| // Copyright 2020 The Fuchsia Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| library fuchsia.component.internal; |
| |
| using fuchsia.component; |
| using fuchsia.sys2; |
| |
| /// The maximum size of the JobPolicyAllowlists entries. |
| /// This value is currently set arbitrarily. |
| const uint64 MAX_ALLOWLIST_SIZE = 128; |
| |
| table Config { |
| /// If true, component manager will be in debug mode. In this mode, component manager |
| /// provides the `BlockingEventSource` protocol and exposes this protocol. Component |
| /// manager will not start until it is resumed by a call to |
| /// `BlockingEventSource.StartComponentTree`. |
| /// |
| /// This is done so that an external component (say an integration test) can subscribe |
| /// to events before the root component has started. |
| 1: bool debug; |
| |
| /// How many children, maximum, are returned by a call to `Realm.ChildIterator.next()`. |
| 2: uint32 list_children_batch_size; |
| |
| /// Security policy configuration. |
| 3: SecurityPolicy security_policy; |
| |
| /// Capabilities offered from component manager's namespace. |
| 4: vector<fuchsia.sys2.CapabilityDecl>:MAX namespace_capabilities; |
| |
| /// If true, component_manager will serve an instance of fuchsia.process.Launcher and use this |
| /// launcher for the built-in ELF component runner. The root component can additionally |
| /// use and/or offer this service using `/builtin/fuchsia.process.Launcher` from realm. |
| /// This flag exists because the built-in process launcher *only* works when |
| /// component_manager runs under a job that has ZX_POL_NEW_PROCESS set to allow, like the root |
| /// job. Otherwise, the component_manager process cannot directly create process through |
| /// zx_process_create. When we run component_manager elsewhere, like in test environments, it |
| /// has to use the fuchsia.process.Launcher service provided through its namespace instead. |
| 5: bool use_builtin_process_launcher; |
| |
| /// If true, component_manager will maintain a UTC kernel clock and vend write handles through |
| /// an instance of `fuchsia.time.Maintenance`. This flag should only be used with the top-level |
| /// component_manager. |
| 6: bool maintain_utc_clock; |
| }; |
| |
| /// Runtime security policy. |
| table SecurityPolicy { |
| /// Allowlists for Zircon job policy. |
| 1: JobPolicyAllowlists job_policy; |
| }; |
| |
| /// Allowlists for Zircon job policy. |
| table JobPolicyAllowlists { |
| /// Absolute monikers for components allowed to be given the ZX_POL_AMBIENT_MARK_VMO_EXEC job |
| /// policy. |
| /// |
| /// Components must request this policy by including "job_policy_ambient_mark_vmo_exec: true" in |
| /// their CML's `program` section and must be using the ELF runner. |
| /// This is equivalent to the v1 'deprecated-ambient-replace-as-executable' feature. |
| 1: vector<string:fuchsia.component.MAX_MONIKER_LENGTH>:MAX_ALLOWLIST_SIZE ambient_mark_vmo_exec; |
| |
| /// Absolute monikers for components allowed to have their original process marked as critical |
| /// to component_manager's job. |
| /// |
| /// Components must request this critical marking by including "main_process_critical: true" in |
| /// their CML's `program` section and must be using the ELF runner. |
| 2: vector<string:fuchsia.component.MAX_MONIKER_LENGTH>:MAX_ALLOWLIST_SIZE main_process_critical; |
| }; |
