Google is committed to advancing racial equity for Black communities. See how.

fuchsia.component.internal

The FIDL representation of the component ID Index.

See (component ID index)[//docs/development/components/component_id_index.md] for documentation on the schema.

ENUMS

BuiltinBootResolver strict

Type: uint8

Defined in fuchsia.component.internal/config.fidl

The builtin resolver to use for the fuchsia-boot scheme, if any.

NameValueDescription
NONE 1

No builtin boot resolver is used.

BOOT 2

Try to use the /boot directory from the namespace. Typically this is provided to component manager during initialization of the system.

PKG 3

Try to use the /pkg directory from the namespace. Typically this is provided to a nested component manager that a part of a test package.

BuiltinPkgResolver strict

Type: uint8

Defined in fuchsia.component.internal/config.fidl

The builtin resolver to use for the fuchsia-pkg scheme, if any.

NameValueDescription
NONE 1

No builtin package resolver is used. Products supply a package resolver as a component, or can opt to not include one at all.

APPMGR_BRIDGE 3

Try to use the fuchsia.sys.Loader protocol from the namespace, typically this is provided by appmgr. Test scenarios commonly use this option.

LogDestination strict

Type: uint8

Defined in fuchsia.component.internal/config.fidl

Where to log to.

NameValueDescription
SYSLOG 1

Log to syslog.

KLOG 2

Log to klog.

OutDirContents strict

Type: uint8

Defined in fuchsia.component.internal/config.fidl

Determine what content to expose through component manager's outgoing directory.

NameValueDescription
NONE 1

Don't expose anything through the outgoing directory.

HUB 2

Expose component manager's hub directory.

SVC 3

Expose root component's expose/svc.

RealmBuilderResolverAndRunner strict

Type: uint8

Defined in fuchsia.component.internal/config.fidl

If and how the realm builder resolver and runner will be used.

NameValueDescription
NONE 1

The realm builder resolver and runner are not used.

NAMESPACE 2

The realm builder resolver and runner will be accessed through component manager's namespace, and made available to the root realm.

TABLES

AllowlistedDirectory

Defined in fuchsia.component.internal/config.fidl

OrdinalFieldTypeDescription

AllowlistedEvent

Defined in fuchsia.component.internal/config.fidl

OrdinalFieldTypeDescription

AllowlistedProtocol

Defined in fuchsia.component.internal/config.fidl

OrdinalFieldTypeDescription

AllowlistedResolver

Defined in fuchsia.component.internal/config.fidl

OrdinalFieldTypeDescription

AllowlistedRunner

Defined in fuchsia.component.internal/config.fidl

OrdinalFieldTypeDescription

AllowlistedService

Defined in fuchsia.component.internal/config.fidl

OrdinalFieldTypeDescription

AllowlistedStorage

Defined in fuchsia.component.internal/config.fidl

OrdinalFieldTypeDescription

AppmgrMoniker

Defined in fuchsia.component.internal/component_id_index.fidl

OrdinalFieldTypeDescription
1 url fuchsia.sys/component_url

The component's URL.

2 realm_path AppmgrRealmPath

The path to the appmgr realm where the component runs.

3 transitional_realm_paths vector<vector<string>>[64]

The component instance's previous realm paths. appmgr will consider these realms in addition to realm_path. This feature is useful when moving a component to a new realm_path, but still needing to retain the previous realm paths. For example, this feature can be used when a component ID index change and the realm path code change cannot be submitted atomically.

Optional.

CapabilityAllowlistEntry

Defined in fuchsia.component.internal/config.fidl

Defines a single capability policy entry in the set of capability policy allowlists.

OrdinalFieldTypeDescription
1 source_moniker string[4096]

The source_moniker represents the origin of a capability. The source_moniker is either an absolute moniker or '<component_manager>'.

2 source_name string[100]

The source name of this particular capability.

3 capability AllowlistedCapability

Represents the type of capability that is being restricted along with any other properties required by a particular capability type.

4 target_monikers vector<string>[128]

The set of components, described by either exact absolute monikers, realm, or collection, that are allowed to use this specific capability.

5 source fuchsia.sys2/Ref

The original source type of this capability, self or framework.

CapabilityPolicyAllowlists

Defined in fuchsia.component.internal/config.fidl

Defines the total set of capability allowlists. Each source_moniker + capability pair must be unique in the vector.

OrdinalFieldTypeDescription
1 allowlist vector<CapabilityAllowlistEntry>[128]

ChildPolicyAllowlists

Defined in fuchsia.component.internal/config.fidl

Allowlists for privileged child options.

OrdinalFieldTypeDescription
1 reboot_on_terminate vector<string>[128]

Allowlist entry monikers of component instances allowed to have the on_terminate=REBOOT in their children declaration.

ComponentIdIndex

Defined in fuchsia.component.internal/component_id_index.fidl

Top-level type describing the component ID index.

OrdinalFieldTypeDescription
1 appmgr_restrict_isolated_persistent_storage bool

If true, appmgr requires components which use isolated-persistent-storage to list their instance in the index. Otherwise, they fail to run. Note that this flag is only used by appmgr, and is ignored by component_manager.

2 instances vector<InstanceIdEntry>[1024]

A list of component ID instance entries.

Required, but may be empty.

Config

Defined in fuchsia.component.internal/config.fidl

OrdinalFieldTypeDescription
1 debug bool

If true, component manager will be in debug mode. In this mode, component manager provides the EventSource protocol and exposes this protocol. Component manager will not start until it is resumed by a call to EventSource.StartComponentTree.

This is done so that an external component (say an integration test) can subscribe to events before the root component has started.

2 list_children_batch_size uint32

How many children, maximum, are returned by a call to Realm.ChildIterator.next().

3 security_policy SecurityPolicy

Security policy configuration.

4 namespace_capabilities vector<fuchsia.sys2/CapabilityDecl>

Capabilities offered from component manager's namespace.

17 builtin_capabilities vector<fuchsia.sys2/CapabilityDecl>

Capabilities offered from component manager as built-in capabilities.

5 use_builtin_process_launcher bool

If true, component_manager will serve an instance of fuchsia.process.Launcher and use this launcher for the built-in ELF component runner. The root component can additionally use and/or offer this service using /builtin/fuchsia.process.Launcher from realm. This flag exists because the built-in process launcher only works when component_manager runs under a job that has ZX_POL_NEW_PROCESS set to allow, like the root job. Otherwise, the component_manager process cannot directly create process through zx_process_create. When we run component_manager elsewhere, like in test environments, it has to use the fuchsia.process.Launcher service provided through its namespace instead.

6 maintain_utc_clock bool

If true, component_manager will maintain a UTC kernel clock and vend write handles through an instance of fuchsia.time.Maintenance. This flag should only be used with the top-level component_manager.

7 num_threads uint32

The number of threads to use for running component_manager's executor. If not present, interpreted as 1.

8 builtin_pkg_resolver BuiltinPkgResolver

Which builtin resolver to use for the fuchsia-pkg scheme. If not present, interpreted as BuiltinPkgResolver.NONE.

9 out_dir_contents OutDirContents

Determine what content to expose through the component manager's outgoing directory. If not present, interpreted as OutDirContents.NONE.

10 root_component_url string[100]

URL of the root component to launch. This field is used if the no URL is passed to component manager. If value is passed in both places, then an error is raised.

11 component_id_index_path string[1024]

Path to the component ID index. An empty value defaults to an empty index. An invalid index causes component_manager to abort.

12 log_destination LogDestination

Where to log to.

13 log_all_events bool

If true, component manager will log all events dispatched in the topology.

14 builtin_boot_resolver BuiltinBootResolver

Which builtin resolver to use for the fuchsia-boot scheme. If not present, interpreted as BuiltinBootResolver.NONE.

15 reboot_on_terminate_enabled bool

If true, allow components to set the OnTerminate=REBOOT option.

This lets a parent copmonent designate that the system should reboot if a child terminates (except when it's shut down).

16 realm_builder_resolver_and_runner RealmBuilderResolverAndRunner

If and how the realm builder resolver and runner will be used. Typically these capabilities from realm builder are available to a nested component manager that is undergoing an integration test.

DebugRegistrationAllowlistEntry

Defined in fuchsia.component.internal/config.fidl

Defines a capability policy entry in the set of debug capability policy allowlists.

OrdinalFieldTypeDescription
1 source_moniker string[4096]

The source_moniker represents the origin of a capability. The source_moniker is absolute moniker.

2 source_name string[100]

The source name of this particular capability.

3 debug AllowlistedDebugRegistration

Represents the type of capability that is being restricted along with any other properties required by a particular capability type.

4 target_moniker string[4096]

The target_moniker represents the component which is allowed to register this capability in its environment's debug sction.

5 environment_name fuchsia.component/name

Name of the environment where this capability can be registered.

DebugRegistrationPolicyAllowlists

Defined in fuchsia.component.internal/config.fidl

Defines the total set of debug capability allowlists.

OrdinalFieldTypeDescription
1 allowlist vector<DebugRegistrationAllowlistEntry>[128]

InstanceIdEntry

Defined in fuchsia.component.internal/component_id_index.fidl

OrdinalFieldTypeDescription
1 instance_id InstanceId

A 256-bit identifier encoded in base64 which is unique across all other instance IDs in the index.

2 appmgr_moniker AppmgrMoniker

An appmgr-based moniker identifying an appmgr component instance associated with instance_id. Note that component manager ignores this field; it is only consumed by appmgr.

3 moniker string[4096]

The absolute moniker identifying the component instance. Note that appmgr ignores thie field; it is only consumed by component manager.

JobPolicyAllowlists

Defined in fuchsia.component.internal/config.fidl

Allowlists for Zircon job policy.

OrdinalFieldTypeDescription
1 ambient_mark_vmo_exec vector<string>[128]

Allowlist entry monikers for components allowed to be given the ZX_POL_AMBIENT_MARK_VMO_EXEC job policy.

Components must request this policy by including "job_policy_ambient_mark_vmo_exec: true" in their CML's program section and must be using the ELF runner. This is equivalent to the v1 'deprecated-ambient-replace-as-executable' feature.

2 main_process_critical vector<string>[128]

Allowlist entry monikers for components allowed to have their original process marked as critical to component_manager's job.

Components must request this critical marking by including "main_process_critical: true" in their CML's program section and must be using the ELF runner.

3 create_raw_processes vector<string>[128]

Allowlist entry monikers for components allowed to call zx_process_create directly (e.g., do not have ZX_POL_NEW_PROCESS set to ZX_POL_ACTION_DENY).

Components must request this policy by including "job_policy_create_raw_processes: true" in their manifest's program object and must be using the ELF runner.

SecurityPolicy

Defined in fuchsia.component.internal/config.fidl

Runtime security policy.

OrdinalFieldTypeDescription
1 job_policy JobPolicyAllowlists

Allowlists for Zircon job policy.

2 capability_policy CapabilityPolicyAllowlists

Capability access policy.

3 debug_registration_policy DebugRegistrationPolicyAllowlists

Debug capability registration policy.

4 child_policy ChildPolicyAllowlists

Component child options policy.

UNIONS

AllowlistedCapability flexible

Defined in fuchsia.component.internal/config.fidl

Represents the class of capabilities supported to be allowlisted.

Ordinal
VariantTypeDescription
1 directory AllowlistedDirectory
2 event AllowlistedEvent
3 protocol AllowlistedProtocol
4 service AllowlistedService
5 storage AllowlistedStorage
6 runner AllowlistedRunner
7 resolver AllowlistedResolver

AllowlistedDebugRegistration flexible

Defined in fuchsia.component.internal/config.fidl

Represents the class of capabilities supported to be allowlisted.

Ordinal
VariantTypeDescription
1 protocol AllowlistedProtocol

CONSTANTS

NameValueTypeDescription
MAX_ALLOWLIST_SIZE 128 uint64

The maximum size of the JobPolicyAllowlists entries. This value is currently set arbitrarily.

TYPE ALIASES

NameValueDescription
AllowlistEntryMoniker string[fuchsia.component/MAX_MONIKER_LENGTH]

A single entry in an allowlist, expressed in one of three forms:

  1. Exact absolute moniker - Most entries should fall under this case, where the exact absolute monikers of allowed components are listed. For example, "/foo/bar".
  2. Realm - Realms can be allowlisted such that any descendant will be allowed without being listed explicitly. For example, "/foo/**" allows any descendant of "/foo" (but not foo itself).
  3. Collection - Individual collections can also be allowlisted. For example, "/foo/bar:**" will allow any child in foo's "bar" collection and any descendant thereof, but not foo or other children of foo.
AppmgrRealmPath vector[256]

The path to the appmgr realm where the component runs.

InstanceId string[64]

256 bits encoded in lower-cased base64 (64 chars).