[zion] Begin requiring capability transmit permission.

As a first pass require the permission when passing a capability to a
new process.

zion/object/port.h

@@ -22,7 +22,8 @@ class Port : public IpcObject {
  public:
   uint64_t TypeTag() override { return KernelObject::PORT; }
   static uint64_t DefaultPermissions() {
-    return kZionPerm_Write | kZionPerm_Read | kZionPerm_Duplicate;
+    return kZionPerm_Write | kZionPerm_Read | kZionPerm_Duplicate |
+           kZionPerm_Transmit;
   }
 
   Port() = default;

zion/syscall/memory_object.cpp

@@ -39,6 +39,7 @@ z_err_t MemoryObjectDuplicate(ZMemoryObjectDuplicateReq* req) {
   ASSIGN_OR_RETURN(
       glcr::RefPtr<MemoryObject> new_vmmo,
       vmmo_cap->obj<MemoryObject>()->Duplicate(req->base_offset, req->length));
-  *req->new_vmmo_cap = curr_proc.AddNewCapability(new_vmmo);
+  *req->new_vmmo_cap =
+      curr_proc.AddNewCapability(new_vmmo, vmmo_cap->permissions());
   return glcr::OK;
 }

zion/syscall/process.cpp

@@ -26,12 +26,15 @@ z_err_t ProcessSpawn(ZProcessSpawnReq* req) {
   *req->new_vmas_cap = curr_proc.AddNewCapability(proc->vmas());
 
   if (req->bootstrap_cap != 0) {
-    auto cap = curr_proc.ReleaseCapability(req->bootstrap_cap);
+    auto cap = curr_proc.GetCapability(req->bootstrap_cap);
     if (!cap) {
       return glcr::CAP_NOT_FOUND;
     }
-    // FIXME: Check permissions.
+    if (!(cap->HasPermissions(kZionPerm_Transmit))) {
-    *req->new_bootstrap_cap = proc->AddExistingCapability(cap);
+      return glcr::CAP_PERMISSION_DENIED;
+    }
+    *req->new_bootstrap_cap = proc->AddExistingCapability(
+        curr_proc.ReleaseCapability(req->bootstrap_cap));
   }
 
   return glcr::OK;