You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{cheri_levels_ext_name} is an optional extension to {cheri_base_ext_name} that adds support for associating a level with capabilities and limiting flow of capabilities to specific memory region subsets.
This extension allows assigning a level to capabilities, which in conjunction with two new permissions allows enforcing invariants on capability propagation.
For example, this can be used to ensure that a callee cannot save a copy of the passed in argument or to avoid sharing of compartment-local data between compartments.
For example, this can be used to ensure that a callee cannot store a copy of the passed in argument to memory or to avoid sharing of compartment-local data between compartments.
The number of supported levels is configurable, but this specification currently only requires supporting two levels (_local_ and _global_).
