1
0
mirror of https://github.com/20kdc/OC-KittenOS.git synced 2025-01-13 03:18:06 +11:00
OC-KittenOS/repository/docs/kn-perms

107 lines
3.0 KiB
Plaintext
Raw Normal View History

This is the list of Accesses natively
supported by the KittenOS NEO
kernel. It does not include those
that are handled by services,
but does include the mechanism for
creating & using services.
For the services, see us-perms.
Here, "*" means that everything after
this point is considered an argument
to the access.
"c.*": Component. Returns:
list: Returns iterator over proxies.
These proxies may be set up to
be unalterable for obvious
security reasons.
For "filesystem", additionally:
primary: The primaryDisk proxy.
temporary: The RAM-FS proxy.
(These entries are included in the
above list - these fields serve
to identify the components.)
"s.*": Allows receiving a signal.
Totally useless for any signal
prefixed with "k." or "x." -
"k." is always let through,
and "x." can't be sent to you
in a situation where you
don't have permission,
under normal circumstances.
"k.root": The kernel's _ENV table.
Two things in particular
that are actually part of
the documented API for this:
securityPolicy(pid, proc, perm, req)
Setting this sets the security
policy used. Since this is root-by-
proxy, it's in k.root (this also
saves the memory another mechanism
would require, and complexity)
runProgramPolicy(ipkg, ...) :
Setting this sets the run-program
policy used, which prevents a
program being run in certain cases.
The varargs are the same as those
that would go to the new process -
the 'ipkg' is the name of the
program to start up.
"k.computer": The "computer" table,
with wrapMeta applied.
The security check may be aliased to
the "k.root" permission in future.
"k.kill": function (pid) to kill any
process on the system.
"r.*": Registers a service's API for
retrieval via the "x." mechanism.
Returns a:
function (function (pkg, pid, send),
secret)
While the registration is locked on
success, attempting to use it will
fail, as no handler has been given.
The returned function finishes the
registration with a callback used
for when a process tries to use the
registered API.
Unless 'secret' is truthy, a
k.registration event is sent to all
processes; using the secret flag is
useful for a more ad-hoc security
approach.
What that API returns goes to the
target process.
The given "sendSig" function can be
used to send an event to the target
process, the type of which matches
the "x." name of the access, and
the parameters being those given to
sendSig.
So sendSig(1) from a service
registered via "r.carrot" would
generate the event: "x.carrot", 1.
(NOTE: Regarding management of
processes that die, just make sure
to check for k.procdie events and
handle as necessary.)
"x.*": Accesses a registered service
API, returning whatever that service
intends to give you. Also gives you
"s.x.*" automatically to receive the
output of sendSig.
-- This is released into
the public domain.
-- No warranty is provided,
implied or otherwise.