From 629c544d877825ff3110ef2ee05165dc9d85ecff Mon Sep 17 00:00:00 2001 From: Daniel Mack Date: Tue, 27 Jan 2015 13:29:03 +0100 Subject: [PATCH] doc: some more work on kdbus.item Signed-off-by: Daniel Mack --- doc/kdbus.item.xml | 77 +++++++++++++++++++++++----------------------- 1 file changed, 39 insertions(+), 38 deletions(-) diff --git a/doc/kdbus.item.xml b/doc/kdbus.item.xml index ff218c3..0d9bb83 100644 --- a/doc/kdbus.item.xml +++ b/doc/kdbus.item.xml @@ -402,6 +402,8 @@ struct kdbus_pids { TID, stored as null-terminated string in item.str. Its length can also be derived from the item's total size. + Receivers of this item should not use its contents for any kind + of security measures. See below. @@ -412,6 +414,8 @@ struct kdbus_pids { PID, stored as null-terminated string in item.str. Its length can also be derived from the item's total size. + Receivers of this item should not use its contents for any kind + of security measures. See below. @@ -422,6 +426,8 @@ struct kdbus_pids { task, stored as null-terminated string in item.str. Its length can also be derived from the item's total size. + Receivers of this item should not use its contents for any kind + of security measures. See below. @@ -432,6 +438,8 @@ struct kdbus_pids { task, stored as an array of null-terminated strings in item.str. The total length of all strings in the array can be derived from the item's total size. + Receivers of this item should not use its contents for any kind + of security measures. See below. @@ -500,59 +508,47 @@ struct kdbus_audit { - - Note that the content stored in these items can easily be tampered - by the sending tasks. Therefore, they should not - be used for any sort of security relevant assumptions. The only - reason they are transmitted is to let receivers know about details - that were set when metadata was collected, even though the task - they were collected from is not active any longer when the items - are received. - - Items used for policy entries, matches and notifications - - KDBUS_ITEM_NAME_ADD - TODO - -struct kdbus_notify_name_change { - struct kdbus_notify_id_change old_id; - struct kdbus_notify_id_change new_id; - char name[0]; -}; - - - - KDBUS_ITEM_POLICY_ACCESS - TODO + + This item describes a policy access entry to + access the policy database of a + kdbus.bus2 or + kdbus.endpoint2. + Please refer to + kdbus.policy2 + for more information on the policy database and how to access it. struct kdbus_policy_access { - __u64 type; /* USER, GROUP, WORLD */ - __u64 access; /* OWN, TALK, SEE */ - __u64 id; /* uid, gid, 0 */ + __u64 type; + __u64 access; + __u64 id; }; + KDBUS_ITEM_NAME_ADD KDBUS_ITEM_NAME_REMOVE - TODO - - - - KDBUS_ITEM_NAME_CHANGE TODO + +struct kdbus_notify_name_change { + struct kdbus_notify_id_change old_id; + struct kdbus_notify_id_change new_id; + char name[0]; +}; + KDBUS_ITEM_ID_ADD + KDBUS_ITEM_ID_REMOVE TODO struct kdbus_notify_id_change { @@ -563,12 +559,6 @@ struct kdbus_notify_id_change { - - KDBUS_ITEM_ID_REMOVE - TODO - - - KDBUS_ITEM_REPLY_TIMEOUT TODO @@ -581,6 +571,17 @@ struct kdbus_notify_id_change { + + + [*] Note that the content stored in these metadata items can easily + be tampered by the sending tasks. Therefore, they should + not be used for any sort of security relevant + assumptions. The only reason they are transmitted is to let + receivers know about details that were set when metadata was + collected, even though the task they were collected from is not + active any longer when the items are received. + + -- 2.34.1