mirror of
https://github.com/20kdc/OC-KittenOS.git
synced 2025-01-26 17:46:02 +11:00
107 lines
3.0 KiB
Plaintext
107 lines
3.0 KiB
Plaintext
This is the list of Accesses natively
|
|
supported by the KittenOS NEO
|
|
kernel. It does not include those
|
|
that are handled by services,
|
|
but does include the mechanism for
|
|
creating & using services.
|
|
|
|
For the services, see us-perms.
|
|
|
|
Here, "*" means that everything after
|
|
this point is considered an argument
|
|
to the access.
|
|
|
|
"c.*": Component. Returns:
|
|
list: Returns iterator over proxies.
|
|
These proxies may be set up to
|
|
be unalterable for obvious
|
|
security reasons.
|
|
For "filesystem", additionally:
|
|
primary: The primaryDisk proxy.
|
|
temporary: The RAM-FS proxy.
|
|
(These entries are included in the
|
|
above list - these fields serve
|
|
to identify the components.)
|
|
|
|
"s.*": Allows receiving a signal.
|
|
Totally useless for any signal
|
|
prefixed with "k." or "x." -
|
|
"k." is always let through,
|
|
and "x." can't be sent to you
|
|
in a situation where you
|
|
don't have permission,
|
|
under normal circumstances.
|
|
|
|
"k.root": The kernel's _ENV table.
|
|
Two things in particular
|
|
that are actually part of
|
|
the documented API for this:
|
|
|
|
securityPolicy(pid, proc, perm, req)
|
|
Setting this sets the security
|
|
policy used. Since this is root-by-
|
|
proxy, it's in k.root (this also
|
|
saves the memory another mechanism
|
|
would require, and complexity)
|
|
runProgramPolicy(ipkg, ...) :
|
|
Setting this sets the run-program
|
|
policy used, which prevents a
|
|
program being run in certain cases.
|
|
The varargs are the same as those
|
|
that would go to the new process -
|
|
the 'ipkg' is the name of the
|
|
program to start up.
|
|
|
|
"k.computer": The "computer" table,
|
|
with wrapMeta applied.
|
|
The security check may be aliased to
|
|
the "k.root" permission in future.
|
|
|
|
"k.kill": function (pid) to kill any
|
|
process on the system.
|
|
|
|
"r.*": Registers a service's API for
|
|
retrieval via the "x." mechanism.
|
|
Returns a:
|
|
function (function (pkg, pid, send),
|
|
secret)
|
|
While the registration is locked on
|
|
success, attempting to use it will
|
|
fail, as no handler has been given.
|
|
The returned function finishes the
|
|
registration with a callback used
|
|
for when a process tries to use the
|
|
registered API.
|
|
Unless 'secret' is truthy, a
|
|
k.registration event is sent to all
|
|
processes; using the secret flag is
|
|
useful for a more ad-hoc security
|
|
approach.
|
|
What that API returns goes to the
|
|
target process.
|
|
The given "sendSig" function can be
|
|
used to send an event to the target
|
|
process, the type of which matches
|
|
the "x." name of the access, and
|
|
the parameters being those given to
|
|
sendSig.
|
|
So sendSig(1) from a service
|
|
registered via "r.carrot" would
|
|
generate the event: "x.carrot", 1.
|
|
(NOTE: Regarding management of
|
|
processes that die, just make sure
|
|
to check for k.procdie events and
|
|
handle as necessary.)
|
|
|
|
"x.*": Accesses a registered service
|
|
API, returning whatever that service
|
|
intends to give you. Also gives you
|
|
"s.x.*" automatically to receive the
|
|
output of sendSig.
|
|
|
|
-- This is released into
|
|
the public domain.
|
|
-- No warranty is provided,
|
|
implied or otherwise.
|
|
|