how i can convert policy
rules as these into some form of capabilities given to each process
.This would be very helpful for my design.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOMeaBSV%2BrGLYsWaXm%2BjYOan5HHLskzbk3J9zfnTTmDacJEMYQ>