diff options
| author | Elias Sjögreen <eliassjogreen1@gmail.com> | 2021-08-06 23:28:10 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-06 23:28:10 +0200 |
| commit | 33c8d790c3d358a475c9ba828043e2c19e8d4b37 (patch) | |
| tree | 4ab33b3e5b352d49667d55631c76ee76af2ec5e2 /runtime | |
| parent | 0d1a522a03c22749e96dab06ca7b3e8b428df701 (diff) | |
feat: ffi to replace plugins (#11152)
This commit removes implementation of "native plugins" and replaces
it with FFI API.
Effectively "Deno.openPlugin" API was replaced with "Deno.dlopen" API.
Diffstat (limited to 'runtime')
| -rw-r--r-- | runtime/Cargo.toml | 2 | ||||
| -rw-r--r-- | runtime/build.rs | 1 | ||||
| -rw-r--r-- | runtime/js/11_workers.js | 6 | ||||
| -rw-r--r-- | runtime/js/40_permissions.js | 4 | ||||
| -rw-r--r-- | runtime/js/40_plugins.js | 16 | ||||
| -rw-r--r-- | runtime/js/90_deno_ns.js | 2 | ||||
| -rw-r--r-- | runtime/lib.rs | 1 | ||||
| -rw-r--r-- | runtime/ops/mod.rs | 1 | ||||
| -rw-r--r-- | runtime/ops/permissions.rs | 7 | ||||
| -rw-r--r-- | runtime/ops/plugin.rs | 86 | ||||
| -rw-r--r-- | runtime/ops/worker_host.rs | 43 | ||||
| -rw-r--r-- | runtime/permissions.rs | 161 | ||||
| -rw-r--r-- | runtime/web_worker.rs | 3 | ||||
| -rw-r--r-- | runtime/worker.rs | 3 |
14 files changed, 200 insertions, 136 deletions
diff --git a/runtime/Cargo.toml b/runtime/Cargo.toml index 044c3a1a1..b2bad9844 100644 --- a/runtime/Cargo.toml +++ b/runtime/Cargo.toml @@ -23,6 +23,7 @@ deno_console = { version = "0.13.0", path = "../extensions/console" } deno_core = { version = "0.95.0", path = "../core" } deno_crypto = { version = "0.27.0", path = "../extensions/crypto" } deno_fetch = { version = "0.36.0", path = "../extensions/fetch" } +deno_ffi = { version = "0.1.0", path = "../extensions/ffi" } deno_http = { version = "0.4.0", path = "../extensions/http" } deno_net = { version = "0.4.0", path = "../extensions/net" } deno_timers = { version = "0.11.0", path = "../extensions/timers" } @@ -43,6 +44,7 @@ deno_console = { version = "0.13.0", path = "../extensions/console" } deno_core = { version = "0.95.0", path = "../core" } deno_crypto = { version = "0.27.0", path = "../extensions/crypto" } deno_fetch = { version = "0.36.0", path = "../extensions/fetch" } +deno_ffi = { version = "0.1.0", path = "../extensions/ffi" } deno_http = { version = "0.4.0", path = "../extensions/http" } deno_net = { version = "0.4.0", path = "../extensions/net" } deno_timers = { version = "0.11.0", path = "../extensions/timers" } diff --git a/runtime/build.rs b/runtime/build.rs index 4e061c438..bb7947f36 100644 --- a/runtime/build.rs +++ b/runtime/build.rs @@ -60,6 +60,7 @@ fn create_runtime_snapshot(snapshot_path: &Path, files: Vec<PathBuf>) { deno_broadcast_channel::InMemoryBroadcastChannel::default(), false, // No --unstable. ), + deno_ffi::init::<deno_ffi::NoFfiPermissions>(false), deno_net::init::<deno_net::NoNetPermissions>(None, false), // No --unstable. deno_http::init(), ]; diff --git a/runtime/js/11_workers.js b/runtime/js/11_workers.js index b59832635..38267f571 100644 --- a/runtime/js/11_workers.js +++ b/runtime/js/11_workers.js @@ -119,7 +119,7 @@ env = "inherit", hrtime = "inherit", net = "inherit", - plugin = "inherit", + ffi = "inherit", read = "inherit", run = "inherit", write = "inherit", @@ -128,7 +128,7 @@ env: parseUnitPermission(env, "env"), hrtime: parseUnitPermission(hrtime, "hrtime"), net: parseArrayPermission(net, "net"), - plugin: parseUnitPermission(plugin, "plugin"), + ffi: parseUnitPermission(ffi, "ffi"), read: parseArrayPermission(read, "read"), run: parseUnitPermission(run, "run"), write: parseArrayPermission(write, "write"), @@ -175,7 +175,7 @@ env: false, hrtime: false, net: false, - plugin: false, + ffi: false, read: false, run: false, write: false, diff --git a/runtime/js/40_permissions.js b/runtime/js/40_permissions.js index c84f8fde8..1b053f938 100644 --- a/runtime/js/40_permissions.js +++ b/runtime/js/40_permissions.js @@ -28,14 +28,14 @@ * @property {PermissionStatus} status */ - /** @type {ReadonlyArray<"read" | "write" | "net" | "env" | "run" | "plugin" | "hrtime">} */ + /** @type {ReadonlyArray<"read" | "write" | "net" | "env" | "run" | "ffi" | "hrtime">} */ const permissionNames = [ "read", "write", "net", "env", "run", - "plugin", + "ffi", "hrtime", ]; diff --git a/runtime/js/40_plugins.js b/runtime/js/40_plugins.js deleted file mode 100644 index 0796fd5ce..000000000 --- a/runtime/js/40_plugins.js +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright 2018-2021 the Deno authors. All rights reserved. MIT license. -"use strict"; - -((window) => { - const core = window.Deno.core; - - function openPlugin(filename) { - const rid = core.opSync("op_open_plugin", filename); - core.syncOpsCache(); - return rid; - } - - window.__bootstrap.plugins = { - openPlugin, - }; -})(this); diff --git a/runtime/js/90_deno_ns.js b/runtime/js/90_deno_ns.js index aee07eae7..796361d7a 100644 --- a/runtime/js/90_deno_ns.js +++ b/runtime/js/90_deno_ns.js @@ -110,7 +110,6 @@ Signal: __bootstrap.signals.Signal, SignalStream: __bootstrap.signals.SignalStream, emit: __bootstrap.compilerApi.emit, - openPlugin: __bootstrap.plugins.openPlugin, kill: __bootstrap.process.kill, setRaw: __bootstrap.tty.setRaw, consoleSize: __bootstrap.tty.consoleSize, @@ -136,5 +135,6 @@ HttpClient: __bootstrap.fetch.HttpClient, createHttpClient: __bootstrap.fetch.createHttpClient, http: __bootstrap.http, + dlopen: __bootstrap.ffi.dlopen, }; })(this); diff --git a/runtime/lib.rs b/runtime/lib.rs index 2358899d4..d7aaa8eec 100644 --- a/runtime/lib.rs +++ b/runtime/lib.rs @@ -4,6 +4,7 @@ pub use deno_broadcast_channel; pub use deno_console; pub use deno_crypto; pub use deno_fetch; +pub use deno_ffi; pub use deno_http; pub use deno_net; pub use deno_timers; diff --git a/runtime/ops/mod.rs b/runtime/ops/mod.rs index 82ccf0506..e08ddd1c0 100644 --- a/runtime/ops/mod.rs +++ b/runtime/ops/mod.rs @@ -6,7 +6,6 @@ pub mod http; pub mod io; pub mod os; pub mod permissions; -pub mod plugin; pub mod process; pub mod runtime; pub mod signal; diff --git a/runtime/ops/permissions.rs b/runtime/ops/permissions.rs index 3395430e4..d9f341633 100644 --- a/runtime/ops/permissions.rs +++ b/runtime/ops/permissions.rs @@ -28,6 +28,7 @@ pub struct PermissionArgs { host: Option<String>, variable: Option<String>, command: Option<String>, + library: Option<String>, } pub fn op_query_permission( @@ -49,7 +50,7 @@ pub fn op_query_permission( ), "env" => permissions.env.query(args.variable.as_deref()), "run" => permissions.run.query(args.command.as_deref()), - "plugin" => permissions.plugin.query(), + "ffi" => permissions.ffi.query(args.library.as_deref()), "hrtime" => permissions.hrtime.query(), n => { return Err(custom_error( @@ -80,7 +81,7 @@ pub fn op_revoke_permission( ), "env" => permissions.env.revoke(args.variable.as_deref()), "run" => permissions.run.revoke(args.command.as_deref()), - "plugin" => permissions.plugin.revoke(), + "ffi" => permissions.ffi.revoke(args.library.as_deref()), "hrtime" => permissions.hrtime.revoke(), n => { return Err(custom_error( @@ -111,7 +112,7 @@ pub fn op_request_permission( ), "env" => permissions.env.request(args.variable.as_deref()), "run" => permissions.run.request(args.command.as_deref()), - "plugin" => permissions.plugin.request(), + "ffi" => permissions.ffi.request(args.library.as_deref()), "hrtime" => permissions.hrtime.request(), n => { return Err(custom_error( diff --git a/runtime/ops/plugin.rs b/runtime/ops/plugin.rs deleted file mode 100644 index cc3bf93d5..000000000 --- a/runtime/ops/plugin.rs +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright 2018-2021 the Deno authors. All rights reserved. MIT license. -use crate::permissions::Permissions; -use deno_core::error::AnyError; -use deno_core::op_sync; -use deno_core::Extension; -use deno_core::OpState; -use deno_core::Resource; -use deno_core::ResourceId; -use dlopen::symbor::Library; -use log::debug; -use std::borrow::Cow; -use std::mem; -use std::path::PathBuf; -use std::rc::Rc; - -/// A default `init` function for plugins which mimics the way the internal -/// extensions are initalized. Plugins currently do not support all extension -/// features and are most likely not going to in the future. Currently only -/// `init_state` and `init_ops` are supported while `init_middleware` and `init_js` -/// are not. Currently the `PluginResource` does not support being closed due to -/// certain risks in unloading the dynamic library without unloading dependent -/// functions and resources. -pub type InitFn = fn() -> Extension; - -pub fn init() -> Extension { - Extension::builder() - .ops(vec![("op_open_plugin", op_sync(op_open_plugin))]) - .build() -} - -pub fn op_open_plugin( - state: &mut OpState, - filename: String, - _: (), -) -> Result<ResourceId, AnyError> { - let filename = PathBuf::from(&filename); - - super::check_unstable(state, "Deno.openPlugin"); - let permissions = state.borrow_mut::<Permissions>(); - permissions.plugin.check()?; - - debug!("Loading Plugin: {:#?}", filename); - let plugin_lib = Library::open(filename).map(Rc::new)?; - let plugin_resource = PluginResource::new(&plugin_lib); - - // Forgets the plugin_lib value to prevent segfaults when the process exits - mem::forget(plugin_lib); - - let init = *unsafe { plugin_resource.0.symbol::<InitFn>("init") }?; - let rid = state.resource_table.add(plugin_resource); - let mut extension = init(); - - if !extension.init_js().is_empty() { - panic!("Plugins do not support loading js"); - } - - if extension.init_middleware().is_some() { - panic!("Plugins do not support middleware"); - } - - extension.init_state(state)?; - let ops = extension.init_ops().unwrap_or_default(); - for (name, opfn) in ops { - state.op_table.register_op(name, opfn); - } - - Ok(rid) -} - -struct PluginResource(Rc<Library>); - -impl Resource for PluginResource { - fn name(&self) -> Cow<str> { - "plugin".into() - } - - fn close(self: Rc<Self>) { - unimplemented!(); - } -} - -impl PluginResource { - fn new(lib: &Rc<Library>) -> Self { - Self(lib.clone()) - } -} diff --git a/runtime/ops/worker_host.rs b/runtime/ops/worker_host.rs index 2cd9a14ad..5315ff5c7 100644 --- a/runtime/ops/worker_host.rs +++ b/runtime/ops/worker_host.rs @@ -3,6 +3,7 @@ use crate::permissions::resolve_read_allowlist; use crate::permissions::resolve_write_allowlist; use crate::permissions::EnvDescriptor; +use crate::permissions::FfiDescriptor; use crate::permissions::NetDescriptor; use crate::permissions::PermissionState; use crate::permissions::Permissions; @@ -218,6 +219,26 @@ fn merge_run_permission( Ok(main) } +fn merge_ffi_permission( + mut main: UnaryPermission<FfiDescriptor>, + worker: Option<UnaryPermission<FfiDescriptor>>, +) -> Result<UnaryPermission<FfiDescriptor>, AnyError> { + if let Some(worker) = worker { + if (worker.global_state < main.global_state) + || !worker.granted_list.iter().all(|x| main.check(&x.0).is_ok()) + { + return Err(custom_error( + "PermissionDenied", + "Can't escalate parent thread permissions", + )); + } else { + main.global_state = worker.global_state; + main.granted_list = worker.granted_list; + } + } + Ok(main) +} + pub fn create_worker_permissions( main_perms: Permissions, worker_perms: PermissionsArg, @@ -226,7 +247,7 @@ pub fn create_worker_permissions( env: merge_env_permission(main_perms.env, worker_perms.env)?, hrtime: merge_boolean_permission(main_perms.hrtime, worker_perms.hrtime)?, net: merge_net_permission(main_perms.net, worker_perms.net)?, - plugin: merge_boolean_permission(main_perms.plugin, worker_perms.plugin)?, + ffi: merge_ffi_permission(main_perms.ffi, worker_perms.ffi)?, read: merge_read_permission(main_perms.read, worker_perms.read)?, run: merge_run_permission(main_perms.run, worker_perms.run)?, write: merge_write_permission(main_perms.write, worker_perms.write)?, @@ -241,8 +262,8 @@ pub struct PermissionsArg { hrtime: Option<PermissionState>, #[serde(default, deserialize_with = "as_unary_net_permission")] net: Option<UnaryPermission<NetDescriptor>>, - #[serde(default, deserialize_with = "as_permission_state")] - plugin: Option<PermissionState>, + #[serde(default, deserialize_with = "as_unary_ffi_permission")] + ffi: Option<UnaryPermission<FfiDescriptor>>, #[serde(default, deserialize_with = "as_unary_read_permission")] read: Option<UnaryPermission<ReadDescriptor>>, #[serde(default, deserialize_with = "as_unary_run_permission")] @@ -414,6 +435,22 @@ where })) } +fn as_unary_ffi_permission<'de, D>( + deserializer: D, +) -> Result<Option<UnaryPermission<FfiDescriptor>>, D::Error> +where + D: Deserializer<'de>, +{ + let value: UnaryPermissionBase = + deserializer.deserialize_any(ParseBooleanOrStringVec)?; + + Ok(Some(UnaryPermission::<FfiDescriptor> { + global_state: value.global_state, + granted_list: value.paths.into_iter().map(FfiDescriptor).collect(), + ..Default::default() + })) +} + #[derive(Deserialize)] #[serde(rename_all = "camelCase")] pub struct CreateWorkerArgs { diff --git a/runtime/permissions.rs b/runtime/permissions.rs index 5215743e3..9e97ac234 100644 --- a/runtime/permissions.rs +++ b/runtime/permissions.rs @@ -202,6 +202,9 @@ pub struct EnvDescriptor(pub String); #[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)] pub struct RunDescriptor(pub String); +#[derive(Clone, Eq, PartialEq, Hash, Debug, Default, Deserialize)] +pub struct FfiDescriptor(pub String); + impl UnaryPermission<ReadDescriptor> { pub fn query(&self, path: Option<&Path>) -> PermissionState { let path = path.map(|p| resolve_from_cwd(p).unwrap()); @@ -787,6 +790,104 @@ impl UnaryPermission<RunDescriptor> { } } +impl UnaryPermission<FfiDescriptor> { + pub fn query(&self, lib: Option<&str>) -> PermissionState { + if self.global_state == PermissionState::Denied + && match lib { + None => true, + Some(lib) => self.denied_list.iter().any(|lib_| lib_.0 == lib), + } + { + PermissionState::Denied + } else if self.global_state == PermissionState::Granted + || match lib { + None => false, + Some(lib) => self.granted_list.iter().any(|lib_| lib_.0 == lib), + } + { + PermissionState::Granted + } else { + PermissionState::Prompt + } + } + + pub fn request(&mut self, lib: Option<&str>) -> PermissionState { + if let Some(lib) = lib { + let state = self.query(Some(lib)); + if state == PermissionState::Prompt { + if permission_prompt(&format!("ffi access to \"{}\"", lib)) { + self.granted_list.retain(|lib_| lib_.0 != lib); + self.granted_list.insert(FfiDescriptor(lib.to_string())); + PermissionState::Granted + } else { + self.denied_list.retain(|lib_| lib_.0 != lib); + self.denied_list.insert(FfiDescriptor(lib.to_string())); + self.global_state = PermissionState::Denied; + PermissionState::Denied + } + } else { + state + } + } else { + let state = self.query(None); + if state == PermissionState::Prompt { + if permission_prompt("ffi access") { + self.granted_list.clear(); + self.global_state = PermissionState::Granted; + PermissionState::Granted + } else { + self.global_state = PermissionState::Denied; + PermissionState::Denied + } + } else { + state + } + } + } + + pub fn revoke(&mut self, lib: Option<&str>) -> PermissionState { + if let Some(lib) = lib { + self.granted_list.retain(|lib_| lib_.0 != lib); + } else { + self.granted_list.clear(); + if self.global_state == PermissionState::Granted { + self.global_state = PermissionState::Prompt; + } + } + self.query(lib) + } + + pub fn check(&mut self, lib: &str) -> Result<(), AnyError> { + let (result, prompted) = self.query(Some(lib)).check( + self.name, + Some(&format!("\"{}\"", lib)), + self.prompt, + ); + if prompted { + if result.is_ok() { + self.granted_list.insert(FfiDescriptor(lib.to_string())); + } else { + self.denied_list.insert(FfiDescriptor(lib.to_string())); + self.global_state = PermissionState::Denied; + } + } + result + } + + pub fn check_all(&mut self) -> Result<(), AnyError> { + let (result, prompted) = + self.query(None).check(self.name, Some("all"), self.prompt); + if prompted { + if result.is_ok() { + self.global_state = PermissionState::Granted; + } else { + self.global_state = PermissionState::Denied; + } + } + result + } +} + #[derive(Clone, Debug, Default, PartialEq)] pub struct Permissions { pub read: UnaryPermission<ReadDescriptor>, @@ -794,7 +895,7 @@ pub struct Permissions { pub net: UnaryPermission<NetDescriptor>, pub env: UnaryPermission<EnvDescriptor>, pub run: UnaryPermission<RunDescriptor>, - pub plugin: UnitPermission, + pub ffi: UnaryPermission<FfiDescriptor>, pub hrtime: UnitPermission, } @@ -803,7 +904,7 @@ pub struct PermissionsOptions { pub allow_env: Option<Vec<String>>, pub allow_hrtime: bool, pub allow_net: Option<Vec<String>>, - pub allow_plugin: bool, + pub allow_ffi: Option<Vec<String>>, pub allow_read: Option<Vec<PathBuf>>, pub allow_run: Option<Vec<String>>, pub allow_write: Option<Vec<PathBuf>>, @@ -904,8 +1005,21 @@ impl Permissions { } } - pub fn new_plugin(state: bool, prompt: bool) -> UnitPermission { - unit_permission_from_flag_bool(state, "plugin", "open a plugin", prompt) + pub fn new_ffi( + state: &Option<Vec<String>>, + prompt: bool, + ) -> UnaryPermission<FfiDescriptor> { + UnaryPermission::<FfiDescriptor> { + name: "ffi", + description: "load a dynamic library", + global_state: global_state_from_option(state), + granted_list: state + .as_ref() + .map(|v| v.iter().map(|x| FfiDescriptor(x.clone())).collect()) + .unwrap_or_else(HashSet::new), + denied_list: Default::default(), + prompt, + } } pub fn new_hrtime(state: bool, prompt: bool) -> UnitPermission { @@ -924,7 +1038,7 @@ impl Permissions { net: Permissions::new_net(&opts.allow_net, opts.prompt), env: Permissions::new_env(&opts.allow_env, opts.prompt), run: Permissions::new_run(&opts.allow_run, opts.prompt), - plugin: Permissions::new_plugin(opts.allow_plugin, opts.prompt), + ffi: Permissions::new_ffi(&opts.allow_ffi, opts.prompt), hrtime: Permissions::new_hrtime(opts.allow_hrtime, opts.prompt), } } @@ -936,7 +1050,7 @@ impl Permissions { net: Permissions::new_net(&Some(vec![]), false), env: Permissions::new_env(&Some(vec![]), false), run: Permissions::new_run(&Some(vec![]), false), - plugin: Permissions::new_plugin(true, false), + ffi: Permissions::new_ffi(&Some(vec![]), false), hrtime: Permissions::new_hrtime(true, false), } } @@ -1005,6 +1119,12 @@ impl deno_websocket::WebSocketPermissions for Permissions { } } +impl deno_ffi::FfiPermissions for Permissions { + fn check(&mut self, path: &str) -> Result<(), AnyError> { + self.ffi.check(path) + } +} + fn unit_permission_from_flag_bool( flag: bool, name: &'static str, @@ -1457,9 +1577,9 @@ mod tests { global_state: PermissionState::Prompt, ..Permissions::new_run(&Some(svec!["deno"]), false) }, - plugin: UnitPermission { - state: PermissionState::Prompt, - ..Default::default() + ffi: UnaryPermission { + global_state: PermissionState::Prompt, + ..Permissions::new_ffi(&Some(svec!["deno"]), false) }, hrtime: UnitPermission { state: PermissionState::Prompt, @@ -1490,8 +1610,10 @@ mod tests { assert_eq!(perms1.run.query(Some(&"deno".to_string())), PermissionState::Granted); assert_eq!(perms2.run.query(None), PermissionState::Prompt); assert_eq!(perms2.run.query(Some(&"deno".to_string())), PermissionState::Granted); - assert_eq!(perms1.plugin.query(), PermissionState::Granted); - assert_eq!(perms2.plugin.query(), PermissionState::Prompt); + assert_eq!(perms1.ffi.query(None), PermissionState::Granted); + assert_eq!(perms1.ffi.query(Some(&"deno".to_string())), PermissionState::Granted); + assert_eq!(perms2.ffi.query(None), PermissionState::Prompt); + assert_eq!(perms2.ffi.query(Some(&"deno".to_string())), PermissionState::Granted); assert_eq!(perms1.hrtime.query(), PermissionState::Granted); assert_eq!(perms2.hrtime.query(), PermissionState::Prompt); }; @@ -1528,9 +1650,10 @@ mod tests { set_prompt_result(false); assert_eq!(perms.run.request(Some(&"deno".to_string())), PermissionState::Granted); set_prompt_result(true); - assert_eq!(perms.plugin.request(), PermissionState::Granted); + assert_eq!(perms.ffi.request(Some(&"deno".to_string())), PermissionState::Granted); + assert_eq!(perms.ffi.query(None), PermissionState::Prompt); set_prompt_result(false); - assert_eq!(perms.plugin.request(), PermissionState::Granted); + assert_eq!(perms.ffi.request(Some(&"deno".to_string())), PermissionState::Granted); set_prompt_result(false); assert_eq!(perms.hrtime.request(), PermissionState::Denied); set_prompt_result(true); @@ -1561,9 +1684,9 @@ mod tests { global_state: PermissionState::Prompt, ..Permissions::new_run(&Some(svec!["deno"]), false) }, - plugin: UnitPermission { - state: PermissionState::Prompt, - ..Default::default() + ffi: UnaryPermission { + global_state: PermissionState::Prompt, + ..Permissions::new_ffi(&Some(svec!["deno"]), false) }, hrtime: UnitPermission { state: PermissionState::Denied, @@ -1582,7 +1705,7 @@ mod tests { assert_eq!(perms.net.revoke(Some(&("127.0.0.1", None))), PermissionState::Prompt); assert_eq!(perms.env.revoke(Some(&"HOME".to_string())), PermissionState::Prompt); assert_eq!(perms.run.revoke(Some(&"deno".to_string())), PermissionState::Prompt); - assert_eq!(perms.plugin.revoke(), PermissionState::Prompt); + assert_eq!(perms.ffi.revoke(Some(&"deno".to_string())), PermissionState::Prompt); assert_eq!(perms.hrtime.revoke(), PermissionState::Denied); }; } @@ -1595,7 +1718,7 @@ mod tests { net: Permissions::new_net(&None, true), env: Permissions::new_env(&None, true), run: Permissions::new_run(&None, true), - plugin: Permissions::new_plugin(false, true), + ffi: Permissions::new_ffi(&None, true), hrtime: Permissions::new_hrtime(false, true), }; @@ -1648,7 +1771,7 @@ mod tests { net: Permissions::new_net(&None, true), env: Permissions::new_env(&None, true), run: Permissions::new_run(&None, true), - plugin: Permissions::new_plugin(false, true), + ffi: Permissions::new_ffi(&None, true), hrtime: Permissions::new_hrtime(false, true), }; diff --git a/runtime/web_worker.rs b/runtime/web_worker.rs index 773fce80f..74e5fbafe 100644 --- a/runtime/web_worker.rs +++ b/runtime/web_worker.rs @@ -315,6 +315,8 @@ impl WebWorker { deno_crypto::init(options.seed), deno_webgpu::init(options.unstable), deno_timers::init::<Permissions>(), + // ffi + deno_ffi::init::<Permissions>(options.unstable), // Metrics metrics::init(), // Permissions ext (worker specific state) @@ -340,7 +342,6 @@ impl WebWorker { ), ops::os::init(), ops::permissions::init(), - ops::plugin::init(), ops::process::init(), ops::signal::init(), ops::tty::init(), diff --git a/runtime/worker.rs b/runtime/worker.rs index 94edd6f1e..c64ef2baf 100644 --- a/runtime/worker.rs +++ b/runtime/worker.rs @@ -115,6 +115,8 @@ impl MainWorker { ), deno_webgpu::init(options.unstable), deno_timers::init::<Permissions>(), + // ffi + deno_ffi::init::<Permissions>(options.unstable), // Metrics metrics::init(), // Runtime ops @@ -127,7 +129,6 @@ impl MainWorker { deno_net::init::<Permissions>(options.ca_data.clone(), options.unstable), ops::os::init(), ops::permissions::init(), - ops::plugin::init(), ops::process::init(), ops::signal::init(), ops::tty::init(), |