blob: 57c078e6fab566602e20b5e38a584b6a5781b1c5 [file] [log] [blame]
// Copyright 2019 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
library fuchsia.io2;
/// Options for [`Directory.Open`] and [`Node.Reopen`].
table ConnectionOptions {
/// Flags which can affect the behavior when opening and reopening.
/// If absent, assumes a default of zero.
1: ConnectionFlags flags;
/// Specifies the set of representations accepted by the client, to support
/// a form of protocol negotiation on the node being opened.
/// Refer to the definition of [`NodeProtocolSet`] for more details.
/// It cannot be zero.
///
/// In addition, clients may assert the type of the object by setting
/// the protocol corresponding to the expected type:
///
/// * If the caller expected a directory but the node cannot be accessed
/// as a directory, the error is `ZX_ERR_NOT_DIR`.
/// * If the caller expected a file but the node cannot be accessed as a
/// file, the error is `ZX_ERR_NOT_FILE`.
/// * In other mismatched cases, the error is `ZX_ERR_WRONG_TYPE`.
///
/// During [`Directory.Open`], if a new object is to be created, `protocols`
/// determines the type of object to create; it must be present.
/// If a valid object type cannot be unambiguously inferred e.g.
/// both `DIRECTORY` and `FILE` were set, the request must fail.
///
/// During [`Node.Reopen`], clients may specify a different but compatible
/// `protocols` to do a "protocol upgrade".
///
/// If more than one protocol is present in `protocols`, the resultant
/// protocol may become any one of them. Clients should specify
/// [`ConnectionFlags.GET_CONNECTION_INFO`] to receive a
/// [`Node.OnConnectionInfo`] event, in order to ascertain the protocol.
///
/// If absent, indicates that the caller accepts any type of node, and
/// the resulting protocol is unspecified.
2: NodeProtocolSet protocols;
/// Requests the specified rights on the new connection. If absent, inherits
/// the same rights as the source connection.
///
/// ## Rights Hierarchy
///
/// Respecting principles of least privileges, `rights` must meet the
/// following restrictions:
///
/// * A connection must have nonzero rights.
/// * Rights must never increase in a derived connection:
/// + During [`Directory.Open`], you may only request the same rights as
/// what the directory connection already has, or a subset of those.
/// + During [`Node.Reopen`], similarly, you may only request the same or
/// a subset of rights possessed by the original connection.
/// * Exceeding those rights causes `object_request` to be closed with a
/// `ZX_ERR_ACCESS_DENIED` epitaph.
///
/// The proper enforcement of the rights hierarchy is a powerful refinement
/// over the existing access control facilities offered by directory
/// sandboxing. The rights manipulation should be implemented mechanically
/// without knowledge of any specific rights, and servers should propagate
/// unknown bits members, to gracefully handle future rights extensions.
///
/// ## Rights Inheritance
///
/// Absent `rights` field means inheriting the same rights as the source.
///
/// * During [`Node.Reopen`], the new connection would have the same rights
/// as the connection where the `Reopen` call is made.
/// * During [`Directory.Open`], the connection would have the same
/// rights as the connection where the `Open` call is made.
///
/// Note: `rights` limits the set of operations allowed on the new
/// connection, but does not guarantee their availability. For convenience,
/// clients may query the [`ConnectionInfo.available_operations`] field on a
/// new connection, which is the intersection of the rights and abilities
/// and indicates the guaranteed set of available operations.
///
/// See [`fuchsia.io2/Rights`] and [`fuchsia.io2/Abilities`].
3: Rights rights;
};
/// Flags applicable to both [`Directory.Open`] and [`Node.Reopen`].
bits ConnectionFlags : uint64 {
/// Requests that an [`Node.OnConnectionInfo`] event be sent as the first
/// message on the protocol request. Requests all fields in the
/// [`ConnectionInfo`] table. Doing so is more efficient than calling
/// [`Node.Describe`] later on the connection.
GET_CONNECTION_INFO = 0x01;
/// Connects to the exposed protocol if the node is a Connector.
/// It is an error to use this flag with other types of nodes.
///
/// If both `GET_CONNECTION_INFO` and `CONNECT` are specified, the channel
/// will receive exactly one [`Node.OnConnectionInfo`] event, after which
/// the protocol switches from [`fuchsia.io2/Node`] to the intended protocol.
/// Message sent by the client prior to receiving [`Node.OnConnectionInfo`]
/// are queued and processed after the protocol switch.
///
/// `CONNECT` cannot be supplied together with `APPEND`.
/// `CONNECT` cannot be supplied together with `TRUNCATE`.
///
/// Requires the [`Rights.CONNECT`] right on the connection.
CONNECT = 0x02;
/// Opens the node in append mode, i.e. the connection should seek to the
/// end of the node before every write.
///
/// If the node does not support appending, it should result in a
/// `ZX_ERR_NOT_SUPPORTED` epitaph.
/// Currently, only [`fuchsia.io2/NodeProtocolSet.FILE`] connections
/// may be configured for appending.
APPEND = 0x04;
/// Truncates the object before usage, by setting its length to 0.
/// Requires the [`Rights.WRITE_BYTES`] right on the connection.
///
/// If the node does not support truncating, it should result in a
/// `ZX_ERR_NOT_SUPPORTED` epitaph.
TRUNCATE = 0x08;
};