Licensing and docs

SECURITY.md

@@ -0,0 +1,42 @@
+# Security
+
+Part of the design philosophy that drives my inspiration for Gila is the idea of creating a new, fast, and safe kernel with security as a central focus. Kernels such as Linux, Mach, and NT have been around for too long to work perfectly with today's system security model. Gila is brand-new, and built almost exclusively in Rust for the utmost memory safety.
+
+## Goals
+
+- Distrustful by default
+- Small, simple, and transparent
+- Performant
+- Capability based
+- Highly isolated
+
+## Gila's security model
+
+### Microkernel architecture
+
+Gila is a microkernel. Only the most important functionality runs at Ring 0 (Protected Mode) to reduce attack surface. This functionality includes:
+
+- Modifying and reading kernel configurations
+- Process creation and destruction
+- Scheduling
+- Memory allocation and management
+- Inter-process communication
+- Hardware communication interfaces
+
+User processes perform complex functionality by interacting with server processes. Servers perform many different things:
+
+- PCI(e)
+- USB
+- Security policy
+- Filesystems
+- Logins
+
+A user process can be registered as a server by any process with the `ServerRegister` capability. The kernel takes the process's ID and a functionality type as arguments to the registration function. Registering is important, because it allows processes to discover the PIDs of server processes for IPC.
+
+### Capabilities
+
+Every process in Gila has a set of capabilities. These capabilities define the ways it may interact with the kernel's limited functions, and do not govern what it can do with any other userspace process.
+
+### Access control
+
+Access control will be accomplished by means of a "policy server" process, which is registered as a system server by the init process, and is given the authority (by means of its registration with the kernel being readable) to allow or deny specific resource accesses. The relevant server will submit the PID of the requesting process & the resource it desires to the security server, which will check the request against the process's rights, and return a verdict to the issuing server.

src/kernel/arch/aarch64/asm.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 use core::arch::asm;
 
 #[allow(clippy::missing_safety_doc)]

src/kernel/arch/aarch64/display.rs

@@ -1 +1,2 @@
-
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later

src/kernel/arch/aarch64/mod.rs

@@ -1,2 +1,5 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 pub mod asm;
 pub mod display;

src/kernel/arch/loongarch64/asm.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 use core::arch::asm;
 
 #[allow(clippy::missing_safety_doc)]

src/kernel/arch/loongarch64/display.rs

@@ -1 +1,2 @@
-
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later

src/kernel/arch/loongarch64/mod.rs

@@ -1,2 +1,5 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 pub mod asm;
 pub mod display;

src/kernel/arch/mod.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 #[cfg(target_arch = "x86_64")]
 pub mod x86_64;
 #[cfg(target_arch = "x86_64")]

src/kernel/arch/riscv64/asm.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 use core::arch::asm;
 
 #[allow(clippy::missing_safety_doc)]

src/kernel/arch/riscv64/display.rs

@@ -1 +1,2 @@
-
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later

src/kernel/arch/riscv64/mod.rs

@@ -1,2 +1,5 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 pub mod asm;
 pub mod display;

src/kernel/arch/x86_64/acpi.rs

@@ -1 +1,4 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 // TODO: Implement per-arch memory handlers for ACPI memory map regions

src/kernel/arch/x86_64/asm.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 #![allow(clippy::missing_safety_doc)]
 
 use core::arch::asm;

src/kernel/arch/x86_64/display.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 #![allow(dead_code)]
 #![allow(unused_variables)]
 

src/kernel/arch/x86_64/mod.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 pub mod acpi;
 pub mod asm;
 pub mod display;

src/kernel/boot.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 use limine::{BaseRevision, request::*};
 
 #[used]

src/kernel/log.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 use core::fmt::Write;
 
 use crate::memory::alloc;

src/kernel/main.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 #![no_std]
 #![no_main]
 #![feature(allocator_api)]

src/kernel/memory.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 #![allow(unused_imports)]
 
 use enumflags2::*;

src/kernel/panic.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 use core::panic::*;
 
 #[panic_handler]

src/kernel/params.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 use crate::memory::alloc;
 use alloc::string::String;
 use alloc::vec::Vec;

src/kernel/process.rs

@@ -67,18 +67,23 @@ pub enum ProcessCapabilities {
     ProcessKill,    // Kill any process
     ProcessSpawn,   // Create a new process
     ProcessExec,    // Replace self with new process image
-    ProcessSession, // Create and accept Session requests.
+    ProcessSession, // Create and accept IPC requests.
-    // File system capabilities
+    // Capability meta
-    FileEnum,       // Enumerate directories and files
+    CapabilityRead, // Inspect a process's capabilities
-    FileRead,       // Read files
+    CapabilityAdd,  // Add a capability to a process
-    FileWrite,      // Write to files
+    // Hardware access capabilities
-    FilePermission, // Modify file permissions
+    HardwareWrite, // Write to memory-mapped IO
-    FileCreate,     // Create files
+    HardwareRead,  // Read from memory-mapped IO
-    FileDelete,     // Delete files
+    HardwareLock,  // Obtain exclusive access to a device
-    FileSystem,     // Mount, unmount, and modify filesystems
+    HardwareQuery, // Check on the lock status of a device
     // Kernel config capabilities
     KernelCfgRead,  // Read kernel configurations
     KernelCfgWrite, // Modify kernel configurations
+    KernelProtCall, // Call protected kernel functions
+    // Server resolution capabilities
+    ServerEnum,     // Enumerate server processes
+    ServerGet,      // Get the PID of a specific server for IPC.
+    ServerRegister, // Register a process as a server.
 }
 
 // Interprocess communication system:

src/kernel/resources.rs

@@ -1 +1,2 @@
-
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later

src/kernel/syscall_runner.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 #![allow(dead_code)]
 
 use crate::process::Process;

src/lib/arch/aarch64/mod.rs

@@ -1 +1,2 @@
-
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later

src/lib/arch/loongarch64/mod.rs

@@ -1 +1,2 @@
-
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later

src/lib/arch/mod.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 #[cfg(target_arch = "x86_64")]
 pub mod x86_64;
 #[cfg(target_arch = "x86_64")]

src/lib/arch/riscv64/mod.rs

@@ -1 +1,2 @@
-
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later

src/lib/arch/x86_64/mod.rs

@@ -1,2 +1,5 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 mod registers_impl;
 mod syscall_impl;

src/lib/arch/x86_64/registers_impl.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 #[allow(dead_code)]
 pub struct Registers {
     // Private fields

src/lib/arch/x86_64/syscall_impl.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 #![allow(dead_code, unused_variables)]
 
 // The system call API for x86_64.

src/lib/lib.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 #![no_std]
 #![allow(unused_imports)]
 mod arch;

src/lib/registers.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 // Every architecture MUST implement this as part of the ABI.
 // Additional registers can be implemented with architecture-specific traits.
 pub unsafe trait RegStoreLoad

src/lib/syscall.rs

@@ -1,3 +1,6 @@
+// Copyright (c) 2025 shibedrill
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 #![allow(dead_code)]
 
 // TODO: Implement a nice API for system calls.
@@ -19,7 +22,6 @@ pub enum SyscallError {
     Ok,               // No error.
     Unspecified,      // Unspecified error occurred.
     SyscallNotExist,  // System call does not exist.
-    FileNotExist,     // The file mentioned does not exist.
     ProcessNotExist,  // The process mentioned does not exist.
     PermissionDenied, // The process lacks capabilities.
     Aborted,          // The kernel gave up on a blocking request.