Key-value store operations
The key-value store API implements comprehensive validation and access control through
type safety through schema validation,
access control via locking mechanisms, and
resource cleanup through handle management.
Constructor API
The Constructor API provides methods for creating and initializing new key-value stores with proper schema validation and type safety controls.
KEY_VALUE_STORE_NEW
This creates a new key-value store with schema validation.
The following security controls are in place:
Schema validation
It validates the provided schema with built-in validation rules before store creation and prevents invalid schemas from being used.
Type safety
It validates generic type substitutions against schema and ensures type safety across all store operations.
Handle API
The Handle API manages the lifecycle of key-value store entries through controlled access mechanisms, including opening entries with appropriate locks and proper cleanup of resources.
KEY_VALUE_STORE_OPEN_ENTRY
This opens a key-value entry with appropriate locking.
The key safeguards include the following:
Type verification
It verifies the type of the node before accessing it to prevent type-confusion attacks.
Lock-flag validation
It validates lock flags against allowed operations. This prevents internal lock flags from being used in the user-facing API, which could lead to unintended behavior.
Key schema validation
It validates the key against the store's schema before access.
Lock-status checks
It checks the lock status before granting write access, preventing write access to locked entries. This enables implementation of write-once semantics.
KEY_VALUE_ENTRY_CLOSE
This manages entry-handle cleanup.
Entry API
The Entry API allows the reading and writing of key-value store entries.
KEY_VALUE_ENTRY_READ
/ KEY_VALUE_ENTRY_WRITE
These control read/write access to entries.
The following are the key protections:
Lock validation
It verifies the appropriate lock type for an operation and prevents handle type-confusion attacks.
Write-permission check
It validates write permissions before modification and enforces proper access control.
Schema validation on write
It validates written data against a store schema and prevents invalid data corruption from entering the store.
KEY_VALUE_ENTRY_REMOVE
/ KEY_VALUE_STORE_REMOVE_ENTRY
The first method removes an already opened entry, whereas the latter removes an entry from the store by a (node, key)
pair reference.
There is one main security control:
Write-lock requirement
It requires a write lock for removal and prevents immutable entries from being deleted.