Rights are associated with handles and convey privileges to perform actions on either the associated handle or the object associated with the handle.

The <zircon/rights.h> header defines default rights for each object type, which can be reduced via zx_handle_replace() or zx_handle_duplicate().

RightConferred Privileges
ZX_RIGHT_DUPLICATEAllows handle duplication via zx_handle_duplicate
ZX_RIGHT_TRANSFERAllows handle transfer via zx_channel_write
ZX_RIGHT_READTO BE REMOVED Allows inspection of object state
Allows reading of data from containers (channels, sockets, VM objects, etc)
Allows mapping as readable if ZX_RIGHT_MAP is also present
ZX_RIGHT_WRITETO BE REMOVED Allows modification of object state
Allows writing of data to containers (channels, sockets, VM objects, etc)
Allows mapping as writeable if ZX_RIGHT_MAP is also present
ZX_RIGHT_EXECUTEAllows mapping as executable if ZX_RIGHT_MAP is also present
ZX_RIGHT_MAPAllows mapping of a VM object into an address space.
ZX_RIGHT_GET_PROPERTYAllows property inspection via zx_object_get_property
ZX_RIGHT_SET_PROPERTYAllows property modification via zx_object_set_property
ZX_RIGHT_ENUMERATEAllows enumerating child objects via zx_object_get_info and zx_object_get_child
ZX_RIGHT_DESTROYAllows termination of task objects via zx_task_kill
ZX_RIGHT_SET_POLICYAllows policy modification via zx_job_set_policy
ZX_RIGHT_GET_POLICYAllows policy inspection via zx_job_get_policy
ZX_RIGHT_SIGNALAllows use of zx_object_signal
ZX_RIGHT_SIGNAL_PEERAllows use of zx_object_signal_peer
ZX_RIGHT_WAITAllows use of zx_object_wait_one, zx_object_wait_many, and other waiting primitives
ZX_RIGHT_INSPECTNOT YET IMPLEMENTED Allows inspection via zx_object_get_info
ZX_RIGHT_MANAGE_JOBNOT YET IMPLEMENTED Allows creation of processes, subjobs, etc.
ZX_RIGHT_MANAGE_THREADNOT YET IMPLEMENTED Allows suspending/resuming threads, etc

See also

Objects, Handles