主权项 |
1. A method comprising:
providing, in a computer system, domains including respective portions of code; receiving, in the computer system, information describing corresponding types of protection for the domains, said information specifying that the portion of code of a first of the domains is permitted to invoke the portion of code of a second of the domains, and indicating that the portion of code of a third of the domains is not permitted to invoke the portion of code of the second domain, and said information includes attributes associated with the second domain, the attributes including identifiers of multiple ones of the plurality of domains and respective one or more private keys to be used for accessing the portion of code of the second domain; receiving, in the computer system, information describing a relationship between said types of protection and said portions of code that are executed in a same privilege level of the computer system, wherein said relationship is not required to be linear; associating, in the computer system, said information describing said types of protection and said information describing said relationship with said portions of code; and during execution of the portion of code of the first domain, determining, by a manager in the computer system, whether the portion of code of the first domain is permitted to access the portion of code of the second domain, based on the information describing the corresponding types of protection and the information describing the relationship. |