Home
QNX Software Development Platform
System Security Guide
The QNX System Security Guide is intended for both system integrators who are responsible for the security of a QNX OS system and developers who want to create a QNX OS resource manager free from vulnerabilities.
Security Policies

QNX Momentics IDE User's Guide
QNX Software Development Platform
- Quickstart Guide
- System Architecture
  The System Architecture guide accompanies the QNX OS and is intended for both application developers and end-users.
- OS Components
- Graphics
- Programming
- System Security Guide
  The QNX System Security Guide is intended for both system integrators who are responsible for the security of a QNX OS system and developers who want to create a QNX OS resource manager free from vulnerabilities.
  - Security Matrix
    The following table describes security problems and cyberattacks and the QNX OS security features that can mitigate them.
  - Security Features Overview
  - Security Features for Developers
  - Security Features for System Integrators
  - Security Policies
    - Using security policies
    - Security policy language
    - Named range file
    - Tutorial: Build a system that uses a security policy
      The steps for developing a QNX OS system that uses a security policy include adding security types and generating a policy using the secpolgenerate utility.
    - The libsecpol API (secpol.h)
      The libsecpol library API provides functions for systems that use security policies.
  - Fortified System Functions
  - QNX Cryptography Library
    The QNX cryptography library (qcrypto library) is a generic cryptographic shim layer that provides a consistent API to the various cryptographic primitives offered by third-party libraries.
  - The devcrypto service
    The devcrypto service is a legacy system driver interface and is mainly provided for backwards compatibility.
  - Pathtrust
    The pathtrust feature prevents processes from executing untrusted code. If a process is compromised, pathtrust mitigates the threat of the system being further compromised by an attacker using chained-together exploits.
  - PAM
    Systems that need authentication can use pluggable authentication module (PAM), a configurable standard library.
  - Using mkqnximage to Display Security Features
- Utilities & Libraries
- Migrating to QNX OS 8.0
QNX Software in the Cloud
QNX Toolkit for Visual Studio Code
This User's Guide describes the QNX Toolkit for Visual Studio Code. The guide introduces you to the QNX Toolkit by explaining the QNX development environment and how to build, run, and debug your QNX OS applications and systems.
Typographical Conventions, Support, and Licensing
This section describes the typographical conventions used throughout the documentation and explains how to obtain technical support.

Security Policies

QNX SDP8.0QNX OS System Security GuideAPIConfiguration

Although QNX OS allows a process to set which operations it is permitted to do, a better option is to use the system’s security policies functionality.

Among other advantages, using centralized security policies means that a resource manager does not have to predict which privileges are needed to operate in an individual system or how those privileges might change over time.

Note that some OS components and/or subsystems may have specific security policy practices:


OS component/Subsystem	See:
Screen Graphics Subsystem	Security policies in the Screen Graphics Subsystem Developer's Guide

Page updated: May 17, 2024