2 files changed, 57 insertions, 9 deletions

diff --git a/runtime/ops/os.rs b/runtime/ops/os.rs
index 14c4229a1..0e51e3120 100644
--- a/runtime/ops/os.rs
+++ b/runtime/ops/os.rs
@@ -161,7 +161,10 @@ fn op_exit(state: &mut OpState) {
 #[op]
 fn op_loadavg(state: &mut OpState) -> Result<(f64, f64, f64), AnyError> {
   super::check_unstable(state, "Deno.loadavg");
-  state.borrow_mut::<Permissions>().env.check_all()?;
+  state
+    .borrow_mut::<Permissions>()
+    .sys
+    .check("loadavg", Some("Deno.loadavg()"))?;
   match sys_info::loadavg() {
     Ok(loadavg) => Ok((loadavg.one, loadavg.five, loadavg.fifteen)),
     Err(_) => Ok((0.0, 0.0, 0.0)),
@@ -171,7 +174,10 @@ fn op_loadavg(state: &mut OpState) -> Result<(f64, f64, f64), AnyError> {
 #[op]
 fn op_hostname(state: &mut OpState) -> Result<String, AnyError> {
   super::check_unstable(state, "Deno.hostname");
-  state.borrow_mut::<Permissions>().env.check_all()?;
+  state
+    .borrow_mut::<Permissions>()
+    .sys
+    .check("hostname", Some("Deno.hostname()"))?;
   let hostname = sys_info::hostname().unwrap_or_else(|_| "".to_string());
   Ok(hostname)
 }
@@ -179,7 +185,10 @@ fn op_hostname(state: &mut OpState) -> Result<String, AnyError> {
 #[op]
 fn op_os_release(state: &mut OpState) -> Result<String, AnyError> {
   super::check_unstable(state, "Deno.osRelease");
-  state.borrow_mut::<Permissions>().env.check_all()?;
+  state
+    .borrow_mut::<Permissions>()
+    .sys
+    .check("osRelease", Some("Deno.osRelease()"))?;
   let release = sys_info::os_release().unwrap_or_else(|_| "".to_string());
   Ok(release)
 }
@@ -189,7 +198,10 @@ fn op_network_interfaces(
   state: &mut OpState,
 ) -> Result<Vec<NetworkInterface>, AnyError> {
   super::check_unstable(state, "Deno.networkInterfaces");
-  state.borrow_mut::<Permissions>().env.check_all()?;
+  state
+    .borrow_mut::<Permissions>()
+    .sys
+    .check("networkInterfaces", Some("Deno.networkInterfaces()"))?;
   Ok(netif::up()?.map(NetworkInterface::from).collect())
 }
 
@@ -255,7 +267,10 @@ fn op_system_memory_info(
   state: &mut OpState,
 ) -> Result<Option<MemInfo>, AnyError> {
   super::check_unstable(state, "Deno.systemMemoryInfo");
-  state.borrow_mut::<Permissions>().env.check_all()?;
+  state
+    .borrow_mut::<Permissions>()
+    .sys
+    .check("systemMemoryInfo", Some("Deno.systemMemoryInfo()"))?;
   match sys_info::mem_info() {
     Ok(info) => Ok(Some(MemInfo {
       total: info.total,
@@ -274,7 +289,10 @@ fn op_system_memory_info(
 #[op]
 fn op_getgid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
   super::check_unstable(state, "Deno.getGid");
-  state.borrow_mut::<Permissions>().env.check_all()?;
+  state
+    .borrow_mut::<Permissions>()
+    .sys
+    .check("getGid", Some("Deno.getGid()"))?;
   // TODO(bartlomieju):
   #[allow(clippy::undocumented_unsafe_blocks)]
   unsafe {
@@ -286,7 +304,10 @@ fn op_getgid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
 #[op]
 fn op_getgid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
   super::check_unstable(state, "Deno.getGid");
-  state.borrow_mut::<Permissions>().env.check_all()?;
+  state
+    .borrow_mut::<Permissions>()
+    .sys
+    .check("getGid", Some("Deno.getGid()"))?;
   Ok(None)
 }
 
@@ -294,7 +315,10 @@ fn op_getgid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
 #[op]
 fn op_getuid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
   super::check_unstable(state, "Deno.getUid");
-  state.borrow_mut::<Permissions>().env.check_all()?;
+  state
+    .borrow_mut::<Permissions>()
+    .sys
+    .check("getUid", Some("Deno.getUid()"))?;
   // TODO(bartlomieju):
   #[allow(clippy::undocumented_unsafe_blocks)]
   unsafe {
@@ -306,6 +330,9 @@ fn op_getuid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
 #[op]
 fn op_getuid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
   super::check_unstable(state, "Deno.getUid");
-  state.borrow_mut::<Permissions>().env.check_all()?;
+  state
+    .borrow_mut::<Permissions>()
+    .sys
+    .check("getUid", Some("Deno.getUid()"))?;
   Ok(None)
 }
diff --git a/runtime/ops/permissions.rs b/runtime/ops/permissions.rs
index ed1797701..b79330f7f 100644
--- a/runtime/ops/permissions.rs
+++ b/runtime/ops/permissions.rs
@@ -2,6 +2,7 @@
 
 use crate::permissions::Permissions;
 use deno_core::error::custom_error;
+use deno_core::error::type_error;
 use deno_core::error::uri_error;
 use deno_core::error::AnyError;
 use deno_core::op;
@@ -27,6 +28,7 @@ pub struct PermissionArgs {
   path: Option<String>,
   host: Option<String>,
   variable: Option<String>,
+  kind: Option<String>,
   command: Option<String>,
 }
 
@@ -48,6 +50,7 @@ pub fn op_query_permission(
       .as_ref(),
     ),
     "env" => permissions.env.query(args.variable.as_deref()),
+    "sys" => permissions.sys.query(parse_sys_kind(args.kind.as_deref())?),
     "run" => permissions.run.query(args.command.as_deref()),
     "ffi" => permissions.ffi.query(args.path.as_deref().map(Path::new)),
     "hrtime" => permissions.hrtime.query(),
@@ -79,6 +82,9 @@ pub fn op_revoke_permission(
       .as_ref(),
     ),
     "env" => permissions.env.revoke(args.variable.as_deref()),
+    "sys" => permissions
+      .sys
+      .revoke(parse_sys_kind(args.kind.as_deref())?),
     "run" => permissions.run.revoke(args.command.as_deref()),
     "ffi" => permissions.ffi.revoke(args.path.as_deref().map(Path::new)),
     "hrtime" => permissions.hrtime.revoke(),
@@ -110,6 +116,9 @@ pub fn op_request_permission(
       .as_ref(),
     ),
     "env" => permissions.env.request(args.variable.as_deref()),
+    "sys" => permissions
+      .sys
+      .request(parse_sys_kind(args.kind.as_deref())?),
     "run" => permissions.run.request(args.command.as_deref()),
     "ffi" => permissions.ffi.request(args.path.as_deref().map(Path::new)),
     "hrtime" => permissions.hrtime.request(),
@@ -132,3 +141,15 @@ fn parse_host(host_str: &str) -> Result<(String, Option<u16>), AnyError> {
   let hostname = url.host_str().unwrap();
   Ok((hostname.to_string(), url.port()))
 }
+
+fn parse_sys_kind(kind: Option<&str>) -> Result<Option<&str>, AnyError> {
+  if let Some(kind) = kind {
+    match kind {
+      "hostname" | "osRelease" | "loadavg" | "networkInterfaces"
+      | "systemMemoryInfo" | "getUid" | "getGid" => Ok(Some(kind)),
+      _ => Err(type_error(format!("unknown system info kind \"{}\"", kind))),
+    }
+  } else {
+    Ok(kind)
+  }
+}