Yes, and this makes sense if you think about it. If you want to guarantee that Alice is confined (i.e. cannot leak information sent to her) then you need to ensure that she has no send rights. Which you cannot if she was able to receive a cap with send rights.
Gernot > On 11 Jul 2017, at 19:34, Jimmy Brush <[email protected]> wrote: > > Hello, > > in the 6.0 manual section 3.1.4 the table shows that Write permission on > an endpoint cap permits sending to the endpoint. > > however, in section 4.2.2 it says without the Write permission on the > RECEIVING endpoint cap, any cap sent over IPC gets diminished. > > Am I missing something? It seems the Write permission is overloaded to > mean two different things. > > This would seem to imply that to receive an undiminished capability via > IPC you must have both send and receive permission to the endpoint you > are receiving against. > > Which would mean if you wanted to limit someone to only receiving and > never sending against an endpoint by giving them an endpoint cap with > only Read permission, they would necessarily also NEVER be able to > receive an undiminished capability. > > Thanks, > JB > > > > _______________________________________________ > Devel mailing list > [email protected] > https://sel4.systems/lists/listinfo/devel _______________________________________________ Devel mailing list [email protected] https://sel4.systems/lists/listinfo/devel
