capsules_system/storage_permissions/
individual.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
// Licensed under the Apache License, Version 2.0 or the MIT License.
// SPDX-License-Identifier: Apache-2.0 OR MIT
// Copyright Tock Contributors 2024.

use kernel::capabilities::ApplicationStorageCapability;
use kernel::platform::chip::Chip;
use kernel::process::Process;
use kernel::process::ShortId;
use kernel::storage_permissions::StoragePermissions;

/// Assign storage permissions that grant applications access to their own
/// state.
pub struct IndividualStoragePermissions<
    C: Chip,
    D: kernel::process::ProcessStandardDebug,
    CAP: ApplicationStorageCapability,
> {
    cap: CAP,
    _chip: core::marker::PhantomData<C>,
    _debug: core::marker::PhantomData<D>,
}

impl<C: Chip, D: kernel::process::ProcessStandardDebug, CAP: ApplicationStorageCapability>
    IndividualStoragePermissions<C, D, CAP>
{
    pub fn new(cap: CAP) -> Self {
        Self {
            cap,
            _chip: core::marker::PhantomData,
            _debug: core::marker::PhantomData,
        }
    }
}

impl<C: Chip, D: kernel::process::ProcessStandardDebug, CAP: ApplicationStorageCapability>
    kernel::process::ProcessStandardStoragePermissionsPolicy<C, D>
    for IndividualStoragePermissions<C, D, CAP>
{
    fn get_permissions(
        &self,
        process: &kernel::process::ProcessStandard<C, D>,
    ) -> StoragePermissions {
        // If we have a fixed ShortId then this process can have storage
        // permissions. Otherwise we get null permissions.
        match process.short_app_id() {
            ShortId::Fixed(id) => StoragePermissions::new_self_only(id, &self.cap),
            ShortId::LocallyUnique => StoragePermissions::new_null(),
        }
    }
}