From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on ip-172-31-74-118.ec2.internal X-Spam-Level: X-Spam-Status: No, score=0.0 required=3.0 tests=BAYES_20,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.6 X-Received: by 2002:a05:622a:1014:: with SMTP id d20mr23391002qte.152.1634050886424; Tue, 12 Oct 2021 08:01:26 -0700 (PDT) X-Received: by 2002:a05:6902:114a:: with SMTP id p10mr28978959ybu.91.1634050886221; Tue, 12 Oct 2021 08:01:26 -0700 (PDT) Path: eternal-september.org!reader02.eternal-september.org!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Tue, 12 Oct 2021 08:01:26 -0700 (PDT) In-Reply-To: Injection-Info: google-groups.googlegroups.com; posting-host=146.5.2.231; posting-account=lJ3JNwoAAAAQfH3VV9vttJLkThaxtTfC NNTP-Posting-Host: 146.5.2.231 References: <07f8mgdot9tmh8mqen2ogd5dds2gojoleh@4ax.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: Subject: Re: The Ravenscar profile and capabilities paradigm From: Shark8 Injection-Date: Tue, 12 Oct 2021 15:01:26 +0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Xref: reader02.eternal-september.org comp.lang.ada:62974 List-Id: On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote: > On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote: > >Doctor Who writes:=20 > >=20 > >> someone knows how to introduce the capabilities paradigm in Ada,=20 > >> specifically for programs written using the Ravenscar profile ?=20 > >=20 > >Google hasn't helped me to understand what you're getting at. Perhaps=20 > >you could expand? > wikipedia has a good explanation:=20 > https://en.wikipedia.org/wiki/Capability-based_security Ah. Limited Private, unknown-discriminant types. Package Capabilities is -- Enumeration of the particular capabilities. Type Capability is ( Read, Copy, Whatever );=20 -- A Boolean set for delineating a set of Capabilities. Type Capability_List is Array(Capability) of Boolean; -- An instance of a set of capabilities; note that: -- (1) LIMITED means there is no predefined assignment/copy. -- (2) PRIVATE means there is no public view to the components. -- (3) Unknown discriminants mean there is no object-creation w/o a func= tion-call.=20 Type Instance(<>) is limited private; -- Create an instance; add any other needed parameters. Function Create( Capabilities : Capability_List ) return Instance; -- No permissions. Function No_Permissions return Instance; Private Type Instance is record Permissions : Capability_List:=3D (raise Program_Error with "Capabili= ties-Instance must be initialized."); -- (others =3D> False); -- Or maybe default to no permissions. -- OTHER DATA, IF NEEDED; PERHAPS TASK-/PROCESS-ID. End record; =20 Function Create( Capabilities : Capability_List ) return Instance is ( Permissions =3D> Capabilities ); Function No_Permissions return Instance is ( Create( Capability_List'(others =3D> False) ) ); End Capabilities; You could also extend things with a Task-ID, assuming you want this prevale= nt/pervasive across the OS, you could make a TASK INTERFACE with an accesso= r (Function Get_Capabilities(Task : OS_Task_Interface) return Capabilities.= Instance is (Capabilities.No_Permissions); -- Override to give permissions.= ) and/or possibly a registry to manage permissions (on a finer-grained leve= l) if you need it. A lot depends on how you architect/model it, but the "li= mited private unknown-discriminant type" perfectly fits what you need at th= e fundamental levels.