Closed Latrasis closed 5 years ago
I've spec'ed out precise definitions of subsets in the spec. I'm not sure if what parts of that which you've proposed above should be kernel side and what should be user side, but I'll give my thoughts on where that line should lie. Given what is currently implemented I think we should leave minting and definitions to the user space. Here's my thinking:
targetCapIndex
or the like, we can do that in the BeakerContract
base class.Also, Capability.subvalues.length == 0 does not imply a full cap for WRITE as currently defined. Maybe that should be a conversation on the spec.
@JakeOShannessy: Based on our discussion it would be pertinent to update the proc#reg
syscall format to accomodate the CapIndex and CapSize.
Being addressed in #129.
This is complete as of #129.
Following from discussion in #108. We are replacing push and delete capabilities (#108,#109) with an enforced register capability (#47) instead.
We need to revert
#proc_reg
and allow pushing capabilities equal to or subset of the caller's capabilities. This requires the Register capability interface and tests at PR #102, to be reverted, and #47 to be amended.User Interface:
The user must use
#proc_reg
:Where the
Capability
type is defined as:For Pushing a Full capability
X
X must have
X.subvalues.length == 0
Test
We need a test that:
capType
withvalues
as data, and a procedure register capability (type0x4
) that allows create another procedure with a copy of it's capabilities.procId
with addressprocAddr
and pushes a full copy of it'scapType
capability iff:capIndex
points to a Register Capability within Procedure A's c-listX.targetCapIndex
points to thecapType
capability within Procedure A's c-listX.subvalues.length == 0
procId
is the id of Procedure BprocAddr
is a valid procedure addresserr
value of1
.err
value of0
,For Pushing a Subset capability
Y
1 < Y.subvalues.length < 5
Y.subvalues
is defined as a non-empty list of either:string[]
oruint256[]
Test
For Store Caps:
We need a test that:
Creates Procedure A
Procedure A is given two procedures: a capability of type
capType
withvalues
as data, and a procedure register capability (type0x4
) that allows create another procedure with a copy of it's capabilities.Procedure A registers Procedure B at
procId
with addressprocAddr
and pushes a subset of it'scapType
capability withY
iff:capIndex
points to a Push Capability within Procedure A's c-listY.targetCapIndex
points to a capability within Procedure A's c-listprocId
is the id of Procedure BcapType
ofcapIndex
is a valid capability type (0x0-0x9) and:CAP_NULL
orCAP_PROC_CAP_PUSH
orCAP_PROC_CAP_DELETE
(There's no subset)CAP_PROC_CALL
orCAP_PROC_REGISTER
orCAP_PROC_DELETE
:Y.subvalues[0..Y.subvalues.length-1]
includes a set of procedure keys equal or subset oftargetCap
CAP_PROC_ENTRY
(There's no subset)CAP_STORE_WRITE
theY.subvalues[0..1]
storage range is equal to or a subset of the storage available incapIndex
CAP_LOG
, either theY.subvalues[0..4]
log range is equal tocapIndex
orcapIndex
has less than 4 topics andsubvalues
appends a topic value.CAP_GAS_SEND
,Y.subvalues[0]
is less than or equal tocapIndex
gas.On failure, Procedure A receives:
err
value of1
.On success, Procedure A receives:
err
value of0
,