|  | // Copyright 2020 The Fuchsia Authors. All rights reserved. | 
|  | // Use of this source code is governed by a BSD-style license that can be | 
|  | // found in the LICENSE file. | 
|  |  | 
|  | library fuchsia.component.internal; | 
|  |  | 
|  | using fuchsia.component; | 
|  | using fuchsia.sys2; | 
|  |  | 
|  | /// The maximum size of the JobPolicyAllowlists entries. | 
|  | /// This value is currently set arbitrarily. | 
|  | const uint64 MAX_ALLOWLIST_SIZE = 128; | 
|  |  | 
|  | table Config { | 
|  | /// If true, component manager will be in debug mode. In this mode, component manager | 
|  | /// provides the `BlockingEventSource` protocol and exposes this protocol. Component | 
|  | /// manager will not start until it is resumed by a call to | 
|  | /// `BlockingEventSource.StartComponentTree`. | 
|  | /// | 
|  | /// This is done so that an external component (say an integration test) can subscribe | 
|  | /// to events before the root component has started. | 
|  | 1: bool debug; | 
|  |  | 
|  | /// How many children, maximum, are returned by a call to `Realm.ChildIterator.next()`. | 
|  | 2: uint32 list_children_batch_size; | 
|  |  | 
|  | /// Security policy configuration. | 
|  | 3: SecurityPolicy security_policy; | 
|  |  | 
|  | /// Capabilities offered from component manager's namespace. | 
|  | 4: vector<fuchsia.sys2.CapabilityDecl>:MAX namespace_capabilities; | 
|  |  | 
|  | /// If true, component_manager will serve an instance of fuchsia.process.Launcher and use this | 
|  | /// launcher for the built-in ELF component runner. The root component can additionally | 
|  | /// use and/or offer this service using `/builtin/fuchsia.process.Launcher` from realm. | 
|  | /// This flag exists because the built-in process launcher *only* works when | 
|  | /// component_manager runs under a job that has ZX_POL_NEW_PROCESS set to allow, like the root | 
|  | /// job. Otherwise, the component_manager process cannot directly create process through | 
|  | /// zx_process_create. When we run component_manager elsewhere, like in test environments, it | 
|  | /// has to use the fuchsia.process.Launcher service provided through its namespace instead. | 
|  | 5: bool use_builtin_process_launcher; | 
|  |  | 
|  | /// If true, component_manager will maintain a UTC kernel clock and vend write handles through | 
|  | /// an instance of `fuchsia.time.Maintenance`. This flag should only be used with the top-level | 
|  | /// component_manager. | 
|  | 6: bool maintain_utc_clock; | 
|  |  | 
|  | /// The number of threads to use for running component_manager's executor. | 
|  | /// Value defaults to 1. | 
|  | 7: uint32 num_threads; | 
|  |  | 
|  | /// Which builtin resolver to use. If not supplied this defaults to the NONE option. | 
|  | 8: BuiltinPkgResolver builtin_pkg_resolver; | 
|  |  | 
|  | /// Determine what content to expose through the component manager's | 
|  | /// outgoing directory. If no value is set, this defaults to NONE. | 
|  | 9: OutDirContents out_dir_contents; | 
|  |  | 
|  | /// URL of the root component to launch. This field is used if the no URL | 
|  | /// is passed to component manager. If value is passed in both places, then | 
|  | /// an error is raised. | 
|  | 10: string:fuchsia.component.MAX_URL_SCHEME_LENGTH root_component_url; | 
|  | }; | 
|  |  | 
|  | /// The builtin resolver to use, if any. | 
|  | enum BuiltinPkgResolver : uint8 { | 
|  | /// No builtin package resolver is used. This is likely the right choice for an environment | 
|  | /// which lacks a pkgfs. | 
|  | NONE = 1; | 
|  |  | 
|  | /// Serve the base package set using a resolver backed by pkgfs. This is the most common option | 
|  | /// and the one that products which include pkgfs probably want. | 
|  | PKGFS_BASE = 2; | 
|  |  | 
|  | /// Try to use the `fuchsia.sys.Loader` protocol from the namespace, typically this is provided | 
|  | /// by `appmgr`. Test scenarios commonly use this option. | 
|  | APPMGR_BRIDGE = 3; | 
|  | }; | 
|  |  | 
|  | /// Runtime security policy. | 
|  | table SecurityPolicy { | 
|  | /// Allowlists for Zircon job policy. | 
|  | 1: JobPolicyAllowlists job_policy; | 
|  | }; | 
|  |  | 
|  | /// Allowlists for Zircon job policy. | 
|  | table JobPolicyAllowlists { | 
|  | /// Absolute monikers for components allowed to be given the ZX_POL_AMBIENT_MARK_VMO_EXEC job | 
|  | /// policy. | 
|  | /// | 
|  | /// Components must request this policy by including "job_policy_ambient_mark_vmo_exec: true" in | 
|  | /// their CML's `program` section and must be using the ELF runner. | 
|  | /// This is equivalent to the v1 'deprecated-ambient-replace-as-executable' feature. | 
|  | 1: vector<string:fuchsia.component.MAX_MONIKER_LENGTH>:MAX_ALLOWLIST_SIZE ambient_mark_vmo_exec; | 
|  |  | 
|  | /// Absolute monikers for components allowed to have their original process marked as critical | 
|  | /// to component_manager's job. | 
|  | /// | 
|  | /// Components must request this critical marking by including "main_process_critical: true" in | 
|  | /// their CML's `program` section and must be using the ELF runner. | 
|  | 2: vector<string:fuchsia.component.MAX_MONIKER_LENGTH>:MAX_ALLOWLIST_SIZE main_process_critical; | 
|  | }; | 
|  |  | 
|  | /// Determine what content to expose through component manager's outgoing | 
|  | /// directory. | 
|  | enum OutDirContents : uint8 { | 
|  | /// Don't expose anything through the outgoing directory. | 
|  | NONE = 1; | 
|  |  | 
|  | /// Expose component manager's `hub` directory. | 
|  | HUB = 2; | 
|  |  | 
|  | /// Expose root component's `expose/svc`. | 
|  | SVC = 3; | 
|  | }; |