capsules_system/storage_permissions/
tbf_header.rs

1// Licensed under the Apache License, Version 2.0 or the MIT License.
2// SPDX-License-Identifier: Apache-2.0 OR MIT
3// Copyright Tock Contributors 2024.
4
5use core::cmp;
6use kernel::capabilities::ApplicationStorageCapability;
7use kernel::platform::chip::Chip;
8use kernel::process::Process;
9use kernel::process::ShortId;
10use kernel::storage_permissions::StoragePermissions;
11
12/// Assign storage permissions based on the fields in the application's TBF
13/// header.
14///
15/// If the process does not have a fixed ShortId then it cannot have storage
16/// permissions and will get null permissions.
17///
18/// If the header is _not_ present, then the process will be assigned null
19/// permissions.
20pub struct TbfHeaderStoragePermissions<
21    C: Chip,
22    D: kernel::process::ProcessStandardDebug,
23    CAP: ApplicationStorageCapability,
24> {
25    cap: CAP,
26    _chip: core::marker::PhantomData<C>,
27    _debug: core::marker::PhantomData<D>,
28}
29
30impl<C: Chip, D: kernel::process::ProcessStandardDebug, CAP: ApplicationStorageCapability>
31    TbfHeaderStoragePermissions<C, D, CAP>
32{
33    pub fn new(cap: CAP) -> Self {
34        Self {
35            cap,
36            _chip: core::marker::PhantomData,
37            _debug: core::marker::PhantomData,
38        }
39    }
40}
41
42impl<C: Chip, D: kernel::process::ProcessStandardDebug, CAP: ApplicationStorageCapability>
43    kernel::process::ProcessStandardStoragePermissionsPolicy<C, D>
44    for TbfHeaderStoragePermissions<C, D, CAP>
45{
46    fn get_permissions(
47        &self,
48        process: &kernel::process::ProcessStandard<C, D>,
49    ) -> StoragePermissions {
50        // If we have a fixed ShortId then this process can have storage
51        // permissions. Otherwise we get null permissions.
52        match process.short_app_id() {
53            ShortId::Fixed(id) => {
54                if let Some((write_allowed, read_count, read_ids, modify_count, modify_ids)) =
55                    process.get_tbf_storage_permissions()
56                {
57                    let read_count_capped = cmp::min(read_count, 8);
58                    let modify_count_capped = cmp::min(modify_count, 8);
59
60                    StoragePermissions::new_fixed_size(
61                        id,
62                        write_allowed,
63                        false,
64                        read_count_capped,
65                        read_ids,
66                        modify_count_capped,
67                        modify_ids,
68                        &self.cap,
69                    )
70                } else {
71                    StoragePermissions::new_null()
72                }
73            }
74            ShortId::LocallyUnique => StoragePermissions::new_null(),
75        }
76    }
77}