I'm looking at using capsicum(2) to harden some code that speaks to a ugen device using libusb20(2).
The cap_rights_limit(2) call makes locking down normal files easy.
The trouble is the libusb20 headers don't expose the underlying file handles for a USB device.
#include <libusb20.h>
#include <libusb20_desc.h>
#include <dev/usb/usb_ioctl.h>
I know the handles exists ... see line 220 and line 223.
https://github.com/freebsd/freebsd/blob/master/lib/libusb/libusb20_int.
I see there is libusb20_get_dev_fd(2) but that returns only one of the descriptors.
This header isn't included by default. Not sure if it is considered part of the kernel. A not-release-specific means to get *both* file descriptors would be preferred.
I've been impressed with both the libusb20(2) device interface API and capsicum(2). It would be cool to use them together.
The cap_rights_limit(2) call makes locking down normal files easy.
The trouble is the libusb20 headers don't expose the underlying file handles for a USB device.
#include <libusb20.h>
#include <libusb20_desc.h>
#include <dev/usb/usb_ioctl.h>
I know the handles exists ... see line 220 and line 223.
https://github.com/freebsd/freebsd/blob/master/lib/libusb/libusb20_int.
I see there is libusb20_get_dev_fd(2) but that returns only one of the descriptors.
This header isn't included by default. Not sure if it is considered part of the kernel. A not-release-specific means to get *both* file descriptors would be preferred.
I've been impressed with both the libusb20(2) device interface API and capsicum(2). It would be cool to use them together.