Opening devices

Edit online

As with most system objects, most of the security checks associated with accessing a device are performed when the device is opened with the open system call.

The kernel first performs a set of basic operations and then passes the processing of the open request to the device driver. The kernel makes the following security checks before passing control to the device driver:

If the process does not have MAC access to the device special file, the open fails
If the process does not have MIC access to the device special file, the open fails
If the process does not have DAC access to the device special file, the open fails

With many devices, reading from the device (with the read system call) alters the state of the device in a manner that can be detected by another process whose MAC label does not dominate the reading process. This constitutes a potential covert channel. Devices that are first-in-first-out (FIFO) in nature are subject to this problem. In these cases, it is common practice to restrict read access to processes that are at the same MAC label as the device. This is done by a check within the device driver.

There are few specific rules or guidelines for the design of irregular devices. You must understand and apply the basic principles of mandatory and discretionary access control. Fortunately, most device drivers can be configured as regular devices and the eccentricities of irregular device drivers do not need to be dealt with often.