Hi Wolfgang, > Service A is pronounces to “init”. > “Init” has the capability to Service A (e.g. AHCI). > Program B is started. > If Program B requests a service (e.g. read something fromAHCI), Init > looks up its root list and notifies A that the service is requested, A > creates a new capability and passes it to “Init”, which passes the > capability further to B. > > Is this correct? And does this happen always?
yes and yes. > Can a capability then be revoked? E.g. Program B does something which is > not wanted and therefore the already given capability will be removed? Since the common parent of A and B possesses both the root capability of service A and the session capability created for the client B, the parent can, at any time, close the session at service A by invoking the 'Root::close' function with the session capability as argument. (note however that the init process has no such policy) When the service A destructs the session (the 'Rpc_object') all capabilities that refer the 'Rpc_object' become invalid. The client is no longer able to reach the service using the now invalidated session capability. Hence, in principle, a common parent is able to break the relationship between a client and a server by closing the corresponding sessions. In practice, a partial revocation of access rights to once-established sessions, is not common. "Revocation" should better be done by destructing a subsystem altogether and starting a new one. Best regards Norman -- Dr.-Ing. Norman Feske Genode Labs http://www.genode-labs.com · http://genode.org Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth ------------------------------------------------------------------------------ _______________________________________________ genode-main mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/genode-main
