From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	ip-172-31-74-118.ec2.internal
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.6
Path: eternal-september.org!reader02.eternal-september.org!aioe.org!Lx7EM+81f32E0bqku+QpCA.user.46.165.242.75.POSTED!not-for-mail
From: "Luke A. Guest" <laguest@archeia.com>
Newsgroups: comp.lang.ada
Subject: Re: The Ravenscar profile and capabilities paradigm
Date: Tue, 12 Oct 2021 16:43:07 +0100
Organization: Aioe.org NNTP Server
Message-ID: <sk4agl$8vt$1@gioia.aioe.org>
References: <07f8mgdot9tmh8mqen2ogd5dds2gojoleh@4ax.com>
 <lymtnffugy.fsf@pushface.org> <en39mglcsdhjj47ada5hsvv1vubcukq1vu@4ax.com>
 <f7127422-322c-4b21-9dd9-f1b02be9a3e9n@googlegroups.com>
 <sk4857$1290$1@gioia.aioe.org>
 <cd33ab9b-7d33-4ec1-93ff-880bd5eb72ecn@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="9213"; posting-host="Lx7EM+81f32E0bqku+QpCA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.13.0
X-Notice: Filtered by postfilter v. 0.9.2
Content-Language: en-GB
Xref: reader02.eternal-september.org comp.lang.ada:62979
List-Id: <comp.lang.ada>

On 12/10/2021 16:33, Shark8 wrote:
> On Tuesday, October 12, 2021 at 9:04:09 AM UTC-6, Luke A. Guest wrote:
>> On 12/10/2021 16:01, Shark8 wrote:
>>> On Monday, October 11, 2021 at 1:24:48 PM UTC-6, Doctor Who wrote:
>>>> On Mon, 11 Oct 2021 16:32:13 +0100, Simon Wright wrote:
>>>>> Doctor Who writes:
>>>>>
>>>>>> someone knows how to introduce the capabilities paradigm in Ada,
>>>>>> specifically for programs written using the Ravenscar profile ?
>>>>>
>>> Type Capability is ( Read, Copy, Whatever );
>> There can be a capabiity for literally anything, even ownership and can
>> be different depending on object/os service.
>>
>> I'd say a tagged type is better than an enum.
> Possibly.
> But there's no reason to complicate the general idea in example-form: even if it's a tagged type you're going to want the capability-instance to be limited-private; the implementation of the "permissions" component being a Boolean-array or a vector of Capability'Class [most obviously having Capability be an abstract tagged null record] is mostly irrelevant for that demonstration. (And using a vector of tagged-type instead of the array would have bogged the example down with importing and instantiating the Vector container and setting up multiple non-abstract Capability-descendants, cluttering the point of the example.)
> 

Capabilities allow granting and revoking of access, iirc, the kernel has 
access to all, the kernel then grants access to certain processes, i.e. 
memory server, filesystem server, etc. each of those processes can 
further grant and revoke caps.