shibedrill/gila
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Licensing and docs

Browse Source
This commit is contained in:
River 2025-03-29 00:44:54 -04:00
parent cb50a6d58c
commit 2eccf91884
Signed by: shibedrill
GPG Key ID: 5FE0CB25945EFAA2
34 changed files with 145 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
SECURITY.md Normal file
View File

@ -0,0 +1,42 @@
# Security
Part of the design philosophy that drives my inspiration for Gila is the idea of creating a new, fast, and safe kernel with security as a central focus. Kernels such as Linux, Mach, and NT have been around for too long to work perfectly with today's system security model. Gila is brand-new, and built almost exclusively in Rust for the utmost memory safety.
## Goals
- Distrustful by default
- Small, simple, and transparent
- Performant
- Capability based
- Highly isolated
## Gila's security model
### Microkernel architecture
Gila is a microkernel. Only the most important functionality runs at Ring 0 (Protected Mode) to reduce attack surface. This functionality includes:
- Modifying and reading kernel configurations
- Process creation and destruction
- Scheduling
- Memory allocation and management
- Inter-process communication
- Hardware communication interfaces
User processes perform complex functionality by interacting with server processes. Servers perform many different things:
- PCI(e)
- USB
- Security policy
- Filesystems
- Logins
A user process can be registered as a server by any process with the `ServerRegister` capability. The kernel takes the process's ID and a functionality type as arguments to the registration function. Registering is important, because it allows processes to discover the PIDs of server processes for IPC.
### Capabilities
Every process in Gila has a set of capabilities. These capabilities define the ways it may interact with the kernel's limited functions, and do not govern what it can do with any other userspace process.
### Access control
Access control will be accomplished by means of a "policy server" process, which is registered as a system server by the init process, and is given the authority (by means of its registration with the kernel being readable) to allow or deny specific resource accesses. The relevant server will submit the PID of the requesting process & the resource it desires to the security server, which will check the request against the process's rights, and return a verdict to the issuing server.

3
src/kernel/arch/aarch64/asm.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
use core::arch::asm;
#[allow(clippy::missing_safety_doc)]

3
src/kernel/arch/aarch64/display.rs
View File

@ -1 +1,2 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later

3
src/kernel/arch/aarch64/mod.rs
View File

@ -1,2 +1,5 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
pub mod asm;
pub mod display;

3
src/kernel/arch/loongarch64/asm.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
use core::arch::asm;
#[allow(clippy::missing_safety_doc)]

3
src/kernel/arch/loongarch64/display.rs
View File

@ -1 +1,2 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later

3
src/kernel/arch/loongarch64/mod.rs
View File

@ -1,2 +1,5 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
pub mod asm;
pub mod display;

3
src/kernel/arch/mod.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
#[cfg(target_arch = "x86_64")]
pub mod x86_64;
#[cfg(target_arch = "x86_64")]

3
src/kernel/arch/riscv64/asm.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
use core::arch::asm;
#[allow(clippy::missing_safety_doc)]

3
src/kernel/arch/riscv64/display.rs
View File

@ -1 +1,2 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later

3
src/kernel/arch/riscv64/mod.rs
View File

@ -1,2 +1,5 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
pub mod asm;
pub mod display;

3
src/kernel/arch/x86_64/acpi.rs
View File

@ -1 +1,4 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
// TODO: Implement per-arch memory handlers for ACPI memory map regions

3
src/kernel/arch/x86_64/asm.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
#![allow(clippy::missing_safety_doc)]
use core::arch::asm;

3
src/kernel/arch/x86_64/display.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
#![allow(dead_code)]
#![allow(unused_variables)]

3
src/kernel/arch/x86_64/mod.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
pub mod acpi;
pub mod asm;
pub mod display;

3
src/kernel/boot.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
use limine::{BaseRevision, request::*};
#[used]

3
src/kernel/log.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
use core::fmt::Write;
use crate::memory::alloc;

3
src/kernel/main.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
#![no_std]
#![no_main]
#![feature(allocator_api)]

3
src/kernel/memory.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
#![allow(unused_imports)]
use enumflags2::*;

3
src/kernel/panic.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
use core::panic::*;
#[panic_handler]

3
src/kernel/params.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
use crate::memory::alloc;
use alloc::string::String;
use alloc::vec::Vec;

23
src/kernel/process.rs
View File

@ -67,18 +67,23 @@ pub enum ProcessCapabilities {
ProcessKill, // Kill any process
ProcessSpawn, // Create a new process
ProcessExec, // Replace self with new process image
ProcessSession, // Create and accept Session requests.
// File system capabilities
FileEnum, // Enumerate directories and files
FileRead, // Read files
FileWrite, // Write to files
FilePermission, // Modify file permissions
FileCreate, // Create files
FileDelete, // Delete files
FileSystem, // Mount, unmount, and modify filesystems
ProcessSession, // Create and accept IPC requests.
// Capability meta
CapabilityRead, // Inspect a process's capabilities
CapabilityAdd, // Add a capability to a process
// Hardware access capabilities
HardwareWrite, // Write to memory-mapped IO
HardwareRead, // Read from memory-mapped IO
HardwareLock, // Obtain exclusive access to a device
HardwareQuery, // Check on the lock status of a device
// Kernel config capabilities
KernelCfgRead, // Read kernel configurations
KernelCfgWrite, // Modify kernel configurations
KernelProtCall, // Call protected kernel functions
// Server resolution capabilities
ServerEnum, // Enumerate server processes
ServerGet, // Get the PID of a specific server for IPC.
ServerRegister, // Register a process as a server.
}
// Interprocess communication system:

3
src/kernel/resources.rs
View File

@ -1 +1,2 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later

3
src/kernel/syscall_runner.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
#![allow(dead_code)]
use crate::process::Process;

3
src/lib/arch/aarch64/mod.rs
View File

@ -1 +1,2 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later

3
src/lib/arch/loongarch64/mod.rs
View File

@ -1 +1,2 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later

3
src/lib/arch/mod.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
#[cfg(target_arch = "x86_64")]
pub mod x86_64;
#[cfg(target_arch = "x86_64")]

3
src/lib/arch/riscv64/mod.rs
View File

@ -1 +1,2 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later

3
src/lib/arch/x86_64/mod.rs
View File

@ -1,2 +1,5 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
mod registers_impl;
mod syscall_impl;

3
src/lib/arch/x86_64/registers_impl.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
#[allow(dead_code)]
pub struct Registers {
// Private fields

3
src/lib/arch/x86_64/syscall_impl.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
#![allow(dead_code, unused_variables)]
// The system call API for x86_64.

3
src/lib/lib.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
#![no_std]
#![allow(unused_imports)]
mod arch;

3
src/lib/registers.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
// Every architecture MUST implement this as part of the ABI.
// Additional registers can be implemented with architecture-specific traits.
pub unsafe trait RegStoreLoad

4
src/lib/syscall.rs
View File

@ -1,3 +1,6 @@
// Copyright (c) 2025 shibedrill
// SPDX-License-Identifier: GPL-3.0-or-later
#![allow(dead_code)]
// TODO: Implement a nice API for system calls.
@ -19,7 +22,6 @@ pub enum SyscallError {
Ok, // No error.
Unspecified, // Unspecified error occurred.
SyscallNotExist, // System call does not exist.
FileNotExist, // The file mentioned does not exist.
ProcessNotExist, // The process mentioned does not exist.
PermissionDenied, // The process lacks capabilities.
Aborted, // The kernel gave up on a blocking request.