Resources | developer.brewmp.com Resources | developer.brewmp.com

Developer

resources

Specifying privileges in a CIF

A service specifies the privileges that are required to access the service in its CIF file, by listing the privileges in the required_privs field of the Service primitive. The CIF file also needs to include the .bid file, or files, that define the specified privileges. The CIF is then compiled into the MIF for the service.

Note: When a service lists multiple privileges in the required_privs field of the Service primitive, a calling application must have one of the required privileges. The caller is not required to have all the listed privileges.

An application may need specific privileges to access data files, or to access services. An application specifies the privileges it needs in its CIF file, by listing the privileges in the privs field of the Applet Primitive. The CIF file also needs to include the .bid file, or files, that define the specified privileges. The CIF is then compiled into the application's MIF.

Privileges in signed MIFs

Since privileges are stored in the MIF, they cannot be modified after the MIF is signed. OS Services enforces this at runtime. The application will not be registered if the signature does not match the MIF contents.

OS Services will load only signed MIF and MOD files. The SIG file is loaded with the module and verified on loading. The newly loaded files are rehashed and compared to the signature file. When a module is accessed, the module's database is examined and the signature is recomputed for verification.

Requiring privileges for access to a service class or in-process class

A service class or in-process class can require callers to possess specific privileges to instantiate the class.
  • An in-process class is declared to be a privileged class, as follows::
    Class{
       ...
       privileged = TRUE,
    }

    If the privileged field does not exist in the Class primitive in the CIF, no privileges are required to instantiate this in-process class. For example code, see Example - privileged in-process class.

  • A service class specifies the privileges required to instantiate the class as follows:

    Service{
       ...
       required_privs = {AEEPRIVID_ABC, AEEPRIVID_EFG}
    }

    required_privs = {0} indicates that no privileges are required to instantiate the service.

    If the required_privs field is not specified in the Service primitive in the CIF, the service ID of the service is the default privilege the caller needs to instantiate the service. For example code, see Example - privileged service class.

  • If the class specified by the servedclassid field is a privileged class, the caller needs to possess its ClassID as its privilege prior to instantiating the service.

Specifying the privileges an application has

For applet objects to possess privileges, specify the following in the CIF:

Applet{
   ...
   privs = {AEEPRIVID_XXX},
}

For service objects to possess privileges, the privileges come from the hosting process. If the service object is in the kernel process (serverid = 0), it has the same privileges as the kernel. If it is in a particular server process (serverid = AEECLSID_SERVERSOMETHING), the server declaration is similar to the following:

Server{
   …
   privs = {AEEPRIVID_ZZZ},
}

For in-process objects to possess privileges, the privileges come from the caller. Privileges are not specified for in-process objects.

When an application specifies privileges in its CIF, these privileges must be approved. The process is as follows:

  • The app developer determines the set of privileges the application needs.
  • The developer specifies these privileges in the application's CIF.
  • The developer submits the application to a signing authority.
  • The signing authority reviews the privileges requested in the MIF:
    • If they approve and sign, the privileges are granted.
    • If not the application is rejected and not signed.