nrf52840dk_test_invs/
invs_permissions.rs

Help
1// Licensed under the Apache License, Version 2.0 or the MIT License.
2// SPDX-License-Identifier: Apache-2.0 OR MIT
3// Copyright Tock Contributors 2025.
4
5use capsules_system::storage_permissions::tbf_header::TbfHeaderStoragePermissions;
6use kernel::capabilities::ApplicationStorageCapability;
7use kernel::platform::chip::Chip;
8use kernel::process::Process;
9use kernel::process::ShortId;
10use kernel::storage_permissions::StoragePermissions;
11
12/// Assign storage permissions from the TBF header if they exist, or default to
13/// accessing own state.
14pub struct InvsStoragePermissions<
15    C: Chip,
16    D: kernel::process::ProcessStandardDebug,
17    CAP: ApplicationStorageCapability + Clone,
18> {
19    tbf_permissions: TbfHeaderStoragePermissions<C, D, CAP>,
20    cap: CAP,
21    _chip: core::marker::PhantomData<C>,
22    _debug: core::marker::PhantomData<D>,
23}
24
25impl<
26        C: Chip,
27        D: kernel::process::ProcessStandardDebug,
28        CAP: ApplicationStorageCapability + Clone,
29    > InvsStoragePermissions<C, D, CAP>
30{
31    pub fn new(cap: CAP) -> Self {
32        Self {
33            tbf_permissions: TbfHeaderStoragePermissions::new(cap.clone()),
34            cap,
35            _chip: core::marker::PhantomData,
36            _debug: core::marker::PhantomData,
37        }
38    }
39}
40
41impl<
42        C: Chip,
43        D: kernel::process::ProcessStandardDebug,
44        CAP: ApplicationStorageCapability + Clone,
45    > kernel::process::ProcessStandardStoragePermissionsPolicy<C, D>
46    for InvsStoragePermissions<C, D, CAP>
47{
48    fn get_permissions(
49        &self,
50        process: &kernel::process::ProcessStandard<C, D>,
51    ) -> StoragePermissions {
52        // If we have a fixed ShortId then this process can have storage
53        // permissions. Otherwise we get null permissions.
54        match process.short_app_id() {
55            ShortId::Fixed(id) => {
56                // Check if we can get permissions from the TBF. If so, use
57                // those, otherwise default to "individual" (ie can only write
58                // its own state) permissions.
59                if process.get_tbf_storage_permissions().is_some() {
60                    self.tbf_permissions.get_permissions(process)
61                } else {
62                    StoragePermissions::new_self_only(id, &self.cap)
63                }
64            }
65            ShortId::LocallyUnique => StoragePermissions::new_null(),
66        }
67    }
68}
nrf52840dk_test_invs/invs_permissions.rs

nrf52840dk_test_invs/
invs_permissions.rs
