[−][src]Module sunrise_kernel::process::capabilities
Process Capability handling
The Horizon/NX OS uses a capability scheme for its security system. Each userspace process is created with a list of capabilities. Those capabilities are not recursive: each process has its own specific list. The capabilities include which syscall the process is allowed to call, which IRQ it's allowed to listen on, or how many handles it's allowed to create.
Those capabilities are inherently arch-specific. For instance, the x86 architecture has an additional IOPB field to take care of. To this end, the ProcessCapabilities structure exposed by this module is different from architecture to architecture. Arch-specific methods will be marked as so in their documentation.
Structs
| MaskPrinter | Wrapper around a bitfield that only prints the indices of set bits. |
| ProcessCapabilities | Capabilities of a process. |
Constants
| APPLICATION_TYPE | Type of application (sysmodule, applet, application) |
| DEBUG_FLAGS | Flags allowing app to debug or be debugged. |
| HANDLE_TABLE_SIZE | Max amount of handle for the process. |
| INTERRUPT_PAIR | Allow creating an interrupt for the given IRQ pair. |
| IO_PORTS_ALLOWED | IOPorts the process is allowed to talk to |
| KACS_NO_DUPLICATES | Mask of kernel capabilities that cannot appear twice in a KCAP array. |
| KERNEL_FLAGS | Allowed CPUID and thread priorities. |
| KERNEL_RELEASE_VERSION | Minimum kernel release. |
| MAP_IO_OR_NORMAL_RANGE | Map an IO or physical memory page into process address space. |
| MAP_NORMAL_PAGE | Map a normal page. |
| MAX_SVC | The highest defined svc. |
| SYSCALL_MASK | Shifted mask of allowed syscalls. |