|  | // Copyright 2020 The Fuchsia Authors. All rights reserved. | 
|  | // Use of this source code is governed by a BSD-style license that can be | 
|  | // found in the LICENSE file. | 
|  |  | 
|  | library fuchsia.component.internal; | 
|  |  | 
|  | using fuchsia.component; | 
|  | using fuchsia.sys2; | 
|  |  | 
|  | /// The maximum size of the JobPolicyAllowlists entries. | 
|  | /// This value is currently set arbitrarily. | 
|  | const uint64 MAX_ALLOWLIST_SIZE = 128; | 
|  |  | 
|  | table Config { | 
|  | /// If true, component manager will be in debug mode. In this mode, component manager | 
|  | /// provides the `BlockingEventSource` protocol and exposes this protocol. Component | 
|  | /// manager will not start until it is resumed by a call to | 
|  | /// `BlockingEventSource.StartComponentTree`. | 
|  | /// | 
|  | /// This is done so that an external component (say an integration test) can subscribe | 
|  | /// to events before the root component has started. | 
|  | 1: bool debug; | 
|  |  | 
|  | /// How many children, maximum, are returned by a call to `Realm.ChildIterator.next()`. | 
|  | 2: uint32 list_children_batch_size; | 
|  |  | 
|  | /// Security policy configuration. | 
|  | 3: SecurityPolicy security_policy; | 
|  |  | 
|  | /// Capabilities offered from component manager's namespace. | 
|  | 4: vector<fuchsia.sys2.CapabilityDecl>:MAX namespace_capabilities; | 
|  |  | 
|  | /// If true, component_manager will serve an instance of fuchsia.process.Launcher and use this | 
|  | /// launcher for the built-in ELF component runner. The root component can additionally | 
|  | /// use and/or offer this service using `/builtin/fuchsia.process.Launcher` from realm. | 
|  | /// This flag exists because the built-in process launcher *only* works when | 
|  | /// component_manager runs under a job that has ZX_POL_NEW_PROCESS set to allow, like the root | 
|  | /// job. Otherwise, the component_manager process cannot directly create process through | 
|  | /// zx_process_create. When we run component_manager elsewhere, like in test environments, it | 
|  | /// has to use the fuchsia.process.Launcher service provided through its namespace instead. | 
|  | 5: bool use_builtin_process_launcher; | 
|  |  | 
|  | /// If true, component_manager will maintain a UTC kernel clock and vend write handles through | 
|  | /// an instance of `fuchsia.time.Maintenance`. This flag should only be used with the top-level | 
|  | /// component_manager. | 
|  | 6: bool maintain_utc_clock; | 
|  | }; | 
|  |  | 
|  | /// Runtime security policy. | 
|  | table SecurityPolicy { | 
|  | /// Allowlists for Zircon job policy. | 
|  | 1: JobPolicyAllowlists job_policy; | 
|  | }; | 
|  |  | 
|  | /// Allowlists for Zircon job policy. | 
|  | table JobPolicyAllowlists { | 
|  | /// Absolute monikers for components allowed to be given the ZX_POL_AMBIENT_MARK_VMO_EXEC job | 
|  | /// policy. | 
|  | /// | 
|  | /// Components must request this policy by including "job_policy_ambient_mark_vmo_exec: true" in | 
|  | /// their CML's `program` section and must be using the ELF runner. | 
|  | /// This is equivalent to the v1 'deprecated-ambient-replace-as-executable' feature. | 
|  | 1: vector<string:fuchsia.component.MAX_MONIKER_LENGTH>:MAX_ALLOWLIST_SIZE ambient_mark_vmo_exec; | 
|  |  | 
|  | /// Absolute monikers for components allowed to have their original process marked as critical | 
|  | /// to component_manager's job. | 
|  | /// | 
|  | /// Components must request this critical marking by including "main_process_critical: true" in | 
|  | /// their CML's `program` section and must be using the ELF runner. | 
|  | 2: vector<string:fuchsia.component.MAX_MONIKER_LENGTH>:MAX_ALLOWLIST_SIZE main_process_critical; | 
|  | }; |