blob: 5bfd6657c25cd3a5384b40bc236efa7705a27bb4 [file] [log] [blame] [edit]
// Copyright 2019 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
library zx;
@transport("Syscall")
closed protocol Job {
/// ## Summary
///
/// Create a new job.
///
/// ## Declaration
///
/// ```c
/// #include <zircon/syscalls.h>
///
/// zx_status_t zx_job_create(zx_handle_t parent_job,
/// uint32_t options,
/// zx_handle_t* out);
/// ```
///
/// ## Description
///
/// `zx_job_create()` creates a new child [job object](/docs/reference/kernel_objects/job.md) given a
/// parent job.
///
/// Upon success a handle for the new job is returned.
///
/// The kernel keeps track of and restricts the "height" of a job, which is its
/// distance from the root job. It is illegal to create a job under a parent whose
/// height exceeds an internal "max height" value. (It is, however, legal to create
/// a process under such a job.)
///
/// Job handles may be waited on (TODO(cpu): expand this)
///
/// ## Rights
///
/// *parent_job* must be of type `ZX_OBJ_TYPE_JOB` and have `ZX_RIGHT_MANAGE_JOB`.
///
/// ## Return value
///
/// `zx_job_create()` returns `ZX_OK` and a handle to the new job
/// (via *out*) on success. In the event of failure, a negative error value
/// is returned.
///
/// ## Errors
///
/// `ZX_ERR_BAD_HANDLE` *parent_job* is not a valid handle.
///
/// `ZX_ERR_WRONG_TYPE` *parent_job* is not a job handle.
///
/// `ZX_ERR_INVALID_ARGS` *options* is nonzero, or *out* is an invalid pointer.
///
/// `ZX_ERR_ACCESS_DENIED` *parent_job* does not have the `ZX_RIGHT_WRITE` or
/// `ZX_RIGHT_MANAGE_JOB` right.
///
/// `ZX_ERR_OUT_OF_RANGE` The height of *parent_job* is too large to create a child job.
///
/// `ZX_ERR_NO_MEMORY` Failure due to lack of memory.
/// There is no good way for userspace to handle this (unlikely) error.
/// In a future build this error will no longer occur.
///
/// `ZX_ERR_BAD_STATE` The parent job object is in the dead state.
///
/// ## See also
///
/// - [`zx_object_get_property()`]
/// - [`zx_process_create()`]
/// - [`zx_task_kill()`]
///
/// [`zx_object_get_property()`]: object_get_property.md
/// [`zx_process_create()`]: process_create.md
/// [`zx_task_kill()`]: task_kill.md
strict Create(resource struct {
parent_job Handle:JOB;
options uint32;
}) -> (resource struct {
out Handle:JOB;
}) error Status;
/// ## Summary
///
/// Set job security and resource policies.
///
/// ## Declaration
///
/// ```c
/// #include <zircon/syscalls.h>
///
/// zx_status_t zx_job_set_policy(zx_handle_t handle,
/// uint32_t options,
/// uint32_t topic,
/// const void* policy,
/// uint32_t policy_size);
/// ```
///
/// ## Description
///
/// Sets one or more security and/or resource policies to an empty job. The job's
/// effective policies is the combination of the parent's effective policies and
/// the policies specified in *policy*. The effect in the case of conflict between
/// the existing policies and the new policies is controlled by *options* values:
///
/// + `ZX_JOB_POL_RELATIVE` : policy is applied for the conditions not specifically
/// overridden by the parent policy.
/// + `ZX_JOB_POL_ABSOLUTE` : policy is applied for all conditions in *policy* or
/// the syscall fails.
///
/// After this call succeeds any new child process or child job will have the new
/// effective policy applied to it.
///
/// *topic* indicates the *policy* format. Supported values are `ZX_JOB_POL_BASIC_V1`,
/// `ZX_JOB_POL_BASIC_V2` and `ZX_JOB_POL_TIMER_SLACK`.
///
/// ### `ZX_JOB_POL_BASIC_V2 and V1`
///
/// A *topic* of `ZX_JOB_POL_BASIC_V2` indicates that *policy* is an array of *count*
/// entries of:
///
/// ```
/// typedef struct zx_policy_basic {
/// uint32_t condition;
/// uint32_t action;
/// uint32_t flags;
/// } zx_policy_basic_v2_t;
///
/// ```
///
/// A *topic* of `ZX_JOB_POL_BASIC_V1` indicates that *policy* is an array of *count*
/// entries of:
///
/// ```
/// // Deprecated. Use zx_policy_basic_v2_t.
/// typedef struct zx_policy_basic {
/// uint32_t condition;
/// uint32_t policy;
/// } zx_policy_basic_v1_t;
///
/// ```
///
/// Where *condition* is one of
///
/// + `ZX_POL_BAD_HANDLE` a process under this job is attempting to
/// issue a syscall with an invalid handle. In this case,
/// `ZX_POL_ACTION_ALLOW` and `ZX_POL_ACTION_DENY` are equivalent:
/// if the syscall returns, it will always return the error
/// `ZX_ERR_BAD_HANDLE`.
/// + `ZX_POL_WRONG_OBJECT` a process under this job is attempting to
/// issue a syscall with a handle that does not support such operation.
/// + `ZX_POL_VMAR_WX` a process under this job is attempting to map an
/// address region with write-execute access.
/// + `ZX_POL_NEW_VMO` a process under this job is attempting to create
/// a new vm object.
/// + `ZX_POL_NEW_CHANNEL` a process under this job is attempting to create
/// a new channel.
/// + `ZX_POL_NEW_EVENT` a process under this job is attempting to create
/// a new event.
/// + `ZX_POL_NEW_EVENTPAIR` a process under this job is attempting to create
/// a new event pair.
/// + `ZX_POL_NEW_PORT` a process under this job is attempting to create
/// a new port.
/// + `ZX_POL_NEW_SOCKET` a process under this job is attempting to create
/// a new socket.
/// + `ZX_POL_NEW_FIFO` a process under this job is attempting to create
/// a new fifo.
/// + `ZX_POL_NEW_TIMER` a process under this job is attempting to create
/// a new timer.
/// + `ZX_POL_NEW_PROCESS` a process under this job is attempting to create
/// a new process.
/// + `ZX_POL_NEW_PROFILE` a process under this job is attempting to create
/// a new profile.
/// + `ZX_POL_NEW_PAGER` a process under this job is attempting to create
/// a new VMO pager.
/// + `ZX_POL_AMBIENT_MARK_VMO_EXEC` a process under this job is attempting
/// to use [`zx_vmo_replace_as_executable()`] with a `ZX_HANDLE_INVALID`
/// as the second argument rather than a valid `ZX_RSRC_KIND_SYSTEM` resource with base
/// `ZX_RSRC_SYSTEM_VMEX_BASE`.
/// + `ZX_POL_NEW_ANY` is a special *condition* that stands for all of
/// the above `ZX_NEW` conditions such as `ZX_POL_NEW_VMO`,
/// `ZX_POL_NEW_CHANNEL`, `ZX_POL_NEW_EVENT`, `ZX_POL_NEW_EVENTPAIR`,
/// `ZX_POL_NEW_PORT`, `ZX_POL_NEW_SOCKET`, `ZX_POL_NEW_FIFO`,
/// and any future `ZX_NEW` policy. This will include any new
/// kernel objects that do not require a parent object for creation.
/// + `ZX_POL_NEW_IOB` a process under this job is attempting to create
/// a new IOBuffer.
///
/// Where *policy* for `ZX_JOB_POL_BASIC_V1` or *action* for `ZX_JOB_POL_BASIC_V2`
/// is one of
///
/// + `ZX_POL_ACTION_ALLOW` allow *condition*.
/// + `ZX_POL_ACTION_DENY` prevent *condition*.
/// + `ZX_POL_ACTION_ALLOW_EXCEPTION` generate an exception via the debug port.
/// An exception generated this way acts as a breakpoint. The thread may be
/// resumed after the exception. Once resumed, the *condition* triggering the
/// exception will be allowed to complete as if no policy violation occurred.
/// + `ZX_POL_ACTION_DENY_EXCEPTION` just like `ZX_POL_ACTION_ALLOW_EXCEPTION`,
/// but after resuming, the *condition* will be denied, usually resulting in
/// `ZX_ERR_ACCESS_DENIED`.
/// + `ZX_POL_ACTION_KILL` terminate the process.
///
/// Where *flags* is one of
///
/// + `ZX_POL_OVERRIDE_ALLOW` Allow to change this policy on child Jobs.
/// + `ZX_POL_OVERRIDE_DENY` Don't allow to change this policy on child jobs.
///
/// Regardless of the override mode, as long a Job has any children its policy cannot
/// be mutated.
///
/// ### `ZX_JOB_POL_TIMER_SLACK`
///
/// A *topic* of `ZX_JOB_POL_TIMER_SLACK` indicates that *policy* is:
///
/// ```
/// typedef struct zx_policy_timer_slack {
/// zx_duration_t min_slack;
/// uint32_t default_mode;
/// } zx_policy_timer_slack_t;
///
/// ```
///
/// *min_slack* specifies the minimum amount of slack applied to timers and
/// deadline-based events created by the job.
///
/// If the parent job's *min_slack* is greater than the specified *min_slack* then
/// the parent job's value is used instead. In other words, a job's *min_slack* is
/// the maximum of the specified value and its parent job's *min_slack*.
///
/// *default_mode* specifies how slack will be applied when not otherwise indicated
/// by the syscall arguments. A job's *default_mode* may be set regardless of its
/// parent job's *default_mode*. The possible values for *default_mode* are:
///
/// + `ZX_TIMER_SLACK_CENTER`
/// + `ZX_TIMER_SLACK_EARLY`
/// + `ZX_TIMER_SLACK_LATE`
///
/// See [timer slack](/docs/concepts/kernel/timer_slack.md) for more information.
///
/// When setting timer slack policy, *options* must be `ZX_JOB_POL_RELATIVE` and
/// `count` must be 1.
///
/// ## Rights
///
/// *handle* must be of type `ZX_OBJ_TYPE_JOB` and have `ZX_RIGHT_SET_POLICY`.
///
/// ## Return value
///
/// `zx_job_set_policy()` returns `ZX_OK` on success. In the event of failure,
/// a negative error value is returned.
///
/// ## Notes
///
/// The `ZX_POL_BAD_HANDLE` policy never applies when calling [`zx_object_get_info()`]
/// with the topic `ZX_INFO_HANDLE_VALID`. All other topics and all other syscalls that
/// take handles are subject to the policy if active.
///
/// ## Errors
///
/// `ZX_ERR_INVALID_ARGS` *policy* was not a valid pointer, or *count* was 0,
/// or *policy* was not `ZX_JOB_POL_RELATIVE` or `ZX_JOB_POL_ABSOLUTE`, or
/// *topic* was not `ZX_JOB_POL_BASIC`.
///
/// `ZX_ERR_BAD_HANDLE` *handle* is not valid handle.
///
/// `ZX_ERR_WRONG_TYPE` *handle* is not a job handle.
///
/// `ZX_ERR_ACCESS_DENIED` *handle* does not have `ZX_POL_RIGHT_SET` right.
///
/// `ZX_ERR_BAD_STATE` the job has existing jobs or processes alive.
///
/// `ZX_ERR_OUT_OF_RANGE` *count* is bigger than `ZX_POL_MAX` or *condition* is
/// bigger than `ZX_POL_MAX`.
///
/// `ZX_ERR_ALREADY_EXISTS` existing policy conflicts with the new policy.
///
/// `ZX_ERR_NOT_SUPPORTED` an entry in *policy* has an invalid value.
///
/// `ZX_ERR_NO_MEMORY` Failure due to lack of memory.
/// There is no good way for userspace to handle this (unlikely) error.
/// In a future build this error will no longer occur.
///
/// ## See also
///
/// - [`zx_job_create()`]
/// - [`zx_object_get_info()`]
/// - [`zx_process_create()`]
///
/// [`zx_job_create()`]: job_create.md
/// [`zx_object_get_info()`]: object_get_info.md
/// [`zx_process_create()`]: process_create.md
/// [`zx_vmo_replace_as_executable()`]: vmo_replace_as_executable.md
strict SetPolicy(resource struct {
handle Handle:JOB;
options uint32;
topic uint32;
@voidptr
@size32
policy vector<byte>:MAX;
}) -> () error Status;
/// ## Summary
///
/// Set a process as critical to a job.
///
/// ## Declaration
///
/// ```c
/// #include <zircon/syscalls.h>
///
/// zx_status_t zx_job_set_critical(zx_handle_t job,
/// uint32_t options,
/// zx_handle_t process);
/// ```
///
/// ## Description
///
/// Sets *process* as critical to *job*. When *process* terminates, *job* will be
/// terminated as if [`zx_task_kill()`] was called on it. The return code used will
/// be `ZX_TASK_RETCODE_CRITICAL_PROCESS_KILL`.
///
/// The *job* specified must be the parent of *process*, or an ancestor.
///
/// If *options* is `ZX_JOB_CRITICAL_PROCESS_RETCODE_NONZERO`, then *job* will
/// only be terminated if *process* has a non-zero return code.
///
/// ## Rights
///
/// *job* must have `ZX_RIGHT_DESTROY`.
///
/// *process* must have `ZX_RIGHT_WAIT`.
///
/// ## Return value
///
/// `zx_job_set_critical()` returns `ZX_OK` on success. In the event of failure, a
/// negative error value is returned.
///
/// ## Errors
///
/// `ZX_ERR_BAD_HANDLE` *job* or *process* is not a valid handle.
///
/// `ZX_ERR_WRONG_TYPE` *job* or *process* is not a job handle.
///
/// `ZX_ERR_INVALID_ARGS` *options* is not 0 or
/// `ZX_JOB_CRITICAL_PROCESS_RETCODE_NONZERO`, or *job* is not the parent of
/// *process*, or an ancestor.
///
/// `ZX_ERR_ALREADY_BOUND` *process* has already been set as critical to a job.
///
/// `ZX_ERR_ACCESS_DENIED` *job* does not have `ZX_RIGHT_DESTROY` or *process*
/// does not have `ZX_RIGHT_WAIT`.
///
/// ## See also
///
/// - [`zx_job_create()`]
/// - [`zx_process_create()`]
/// - [`zx_task_kill()`]
///
/// [`zx_job_create()`]: job_create.md
/// [`zx_process_create()`]: process_create.md
/// [`zx_task_kill()`]: task_kill.md
strict SetCritical(resource struct {
job Handle:JOB;
options uint32;
process Handle:PROCESS;
}) -> () error Status;
};