From: Shark8 <onewingedshark@gmail.com>
Subject: Re: The Ravenscar profile and capabilities paradigm
Date: Tue, 12 Oct 2021 08:01:26 -0700 (PDT) [thread overview]
Message-ID: <f7127422-322c-4b21-9dd9-f1b02be9a3e9n@googlegroups.com> (raw)
In-Reply-To: <en39mglcsdhjj47ada5hsvv1vubcukq1vu@4ax.com>
On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:
> On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:
> >Doctor Who writes:
> >
> >> someone knows how to introduce the capabilities paradigm in Ada,
> >> specifically for programs written using the Ravenscar profile ?
> >
> >Google hasn't helped me to understand what you're getting at. Perhaps
> >you could expand?
> wikipedia has a good explanation:
> https://en.wikipedia.org/wiki/Capability-based_security
Ah.
Limited Private, unknown-discriminant types.
Package Capabilities is
-- Enumeration of the particular capabilities.
Type Capability is ( Read, Copy, Whatever );
-- A Boolean set for delineating a set of Capabilities.
Type Capability_List is Array(Capability) of Boolean;
-- An instance of a set of capabilities; note that:
-- (1) LIMITED means there is no predefined assignment/copy.
-- (2) PRIVATE means there is no public view to the components.
-- (3) Unknown discriminants mean there is no object-creation w/o a function-call.
Type Instance(<>) is limited private;
-- Create an instance; add any other needed parameters.
Function Create( Capabilities : Capability_List ) return Instance;
-- No permissions.
Function No_Permissions return Instance;
Private
Type Instance is record
Permissions : Capability_List:= (raise Program_Error with "Capabilities-Instance must be initialized.");
-- (others => False); -- Or maybe default to no permissions.
-- OTHER DATA, IF NEEDED; PERHAPS TASK-/PROCESS-ID.
End record;
Function Create( Capabilities : Capability_List ) return Instance is
( Permissions => Capabilities );
Function No_Permissions return Instance is
( Create( Capability_List'(others => False) ) );
End Capabilities;
You could also extend things with a Task-ID, assuming you want this prevalent/pervasive across the OS, you could make a TASK INTERFACE with an accessor (Function Get_Capabilities(Task : OS_Task_Interface) return Capabilities.Instance is (Capabilities.No_Permissions); -- Override to give permissions.) and/or possibly a registry to manage permissions (on a finer-grained level) if you need it. A lot depends on how you architect/model it, but the "limited private unknown-discriminant type" perfectly fits what you need at the fundamental levels.
next prev parent reply other threads:[~2021-10-12 15:01 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-11 13:33 The Ravenscar profile and capabilities paradigm Doctor Who
2021-10-11 14:48 ` Luke A. Guest
2021-10-11 19:25 ` Doctor Who
2021-10-11 19:36 ` Luke A. Guest
2021-10-11 19:50 ` Doctor Who
2021-10-12 0:45 ` Luke A. Guest
2021-10-12 0:47 ` Luke A. Guest
2021-10-12 2:31 ` Doctor Who
2021-10-12 2:29 ` Doctor Who
2021-10-12 2:35 ` Doctor Who
2021-10-12 3:19 ` Doctor Who
2021-10-12 5:17 ` Richard Iswara
2021-10-12 6:42 ` Doctor Who
2021-10-12 11:51 ` Richard Iswara
2021-10-12 11:58 ` Luke A. Guest
2021-10-12 15:04 ` Doctor Who
2021-10-11 15:32 ` Simon Wright
2021-10-11 19:24 ` Doctor Who
2021-10-12 15:01 ` Shark8 [this message]
2021-10-12 15:02 ` Luke A. Guest
2021-10-12 15:33 ` Shark8
2021-10-12 15:43 ` Luke A. Guest
2021-10-12 18:21 ` Doctor Who
2021-10-12 18:24 ` Doctor Who
2021-10-14 3:46 ` Doctor Who
2021-10-14 15:16 ` Shark8
2021-10-14 16:38 ` Doctor Who
2021-10-14 21:20 ` Simon Wright
2021-10-15 11:21 ` Doctor Who
2021-10-11 15:48 ` Shark8
2021-10-11 19:25 ` Doctor Who
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox