Project -
We may require you to demo by signup on Doodle poll (see Canvas).
Brief Description:
Implement a new system call in Minix 3.2.1, along with two library functions in the system library that allow it to be called from a C program.
We will provide C programs that exercise and demonstrate the new call. In addition, modify the access control checks within Minix to perform new checks when a process tries to open a file.
Be prepared to demonstrate the system call by building your modified Minix 3 with the new system call, compiling our demo program, then running the demo program on your modified Minix 3 for the TA during the slot that you reserved.
Be prepared to discuss what you did, what problems you faced, how you solved them, what files you modified, and what you learned.
Details of System Call:
You will first modify the file system's inode structure to include a new integer value, classification, initialized to the tag value of the process that created the file on creation.
The new system call will allow
(a) the value of classification to be read by any process
(b) the value of classification to be written by a process with root access
Library procedures:
You will also implement library procedures that can be referenced by a C program to demonstrate the call. These must be included in the system library so that compiling a C program that references them will work (i.e., the references to these calls will be resolved).
The library procedures will have prototypes
int set_class(FILE* fd, int newvalue);
int get_class(FILE* fd);
Both will return the value of classification, or an error (-1).
The argument fd is a file descriptor as returned by fopen() for the file whose classification is to be accessed, and newvalue will be the new value of the non-negative classification.
A successful call to get_class(F) that immediately follows a successful call to set_class(F,v) shall return the value v (i.e., the set_class call shall change the value of class for file F to v, which shall be returned when get_class is called).
Both the get_class() and the set_class() call shall fail if the file descriptor is invalid.
The set_class() call shall fail if the calling process does not have root access (EUID = 0). The set_class() call shall also fail if new value is negative.
Failure shall be indicated by a return value of -1.
Appropriate error codes should be added if need be to the error numbers in the system, and errno should be set accordingly on failure. You should also do this for the set_tag and get_tag calls from Project 1.
Access Control Checks
You must modify the File System to check the tag of any process P that attempts to open a file F. If the file open requests read access, then the tag of P must be greater than or equal to the classification of F. If the file open requests write or append access, then the tag of P must be less than or equal to the classification of F. If a file is created then the file classification must be set to the tag value of the process that created it. This partially implements the BLP access control model.
Test program:
We will supply one or more simple test programs, but you may want to implement your own program(s) for testing. Our test program must compile using the system library after you have modified your Minix VM.
Helpful resources:
The Minix3.org website has many helpful documents, and we will add documents to the class website of a more specific nature.
Attachment:- Assignment Files.rar