Resources | developer.brewmp.com Resources | developer.brewmp.com

Developer

resources

File system access control list

Brew MP provides access control lists (ACLs) to control access to the file system. ACLs are only applicable within Brew MP code (applications running on the device, PC tools using Gateway). Tools that run directly over DIAG are not controlled by ACLs; access over DIAG is controlled by SPAR rules. For more information, see Serial Port Access Restrictions.

Brew MP ACLs specify the privileges required to access files. ACLs are not directly associated with the file or directory itself. (This is because Brew MP often runs on devices with file systems that do not have any protection model and thus cannot store the protection attributes with each file). Instead the ACLs are specified in CIF files, and compiled into the module's MIF. The ACLs in the CIF indicates the path to which the attributes apply.

Directory ACLs

An ACL on a directory controls the following:

  • Read access to the directory itself. This controls the ability to enumerate (list) the files and subdirectories (not recursively) in the directory.
  • Write access to the directory itself. This controls the ability to delete the directory, but not the ability to delete the contents (files and subdirectories) of the directory.
  • Read access to the contents of the directory. This controls the ability to

    • Open / read / copy files in the directory
    • Read (enumerate) a subdirectory in the directory

  • Write access to the contents of the directory. This controls the ability to add, delete, or update files or subdirectories in the directory.

An ACLs specified on a directory apply to all its subdirectories unless overridden by an ACL for a lower directory. ACLs are applied in order from the shortest path to the longest path, which means you can allow full access to a directory in one ACL and then prevent all access to one of its subdirectories with another ACL.

Module ACLs

In the Brew MP file system privilege model, each module (either a Brew MP application or an OS Service) owns its own files and controls access to them. Any ClassID in a module has full access (read and write) to the module directory and its contents. Any caller that has one of the module's ClassIDs in its privilege set also had read-write access to the module's directory and its contents. If a caller does not possess the specific privileges specified by the module ACL, file system access (read or write) to the module directory or its contents is not allowed.

Access to files in module directory by other applications or services is controlled by ACLs in the module's CIF (see Specifying ACLs in a CIF).

An ACL describes file access rights (read or write) to be granted to other applications or services in the system, as follows.

  • Access control to the module files and directories is privilege-based. File access is granted on the basis of privileges held by the module that is opening the file. Privileges fill the role of user or group in other ACL systems.
  • Access control is static and applies to the file system namespace, versus other systems where access control is mutable and applies to individual objects in the file system. This static nature is due to the fact that the ACL is signed as part of the MIF. One notable implication is that an ACL can specify access policies for files and directories that do not exist yet.

ACLs and Privileges

ACLs may have privileges associated with them. If a caller possesses the required privilege(s), it will have the associated level of file access specified by that ACL. However, an ACL can also have no associated privilege, which means that the specified level of access applies to everyone unconditionally.

This overridden if the caller possesses the PL_SYSTEM, FileSystemR, or FileSystemRW privileges. Specifically:

  • FileSystemR provides full read access to the entire file system, regardless of any ACLs.
  • FileSystemRW provides full read-write access to the entire file system, regardless of any ACLs.
  • PL_SYSTEM provides full read-write access to the entire file system, regardless of any ACLs.