pub const SKIP_POLICY_CHECKS: &'static str = "skip_policy_checks";Expand description
If the metadata for a route contains a Data::Uint64 value under this key with a value greater than 0, then no policy checks will be performed. This behavior is limited to non-fuchsia builds, and is exclusively used when performing routes from an offer declaration. This is necessary because we don’t know the ultimate target of the route, and thus routes that are otherwise valid could fail due to policy checks.
Consider a policy that allows a component /core/session_manager/session:session/my_cool_app
to access fuchsia.kernel.VmexResource. If we attempt to validate that route from the offer
placed on session_manager, we’d have to fill in session_manager for the target of the route
in the route request and follow the route to its source from there. If this policy check were
applied on this route it would fail the route, as session manager is not allowed to access
fuchsia.kernel.VmexResource. The route is valid though, because the offer on
session_manager doesn’t grant the session manager program access to the restricted
capability.
To be able to properly support this scenario, we need to selectively disable policy checks when routing from offer declarations.