transfer policy

Performs capability transfer with the specified list of access rights.

In this case, the capability holder (master) will not be able to revoke the transferred capability from the recipient. Only an entity that is a parent of the master and recipient in the capability derivation tree (CDT) will be able to revoke the capability.

The list of access rights is passed in the policy arguments.

Type: call policy

Syntax

transfer <configuration> (in SID master,

in SID recipient,

in SID resource,

in Rights rights)

Parameters

`master`	Holder transferring the capability.
`recipient`	Recipient of the capability.
`resource`	Resource SID associated with the capability.
`rights`	Mask of access rights.

Policy configuration

<configuration> ::= "{" <type> "}"

Configuration elements

<resource-type>

Resource type assigned during initialization of the capability. It must match one of the types in the family instance configuration.

Returned value

KSS_GRANT in the following cases:

The capability is transferred to the recipient and the recipient is a holder of the capability with all the specified access rights to the resource.
The value INVALID_HANDLE is passed as the resource SID.

KSS_DENY in the following cases:

At least one of the specified SIDs is incorrect.
The resource SID is not associated with the capability.
The resource type specified in the configuration (<type>) does not match the type assigned during capability initialization.
master is not a capability holder for the specified resource.
master does not have all the specified access rights to the resource.
master does not have Transfer permissions for the resource.
The master is the resource driver and capability owner (in this case, only the derive policy can be used).
For the specified resource type in the ocap family instance configuration, at least one of the transferred access rights is missing.

All specified restrictions apply only within the ocap family instance.

Page top