diff options
| author | Bartek IwaĆczuk <biwanczuk@gmail.com> | 2023-01-07 17:25:34 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-07 17:25:34 +0100 |
| commit | fac64478157ee563b185edb5734688e4523df3a1 (patch) | |
| tree | 888d562982e1fc37dfb9a4459928bcec84d55dfc /runtime/ops/os/mod.rs | |
| parent | 82e930726ee5dbac8e6eae0962c07c72daf9843c (diff) | |
refactor(permissions): add PermissionsContainer struct for internal mutability (#17134)
Turns out we were cloning permissions which after prompting were discarded,
so the state of permissions was never preserved. To handle that we need to store
all permissions behind "Arc<Mutex<>>" (because there are situations where we
need to send them to other thread).
Testing and benching code still uses "Permissions" in most places - it's undesirable
to share the same permission set between various test/bench files - otherwise
granting or revoking permissions in one file would influence behavior of other test
files.
Diffstat (limited to 'runtime/ops/os/mod.rs')
| -rw-r--r-- | runtime/ops/os/mod.rs | 68 |
1 files changed, 28 insertions, 40 deletions
diff --git a/runtime/ops/os/mod.rs b/runtime/ops/os/mod.rs index 28184c949..537bb33f9 100644 --- a/runtime/ops/os/mod.rs +++ b/runtime/ops/os/mod.rs @@ -1,7 +1,7 @@ // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. use super::utils::into_string; -use crate::permissions::Permissions; +use crate::permissions::PermissionsContainer; use crate::worker::ExitCode; use deno_core::error::{type_error, AnyError}; use deno_core::op; @@ -68,11 +68,9 @@ fn noop_op() -> Result<(), AnyError> { #[op] fn op_exec_path(state: &mut OpState) -> Result<String, AnyError> { let current_exe = env::current_exe().unwrap(); - state.borrow_mut::<Permissions>().read.check_blind( - ¤t_exe, - "exec_path", - "Deno.execPath()", - )?; + state + .borrow_mut::<PermissionsContainer>() + .check_read_blind(¤t_exe, "exec_path", "Deno.execPath()")?; // Now apply URL parser to current exe to get fully resolved path, otherwise // we might get `./` and `../` bits in `exec_path` let exe_url = Url::from_file_path(current_exe).unwrap(); @@ -87,7 +85,7 @@ fn op_set_env( key: String, value: String, ) -> Result<(), AnyError> { - state.borrow_mut::<Permissions>().env.check(&key)?; + state.borrow_mut::<PermissionsContainer>().check_env(&key)?; if key.is_empty() { return Err(type_error("Key is an empty string.")); } @@ -109,7 +107,7 @@ fn op_set_env( #[op] fn op_env(state: &mut OpState) -> Result<HashMap<String, String>, AnyError> { - state.borrow_mut::<Permissions>().env.check_all()?; + state.borrow_mut::<PermissionsContainer>().check_env_all()?; Ok(env::vars().collect()) } @@ -121,7 +119,7 @@ fn op_get_env( let skip_permission_check = NODE_ENV_VAR_ALLOWLIST.contains(&key); if !skip_permission_check { - state.borrow_mut::<Permissions>().env.check(&key)?; + state.borrow_mut::<PermissionsContainer>().check_env(&key)?; } if key.is_empty() { @@ -144,7 +142,7 @@ fn op_get_env( #[op] fn op_delete_env(state: &mut OpState, key: String) -> Result<(), AnyError> { - state.borrow_mut::<Permissions>().env.check(&key)?; + state.borrow_mut::<PermissionsContainer>().check_env(&key)?; if key.is_empty() || key.contains(&['=', '\0'] as &[char]) { return Err(type_error("Key contains invalid characters.")); } @@ -166,27 +164,24 @@ fn op_exit(state: &mut OpState) { #[op] fn op_loadavg(state: &mut OpState) -> Result<(f64, f64, f64), AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("loadavg", Some("Deno.loadavg()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("loadavg", "Deno.loadavg()")?; Ok(sys_info::loadavg()) } #[op] fn op_hostname(state: &mut OpState) -> Result<String, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("hostname", Some("Deno.hostname()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("hostname", "Deno.hostname()")?; Ok(sys_info::hostname()) } #[op] fn op_os_release(state: &mut OpState) -> Result<String, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("osRelease", Some("Deno.osRelease()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("osRelease", "Deno.osRelease()")?; Ok(sys_info::os_release()) } @@ -195,9 +190,8 @@ fn op_network_interfaces( state: &mut OpState, ) -> Result<Vec<NetworkInterface>, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("networkInterfaces", Some("Deno.networkInterfaces()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("networkInterfaces", "Deno.networkInterfaces()")?; Ok(netif::up()?.map(NetworkInterface::from).collect()) } @@ -250,9 +244,8 @@ fn op_system_memory_info( state: &mut OpState, ) -> Result<Option<sys_info::MemInfo>, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("systemMemoryInfo", Some("Deno.systemMemoryInfo()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("systemMemoryInfo", "Deno.systemMemoryInfo()")?; Ok(sys_info::mem_info()) } @@ -260,9 +253,8 @@ fn op_system_memory_info( #[op] fn op_gid(state: &mut OpState) -> Result<Option<u32>, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("gid", Some("Deno.gid()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("gid", "Deno.gid()")?; // TODO(bartlomieju): #[allow(clippy::undocumented_unsafe_blocks)] unsafe { @@ -274,9 +266,8 @@ fn op_gid(state: &mut OpState) -> Result<Option<u32>, AnyError> { #[op] fn op_gid(state: &mut OpState) -> Result<Option<u32>, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("gid", Some("Deno.gid()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("gid", "Deno.gid()")?; Ok(None) } @@ -284,9 +275,8 @@ fn op_gid(state: &mut OpState) -> Result<Option<u32>, AnyError> { #[op] fn op_uid(state: &mut OpState) -> Result<Option<u32>, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("uid", Some("Deno.uid()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("uid", "Deno.uid()")?; // TODO(bartlomieju): #[allow(clippy::undocumented_unsafe_blocks)] unsafe { @@ -298,9 +288,8 @@ fn op_uid(state: &mut OpState) -> Result<Option<u32>, AnyError> { #[op] fn op_uid(state: &mut OpState) -> Result<Option<u32>, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("uid", Some("Deno.uid()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("uid", "Deno.uid()")?; Ok(None) } @@ -428,9 +417,8 @@ fn rss() -> usize { fn os_uptime(state: &mut OpState) -> Result<u64, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("osUptime", Some("Deno.osUptime()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("osUptime", "Deno.osUptime()")?; Ok(sys_info::os_uptime()) } |