pub fn sys_cap_grant(_cap: u64, _target: u64) -> SyscallResult<()>Expand description
Grant a capability to another process, enabling cross-process resource sharing.
Copies the specified capability into the target process’s capability
space. The caller must hold the GRANT right (0x08) on the capability
being transferred. The granted capability may have equal or fewer rights
than the original; it can never have more rights (rights are monotonically
non-increasing through the delegation chain).
The granted capability becomes a derived child of the original. If the
original is later revoked via sys_cap_revoke, the derived capability
in the target process is also revoked (cascade revocation).
§Arguments
cap- Capability token to grant. The caller must hold this capability with theGRANTright.target- Process ID of the target process that will receive the capability.
§Returns
Ok(())on successful transfer.
§Errors
SyscallError::PermissionDenied- The caller does not hold theGRANTright on the specified capability.SyscallError::NotFound- The capability token is invalid or revoked, or the target PID does not correspond to a running process.SyscallError::InvalidArgument-targetis the caller’s own PID (self-grant is a no-op error) or an invalid PID value.SyscallError::OutOfMemory- The target process’s capability table is full.
§Examples
use veridian_kernel::pkg::sdk::syscall_api::{sys_cap_create, sys_cap_grant};
// Create a grantable read-write capability
let cap = sys_cap_create(0x01 | 0x02 | 0x08).expect("cap_create failed");
// Grant it to process with PID 42
let target_pid: u64 = 42;
sys_cap_grant(cap, target_pid).expect("cap_grant failed");