pub fn sys_cap_create(_rights: u64) -> SyscallResult<u64>Expand description
Create a new capability with the specified rights bitmask.
Allocates a new capability token and inserts it into the calling process’s capability space. The new capability is derived from the caller’s parent (root) capability; the caller can only create capabilities with a subset of rights that it already holds.
Capability tokens are unforgeable 64-bit values with an embedded generation counter used for efficient revocation. The token uniquely identifies the capability across the entire system.
§Arguments
-
rights- Bitmask of rights to assign to the new capability:CAP_READ (0x01)- Permission to read or receive.CAP_WRITE (0x02)- Permission to write or send.CAP_EXECUTE (0x04)- Permission to execute.CAP_GRANT (0x08)- Permission to grant this capability to other processes viasys_cap_grant.CAP_REVOKE (0x10)- Permission to revoke derived capabilities.CAP_MAP (0x20)- Permission to map associated memory regions.
Rights are subtractive: you cannot create a capability with rights exceeding those of the parent capability.
§Returns
Ok(cap_token)- The 64-bit capability token for the newly created capability.
§Errors
SyscallError::PermissionDenied- The caller does not hold a parent capability with the requested rights, or lacks the ability to create new capabilities.SyscallError::InvalidArgument-rightsis zero or contains undefined bits.SyscallError::OutOfMemory- The capability table is full and cannot accommodate a new entry.
§Examples
use veridian_kernel::pkg::sdk::syscall_api::sys_cap_create;
// Create a read-only capability
let cap_ro = sys_cap_create(0x01).expect("cap_create failed");
// Create a read-write-grant capability
let cap_rwg = sys_cap_create(0x01 | 0x02 | 0x08).expect("cap_create failed");