{"id":14641,"date":"2016-05-26T13:33:30","date_gmt":"2016-05-26T17:33:30","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=14641"},"modified":"2016-05-26T13:33:30","modified_gmt":"2016-05-26T17:33:30","slug":"dropboxs-upcoming-kernel-extension","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2016\/05\/26\/dropboxs-upcoming-kernel-extension\/","title":{"rendered":"Dropbox&rsquo;s Upcoming Kernel Extension"},"content":{"rendered":"<p><a href=\"https:\/\/blogs.dropbox.com\/tech\/2016\/05\/going-deeper-with-project-infinite\/\">Damien DeVille<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=11763227\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/blogs.dropbox.com\/tech\/2016\/05\/going-deeper-with-project-infinite\/\"><p>Traditionally, Dropbox operated entirely in user space as a program just like any other on your machine. With Dropbox Infinite, we&rsquo;re going deeper: into the kernel&mdash;the core of the operating system. With Project Infinite, Dropbox is evolving from a process that passively watches what happens on your local disk to one that actively plays a role in your filesystem. We have invested the better part of two years making all the pieces fit together seamlessly. This post is a glimpse into our journey.<\/p><p>[&#8230;]<\/p><p>FUSE is an incredible technology, but as we gained a deeper understanding it became clear that it didn&rsquo;t fully satisfy the two major constraints for our projects&mdash;world-class performance and rock-solid security.<\/p><p>[&#8230;]<\/p><p>We use the <a href=\"https:\/\/developer.apple.com\/library\/mac\/technotes\/tn2127\/_index.html#\/\/apple_ref\/doc\/uid\/DTS10003591-CH1-SUBSECTION18\">Kernel Authorization<\/a> (or Kauth for short) kernel subsystem in our kernel extension to manage file authorizations within the BSD portion of the kernel. By listening to actions on the <code>KAUTH_SCOPE_VNODE<\/code> scope, we can detect and deny actions that happen in the Dropbox folder. In the examples cited above, for example, we are interested in the <code>KAUTH_VNODE_DELETE<\/code> and <code>KAUTH_VNODE_ADD_FILE<\/code> actions since they allow us to check whether a file or folder in a user&rsquo;s shared folder is being deleted or moved. From there, it&rsquo;s just a matter of checking with the user whether the operation was in fact intended and inform them of the consequences of the operations for other members of the folder.<\/p><\/blockquote><p>Previously: <a href=\"http:\/\/mjtsai.com\/blog\/2016\/04\/26\/dropboxs-project-infinite\/\">Dropbox&rsquo;s Project Infinite<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Damien DeVille (via Hacker News): Traditionally, Dropbox operated entirely in user space as a program just like any other on your machine. With Dropbox Infinite, we&rsquo;re going deeper: into the kernel&mdash;the core of the operating system. With Project Infinite, Dropbox is evolving from a process that passively watches what happens on your local disk to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[47,828,30,32],"class_list":["post-14641","post","type-post","status-publish","format-standard","hentry","category-technology","tag-dropbox","tag-kernel-extensions","tag-mac","tag-macapp"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/14641","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=14641"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/14641\/revisions"}],"predecessor-version":[{"id":14642,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/14641\/revisions\/14642"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=14641"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=14641"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=14641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}