1. Field of the Invention
This invention relates generally to the field of data processing systems. More particularly, the invention relates to an improved apparatus and method for providing entitlements to program code.
2. Description of Related Art
A “loader” is the part of an operating system responsible for loading programs into memory. FIG. 1 illustrates an exemplary loader 104 of an operating system 101 which is loading two applications from storage 150 into memory 130: foo 110 and bar 111. In this example, foo 110 and bar 111 may require functions contained in various different libraries 120, two of which are shown in FIG. 1: libc 121 and webcore 122.
When loading an application to memory, the loader must dynamically link the library symbols referenced by the application or library being loaded. These symbols may represent references to functions that may be called, or values to be used. For example, in FIG. 1 the loader 104 replaces the reference for function fopen in application foo 110 with a memory address of fopen, which has been provided by the libc library 121 previously loaded into memory. Similarly, the loader 104 replaces the reference for function dostuff with the memory address for dostuff which has been provided by the webcore library 122 previously loaded into memory.
One or more “entitlements” may also be provided to applications and libraries specify whether the application or library should be permitted to access system resources. By way of example, an entitlement may specify whether an application is permitted to open a network socket, access a certain directory, or print documents. In the example illustrated in FIG. 1, application foo 110 has entitlements 115, application bar 111 has entitlements 116, library libc has entitlements 125 and library webcore 122 has entitlements 126.
In current implementations, entitlements are enforced at runtime by entitlement authorization logic 100, after an application, including all of its libraries have been fully loaded into memory by the loader. One limitation of current implementations is that if any library used by an application has a particular entitlement, then any application which uses that library automatically has that entitlement (i.e., entitlements are enforced at the granularity of a running process defined by the application and its libraries). For example, if the entitlements 126 of library webcore 122 specify that webcore is permitted to use the network via function socket, then any application which uses webcore will be assigned this entitlement. Consequently, even applications such as foo 110 which do not require access to the network will automatically have an entitlement to access the network, opening a potential security vulnerability which may be exploited by hackers. Similarly, the application developer for bar 111 may want to open network sockets using its own networking program code rather than the program code provided by library webcore. Nonetheless, if application bar 111 uses library webcore 122 in any manner, it will automatically be provided with webcore's entitlement to use the network.
Accordingly, what is needed is the ability to control entitlements at a more precise granularity. It would also be beneficial to control access to entitlements at load/link time, before an application and its libraries are fully executing in memory.