Writing Apps HOWTO

From Dazuko
(Difference between revisions)
Jump to: navigation, search
(copied from old page)
 
(modified for DazukoFS interface)
Line 1: Line 1:
 
__NOTOC__
  
__NOTOC__
Dazuko alone simply adds file access control capabilities to your kernel. However, to make use of these capabilities you need an application that will interact with Dazuko. This document guides you though the Dazuko interface, allowing a developer to build an application to take advantage of Dazuko and implement 3rd party file access control.
 +
DazukoFS alone simply adds file access control capabilities to your kernel. However, to make use of these capabilities you need an application that will interact with DazukoFS. This document guides you though the DazukoFS userspace library interface, allowing a developer to build an application to take advantage of DazukoFS and implement online userspace file access control.
   
Dazuko currently has interfaces implemented in C, Java, Perl, Python, Lua, and PHP. Please look in the respective example_<language> directories for example programs utilizing these interfaces. The interface has been implemented to be the same for all languages (except for minor differences to allow for a natural feel in the language).
  
   
Since version 2.0.0 of Dazuko, the provided C interface has been as follows:
 +
<div style="padding:0.5em; margin-bottom:1em; border: 2px solid #a00;">
  +
The information on this page refers to DazukoFS 3.x versions. Information about writing applications for Dazuko 2.x can be found on the page [[Writing Apps HOWTO %28Dazuko 2.x%29]].
  +
</div>
   
registration function
  
int dazukoRegister(const char *groupName, const char *mode);
  
   
configuration functions
 +
Since version 3.0.0 of DazukoFS, the provided C interface has been as follows:
int dazukoSetAccessMask(unsigned long accessMask);
 +
int dazukoAddIncludePath(const char *path);
 +
registration function
int dazukoAddExcludePath(const char *path);
 +
dazukofs_handle_t dazukofs_open(const char *gname, int flags);
int dazukoRemoveAllPaths(void);
  
   
 
file access control functions
  
file access control functions
int dazukoGetAccess(struct dazuko_access **acc);
 +
int dazukofs_get_access(dazukofs_handle_t hndl, struct dazukofs_access *acc);
int dazukoReturnAccess(struct dazuko_access **acc);
 +
int dazukofs_return_access(dazukofs_handle_t hndl, struct dazukofs_access *acc);
  +
  +
utility function
  +
int dazukofs_get_filename(struct dazukofs_access *acc, char *buf, size_t bufsiz);
   
 
unregistration function
  
unregistration function
int dazukoUnregister(void);
 +
int dazukofs_close(dazukofs_handle_t hndl, int flags);
   
access structure
 +
dazukofs_access structure
struct dazuko_access
 +
struct dazukofs_access {
{
 +
int fd;
int deny;
 +
int deny;
int event;
 +
unsigned long pid;
char set_event;
  
int flags;
  
char set_flags;
  
int mode;
  
char set_mode;
  
int uid;
  
char set_uid;
  
int pid;
  
char set_pid;
  
char *filename;
  
char set_filename;
  
unsigned long file_size;
  
char set_file_size;
  
int file_uid;
  
char set_file_uid;
  
int file_gid;
  
char set_file_gid;
  
int file_mode;
  
char set_file_mode;
  
int file_device;
  
char set_file_device;
  
 
};
  
};
   
A thread-safe version of the interface is also available. The functions are the same except that they end with _TS and take an addition dazuko_id_t argument. Please see the example_mt.c program for details.
 +
When interfacing with DazukoFS, there are 3 things that an application will do:
   
When interfacing with Dazuko, there are 4 things that an application will do:
 +
# register your application with DazukoFS
 
# register your application with Dazuko
  
# set various Dazuko configuration options
  
 
# listen for file access events and allow or deny the accesses
  
# listen for file access events and allow or deny the accesses
# unregister with Dazuko
 +
# unregister with DazukoFS
   
Each of these items will be discussed along with actual C code snippets to give you an idea of how it works. In order to have access to the Dazuko inteface you must include the dazukoio.h file:
 +
Each of these items will be discussed along with actual C code snippets to give you an idea of how it works. In order to have access to the DazukoFS inteface you must include the dazukofs.h header file:
   
#include "dazukoio.h"
 +
#include "dazukofs.h"
   
You will also need to include the dazukoio.c and dazukoio_compat12.c files into your project for compiling. You should take a look at the accompanying example program (example.c) to see a working application. All Dazuko interface functions return 0 on success.
 +
You will also need to include the libdazukofs.so userspace library into your project for compiling. You should take a look at the accompanying test program (showfiles.c) to see a working application. With the exception of dazukofs_open(), all DazukoFS functions return 0 on success.
   
== 1. register your application with Dazuko ==
 +
== 1. register your application with DazukoFS ==
   
Registering with Dazuko is very simple. It is done with the dazukoRegister function:
 +
Registering with DazukoFS is very simple. It is done with the dazukofs_open function:
if (dazukoRegister("My Group Name", "r+") != 0)
 +
dazukofs_handle_t hndl = dazukofs_open("My_Group_Name", DAZUKOFS_TRACK_GROUP);
printf("error registering\n");
 +
if (!hndl)
  +
printf("error registering\n");
   
Dazuko supports different applications simultaneously (cascading) and groups them by name. Each different application should use its own group name, however multiple instances of the same application should use the same group name. This allows you to have many instances working together simultaneouly in order to take advantage of your multi-processing operating system. If this function fails, then Dazuko is not correctly loaded. Please refer to the installation instructions.
 +
DazukoFS supports different applications simultaneously (cascading) and groups them by name. Each different application should use its own group name, however multiple instances of the same application should use the same group name. This allows you to have many instances working together simultaneouly in order to take advantage of your multi-processing operating system. If this function fails, DazukoFS is not correctly loaded. Please refer to the installation instructions.
   
The second parameter specifies the mode in which the application will interact with Dazuko. There are currently two modes available, read-only "r" and read-write "r+". The read-only mode allows an application to receive all accesses but does not give the application an opportunity to decide if the access should be allowed or not. Applications that only deal with collecting information (specialized loggers, for example) will never need to determine if the access should be allowed. The benefit of using the read-only mode is that the responsibilities of the application have been reduced, not requiring an answer to every access. Applications that do not require access control are encouraged to use this mode.
 +
The second parameter specifies any special flags that may want to be used. The flag DAZUKOFS_TRACK_GROUP tells DazukoFS that the group should be automatically removed if there are no more registered processes for that group. If this flag is not used, a registered process is required to correctly remove the group when file access control is no longer desired.
   
Read-write mode is the mode that has always been supported by Dazuko. Each time an application receives an access, it must reply whether or not the access should be allowed. Access control applications must use this mode. Section 3 will explain these responsibilities in more detail.
 +
== 2. listen for file access events and allow or deny the accesses ==
   
== 2. set various Dazuko configuration options ==
 +
Once you have registered with DazukoFS, the responsibilities put on your application become very great! At this point the kernel will assume that you are taking responsibility for file access control. For each file access that meets the access mask and include path constraints, the kernel will wait for your application to approve the access. This is done in a passive manner. The application must request an access event and will block until the kernel has one to give. Then the kernel will give the action event to the application. The application must decide if the access should be allowed or not and then reply to the kernel if the access should be allowed or not. The application should then request another access event and so on...
   
Each configuration option is set using a specific Dazuko function. The various options that are available are to: 1) set the access mask (any combination of various accesses that should be intercepted), 2) set the include paths (the paths from which file accesses will be handled), 3) set exclude paths (paths within the include paths that should not be handled) and 4) clear all set paths. Examples will now be given showing how to set the different configuration options.
 +
The kernel will assume the application is ready to take on its responsibility. If the application does not do its job of requesting an access event, the kernel will patiently wait (forever if necessary) until the application finally does request a file. For this reason it is important to understand that as long as an application is registerd with DazukoFS, it should be requesting an access event. The entire system could be relying on it. (Note: Even if no applications are registered, but the group still exists, DazukoFS will assume that file access control is still desired and wait for an application to register to that group.)
 
To set the access mask (in this case to intercept all possible file access types):
  
if (dazukoSetAccessMask(ON_OPEN
  
| ON_CLOSE
  
| ON_CLOSE_MODIFIED
  
| ON_EXEC
  
| ON_UNLINK
  
| ON_RMDIR) != 0)
  
{
  
printf("error setting access mask\n");
  
}
  
 
To add an include path (in this case /home/):
  
if (dazukoAddIncludePath("/home/") != 0)
  
printf("error adding include path\n");
  
 
You can have multiple include paths, but you must add each path separately. Dazuko does not have a limit on the number of include paths. Keep in mind that all sub-directories of an include path are also included.
  
 
To add an exclude path (in this case /home/foo/):
  
if (dazukoAddExcludePath("/home/foo/") != 0)
  
printf("error adding exclude path\n");
  
 
You can have multiple exclude paths, but you must add each path separately. Dazuko does not have a limit on the number of exclude paths. Keep in mind that all sub-directories of an exclude path are also excluded. Exclude paths are considered superior rules to include paths. That means if you add an include path that is within an exclude path, the file accesses in the directory will still be excluded.
  
 
To remove all set paths:
  
if (dazukoRemoveAllPaths() != 0)
  
printf("error removing all paths\n");
  
 
== 3. listen for file access events and allow or deny the accesses ==
  
 
Once you have added an include path and some sort of access mask, the responsibilities put on your application become very great! At this point the kernel will assume that you are taking responsibility for file access control. For each file access that meets the access mask and include path constraints, the kernel will wait for your application to approve the access. This is done in a passive manner. The application must request an access event and will block until the kernel has one to give. Then the kernel will give the action event to the application. The application must decide if the access should be allowed or not and then reply to the kernel if the access should be allowed or not. The application should then request another access event and so on...
  
 
Once an application has set some configuration options with Dazuko, the kernel will assume the application is ready to take on its responsibility. If the application does not do its job of requesting an access event, the kernel will patiently wait (forever if necessary) until the application finally does request a file. For this reason it is important to understand that as long as an application is registerd with Dazuko, it should be requesting an access event. The entire system could be relying on it.
  
 
Applications that have registered in read-only mode have a reduced set of responsibilities. Although it is important that the application is always requesting an access event, in read-only mode the kernel does not wait for a response. This relieves half of the responsibilities of the application, but also only allows the application to collect information. Applications that will not be doing access control are encouraged to use read-only mode.
  
   
 
To request an access event:
  
To request an access event:
struct dazuko_access *acc;
 +
struct dazukofs_access acc;
+
if (dazukofs_get_access(hndl, &acc) != 0)
if (dazukoGetAccess(&acc) != 0)
 +
printf("error getting access event\n");
printf("error getting access event\n");
  
   
Once you have an access event, you can investigate the various attributes of the access. These attributes were filled in by the kernel into the dazuko_access structure. Attributes which were not acquired (or are not valid for this particular access) have their corresponding set_ flag set to 0, otherwise 1. The dazuko_access structure can be seen at the top of this page.
 +
Once you have an access event, you also have an open file descriptor to the file being accessed. The file descriptor is in the "fd" field of the dazukofs_access structure. Using the file descriptor, your application can investigate the contents of the file being accessed.
   
If registered in read-write mode, the job of your application is to clear or set the deny flag if access should or should not be allowed, respectively. Then the application must give the dazuko_access struct back to the kernel.
 +
A utility function dazukofs_get_filename() is available in case your application is interested in the filename of the file being accessed.
   
Even applications registered in read-only mode should return the access. The dazuko_access structure was allocated when dazukoGetAccess was called. Returning the access will free up this memory, even if in read-only mode nothing is truly returned to the kernel. It is also good practice to return access events, rather than trying to free the structure yourself.
 +
It is the job of your application to clear or set the deny flag if access should or should not be allowed, respectively. Then the application must give the dazukofs_access struct back to the kernel. Returning the access will also close the file descriptor.
   
 
To return an access event to the kernel:
  
To return an access event to the kernel:
acc->deny = 0; /* allow access */
 +
acc.deny = 0; /* allow access */
 
 
if (dazukoReturnAccess(&acc) != 0)
 +
if (dazukofs_return_access(hndl, &acc) != 0)
 
printf("error returning access event\n");
  
printf("error returning access event\n");
   
== 4. unregister with Dazuko ==
 +
== 3. unregister with DazukoFS ==
   
When your application no longer wishes to handle file access control, it must unregister with Dazuko. This will relieve the application of its big responsibilities. Even in read-only mode it is critical that an application properly unregisters.
 +
When your application no longer wishes to handle file access control, it must unregister with DazukoFS. This will relieve the application of its big responsibilities.
   
if (dazukoUnregister() != 0)
 +
if (dazukofs_close(hndl, DAZUKOFS_REMOVE_GROUP) != 0)
 
printf("error unregistering\n");
  
printf("error unregistering\n");
  +
  +
The DAZUKOFS_REMOVE_GROUP flag tells DazukoFS to remove the group. If other applications are registered with this group, their dazukofs_get_access() and dazukofs_return_access() will return errors (since the group no longer exists).

Revision as of 21:13, 22 February 2009

DazukoFS alone simply adds file access control capabilities to your kernel. However, to make use of these capabilities you need an application that will interact with DazukoFS. This document guides you though the DazukoFS userspace library interface, allowing a developer to build an application to take advantage of DazukoFS and implement online userspace file access control.


The information on this page refers to DazukoFS 3.x versions. Information about writing applications for Dazuko 2.x can be found on the page Writing Apps HOWTO (Dazuko 2.x).


Since version 3.0.0 of DazukoFS, the provided C interface has been as follows:

registration function 

dazukofs_handle_t dazukofs_open(const char *gname, int flags);

file access control functions 

int dazukofs_get_access(dazukofs_handle_t hndl, struct dazukofs_access *acc);
int dazukofs_return_access(dazukofs_handle_t hndl, struct dazukofs_access *acc);

utility function 

int dazukofs_get_filename(struct dazukofs_access *acc, char *buf, size_t bufsiz);

unregistration function 

int dazukofs_close(dazukofs_handle_t hndl, int flags);

dazukofs_access structure 

struct dazukofs_access {
    int fd;
    int deny;
    unsigned long pid;
};

When interfacing with DazukoFS, there are 3 things that an application will do:

  1. register your application with DazukoFS
  2. listen for file access events and allow or deny the accesses
  3. unregister with DazukoFS

Each of these items will be discussed along with actual C code snippets to give you an idea of how it works. In order to have access to the DazukoFS inteface you must include the dazukofs.h header file: 

#include "dazukofs.h"

You will also need to include the libdazukofs.so userspace library into your project for compiling. You should take a look at the accompanying test program (showfiles.c) to see a working application. With the exception of dazukofs_open(), all DazukoFS functions return 0 on success.

1. register your application with DazukoFS

Registering with DazukoFS is very simple. It is done with the dazukofs_open function: 

dazukofs_handle_t hndl = dazukofs_open("My_Group_Name", DAZUKOFS_TRACK_GROUP);
if (!hndl)
    printf("error registering\n");

DazukoFS supports different applications simultaneously (cascading) and groups them by name. Each different application should use its own group name, however multiple instances of the same application should use the same group name. This allows you to have many instances working together simultaneouly in order to take advantage of your multi-processing operating system. If this function fails, DazukoFS is not correctly loaded. Please refer to the installation instructions.

The second parameter specifies any special flags that may want to be used. The flag DAZUKOFS_TRACK_GROUP tells DazukoFS that the group should be automatically removed if there are no more registered processes for that group. If this flag is not used, a registered process is required to correctly remove the group when file access control is no longer desired.

2. listen for file access events and allow or deny the accesses

Once you have registered with DazukoFS, the responsibilities put on your application become very great! At this point the kernel will assume that you are taking responsibility for file access control. For each file access that meets the access mask and include path constraints, the kernel will wait for your application to approve the access. This is done in a passive manner. The application must request an access event and will block until the kernel has one to give. Then the kernel will give the action event to the application. The application must decide if the access should be allowed or not and then reply to the kernel if the access should be allowed or not. The application should then request another access event and so on...

The kernel will assume the application is ready to take on its responsibility. If the application does not do its job of requesting an access event, the kernel will patiently wait (forever if necessary) until the application finally does request a file. For this reason it is important to understand that as long as an application is registerd with DazukoFS, it should be requesting an access event. The entire system could be relying on it. (Note: Even if no applications are registered, but the group still exists, DazukoFS will assume that file access control is still desired and wait for an application to register to that group.)

To request an access event: 

struct dazukofs_access acc;
if (dazukofs_get_access(hndl, &acc) != 0)
    printf("error getting access event\n");

Once you have an access event, you also have an open file descriptor to the file being accessed. The file descriptor is in the "fd" field of the dazukofs_access structure. Using the file descriptor, your application can investigate the contents of the file being accessed.

A utility function dazukofs_get_filename() is available in case your application is interested in the filename of the file being accessed.

It is the job of your application to clear or set the deny flag if access should or should not be allowed, respectively. Then the application must give the dazukofs_access struct back to the kernel. Returning the access will also close the file descriptor.

To return an access event to the kernel: 

acc.deny = 0; /* allow access */

if (dazukofs_return_access(hndl, &acc) != 0)
     printf("error returning access event\n");

3. unregister with DazukoFS

When your application no longer wishes to handle file access control, it must unregister with DazukoFS. This will relieve the application of its big responsibilities. 

if (dazukofs_close(hndl, DAZUKOFS_REMOVE_GROUP) != 0)
     printf("error unregistering\n");

The DAZUKOFS_REMOVE_GROUP flag tells DazukoFS to remove the group. If other applications are registered with this group, their dazukofs_get_access() and dazukofs_return_access() will return errors (since the group no longer exists).

Retrieved from "http://dazuko.dnsalias.org/wiki/index.php?title=Writing_Apps_HOWTO&oldid=1567"
Personal tools