INTER-PROCESS ACCESS CONTROL

摘要

A kernel receives a request to execute a first process instance from an agent. The first process instance is an instance of a first program. The kernel obtains one or more access control rules related to the agent. The kernel permits execution of the first process instances based on the access control rules. The kernel detects the first process instance attempting to access a second process instance during execution of the first process instance. The second process instance is an instance of a second program currently being executed. The kernel determines whether to grant the first process instance permission to access the second process instances based on the access control rules.

主权项

1. A method of process access control in an operating system, the method comprising:
receiving, by a kernel and from an agent, a request to execute a first process instance of a first program; obtaining, by the kernel, one or more access control rules related to the agent; permitting, by the kernel and based on the one or more access control rules, execution of the first process instance; detecting, by the kernel and during execution of the first process instance, the first process instance attempting to access a second process instance of a second program currently being executed; and determining, by the kernel and based on the one or more access control rules, whether to grant the first process instance permission to access the second process instance.