Permission checking for message handler functions
You can perform permission checking for connect, I/O, and other resource manager message handler functions.
Unlike other POSIX-based systems, QNX allows files to be opened without read or write permissions. Because this ability is used for implementing functionality such as stat(), it needs to be supported by your resource manager. Therefore, for any request, to add a basic level of permission checking, a check should be made that the resource was opened for read or write. This check is especially important when handling _IO_DEVCTL and _IO_MSG messages because these messages do not use a helper function such as iofunc_write_verify() to perform checks.
For a general discussion of read and write permissions, go to Permission checking.
For more information on security policies, go to the Security Policies
chapter.
Connect and I/O functions
If you create your own functions instead of using the default implementation of the
functions in the resmgr_connect_funcs_t connect table and
resmgr_io_funcs_t I/O table, make sure you implement appropriate permission
checks. Specific permission checking information for each function is included in Alphabetical listing of connect and I/O
functions
in Getting Started with the QNX OS.
Other functions
Implement permission checks as appropriate if your resource manager makes use of the following functions:
- User-defined message I/O function handler — allows you to send miscellaneous
requests (go to
User-defined message I/O function handler
in Getting Started with the QNX OS). - Device control I/O function handler — performs the device I/O operation as passed
from the client's devctl() (go to
Device control I/O function handler
in Getting Started with the QNX OS). - fcntl() — maps the command to a related I/O command on the client side. The resource manager sees the I/O command and can enforce permission checking on it.
- ioctl() — maps to a related I/O command on the client side.
Custom
Resource managers can call message_attach() to register additional custom I/O message handlers. There is no permission checking done on any custom messages that are attached this way, and there is no OCB passed to the handler. It is up to the resource manager developer to implement permission checking that is appropriate for the message.