> I think I'd actually like to meld this with your other ideas and what I've > currently got. What do you think of this approach: > > /* kernel community doesn't feel userspace should have access at all > * or other kernel drivers use this > */ > if (blacklisted) > return NO; > > /* unprivileged access allowed */ > if (whitelisted & (capabilities && whitelist->capability_need) == > whitelist->capability_need)) > return ALLOWED; > > /* not yet in whitelist, or need privs to do */ > if (capable(CAP_SYS_RAWIO)) > return ALLOWED; > > return NO >
This looks sensible to me. Note that the middle case isn't necessarily 'unprviliged'. If the entyr is whitelisted and the capability_need is 0 then it means 'anyone' but you can also set any other appropriate capability (eg CAP_NET_ADMIN for a WMI call that does stuff to the wifi). Alan
