feat: Add configurable permissions for Workers (#8215)

This commit adds new option to "Worker" Web API that allows to configure permissions. New "Worker.deno.permissions" option can be used to define limited permissions to the worker thread by either: - inherit set of parent thread permissions - use limited subset of parent thread permissions - revoke all permissions (full sandbox) In order to achieve this functionality "CliModuleLoader" was modified to accept "initial permissions", which are used for top module loading (ie. uses parent thread permission set to load top level module of a worker).
author: Steven Guerrero <stephenguerrero43@gmail.com> 2021-01-06 15:31:16 -0500
committer: GitHub <noreply@github.com> 2021-01-06 21:31:16 +0100
commit: adc2f08c178f51b3ddd5f1c2e3d7f5603424521e (patch)
tree: 99d61fca9bfdad4e427f9d2d6d1719f69d09c96a /cli/main.rs
parent: 2e18fcebcc2ee931ee952ac2fe2175d6ec7acf69 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/cli/main.rs b/cli/main.rs
index b622cccf3..a247389d9 100644
--- a/cli/main.rs
+++ b/cli/main.rs
@@ -100,7 +100,10 @@ fn create_web_worker_callback(
       || program_state.coverage_dir.is_some();
     let maybe_inspector_server = program_state.maybe_inspector_server.clone();
 
-    let module_loader = CliModuleLoader::new_for_worker(program_state.clone());
+    let module_loader = CliModuleLoader::new_for_worker(
+      program_state.clone(),
+      args.parent_permissions.clone(),
+    );
     let create_web_worker_cb =
       create_web_worker_callback(program_state.clone());
author	Steven Guerrero <stephenguerrero43@gmail.com>	2021-01-06 15:31:16 -0500
committer	GitHub <noreply@github.com>	2021-01-06 21:31:16 +0100
commit	adc2f08c178f51b3ddd5f1c2e3d7f5603424521e (patch)
tree	99d61fca9bfdad4e427f9d2d6d1719f69d09c96a /cli/main.rs
parent	2e18fcebcc2ee931ee952ac2fe2175d6ec7acf69 (diff)