dan/Cosmos
1
0
Fork 0
mirror of https://github.com/danbulant/Cosmos synced 2026-05-30 12:50:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Cosmos/source/Playgrounds/Ben/os/kernel/Cosmos.IPC/CapabilityInvoke.rtf
bklooste_cp 8950af118b Design notes
2009-08-07 02:28:26 +00:00

139 lines
No EOL
4.4 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{\rtf1\ansi\ansicpg1252\deff0{\fonttbl{\f0\fnil\fcharset0 Courier New;}}
{\*\generator Msftedit 5.41.21.2508;}\viewkind4\uc1\pard\lang3081\b\f0\fs20 IPC option Capabilities\par
\par
\b0 Note this is quite different from KeyOS as we treat memory as the primary citizen and disk as an option. This better matches solid state devices. Hence low level things like blocks the OS and apps do not know about only Directories and Files.\par
\par
\b The problem is how to do messaging and capability Invoke ?\par
\par
\b0 1) Capabilities will be sealed objects with internal constructors ( or private and a static internal generate method) \par
\par
2) Methods on the Capability are used instead of invoking it ..\par
\par
3) These methods will do what is required and in most cases will send messages to the appropriate service via a syscall. \par
\par
4) In most cases these methods are the API and are Synch\par
\par
\b So the problem that remains is we send a Message whats stops it being used ? \par
\par
\b0 Does it matter ? \par
\par
The invoke on the Capability presents a measure of security , being able to bypass it is not great. It requires a check for a valid capability . If calls can be restricted to a capability this would not be possible. \par
\par
Message as a subclass... ? \par
\par
Confused seperate assembly ?\par
\par
\par
\par
Capability as only public constructor of message\par
\par
This will work. And has some benefits since the message can be sent remotely.\par
\par
\par
\b Capability types \b0\par
\par
Some are Resource access eg Processor\par
\par
Null Capability \par
Range Capability\par
Process Capability\par
SysCtl Capability \tab Start, stop system, enter sleep states.\par
AddressSpace Capability\par
MemoryPage Capability\par
EndPoint Capability\par
Processor Capability\par
Thread Capability\par
SharedMemoryRegion Capability\par
CapabilityRights Capability\par
Syslog Capability\par
IO Port Capability\par
Directory Capability\par
File Capability\par
URI Capability Everything is a URI , file systems etc \par
\par
\par
-----------------------------------------------------------------\par
1 \tab Window \tab\par
\par
A local mapping window (Chapter 4).\par
\tab RO,NX,WK\par
2 \tab Background \tab\par
\par
A background mapping window (Chapter 4).\par
\tab RO,NX,WK\par
3 \tab KeyBits \tab\par
\par
Discloses the bit representation of capabilities.\par
4 \tab Discrim \tab\par
\par
Classifies capabilities.\par
5 \tab Range \tab\par
\par
Fabricates object capabilities.\par
6 \tab Sleep \tab\par
\par
Interface to the kernel interval timer.\par
7 \tab IRQ Control \tab\par
\par
Interrupt request line control interface.\par
8 \tab Schedule Control \tab\par
\par
Interface to the kernel master scheduling table.\par
9 \tab Checkpoint \tab\par
\par
Control capability for the kernel checkpoint mechanism.\par
10 \tab ObStore \tab\par
\par
Interface between kernel and object store manager.\par
11 \tab Pin Control \tab\par
\par
Permission to pin objects in memory.\par
12 \tab Schedule \tab\par
\par
Permission to execute under a particular schedule.\par
13 \tab SysCtl \tab\par
\par
Start, stop system, enter sleep states.\par
14 \tab KernLog \tab\par
\par
Append text to kernel log.\par
15 \tab IOPriv \tab\par
\par
Authority to read/write IO ports.\par
16 \tab IrqWait \tab\par
\par
Authority to wait for an arriving interrupt.\par
17-31 \tab Reserved \tab\par
\par
Encodings reserved for future use.\par
32 \tab Endpoint \tab\par
\par
Control capability for an endpoint.\par
33 \tab Page \tab\par
\par
Data page. In general, the size of a page is determined by the underlying hardware page size. Device pages may be any power of two larger than this.\par
\tab RO,NX,WK\par
34 \tab CapPage \tab\par
\par
Capability page. The size of a capability page is determined by the page size of the underlying hardware page size.\par
\tab RO,NX,WK\par
35 \tab GPT \tab\par
\par
Guarded Page Table. Used to compose larger address spaces from pages.\par
\tab RO,NX,WK,OP\par
36 \tab Process \tab\par
\par
Capability that manipulates the kernel process abstraction.\par
37 \tab AppNotice \tab\par
\par
Capability that permits posting of non-blocking, application-defined software notices.\par
38-62 \tab Reserved \tab\par
\par
Encodings reserved for future use.\par
63 \tab Entry \tab\par
\par
Authority to send to the process designated by an Endpoint. \par
\par
\par
}
Reference in a new issue View git blame Copy permalink