issuhub.com

Linux Kernel Architecture

(Jacob Rumans) #1

Chapter 5: Locking and Interprocess Communication


Permission Checks


IPC objects are protected by the same mechanisms that apply to regular file-based objects. Access rights

can be separately specified for the owner of an object, the group, and all other users. Furthermore, the

possible rights are reading, writing, and executing.ipcpermsis responsible for checking if permissions

are given for a certain operation on any of the possible IPC objects. It is defined as follows:

ipc/util.c

int ipcperms (struct kern_ipc_perm *ipcp, short flag)

{ /* flag will most probably be 0 or S_...UGO from <linux/stat.h> */

int requested_mode, granted_mode, err;

...

requested_mode = (flag >> 6) | (flag >> 3) | flag;

granted_mode = ipcp->mode;

if (current->euid == ipcp->cuid || current->euid == ipcp->uid)

granted_mode >>= 6;

else if (in_group_p(ipcp->cgid) || in_group_p(ipcp->gid))

granted_mode >>= 3;

/* is there some bit set in requested_mode but not in granted_mode? */

if ((requested_mode & ~granted_mode & 0007) &&

!capable(CAP_IPC_OWNER))

return -1;

return security_ipc_permission(ipcp, flag);

}

The requested mode (request_mode) contains the requested flags bit-triples as a threefold copy.

granted_modeinitially holds the mode bits of the IPC object. Depending on whether the user himself,

a member of the group, or someone else wants to perform a specific operation, the contents of

granted_modeare shifted to the right such that the appropriate bit-triple resides in the low three bits.

If the last three bits ofrequested_modeandgranted_modedisagree, permission is denied accordingly.

securit_ipc_permissionhooks into other security frameworks like SELinux, which are potentially

active but need not concern us here.

5.3.3 Message Queues


Another way of communicating between processes is to exchange messages. This is done using the

message queue mechanism, whose implementation is based on the System V model. There are some

commonalities between message queues and semaphores as far as data structures are concerned.

The functional principle of messages queues is relatively simple, as Figure 5-4 shows.

A


C


B


1

2

3

4

Figure 5-4: Functional principle of System V

message queues.
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.