{\rtf1\ansi\ansicpg1252\deff0{\fonttbl{\f0\fnil\fcharset0 Courier New;}} {\*\generator Msftedit 5.41.21.2508;}\viewkind4\uc1\pard\lang3081\b\f0\fs20 IPC option Capabilities\par \par \b0 Note this is quite different from KeyOS as we treat memory as the primary citizen and disk as an option. This better matches solid state devices. Hence low level things like blocks the OS and apps do not know about only Directories and Files.\par \par \b The problem is how to do messaging and capability Invoke ?\par \par \b0 1) Capabilities will be sealed objects with internal constructors ( or private and a static internal generate method) \par \par 2) Methods on the Capability are used instead of invoking it ..\par \par 3) These methods will do what is required and in most cases will send messages to the appropriate service via a syscall. \par \par 4) In most cases these methods are the API and are Synch\par \par \b So the problem that remains is we send a Message whats stops it being used ? \par \par \b0 Does it matter ? \par \par The invoke on the Capability presents a measure of security , being able to bypass it is not great. It requires a check for a valid capability . If calls can be restricted to a capability this would not be possible. \par \par Message as a subclass... ? \par \par Confused seperate assembly ?\par \par \par \par Capability as only public constructor of message\par \par This will work. And has some benefits since the message can be sent remotely.\par \par \par \b Capability types \b0\par \par Some are Resource access eg Processor\par \par Null Capability \par Range Capability\par Process Capability\par SysCtl Capability \tab Start, stop system, enter sleep states.\par AddressSpace Capability\par MemoryPage Capability\par EndPoint Capability\par Processor Capability\par Thread Capability\par SharedMemoryRegion Capability\par CapabilityRights Capability\par Syslog Capability\par IO Port Capability\par Directory Capability\par File Capability\par URI Capability Everything is a URI , file systems etc \par \par \par -----------------------------------------------------------------\par 1 \tab Window \tab\par \par A local mapping window (Chapter 4).\par \tab RO,NX,WK\par 2 \tab Background \tab\par \par A background mapping window (Chapter 4).\par \tab RO,NX,WK\par 3 \tab KeyBits \tab\par \par Discloses the bit representation of capabilities.\par 4 \tab Discrim \tab\par \par Classifies capabilities.\par 5 \tab Range \tab\par \par Fabricates object capabilities.\par 6 \tab Sleep \tab\par \par Interface to the kernel interval timer.\par 7 \tab IRQ Control \tab\par \par Interrupt request line control interface.\par 8 \tab Schedule Control \tab\par \par Interface to the kernel master scheduling table.\par 9 \tab Checkpoint \tab\par \par Control capability for the kernel checkpoint mechanism.\par 10 \tab ObStore \tab\par \par Interface between kernel and object store manager.\par 11 \tab Pin Control \tab\par \par Permission to pin objects in memory.\par 12 \tab Schedule \tab\par \par Permission to execute under a particular schedule.\par 13 \tab SysCtl \tab\par \par Start, stop system, enter sleep states.\par 14 \tab KernLog \tab\par \par Append text to kernel log.\par 15 \tab IOPriv \tab\par \par Authority to read/write IO ports.\par 16 \tab IrqWait \tab\par \par Authority to wait for an arriving interrupt.\par 17-31 \tab Reserved \tab\par \par Encodings reserved for future use.\par 32 \tab Endpoint \tab\par \par Control capability for an endpoint.\par 33 \tab Page \tab\par \par Data page. In general, the size of a page is determined by the underlying hardware page size. Device pages may be any power of two larger than this.\par \tab RO,NX,WK\par 34 \tab CapPage \tab\par \par Capability page. The size of a capability page is determined by the page size of the underlying hardware page size.\par \tab RO,NX,WK\par 35 \tab GPT \tab\par \par Guarded Page Table. Used to compose larger address spaces from pages.\par \tab RO,NX,WK,OP\par 36 \tab Process \tab\par \par Capability that manipulates the kernel process abstraction.\par 37 \tab AppNotice \tab\par \par Capability that permits posting of non-blocking, application-defined software notices.\par 38-62 \tab Reserved \tab\par \par Encodings reserved for future use.\par 63 \tab Entry \tab\par \par Authority to send to the process designated by an Endpoint. \par \par \par }