acadia/zion/capability/capability_table.h

#pragma once

#include <glacier/container/linked_list.h>
#include <glacier/memory/ref_ptr.h>

#include "capability/capability.h"
#include "lib/mutex.h"

class CapabilityTable {
 public:
  CapabilityTable();

  CapabilityTable(CapabilityTable&) = delete;
  CapabilityTable& operator=(CapabilityTable&) = delete;

  template <typename T>
  z_cap_t AddNewCapability(const glcr::RefPtr<T>& object, uint64_t permissions);
  template <typename T>
  z_cap_t AddNewCapability(const glcr::RefPtr<T>& object) {
    return AddNewCapability<T>(object, T::DefaultPermissions());
  }
  z_cap_t AddExistingCapability(const glcr::RefPtr<Capability>& cap);

  glcr::RefPtr<Capability> GetCapability(uint64_t id);
  glcr::RefPtr<Capability> ReleaseCapability(uint64_t id);

 private:
  Mutex lock_{"cap table"};
  // TODO: Do some randomization.
  uint64_t next_cap_id_ = 0x100;
  // FIXME: use a map data structure.
  struct CapEntry {
    uint64_t id;
    glcr::RefPtr<Capability> cap;
  };
  glcr::LinkedList<CapEntry> capabilities_;
};

template <typename T>
uint64_t CapabilityTable::AddNewCapability(const glcr::RefPtr<T>& object,
                                           uint64_t permissions) {
  MutexHolder h(lock_);
  uint64_t id = next_cap_id_++;
  capabilities_.PushBack(
      {.id = id, .cap = MakeRefCounted<Capability>(object, permissions)});
  return id;
}
[zion] Add per-process CapabilityTable object Store this information in it's own object to make the API clearer. 2023-06-16 14:25:45 -07:00			`#pragma once`

[glacier] Move LinkedList to glacier. 2023-06-26 15:01:55 -07:00			`#include <glacier/container/linked_list.h>`
[zion/glacier] Move RefPtr to glacier. 2023-06-21 15:07:40 -07:00			`#include <glacier/memory/ref_ptr.h>`

[zion] Add per-process CapabilityTable object Store this information in it's own object to make the API clearer. 2023-06-16 14:25:45 -07:00			`#include "capability/capability.h"`
			`#include "lib/mutex.h"`

			`class CapabilityTable {`
			`public:`
			`CapabilityTable();`

			`CapabilityTable(CapabilityTable&) = delete;`
			`CapabilityTable& operator=(CapabilityTable&) = delete;`

			`template <typename T>`
[zion] Move to default permissions being supplied by KernelObjects 2023-08-01 18:22:41 -07:00			`z_cap_t AddNewCapability(const glcr::RefPtr<T>& object, uint64_t permissions);`
			`template <typename T>`
			`z_cap_t AddNewCapability(const glcr::RefPtr<T>& object) {`
			`return AddNewCapability<T>(object, T::DefaultPermissions());`
			`}`
			`z_cap_t AddExistingCapability(const glcr::RefPtr<Capability>& cap);`
[zion] Add per-process CapabilityTable object Store this information in it's own object to make the API clearer. 2023-06-16 14:25:45 -07:00
[zion/glacier] Move RefPtr to glacier. 2023-06-21 15:07:40 -07:00			`glcr::RefPtr<Capability> GetCapability(uint64_t id);`
			`glcr::RefPtr<Capability> ReleaseCapability(uint64_t id);`
[zion] Add per-process CapabilityTable object Store this information in it's own object to make the API clearer. 2023-06-16 14:25:45 -07:00
			`private:`
			`Mutex lock_{"cap table"};`
[zion] Remove legacy capability table method. 2023-06-19 23:32:49 -07:00			`// TODO: Do some randomization.`
[zion] Add per-process CapabilityTable object Store this information in it's own object to make the API clearer. 2023-06-16 14:25:45 -07:00			`uint64_t next_cap_id_ = 0x100;`
			`// FIXME: use a map data structure.`
[zion] Store capability ids on the CapabilityTable. This is preferable to storing it in the capability itself since the id is really just an index for the containing process. 2023-06-16 15:27:09 -07:00			`struct CapEntry {`
			`uint64_t id;`
[zion/glacier] Move RefPtr to glacier. 2023-06-21 15:07:40 -07:00			`glcr::RefPtr<Capability> cap;`
[zion] Store capability ids on the CapabilityTable. This is preferable to storing it in the capability itself since the id is really just an index for the containing process. 2023-06-16 15:27:09 -07:00			`};`
[glacier] Move LinkedList to glacier. 2023-06-26 15:01:55 -07:00			`glcr::LinkedList<CapEntry> capabilities_;`
[zion] Add per-process CapabilityTable object Store this information in it's own object to make the API clearer. 2023-06-16 14:25:45 -07:00			`};`

			`template <typename T>`
[zion/glacier] Move RefPtr to glacier. 2023-06-21 15:07:40 -07:00			`uint64_t CapabilityTable::AddNewCapability(const glcr::RefPtr<T>& object,`
[zion] Add per-process CapabilityTable object Store this information in it's own object to make the API clearer. 2023-06-16 14:25:45 -07:00			`uint64_t permissions) {`
			`MutexHolder h(lock_);`
			`uint64_t id = next_cap_id_++;`
[zion] Store capability ids on the CapabilityTable. This is preferable to storing it in the capability itself since the id is really just an index for the containing process. 2023-06-16 15:27:09 -07:00			`capabilities_.PushBack(`
			`{.id = id, .cap = MakeRefCounted<Capability>(object, permissions)});`
[zion] Add per-process CapabilityTable object Store this information in it's own object to make the API clearer. 2023-06-16 14:25:45 -07:00			`return id;`
			`}`