refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)

This makes the permission system more versatile.
author: David Sherret <dsherret@users.noreply.github.com> 2024-09-16 21:39:37 +0100
committer: GitHub <noreply@github.com> 2024-09-16 21:39:37 +0100
commit: 62e952559f600e72d7498c9b12f906cb0b1ba150 (patch)
tree: 6dbcce6592973358ef4bf6341888b0bbbdb98cc5 /ext/ffi
parent: e0b9c745c15720914f14996bf357d5b375e2dbd8 (diff)
5 files changed, 52 insertions, 37 deletions
diff --git a/ext/ffi/call.rs b/ext/ffi/call.rs
index 380fc03a1..3572b9e81 100644
--- a/ext/ffi/call.rs
+++ b/ext/ffi/call.rs
@@ -287,7 +287,7 @@ where
   {
     let mut state = state.borrow_mut();
     let permissions = state.borrow_mut::<FP>();
-    permissions.check_partial(None)?;
+    permissions.check_partial_no_path()?;
   };
 
   let symbol = PtrSymbol::new(pointer, &def)?;
@@ -384,7 +384,7 @@ where
   {
     let mut state = state.borrow_mut();
     let permissions = state.borrow_mut::<FP>();
-    permissions.check_partial(None)?;
+    permissions.check_partial_no_path()?;
   };
 
   let symbol = PtrSymbol::new(pointer, &def)?;
diff --git a/ext/ffi/callback.rs b/ext/ffi/callback.rs
index 7d0114131..6fa166f52 100644
--- a/ext/ffi/callback.rs
+++ b/ext/ffi/callback.rs
@@ -557,7 +557,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   let thread_id: u32 = LOCAL_THREAD_ID.with(|s| {
     let value = *s.borrow();
diff --git a/ext/ffi/dlfcn.rs b/ext/ffi/dlfcn.rs
index 2bae5d223..10199bf85 100644
--- a/ext/ffi/dlfcn.rs
+++ b/ext/ffi/dlfcn.rs
@@ -19,7 +19,6 @@ use serde_value::ValueDeserializer;
 use std::borrow::Cow;
 use std::collections::HashMap;
 use std::ffi::c_void;
-use std::path::PathBuf;
 use std::rc::Rc;
 
 pub struct DynamicLibraryResource {
@@ -121,15 +120,13 @@ pub fn op_ffi_load<'scope, FP>(
 where
   FP: FfiPermissions + 'static,
 {
-  let path = args.path;
-
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(Some(&PathBuf::from(&path)))?;
+  let path = permissions.check_partial_with_path(&args.path)?;
 
   let lib = Library::open(&path).map_err(|e| {
     dlopen2::Error::OpeningLibraryError(std::io::Error::new(
       std::io::ErrorKind::Other,
-      format_error(e, path),
+      format_error(e, &path),
     ))
   })?;
   let mut resource = DynamicLibraryResource {
@@ -290,7 +287,10 @@ fn sync_fn_impl<'s>(
 
 // `path` is only used on Windows.
 #[allow(unused_variables)]
-pub(crate) fn format_error(e: dlopen2::Error, path: String) -> String {
+pub(crate) fn format_error(
+  e: dlopen2::Error,
+  path: &std::path::Path,
+) -> String {
   match e {
     #[cfg(target_os = "windows")]
     // This calls FormatMessageW with library path
@@ -300,7 +300,6 @@ pub(crate) fn format_error(e: dlopen2::Error, path: String) -> String {
     //
     // https://github.com/denoland/deno/issues/11632
     dlopen2::Error::OpeningLibraryError(e) => {
-      use std::ffi::OsStr;
       use std::os::windows::ffi::OsStrExt;
       use winapi::shared::minwindef::DWORD;
       use winapi::shared::winerror::ERROR_INSUFFICIENT_BUFFER;
@@ -324,7 +323,8 @@ pub(crate) fn format_error(e: dlopen2::Error, path: String) -> String {
 
       let mut buf = vec![0; 500];
 
-      let path = OsStr::new(&path)
+      let path = path
+        .as_os_str()
         .encode_wide()
         .chain(Some(0))
         .collect::<Vec<_>>();
@@ -384,7 +384,7 @@ mod tests {
       std::io::Error::from_raw_os_error(0x000000C1),
     );
     assert_eq!(
-      format_error(err, "foo.dll".to_string()),
+      format_error(err, &std::path::PathBuf::from("foo.dll")),
       "foo.dll is not a valid Win32 application.\r\n".to_string(),
     );
   }
diff --git a/ext/ffi/lib.rs b/ext/ffi/lib.rs
index 59d241c5a..77ec3c85e 100644
--- a/ext/ffi/lib.rs
+++ b/ext/ffi/lib.rs
@@ -5,7 +5,7 @@ use deno_core::error::AnyError;
 use std::mem::size_of;
 use std::os::raw::c_char;
 use std::os::raw::c_short;
-use std::path::Path;
+use std::path::PathBuf;
 
 mod call;
 mod callback;
@@ -41,13 +41,28 @@ const _: () = {
 pub const UNSTABLE_FEATURE_NAME: &str = "ffi";
 
 pub trait FfiPermissions {
-  fn check_partial(&mut self, path: Option<&Path>) -> Result<(), AnyError>;
+  fn check_partial_no_path(&mut self) -> Result<(), AnyError>;
+  #[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
+  fn check_partial_with_path(
+    &mut self,
+    path: &str,
+  ) -> Result<PathBuf, AnyError>;
 }
 
 impl FfiPermissions for deno_permissions::PermissionsContainer {
   #[inline(always)]
-  fn check_partial(&mut self, path: Option<&Path>) -> Result<(), AnyError> {
-    deno_permissions::PermissionsContainer::check_ffi_partial(self, path)
+  fn check_partial_no_path(&mut self) -> Result<(), AnyError> {
+    deno_permissions::PermissionsContainer::check_ffi_partial_no_path(self)
+  }
+
+  #[inline(always)]
+  fn check_partial_with_path(
+    &mut self,
+    path: &str,
+  ) -> Result<PathBuf, AnyError> {
+    deno_permissions::PermissionsContainer::check_ffi_partial_with_path(
+      self, path,
+    )
   }
 }
 
diff --git a/ext/ffi/repr.rs b/ext/ffi/repr.rs
index f56537475..315e6d53b 100644
--- a/ext/ffi/repr.rs
+++ b/ext/ffi/repr.rs
@@ -21,7 +21,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   Ok(ptr_number as *mut c_void)
 }
@@ -36,7 +36,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   Ok(a == b)
 }
@@ -50,7 +50,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   Ok(buf as *mut c_void)
 }
@@ -64,7 +64,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   let Some(buf) = buf.get_backing_store() else {
     return Ok(0 as _);
@@ -85,7 +85,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid pointer to offset, pointer is null"));
@@ -115,7 +115,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   Ok(ptr as usize)
 }
@@ -132,7 +132,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid ArrayBuffer pointer, pointer is null"));
@@ -164,7 +164,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if src.is_null() {
     Err(type_error("Invalid ArrayBuffer pointer, pointer is null"))
@@ -195,7 +195,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid CString pointer, pointer is null"));
@@ -221,7 +221,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid bool pointer, pointer is null"));
@@ -241,7 +241,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid u8 pointer, pointer is null"));
@@ -263,7 +263,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid i8 pointer, pointer is null"));
@@ -285,7 +285,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid u16 pointer, pointer is null"));
@@ -307,7 +307,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid i16 pointer, pointer is null"));
@@ -329,7 +329,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid u32 pointer, pointer is null"));
@@ -349,7 +349,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid i32 pointer, pointer is null"));
@@ -372,7 +372,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid u64 pointer, pointer is null"));
@@ -398,7 +398,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid i64 pointer, pointer is null"));
@@ -421,7 +421,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid f32 pointer, pointer is null"));
@@ -441,7 +441,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid f64 pointer, pointer is null"));
@@ -461,7 +461,7 @@ where
   FP: FfiPermissions + 'static,
 {
   let permissions = state.borrow_mut::<FP>();
-  permissions.check_partial(None)?;
+  permissions.check_partial_no_path()?;
 
   if ptr.is_null() {
     return Err(type_error("Invalid pointer pointer, pointer is null"));
author	David Sherret <dsherret@users.noreply.github.com>	2024-09-16 21:39:37 +0100
committer	GitHub <noreply@github.com>	2024-09-16 21:39:37 +0100
commit	62e952559f600e72d7498c9b12f906cb0b1ba150 (patch)
tree	6dbcce6592973358ef4bf6341888b0bbbdb98cc5 /ext/ffi
parent	e0b9c745c15720914f14996bf357d5b375e2dbd8 (diff)