On the kernel level, how can I define, that vnode is on removable media?
I would like that my kernel authorization kext worked only for USB drives.
On the kernel level, how can I define, that vnode is on removable media?
I would like that my kernel authorization kext worked only for USB drives.
There’s a fundamental problem of definition here: what exactly constitutes “removable media”? For example, if I boot my Mac from an external USB drive, is that removable? Sure, I can unplug it, but the system will crash shortly thereafter.
Beyond that, there’s the mechanics of doing this. I recommend that you split this into user and kernel components:
The kernel component just maintains a table of block devices that should be monitored. When authorising an operation it gets the device from the vnode and runs it through that table to decide what to do.
The user space component updates that table based on information from various sources (most notably Disk Arb, but also possibly I/O Kit).
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"
Thank you for the answer.
kernel