Skip to main content

PluginState

lion_core::state

Struct PluginState 

Source 
pub struct PluginState { /* private fields */ }
Expand description

State of a single plugin instance

Corresponds to Lean: @[ext] structure PluginState

INVARIANTS:

  • heldCaps contains only capability IDs, not actual capabilities
  • Validity of held capabilities is checked at use time via kernel lookup
  • Memory bounds are immutable after creation
  • Resource usage must not exceed quotas (DoS prevention)

Implementations§

Source§

impl PluginState

Source

pub fn empty(level: SecurityLevel, mem_size: Size) -> Self

Create empty plugin with given security level and memory size

Corresponds to Lean: def PluginState.empty (level : SecurityLevel) (memSize : Nat) : PluginState

Source

pub fn with_quotas( level: SecurityLevel, mem_size: Size, memory_quota: u64, cap_quota: u64, ipc_queue_limit: u64, ) -> Self

Create plugin with custom quotas

Corresponds to Lean: def PluginState.withQuotas

Source

pub fn holds_cap(&self, cap_id: CapId) -> bool

Check if plugin holds a capability by ID

Corresponds to Lean: def PluginState.holds_cap (ps : PluginState) (capId : CapId) : Prop

Source

pub fn grant_cap(&self, cap_id: CapId) -> Self

Grant capability ID to plugin (idempotent)

Corresponds to Lean: def PluginState.grant_cap

Returns the new PluginState with the capability ID added.

Source

pub fn grant_cap_mut(&mut self, cap_id: CapId)

Grant capability ID to plugin (mutating version)

Source

pub fn revoke_cap(&self, cap_id: CapId) -> Self

Remove capability ID from plugin

Corresponds to Lean: def PluginState.revoke_cap

Returns the new PluginState with the capability ID removed.

Source

pub fn revoke_cap_mut(&mut self, cap_id: CapId)

Remove capability ID from plugin (mutating version)

Source

pub fn level(&self) -> SecurityLevel

Get the security level

Source

pub fn memory(&self) -> &LinearMemory

Get a reference to the memory

Source

pub fn held_cap_count(&self) -> usize

Get the number of held capabilities

Source

pub fn local_state(&self) -> PluginLocal

Get the local state

Source

pub fn held_caps(&self) -> Vec<CapId>

Get held capability IDs as a Vec

Note: Returns a cloned Vec. The Vec is maintained in sorted order.

Source

pub fn held_caps_ref(&self) -> &Vec<CapId>

Get a reference to held capability IDs

Source

pub fn memory_bounds(&self) -> Size

Get memory bounds

Source

pub fn can_alloc_memory(&self, size: u64) -> bool

Check if memory allocation would exceed quota

Corresponds to Lean: def PluginState.canAllocMemory Returns false if addition would overflow (DoS prevention)

Source

pub fn can_hold_cap(&self) -> bool

Check if plugin can hold another capability

Corresponds to Lean: def PluginState.canHoldCap

Source

pub fn can_queue_ipc(&self, queue_len: u64) -> bool

Check if adding to IPC queue would exceed limit

Corresponds to Lean: def PluginState.canQueueIpc

Source

pub fn alloc_memory(&mut self, size: u64) -> bool

Record memory allocation (update used counter)

Corresponds to Lean: def PluginState.allocMemory Returns false if quota would be exceeded

Source

pub fn free_memory(&mut self, size: u64)

Record memory deallocation (update used counter)

Corresponds to Lean: def PluginState.freeMemory

Source

pub fn memory_used(&self) -> u64

Get current memory usage

Source

pub fn memory_quota(&self) -> u64

Get memory quota

Source

pub fn cap_quota(&self) -> u64

Get capability quota

Source

pub fn ipc_queue_limit(&self) -> u64

Get IPC queue limit

Trait Implementations§

Source§

impl Clone for PluginState

Source§

fn clone(&self) -> PluginState

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for PluginState

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for PluginState

Source§

fn default() -> Self

Default plugin: Public level (no clearance), empty memory, no caps.

Corresponds to Lean: noncomputable instance : Inhabited PluginState

This is the semantically correct default - uninitialized plugins have no security privileges.

Source§

impl PartialEq for PluginState

Source§

fn eq(&self, other: &PluginState) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Eq for PluginState

Source§

impl StructuralPartialEq for PluginState

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.