feat: Add configurable permissions for Workers (#8215)

This commit adds new option to "Worker" Web API that allows to 
configure permissions.

New "Worker.deno.permissions" option can be used to define limited
permissions to the worker thread by either:
- inherit set of parent thread permissions
- use limited subset of parent thread permissions
- revoke all permissions (full sandbox)

In order to achieve this functionality "CliModuleLoader"
was modified to accept "initial permissions", which are used
for top module loading (ie. uses parent thread permission set
to load top level module of a worker).

1 files changed, 44 insertions, 12 deletions

diff --git a/cli/dts/lib.deno.shared_globals.d.ts b/cli/dts/lib.deno.shared_globals.d.ts
index e4d763ec0..74abbc95b 100644
--- a/cli/dts/lib.deno.shared_globals.d.ts
+++ b/cli/dts/lib.deno.shared_globals.d.ts
@@ -662,24 +662,33 @@ declare class Worker extends EventTarget {
     options?: {
       type?: "classic" | "module";
       name?: string;
-      /** UNSTABLE: New API. Expect many changes; most likely this
-       * field will be made into an object for more granular
-       * configuration of worker thread (permissions, import map, etc.).
+      /** UNSTABLE: New API.
        *
-       * Set to `true` to make `Deno` namespace and all of its methods
-       * available to worker thread.
-       *
-       * Currently worker inherits permissions from main thread (permissions
-       * given using `--allow-*` flags).
-       * Configurable permissions are on the roadmap to be implemented.
+       * Set deno.namespace to `true` to make `Deno` namespace and all of its methods
+       * available to worker thread. The namespace is disabled by default.
+       * 
+       * Configure deno.permissions options to change the level of access the worker will
+       * have. By default it will inherit the permissions of its parent thread. The permissions
+       * of a worker can't be extended beyond its parent's permissions reach.
+       * - "inherit" will take the permissions of the thread the worker is created in
+       * - You can disable/enable permissions all together by passing a boolean
+       * - You can provide a list of routes relative to the file the worker
+       *   is created in to limit the access of the worker (read/write permissions only)
        *
        * Example:
        *
        * ```ts
        * // mod.ts
        * const worker = new Worker(
-       *   new URL("deno_worker.ts", import.meta.url).href,
-       *   { type: "module", deno: true }
+       *   new URL("deno_worker.ts", import.meta.url).href, {
+       *     type: "module",
+       *     deno: {
+       *       namespace: true,
+       *       permissions: {
+       *         read: true,
+       *       },
+       *     },
+       *   }
        * );
        * worker.postMessage({ cmd: "readFile", fileName: "./log.txt" });
        *
@@ -707,7 +716,30 @@ declare class Worker extends EventTarget {
        * hello world2
        *
        */
-      deno?: boolean;
+      // TODO(Soremwar)
+      // `deno: true` is kept for backwards compatibility with the previous worker
+      // options implementation. Remove for 2.0
+      deno?: true | {
+        namespace?: boolean;
+        /** Set to false to disable all the permissions in the worker */
+        permissions?: "inherit" | false | {
+          env?: "inherit" | boolean;
+          hrtime?: "inherit" | boolean;
+          /**
+           * The format of the net access list must be `hostname[:port]`
+           * in order to be resolved
+           * 
+           * ```
+           * net: ["https://deno.land", "localhost:8080"],
+           * ```
+           * */
+          net?: "inherit" | boolean | string[];
+          plugin?: "inherit" | boolean;
+          read?: "inherit" | boolean | Array<string | URL>;
+          run?: "inherit" | boolean;
+          write?: "inherit" | boolean | Array<string | URL>;
+        };
+      };
     },
   );
   postMessage(message: any, transfer: ArrayBuffer[]): void;