drew/acadia
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity Actions

Add a way to restrict permissions on cap duplication.

Browse source
This commit is contained in:
Drew Galbraith 2023-11-02 22:12:55 -07:00
parent 7dd10a3e53
commit f31652b981
10 changed files with 15 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

3
sys/yellowstone/lib/yellowstone/yellowstone.yunq.server.cpp
View file

@ -31,8 +31,7 @@ void YellowstoneServerBaseThreadBootstrap(void* server_base) {
glcr::ErrorOr<YellowstoneClient> YellowstoneServerBase::CreateClient() {
uint64_t client_cap;
// FIXME: Restrict permissions to send-only here.
RET_ERR(ZCapDuplicate(endpoint_, &client_cap));
RET_ERR(ZCapDuplicate(endpoint_, ~(kZionPerm_Read), &client_cap));
return YellowstoneClient(client_cap);
}