refactor: bury descriptor parsing in PermissionsContainer (#25936)

Closes https://github.com/denoland/deno/issues/25634

6 files changed, 7 insertions, 49 deletions

diff --git a/cli/args/flags.rs b/cli/args/flags.rs
index 13c93fa83..2cbf46394 100644
--- a/cli/args/flags.rs
+++ b/cli/args/flags.rs
@@ -34,8 +34,8 @@ use deno_core::url::Url;
 use deno_graph::GraphKind;
 use deno_path_util::normalize_path;
 use deno_path_util::url_to_file_path;
-use deno_runtime::deno_permissions::parse_sys_kind;
 use deno_runtime::deno_permissions::PermissionsOptions;
+use deno_runtime::deno_permissions::SysDescriptor;
 use log::debug;
 use log::Level;
 use serde::Deserialize;
@@ -3448,7 +3448,7 @@ fn permission_args(app: Command, requires: Option<&'static str>) -> Command {
           .require_equals(true)
           .value_name("API_NAME")
           .help("Allow access to OS information. Optionally allow specific APIs by function name")
-          .value_parser(|key: &str| parse_sys_kind(key).map(ToString::to_string))
+          .value_parser(|key: &str| SysDescriptor::parse(key.to_string()).map(|s| s.into_string()))
           .hide(true)
           ;
         if let Some(requires) = requires {
@@ -3466,7 +3466,7 @@ fn permission_args(app: Command, requires: Option<&'static str>) -> Command {
           .require_equals(true)
           .value_name("API_NAME")
           .help("Deny access to OS information. Optionally deny specific APIs by function name")
-          .value_parser(|key: &str| parse_sys_kind(key).map(ToString::to_string))
+          .value_parser(|key: &str| SysDescriptor::parse(key.to_string()).map(|s| s.into_string()))
           .hide(true)
           ;
         if let Some(requires) = requires {
diff --git a/cli/factory.rs b/cli/factory.rs
index 770aeefa1..ffe7f8d2f 100644
--- a/cli/factory.rs
+++ b/cli/factory.rs
@@ -824,7 +824,6 @@ impl CliFactory {
       )),
       node_resolver.clone(),
       npm_resolver.clone(),
-      self.permission_desc_parser()?.clone(),
       self.root_cert_store_provider().clone(),
       self.root_permissions_container()?.clone(),
       StorageKeyResolver::from_options(cli_options),
diff --git a/cli/ops/bench.rs b/cli/ops/bench.rs
index edd8c118c..5d1e6e746 100644
--- a/cli/ops/bench.rs
+++ b/cli/ops/bench.rs
@@ -2,7 +2,6 @@
 
 use std::sync::atomic::AtomicUsize;
 use std::sync::atomic::Ordering;
-use std::sync::Arc;
 use std::time;
 
 use deno_core::error::generic_error;
@@ -12,9 +11,7 @@ use deno_core::op2;
 use deno_core::v8;
 use deno_core::ModuleSpecifier;
 use deno_core::OpState;
-use deno_runtime::deno_permissions::create_child_permissions;
 use deno_runtime::deno_permissions::ChildPermissionsArg;
-use deno_runtime::deno_permissions::PermissionDescriptorParser;
 use deno_runtime::deno_permissions::PermissionsContainer;
 use tokio::sync::mpsc::UnboundedSender;
 use uuid::Uuid;
@@ -61,19 +58,8 @@ pub fn op_pledge_test_permissions(
   #[serde] args: ChildPermissionsArg,
 ) -> Result<Uuid, AnyError> {
   let token = Uuid::new_v4();
-  let permission_desc_parser = state
-    .borrow::<Arc<dyn PermissionDescriptorParser>>()
-    .clone();
   let parent_permissions = state.borrow_mut::<PermissionsContainer>();
-  let worker_permissions = {
-    let mut parent_permissions = parent_permissions.inner.lock();
-    let perms = create_child_permissions(
-      permission_desc_parser.as_ref(),
-      &mut parent_permissions,
-      args,
-    )?;
-    PermissionsContainer::new(permission_desc_parser, perms)
-  };
+  let worker_permissions = parent_permissions.create_child_permissions(args)?;
   let parent_permissions = parent_permissions.clone();
 
   if state.try_take::<PermissionsHolder>().is_some() {
@@ -83,7 +69,6 @@ pub fn op_pledge_test_permissions(
   state.put::<PermissionsHolder>(PermissionsHolder(token, parent_permissions));
 
   // NOTE: This call overrides current permission set for the worker
-  state.put(worker_permissions.inner.clone());
   state.put::<PermissionsContainer>(worker_permissions);
 
   Ok(token)
@@ -100,7 +85,6 @@ pub fn op_restore_test_permissions(
     }
 
     let permissions = permissions_holder.1;
-    state.put(permissions.inner.clone());
     state.put::<PermissionsContainer>(permissions);
     Ok(())
   } else {
diff --git a/cli/ops/testing.rs b/cli/ops/testing.rs
index 6a8d31006..c3f469656 100644
--- a/cli/ops/testing.rs
+++ b/cli/ops/testing.rs
@@ -16,13 +16,10 @@ use deno_core::op2;
 use deno_core::v8;
 use deno_core::ModuleSpecifier;
 use deno_core::OpState;
-use deno_runtime::deno_permissions::create_child_permissions;
 use deno_runtime::deno_permissions::ChildPermissionsArg;
-use deno_runtime::deno_permissions::PermissionDescriptorParser;
 use deno_runtime::deno_permissions::PermissionsContainer;
 use std::sync::atomic::AtomicUsize;
 use std::sync::atomic::Ordering;
-use std::sync::Arc;
 use uuid::Uuid;
 
 deno_core::extension!(deno_test,
@@ -56,19 +53,8 @@ pub fn op_pledge_test_permissions(
   #[serde] args: ChildPermissionsArg,
 ) -> Result<Uuid, AnyError> {
   let token = Uuid::new_v4();
-  let permission_desc_parser = state
-    .borrow::<Arc<dyn PermissionDescriptorParser>>()
-    .clone();
   let parent_permissions = state.borrow_mut::<PermissionsContainer>();
-  let worker_permissions = {
-    let mut parent_permissions = parent_permissions.inner.lock();
-    let perms = create_child_permissions(
-      permission_desc_parser.as_ref(),
-      &mut parent_permissions,
-      args,
-    )?;
-    PermissionsContainer::new(permission_desc_parser, perms)
-  };
+  let worker_permissions = parent_permissions.create_child_permissions(args)?;
   let parent_permissions = parent_permissions.clone();
 
   if state.try_take::<PermissionsHolder>().is_some() {
@@ -77,7 +63,6 @@ pub fn op_pledge_test_permissions(
   state.put::<PermissionsHolder>(PermissionsHolder(token, parent_permissions));
 
   // NOTE: This call overrides current permission set for the worker
-  state.put(worker_permissions.inner.clone());
   state.put::<PermissionsContainer>(worker_permissions);
 
   Ok(token)
@@ -94,7 +79,6 @@ pub fn op_restore_test_permissions(
     }
 
     let permissions = permissions_holder.1;
-    state.put(permissions.inner.clone());
     state.put::<PermissionsContainer>(permissions);
     Ok(())
   } else {
diff --git a/cli/standalone/mod.rs b/cli/standalone/mod.rs
index 93ac6002b..56f76ffb9 100644
--- a/cli/standalone/mod.rs
+++ b/cli/standalone/mod.rs
@@ -693,8 +693,6 @@ pub async fn run(
     }
     checker
   });
-  let permission_desc_parser =
-    Arc::new(RuntimePermissionDescriptorParser::new(fs.clone()));
   let worker_factory = CliMainWorkerFactory::new(
     Arc::new(BlobStore::default()),
     // Code cache is not supported for standalone binary yet.
@@ -707,7 +705,6 @@ pub async fn run(
     Box::new(module_loader_factory),
     node_resolver,
     npm_resolver,
-    permission_desc_parser,
     root_cert_store_provider,
     permissions,
     StorageKeyResolver::empty(),
diff --git a/cli/worker.rs b/cli/worker.rs
index 71bdfd661..cc18c0d15 100644
--- a/cli/worker.rs
+++ b/cli/worker.rs
@@ -31,7 +31,6 @@ use deno_runtime::fmt_errors::format_js_error;
 use deno_runtime::inspector_server::InspectorServer;
 use deno_runtime::ops::process::NpmProcessStateProviderRc;
 use deno_runtime::ops::worker_host::CreateWebWorkerCb;
-use deno_runtime::permissions::RuntimePermissionDescriptorParser;
 use deno_runtime::web_worker::WebWorker;
 use deno_runtime::web_worker::WebWorkerOptions;
 use deno_runtime::web_worker::WebWorkerServiceOptions;
@@ -136,7 +135,6 @@ struct SharedWorkerState {
   module_loader_factory: Box<dyn ModuleLoaderFactory>,
   node_resolver: Arc<NodeResolver>,
   npm_resolver: Arc<dyn CliNpmResolver>,
-  permission_desc_parser: Arc<RuntimePermissionDescriptorParser>,
   root_cert_store_provider: Arc<dyn RootCertStoreProvider>,
   root_permissions: PermissionsContainer,
   shared_array_buffer_store: SharedArrayBufferStore,
@@ -433,7 +431,6 @@ impl CliMainWorkerFactory {
     module_loader_factory: Box<dyn ModuleLoaderFactory>,
     node_resolver: Arc<NodeResolver>,
     npm_resolver: Arc<dyn CliNpmResolver>,
-    permission_parser: Arc<RuntimePermissionDescriptorParser>,
     root_cert_store_provider: Arc<dyn RootCertStoreProvider>,
     root_permissions: PermissionsContainer,
     storage_key_resolver: StorageKeyResolver,
@@ -454,7 +451,6 @@ impl CliMainWorkerFactory {
         module_loader_factory,
         node_resolver,
         npm_resolver,
-        permission_desc_parser: permission_parser,
         root_cert_store_provider,
         root_permissions,
         shared_array_buffer_store: Default::default(),
@@ -586,7 +582,6 @@ impl CliMainWorkerFactory {
       ),
       feature_checker,
       permissions,
-      permission_desc_parser: shared.permission_desc_parser.clone(),
       v8_code_cache: shared.code_cache.clone(),
     };
     let options = WorkerOptions {
@@ -784,7 +779,6 @@ fn create_web_worker_callback(
       ),
       maybe_inspector_server,
       feature_checker,
-      permission_desc_parser: shared.permission_desc_parser.clone(),
       npm_process_state_provider: Some(shared.npm_process_state_provider()),
       permissions: args.permissions,
     };
@@ -849,6 +843,7 @@ mod tests {
   use deno_core::FsModuleLoader;
   use deno_fs::RealFs;
   use deno_runtime::deno_permissions::Permissions;
+  use deno_runtime::permissions::RuntimePermissionDescriptorParser;
 
   fn create_test_worker() -> MainWorker {
     let main_module =
@@ -866,7 +861,7 @@ mod tests {
       WorkerServiceOptions {
         module_loader: Rc::new(FsModuleLoader),
         permissions: PermissionsContainer::new(
-          permission_desc_parser.clone(),
+          permission_desc_parser,
           Permissions::none_without_prompt(),
         ),
         blob_store: Default::default(),
@@ -874,7 +869,6 @@ mod tests {
         feature_checker: Default::default(),
         node_services: Default::default(),
         npm_process_state_provider: Default::default(),
-        permission_desc_parser,
         root_cert_store_provider: Default::default(),
         shared_array_buffer_store: Default::default(),
         compiled_wasm_module_store: Default::default(),