Permission checking

Updated: May 06, 2022

You can perform permission checking for connect, I/O, and other resource manager helper functions.

Unlike other POSIX-based systems, QNX allows files to be opened without read or write permissions. Because this ability is used for implementing functionality such as stat(), it needs to be supported by your resource manager. Furthermore, because resource managers listen on global channels that are accessible to all processes (this can be restricted to a subset of processes if security policies are used), your resource manager can handle messages from clients that should not have permission to perform specific operations. Therefore, for any request, to add a basic level of permission checking, a check should be made that the resource was opened for read or write. This check is especially important when handling _IO_DEVCTL and _IO_MSG messages because these messages do not use a helper function such as iofunc_write_verify() to perform checks.

For more information on security policies, see the Security Policies chapter.

Connect and I/O functions

If you create your own functions instead of using the default implementation of the functions in the resmgr_connect_funcs_t connect table and resmgr_io_funcs_t I/O table, make sure you implement appropriate permission checks. Specific permission checking information for each function is included in “Alphabetical listing of connect and I/O functions” in Getting Started with QNX Neutrino.

Other filesystem functions

The fcntl() function maps the command to a related I/O command on the client side. The resource manager sees the I/O command and can enforce permission checking on it. Similarly, the ioctl() command maps to a related I/O command on the client side.

Custom

Resource managers can call message_attach() to register additional custom I/O message handlers. There is no permission checking done on any custom messages that are attached this way, and there is no OCB passed to the handler. It is up to the resource manager developer to implement permission checking that is appropriate for the message.