3 files changed, 56 insertions, 128 deletions

diff --git a/runtime/js/40_permissions.js b/runtime/js/10_permissions.js
index 147ae92f0..a6884aab9 100644
--- a/runtime/js/40_permissions.js
+++ b/runtime/js/10_permissions.js
@@ -10,7 +10,10 @@
   } = window;
   const { pathFromURL } = window.__bootstrap.util;
   const {
+    ArrayIsArray,
     ArrayPrototypeIncludes,
+    ArrayPrototypeMap,
+    ArrayPrototypeSlice,
     Map,
     MapPrototypeGet,
     MapPrototypeHas,
@@ -162,7 +165,9 @@
         );
       }
 
-      if (desc.name === "read" || desc.name === "write") {
+      if (
+        desc.name === "read" || desc.name === "write" || desc.name === "ffi"
+      ) {
         desc.path = pathFromURL(desc.path);
       } else if (desc.name === "run") {
         desc.command = pathFromURL(desc.command);
@@ -213,7 +218,34 @@
 
   const permissions = new Permissions(illegalConstructorKey);
 
+  /** Converts all file URLs in FS allowlists to paths. */
+  function serializePermissions(permissions) {
+    if (typeof permissions == "object" && permissions != null) {
+      const serializedPermissions = {};
+      for (const key of ["read", "write", "run", "ffi"]) {
+        if (ArrayIsArray(permissions[key])) {
+          serializedPermissions[key] = ArrayPrototypeMap(
+            permissions[key],
+            (path) => pathFromURL(path),
+          );
+        } else {
+          serializedPermissions[key] = permissions[key];
+        }
+      }
+      for (const key of ["env", "hrtime", "net"]) {
+        if (ArrayIsArray(permissions[key])) {
+          serializedPermissions[key] = ArrayPrototypeSlice(permissions[key]);
+        } else {
+          serializedPermissions[key] = permissions[key];
+        }
+      }
+      return serializedPermissions;
+    }
+    return permissions;
+  }
+
   window.__bootstrap.permissions = {
+    serializePermissions,
     permissions,
     Permissions,
     PermissionStatus,
diff --git a/runtime/js/11_workers.js b/runtime/js/11_workers.js
index 53b256334..8f0095056 100644
--- a/runtime/js/11_workers.js
+++ b/runtime/js/11_workers.js
@@ -4,8 +4,6 @@
 ((window) => {
   const core = window.Deno.core;
   const {
-    ArrayIsArray,
-    ArrayPrototypeMap,
     Error,
     StringPrototypeStartsWith,
     String,
@@ -15,7 +13,8 @@
   const webidl = window.__bootstrap.webidl;
   const { URL } = window.__bootstrap.url;
   const { getLocationHref } = window.__bootstrap.location;
-  const { log, pathFromURL } = window.__bootstrap.util;
+  const { serializePermissions } = window.__bootstrap.permissions;
+  const { log } = window.__bootstrap.util;
   const { defineEventHandler } = window.__bootstrap.event;
   const { deserializeJsMessageData, serializeJsMessageData } =
     window.__bootstrap.messagePort;
@@ -32,7 +31,7 @@
     return core.opSync("op_create_worker", {
       hasSourceCode,
       name,
-      permissions,
+      permissions: serializePermissions(permissions),
       sourceCode,
       specifier,
       useDenoNamespace,
@@ -56,87 +55,6 @@
     return core.opAsync("op_host_recv_message", id);
   }
 
-  /**
-   * @param {"inherit" | boolean} value
-   * @param {string} permission
-   * @return {boolean}
-   */
-  function parseUnitPermission(
-    value,
-    permission,
-  ) {
-    if (value !== "inherit" && typeof value !== "boolean") {
-      throw new Error(
-        `Expected 'boolean' for ${permission} permission, ${typeof value} received`,
-      );
-    }
-    return value === "inherit" ? undefined : value;
-  }
-
-  /**
-   * @param {string} permission
-   * @return {(boolean | string[])}
-   */
-  function parseArrayPermission(
-    value,
-    permission,
-  ) {
-    if (typeof value === "string") {
-      if (value !== "inherit") {
-        throw new Error(
-          `Expected 'array' or 'boolean' for ${permission} permission, "${value}" received`,
-        );
-      }
-    } else if (!ArrayIsArray(value) && typeof value !== "boolean") {
-      throw new Error(
-        `Expected 'array' or 'boolean' for ${permission} permission, ${typeof value} received`,
-      );
-      //Casts URLs to absolute routes
-    } else if (ArrayIsArray(value)) {
-      value = ArrayPrototypeMap(value, (route) => {
-        if (route instanceof URL) {
-          if (permission === "net") {
-            throw new Error(
-              `Expected 'string' for net permission, received 'URL'`,
-            );
-          } else if (permission === "env") {
-            throw new Error(
-              `Expected 'string' for env permission, received 'URL'`,
-            );
-          } else {
-            route = pathFromURL(route);
-          }
-        }
-        return route;
-      });
-    }
-
-    return value === "inherit" ? undefined : value;
-  }
-
-  /**
-   * Normalizes data, runs checks on parameters and deletes inherited permissions
-   */
-  function parsePermissions({
-    env = "inherit",
-    hrtime = "inherit",
-    net = "inherit",
-    ffi = "inherit",
-    read = "inherit",
-    run = "inherit",
-    write = "inherit",
-  }) {
-    return {
-      env: parseArrayPermission(env, "env"),
-      hrtime: parseUnitPermission(hrtime, "hrtime"),
-      net: parseArrayPermission(net, "net"),
-      ffi: parseUnitPermission(ffi, "ffi"),
-      read: parseArrayPermission(read, "read"),
-      run: parseUnitPermission(run, "run"),
-      write: parseArrayPermission(write, "write"),
-    };
-  }
-
   class Worker extends EventTarget {
     #id = 0;
     #name = "";
@@ -152,43 +70,23 @@
       super();
       specifier = String(specifier);
       const {
-        deno = {},
-        name = "unknown",
+        deno,
+        name,
         type = "classic",
       } = options;
 
-      // TODO(Soremwar)
-      // `deno: boolean` is kept for backwards compatibility with the previous
-      // worker options implementation. Remove for 2.0
-      let workerDenoAttributes;
-      if (typeof deno == "boolean") {
-        workerDenoAttributes = {
-          // Change this to enable the Deno namespace by default
-          namespace: deno,
-          permissions: null,
-        };
+      let namespace;
+      let permissions;
+      if (typeof deno == "object") {
+        namespace = deno.namespace ?? false;
+        permissions = deno.permissions ?? undefined;
       } else {
-        workerDenoAttributes = {
-          // Change this to enable the Deno namespace by default
-          namespace: !!(deno?.namespace ?? false),
-          permissions: (deno?.permissions ?? "inherit") === "inherit"
-            ? null
-            : deno?.permissions,
-        };
-
-        // If the permission option is set to "none", all permissions
-        // must be removed from the worker
-        if (workerDenoAttributes.permissions === "none") {
-          workerDenoAttributes.permissions = {
-            env: false,
-            hrtime: false,
-            net: false,
-            ffi: false,
-            read: false,
-            run: false,
-            write: false,
-          };
-        }
+        // Assume `deno: boolean | undefined`.
+        // TODO(Soremwar)
+        // `deno: boolean` is kept for backwards compatibility with the previous
+        // worker options implementation. Remove for 2.0
+        namespace = !!deno;
+        permissions = undefined;
       }
 
       const workerType = webidl.converters["WorkerType"](type);
@@ -218,17 +116,16 @@
         specifier,
         hasSourceCode,
         sourceCode,
-        workerDenoAttributes.namespace,
-        workerDenoAttributes.permissions === null
-          ? null
-          : parsePermissions(workerDenoAttributes.permissions),
-        options?.name,
+        namespace,
+        permissions,
+        name,
         workerType,
       );
       this.#id = id;
       this.#pollControl();
       this.#pollMessages();
     }
+
     #handleError(e) {
       const event = new ErrorEvent("error", {
         cancelable: true,
@@ -359,7 +256,6 @@
   ]);
 
   window.__bootstrap.worker = {
-    parsePermissions,
     Worker,
   };
 })(this);
diff --git a/runtime/js/40_testing.js b/runtime/js/40_testing.js
index 5b404766e..b4f7c847c 100644
--- a/runtime/js/40_testing.js
+++ b/runtime/js/40_testing.js
@@ -3,10 +3,10 @@
 
 ((window) => {
   const core = window.Deno.core;
-  const { parsePermissions } = window.__bootstrap.worker;
   const { setExitHandler } = window.__bootstrap.os;
   const { Console, inspectArgs } = window.__bootstrap.console;
   const { metrics } = core;
+  const { serializePermissions } = window.__bootstrap.permissions;
   const { assert } = window.__bootstrap.util;
   const {
     ArrayPrototypeFilter,
@@ -230,7 +230,7 @@ finishing test case.`;
     function pledgePermissions(permissions) {
       return core.opSync(
         "op_pledge_test_permissions",
-        parsePermissions(permissions),
+        serializePermissions(permissions),
       );
     }
 
@@ -289,7 +289,7 @@ finishing test case.`;
     if (testDef.permissions) {
       testDef.fn = withPermissions(
         testDef.fn,
-        parsePermissions(testDef.permissions),
+        testDef.permissions,
       );
     }