⚠️ VeridianOS Kernel Documentation - This is low-level kernel code. All functions are unsafe unless explicitly marked otherwise. no_std

CapInvariantChecker

veridian_kernel::verification::cap_proofs

Struct CapInvariantChecker 

Source 
pub struct CapInvariantChecker;
Expand description

Capability invariant checker

Implementations§

Source§

impl CapInvariantChecker

Source

pub fn verify_non_forgery( space: &CapSpaceModel, random_token: u64, ) -> Result<(), CapModelError>

Verify non-forgery: capabilities can only be created through the kernel API

A random u64 should not match any valid capability in the space.

Source

pub fn verify_rights_monotonicity( space: &CapSpaceModel, ) -> Result<(), CapModelError>

Verify rights monotonicity: derived capabilities have subset of parent rights

Source

pub fn verify_revocation_completeness( space: &CapSpaceModel, revoked_token: u64, ) -> Result<(), CapModelError>

Verify revocation completeness: revoking a parent removes all children

Source

pub fn verify_generation_integrity( space: &CapSpaceModel, old_gen: u32, ) -> Result<(), CapModelError>

Verify generation integrity: bumping generation invalidates old tokens

Auto Trait Implementations§

§

impl Freeze for CapInvariantChecker

§

impl RefUnwindSafe for CapInvariantChecker

§

impl Send for CapInvariantChecker

§

impl Sync for CapInvariantChecker

§

impl Unpin for CapInvariantChecker

§

impl UnwindSafe for CapInvariantChecker

Blanket Implementations§

§

impl<T> Any for T
where T: 'static + ?Sized,

§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<T> Borrow<T> for T
where T: ?Sized,

§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
§

impl<T> BorrowMut<T> for T
where T: ?Sized,

§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> From<T> for T

§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, U> Into<U> for T
where U: From<T>,

§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of [From]<T> for U chooses to do.

§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.