1 |
2 |
drasko |
/*
|
2 |
|
|
* Syscall API for capability manipulation
|
3 |
|
|
*
|
4 |
|
|
* Copyright (C) 2009 Bahadir Balban
|
5 |
|
|
*/
|
6 |
|
|
#ifndef __API_CAPABILITY_H__
|
7 |
|
|
#define __API_CAPABILITY_H__
|
8 |
|
|
|
9 |
|
|
#include <l4/lib/list.h>
|
10 |
|
|
#include INC_ARCH(types.h)
|
11 |
|
|
|
12 |
|
|
/* Capability syscall request types */
|
13 |
|
|
#define CAP_CONTROL_NCAPS 0x00000000
|
14 |
|
|
#define CAP_CONTROL_READ 0x00000001
|
15 |
|
|
#define CAP_CONTROL_SHARE 0x00000002
|
16 |
|
|
#define CAP_CONTROL_GRANT 0x00000003
|
17 |
|
|
#define CAP_CONTROL_REPLICATE 0x00000004
|
18 |
|
|
#define CAP_CONTROL_SPLIT 0x00000005
|
19 |
|
|
#define CAP_CONTROL_DEDUCE 0x00000006
|
20 |
|
|
#define CAP_CONTROL_DESTROY 0x00000007
|
21 |
|
|
|
22 |
|
|
#define CAP_SHARE_MASK 0x0000000F
|
23 |
|
|
#define CAP_SHARE_SINGLE 0x00000001
|
24 |
|
|
#define CAP_SHARE_ALL_CONTAINER 0x00000002
|
25 |
|
|
#define CAP_SHARE_ALL_SPACE 0x00000003
|
26 |
|
|
|
27 |
|
|
#define CAP_GRANT_MASK 0x0000000F
|
28 |
|
|
#define CAP_GRANT_SINGLE 0x00000001
|
29 |
|
|
#define CAP_GRANT_IMMUTABLE 0x00000004
|
30 |
|
|
|
31 |
|
|
#define CAP_SPLIT_MASK 0x0000000F
|
32 |
|
|
#define CAP_SPLIT_SIZE 0x00000001
|
33 |
|
|
#define CAP_SPLIT_ACCESS 0x00000002
|
34 |
|
|
#define CAP_SPLIT_RANGE 0x00000003 /* Returns -EPERM */
|
35 |
|
|
|
36 |
|
|
/*
|
37 |
|
|
* A capability is a unique representation of security
|
38 |
|
|
* qualifiers on a particular resource.
|
39 |
|
|
*
|
40 |
|
|
* In this structure:
|
41 |
|
|
*
|
42 |
|
|
* The capid denotes the unique capability ID.
|
43 |
|
|
* The resid denotes the unique ID of targeted resource.
|
44 |
|
|
* The owner denotes the unique ID of the one and only capability owner. This is
|
45 |
|
|
* almost always a thread ID.
|
46 |
|
|
*
|
47 |
|
|
* The type field contains two types:
|
48 |
|
|
* - The capability type,
|
49 |
|
|
* - The targeted resource type.
|
50 |
|
|
*
|
51 |
|
|
* The targeted resouce type denotes what type of resource the capability is
|
52 |
|
|
* allowed to operate on. For example a thread, a thread group, an address space
|
53 |
|
|
* or a memory can be of this type.
|
54 |
|
|
*
|
55 |
|
|
* The capability type defines the general set of operations allowed on a
|
56 |
|
|
* particular resource. For example a capability type may be thread_control,
|
57 |
|
|
* exchange_registers, ipc, or map operations. A resource type may be such as a
|
58 |
|
|
* thread, a thread group, a virtual or physical memory region.
|
59 |
|
|
*
|
60 |
|
|
* There are also quantitative capability types. While their names denote
|
61 |
|
|
* quantitative objects such as memory, threads, and address spaces, these
|
62 |
|
|
* types actually define the quantitative operations available on those
|
63 |
|
|
* resources such as creation and deletion of a thread, allocation and
|
64 |
|
|
* deallocation of a memory region etc.
|
65 |
|
|
*
|
66 |
|
|
* The access field denotes the fine-grain operations available on a particular
|
67 |
|
|
* resource. The meaning of each bitfield differs according to the type of the
|
68 |
|
|
* capability. For example, for a capability type thread_control, the bitfields
|
69 |
|
|
* may mean suspend, resume, create, delete etc.
|
70 |
|
|
*/
|
71 |
|
|
struct capability {
|
72 |
|
|
struct link list;
|
73 |
|
|
|
74 |
|
|
/* Capability identifiers */
|
75 |
|
|
l4id_t capid; /* Unique capability ID */
|
76 |
|
|
l4id_t owner; /* Capability owner ID */
|
77 |
|
|
l4id_t resid; /* Targeted resource ID */
|
78 |
|
|
unsigned int type; /* Capability and target resource type */
|
79 |
|
|
|
80 |
|
|
/* Capability limits/permissions */
|
81 |
|
|
u32 access; /* Permitted operations */
|
82 |
|
|
|
83 |
|
|
/* Limits on the resource (NOTE: must never have signed type) */
|
84 |
|
|
unsigned long start; /* Resource start value */
|
85 |
|
|
unsigned long end; /* Resource end value */
|
86 |
|
|
unsigned long size; /* Resource size */
|
87 |
|
|
|
88 |
|
|
/* Use count of resource */
|
89 |
|
|
unsigned long used;
|
90 |
|
|
|
91 |
|
|
/* Device attributes, if this is a device. */
|
92 |
|
|
unsigned int attr;
|
93 |
|
|
l4id_t irq;
|
94 |
|
|
};
|
95 |
|
|
|
96 |
|
|
#endif /* __API_CAPABILITY_H__ */
|