BREAKING(permissions): remove --allow-hrtime (#25367)

Remove `--allow-hrtime` and `--deny-hrtime`. We are doing this because it is already possible to get access to high resolution timers through workers and SharedArrayBuffer. Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
author: Luca Casonato <hello@lcas.dev> 2024-09-03 11:24:25 +0200
committer: GitHub <noreply@github.com> 2024-09-03 11:24:25 +0200
commit: 5cf97f539bb0c3d2bda918f53cd4a976c03b37e3 (patch)
tree: 82f05b270b3df52609e3d0d6c86a768d1399e257 /runtime/permissions
parent: b5695d02df75719bca0df1aae0622b22761b1533 (diff)
1 files changed, 1 insertions, 92 deletions
diff --git a/runtime/permissions/lib.rs b/runtime/permissions/lib.rs
index 55a94d909..7227bebf8 100644
--- a/runtime/permissions/lib.rs
+++ b/runtime/permissions/lib.rs
@@ -1416,7 +1416,6 @@ pub struct Permissions {
   pub run: UnaryPermission<RunDescriptor>,
   pub ffi: UnaryPermission<FfiDescriptor>,
   pub all: UnitPermission,
-  pub hrtime: UnitPermission,
 }
 
 #[derive(Clone, Debug, Eq, PartialEq, Default, Serialize, Deserialize)]
@@ -1424,8 +1423,6 @@ pub struct PermissionsOptions {
   pub allow_all: bool,
   pub allow_env: Option<Vec<String>>,
   pub deny_env: Option<Vec<String>>,
-  pub allow_hrtime: bool,
-  pub deny_hrtime: bool,
   pub allow_net: Option<Vec<String>>,
   pub deny_net: Option<Vec<String>>,
   pub allow_ffi: Option<Vec<PathBuf>>,
@@ -1460,19 +1457,6 @@ impl Permissions {
     })
   }
 
-  pub const fn new_hrtime(
-    allow_state: bool,
-    deny_state: bool,
-  ) -> UnitPermission {
-    unit_permission_from_flag_bools(
-      allow_state,
-      deny_state,
-      "hrtime",
-      "high precision time",
-      false, // never prompt for hrtime
-    )
-  }
-
   pub const fn new_all(allow_state: bool) -> UnitPermission {
     unit_permission_from_flag_bools(
       allow_state,
@@ -1521,7 +1505,6 @@ impl Permissions {
         opts.prompt,
       )?,
       all: Permissions::new_all(opts.allow_all),
-      hrtime: Permissions::new_hrtime(opts.allow_hrtime, opts.deny_hrtime),
     })
   }
 
@@ -1536,7 +1519,6 @@ impl Permissions {
       run: UnaryPermission::allow_all(),
       ffi: UnaryPermission::allow_all(),
       all: Permissions::new_all(true),
-      hrtime: Permissions::new_hrtime(true, false),
     }
   }
 
@@ -1560,7 +1542,6 @@ impl Permissions {
       run: Permissions::new_unary(&None, &None, prompt).unwrap(),
       ffi: Permissions::new_unary(&None, &None, prompt).unwrap(),
       all: Permissions::new_all(false),
-      hrtime: Permissions::new_hrtime(false, false),
     }
   }
 
@@ -1598,11 +1579,6 @@ impl PermissionsContainer {
     Self(Arc::new(Mutex::new(perms)))
   }
 
-  #[inline(always)]
-  pub fn allow_hrtime(&mut self) -> bool {
-    self.0.lock().hrtime.check().is_ok()
-  }
-
   pub fn allow_all() -> Self {
     Self::new(Permissions::allow_all())
   }
@@ -2115,7 +2091,6 @@ impl<'de> Deserialize<'de> for ChildUnaryPermissionArg {
 #[derive(Debug, Eq, PartialEq)]
 pub struct ChildPermissionsArg {
   env: ChildUnaryPermissionArg,
-  hrtime: ChildUnitPermissionArg,
   net: ChildUnaryPermissionArg,
   ffi: ChildUnaryPermissionArg,
   read: ChildUnaryPermissionArg,
@@ -2128,7 +2103,6 @@ impl ChildPermissionsArg {
   pub fn inherit() -> Self {
     ChildPermissionsArg {
       env: ChildUnaryPermissionArg::Inherit,
-      hrtime: ChildUnitPermissionArg::Inherit,
       net: ChildUnaryPermissionArg::Inherit,
       ffi: ChildUnaryPermissionArg::Inherit,
       read: ChildUnaryPermissionArg::Inherit,
@@ -2141,7 +2115,6 @@ impl ChildPermissionsArg {
   pub fn none() -> Self {
     ChildPermissionsArg {
       env: ChildUnaryPermissionArg::NotGranted,
-      hrtime: ChildUnitPermissionArg::NotGranted,
       net: ChildUnaryPermissionArg::NotGranted,
       ffi: ChildUnaryPermissionArg::NotGranted,
       read: ChildUnaryPermissionArg::NotGranted,
@@ -2198,11 +2171,6 @@ impl<'de> Deserialize<'de> for ChildPermissionsArg {
             child_permissions_arg.env = arg.map_err(|e| {
               de::Error::custom(format!("(deno.permissions.env) {e}"))
             })?;
-          } else if key == "hrtime" {
-            let arg = serde_json::from_value::<ChildUnitPermissionArg>(value);
-            child_permissions_arg.hrtime = arg.map_err(|e| {
-              de::Error::custom(format!("(deno.permissions.hrtime) {e}"))
-            })?;
           } else if key == "net" {
             let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value);
             child_permissions_arg.net = arg.map_err(|e| {
@@ -2258,13 +2226,6 @@ pub fn create_child_permissions(
     }
   }
 
-  fn is_granted_unit(arg: &ChildUnitPermissionArg) -> bool {
-    match arg {
-      ChildUnitPermissionArg::Inherit | ChildUnitPermissionArg::Granted => true,
-      ChildUnitPermissionArg::NotGranted => false,
-    }
-  }
-
   let mut worker_perms = Permissions::none_without_prompt();
 
   worker_perms.all = main_perms
@@ -2282,9 +2243,7 @@ pub fn create_child_permissions(
       &child_permissions_arg.run,
       &child_permissions_arg.ffi,
     ];
-    let unit_perms = [&child_permissions_arg.hrtime];
-    let allow_all = unary_perms.into_iter().all(is_granted_unary)
-      && unit_perms.into_iter().all(is_granted_unit);
+    let allow_all = unary_perms.into_iter().all(is_granted_unary);
     if !allow_all {
       worker_perms.all.revoke();
     }
@@ -2313,9 +2272,6 @@ pub fn create_child_permissions(
   worker_perms.ffi = main_perms
     .ffi
     .create_child_permissions(child_permissions_arg.ffi)?;
-  worker_perms.hrtime = main_perms
-    .hrtime
-    .create_child_permissions(child_permissions_arg.hrtime)?;
 
   Ok(worker_perms)
 }
@@ -2747,7 +2703,6 @@ mod tests {
         .unwrap(),
       run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(),
       all: Permissions::new_all(false),
-      hrtime: Permissions::new_hrtime(false, false),
     };
     let perms3 = Permissions {
       read: Permissions::new_unary(
@@ -2775,7 +2730,6 @@ mod tests {
         .unwrap(),
       run: Permissions::new_unary(&None, &Some(svec!["deno"]), false).unwrap(),
       all: Permissions::new_all(false),
-      hrtime: Permissions::new_hrtime(false, true),
     };
     let perms4 = Permissions {
       read: Permissions::new_unary(
@@ -2813,7 +2767,6 @@ mod tests {
       run: Permissions::new_unary(&Some(vec![]), &Some(svec!["deno"]), false)
         .unwrap(),
       all: Permissions::new_all(false),
-      hrtime: Permissions::new_hrtime(true, true),
     };
     #[rustfmt::skip]
     {
@@ -2889,10 +2842,6 @@ mod tests {
       assert_eq!(perms4.run.query(None), PermissionState::GrantedPartial);
       assert_eq!(perms4.run.query(Some("deno")), PermissionState::Denied);
       assert_eq!(perms4.run.query(Some("node")), PermissionState::Granted);
-      assert_eq!(perms1.hrtime.query(), PermissionState::Granted);
-      assert_eq!(perms2.hrtime.query(), PermissionState::Prompt);
-      assert_eq!(perms3.hrtime.query(), PermissionState::Denied);
-      assert_eq!(perms4.hrtime.query(), PermissionState::Denied);
     };
   }
 
@@ -2937,10 +2886,6 @@ mod tests {
       assert_eq!(perms.run.query(None), PermissionState::Prompt);
       prompt_value.set(false);
       assert_eq!(perms.run.request(Some("deno")), PermissionState::Granted);
-      prompt_value.set(false);
-      assert_eq!(perms.hrtime.request(), PermissionState::Denied);
-      prompt_value.set(true);
-      assert_eq!(perms.hrtime.request(), PermissionState::Denied);
     };
   }
 
@@ -2977,7 +2922,6 @@ mod tests {
         .unwrap(),
       run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(),
       all: Permissions::new_all(false),
-      hrtime: Permissions::new_hrtime(false, true),
     };
     #[rustfmt::skip]
     {
@@ -2996,7 +2940,6 @@ mod tests {
       assert_eq!(perms.env.revoke(Some("HOME")), PermissionState::Prompt);
       assert_eq!(perms.env.revoke(Some("hostname")), PermissionState::Prompt);
       assert_eq!(perms.run.revoke(Some("deno")), PermissionState::Prompt);
-      assert_eq!(perms.hrtime.revoke(), PermissionState::Denied);
     };
   }
 
@@ -3080,8 +3023,6 @@ mod tests {
     prompt_value.set(false);
     assert!(perms.env.check("hostname", None).is_ok());
     assert!(perms.env.check("osRelease", None).is_err());
-
-    assert!(perms.hrtime.check().is_err());
   }
 
   #[test]
@@ -3183,11 +3124,6 @@ mod tests {
     assert!(perms.sys.check("osRelease", None).is_ok());
     prompt_value.set(false);
     assert!(perms.sys.check("osRelease", None).is_ok());
-
-    prompt_value.set(false);
-    assert!(perms.hrtime.check().is_err());
-    prompt_value.set(true);
-    assert!(perms.hrtime.check().is_err());
   }
 
   #[test]
@@ -3278,7 +3214,6 @@ mod tests {
       ChildPermissionsArg::inherit(),
       ChildPermissionsArg {
         env: ChildUnaryPermissionArg::Inherit,
-        hrtime: ChildUnitPermissionArg::Inherit,
         net: ChildUnaryPermissionArg::Inherit,
         ffi: ChildUnaryPermissionArg::Inherit,
         read: ChildUnaryPermissionArg::Inherit,
@@ -3291,7 +3226,6 @@ mod tests {
       ChildPermissionsArg::none(),
       ChildPermissionsArg {
         env: ChildUnaryPermissionArg::NotGranted,
-        hrtime: ChildUnitPermissionArg::NotGranted,
         net: ChildUnaryPermissionArg::NotGranted,
         ffi: ChildUnaryPermissionArg::NotGranted,
         read: ChildUnaryPermissionArg::NotGranted,
@@ -3324,26 +3258,6 @@ mod tests {
     );
     assert_eq!(
       serde_json::from_value::<ChildPermissionsArg>(json!({
-        "hrtime": true,
-      }))
-      .unwrap(),
-      ChildPermissionsArg {
-        hrtime: ChildUnitPermissionArg::Granted,
-        ..ChildPermissionsArg::none()
-      }
-    );
-    assert_eq!(
-      serde_json::from_value::<ChildPermissionsArg>(json!({
-        "hrtime": false,
-      }))
-      .unwrap(),
-      ChildPermissionsArg {
-        hrtime: ChildUnitPermissionArg::NotGranted,
-        ..ChildPermissionsArg::none()
-      }
-    );
-    assert_eq!(
-      serde_json::from_value::<ChildPermissionsArg>(json!({
         "env": true,
         "net": true,
         "ffi": true,
@@ -3361,7 +3275,6 @@ mod tests {
         run: ChildUnaryPermissionArg::Granted,
         sys: ChildUnaryPermissionArg::Granted,
         write: ChildUnaryPermissionArg::Granted,
-        ..ChildPermissionsArg::none()
       }
     );
     assert_eq!(
@@ -3383,7 +3296,6 @@ mod tests {
         run: ChildUnaryPermissionArg::NotGranted,
         sys: ChildUnaryPermissionArg::NotGranted,
         write: ChildUnaryPermissionArg::NotGranted,
-        ..ChildPermissionsArg::none()
       }
     );
     assert_eq!(
@@ -3421,7 +3333,6 @@ mod tests {
           "foo",
           "file:///bar/baz"
         ]),
-        ..ChildPermissionsArg::none()
       }
     );
   }
@@ -3431,7 +3342,6 @@ mod tests {
     set_prompter(Box::new(TestPrompter));
     let mut main_perms = Permissions {
       env: Permissions::new_unary(&Some(vec![]), &None, false).unwrap(),
-      hrtime: Permissions::new_hrtime(true, false),
       net: Permissions::new_unary(&Some(svec!["foo", "bar"]), &None, false)
         .unwrap(),
       ..Permissions::none_without_prompt()
@@ -3441,7 +3351,6 @@ mod tests {
         &mut main_perms.clone(),
         ChildPermissionsArg {
           env: ChildUnaryPermissionArg::Inherit,
-          hrtime: ChildUnitPermissionArg::NotGranted,
           net: ChildUnaryPermissionArg::GrantedList(svec!["foo"]),
           ffi: ChildUnaryPermissionArg::NotGranted,
           ..ChildPermissionsArg::none()
author	Luca Casonato <hello@lcas.dev>	2024-09-03 11:24:25 +0200
committer	GitHub <noreply@github.com>	2024-09-03 11:24:25 +0200
commit	5cf97f539bb0c3d2bda918f53cd4a976c03b37e3 (patch)
tree	82f05b270b3df52609e3d0d6c86a768d1399e257 /runtime/permissions
parent	b5695d02df75719bca0df1aae0622b22761b1533 (diff)