veyron2/options,veyron/runtimes/google/ipc: Allow different servers to
present different blessings.
Prior to this commit, all ipc.Servers created by a Runtime would
present the same (Principal.BlessingStore.Default) blessings to
all clients.
With this commit, distinct ipc.Servers in the same Runtime can
be configured to use distinct blessings - i.e., not use the
BlessingStore's default.
This was mostly motivated by the nodemanager/appmgr use case where
"application" binaries would typically have two ipc.Servers - one
for receiving instructions from the node manager and one for acting
as the "application". It is conceivable that the blessings presented
by the latter would be distinct from the former - for example, the
application does not need to present its "device ownership" blessings
to application clients.
Note that we intentionally do not provide such as "blessings selection"
option for Client creation, since ipc.Clients already present different
blessings to different servers. While there may be a need to be fancier,
we defer that for now.
Change-Id: I9f72335328fdb66f66c9f8336c9fb2828bbb7bf3
3 files changed
