| Updated: October 28, 2024 |
You can perform permission checking for connect, I/O, and other resource manager message handler functions.
Unlike other POSIX-based systems, QNX allows files to be opened without read or write permissions. Because this ability is used for implementing functionality such as stat(), it needs to be supported by your resource manager. Furthermore, because resource managers listen on global channels that are accessible to all processes (this can be restricted to a subset of processes if security policies are used), your resource manager can handle messages from clients that should not have permission to perform specific operations. Therefore, for any request, to add a basic level of permission checking, a check should be made that the resource was opened for read or write. This check is especially important when handling _IO_DEVCTL and _IO_MSG messages because these messages do not use a helper function such as iofunc_write_verify() to perform checks.
For a general discussion of read and write permissions, go to “Permission checking.”
For more information on security policies, go to the “Security Policies” chapter.
If you create your own functions instead of using the default implementation of the functions in the resmgr_connect_funcs_t connect table and resmgr_io_funcs_t I/O table, make sure you implement appropriate permission checks. Specific permission checking information for each function is included in “Alphabetical listing of connect and I/O functions” in Getting Started with QNX Neutrino.
Implement permission checks as appropriate if your resource manager makes use of the following functions:
Resource managers can call message_attach() to register additional custom I/O message handlers. There is no permission checking done on any custom messages that are attached this way, and there is no OCB passed to the handler. It is up to the resource manager developer to implement permission checking that is appropriate for the message.