diff options
Diffstat (limited to 'runtime/ops')
| -rw-r--r-- | runtime/ops/fs.rs | 244 | ||||
| -rw-r--r-- | runtime/ops/fs_events.rs | 7 | ||||
| -rw-r--r-- | runtime/ops/os/mod.rs | 68 | ||||
| -rw-r--r-- | runtime/ops/permissions.rs | 8 | ||||
| -rw-r--r-- | runtime/ops/process.rs | 12 | ||||
| -rw-r--r-- | runtime/ops/runtime.rs | 10 | ||||
| -rw-r--r-- | runtime/ops/spawn.rs | 12 | ||||
| -rw-r--r-- | runtime/ops/worker_host.rs | 14 |
8 files changed, 160 insertions, 215 deletions
diff --git a/runtime/ops/fs.rs b/runtime/ops/fs.rs index 12665ab04..87bb090c3 100644 --- a/runtime/ops/fs.rs +++ b/runtime/ops/fs.rs @@ -3,18 +3,17 @@ use super::io::StdFileResource; use super::utils::into_string; use crate::fs_util::canonicalize_path; -use crate::permissions::Permissions; +use crate::permissions::PermissionsContainer; use deno_core::error::custom_error; use deno_core::error::type_error; use deno_core::error::AnyError; use deno_core::op; use deno_core::CancelFuture; use deno_core::CancelHandle; -use deno_core::ZeroCopyBuf; - use deno_core::Extension; use deno_core::OpState; use deno_core::ResourceId; +use deno_core::ZeroCopyBuf; use deno_crypto::rand::thread_rng; use deno_crypto::rand::Rng; use log::debug; @@ -144,11 +143,11 @@ fn open_helper( let _ = mode; // avoid unused warning } - let permissions = state.borrow_mut::<Permissions>(); + let permissions = state.borrow_mut::<PermissionsContainer>(); match options { None => { - permissions.read.check(&path, Some(api_name))?; + permissions.check_read(&path, api_name)?; open_options .read(true) .create(false) @@ -159,11 +158,11 @@ fn open_helper( } Some(options) => { if options.read { - permissions.read.check(&path, Some(api_name))?; + permissions.check_read(&path, api_name)?; } if options.write || options.append { - permissions.write.check(&path, Some(api_name))?; + permissions.check_write(&path, api_name)?; } open_options @@ -540,9 +539,8 @@ fn op_umask(state: &mut OpState, mask: Option<u32>) -> Result<u32, AnyError> { fn op_chdir(state: &mut OpState, directory: String) -> Result<(), AnyError> { let d = PathBuf::from(&directory); state - .borrow_mut::<Permissions>() - .read - .check(&d, Some("Deno.chdir()"))?; + .borrow_mut::<PermissionsContainer>() + .check_read(&d, "Deno.chdir()")?; set_current_dir(&d).map_err(|err| { Error::new(err.kind(), format!("{}, chdir '{}'", err, directory)) })?; @@ -562,9 +560,8 @@ fn op_mkdir_sync(state: &mut OpState, args: MkdirArgs) -> Result<(), AnyError> { let path = Path::new(&args.path).to_path_buf(); let mode = args.mode.unwrap_or(0o777) & 0o777; state - .borrow_mut::<Permissions>() - .write - .check(&path, Some("Deno.mkdirSync()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write(&path, "Deno.mkdirSync()")?; debug!("op_mkdir {} {:o} {}", path.display(), mode, args.recursive); let mut builder = std::fs::DirBuilder::new(); builder.recursive(args.recursive); @@ -590,9 +587,8 @@ async fn op_mkdir_async( { let mut state = state.borrow_mut(); state - .borrow_mut::<Permissions>() - .write - .check(&path, Some("Deno.mkdir()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write(&path, "Deno.mkdir()")?; } tokio::task::spawn_blocking(move || { @@ -623,9 +619,8 @@ fn op_chmod_sync( let mode = mode & 0o777; state - .borrow_mut::<Permissions>() - .write - .check(path, Some("Deno.chmodSync()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write(path, "Deno.chmodSync()")?; raw_chmod(path, mode) } @@ -641,9 +636,8 @@ async fn op_chmod_async( { let mut state = state.borrow_mut(); state - .borrow_mut::<Permissions>() - .write - .check(&path, Some("Deno.chmod()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write(&path, "Deno.chmod()")?; } tokio::task::spawn_blocking(move || raw_chmod(&path, mode)) @@ -680,9 +674,8 @@ fn op_chown_sync( ) -> Result<(), AnyError> { let path = Path::new(&path).to_path_buf(); state - .borrow_mut::<Permissions>() - .write - .check(&path, Some("Deno.chownSync()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write(&path, "Deno.chownSync()")?; #[cfg(unix)] { use crate::errors::get_nix_error_class; @@ -716,9 +709,8 @@ async fn op_chown_async( { let mut state = state.borrow_mut(); state - .borrow_mut::<Permissions>() - .write - .check(&path, Some("Deno.chown()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write(&path, "Deno.chown()")?; } tokio::task::spawn_blocking(move || { @@ -753,9 +745,8 @@ fn op_remove_sync( let path = PathBuf::from(&path); state - .borrow_mut::<Permissions>() - .write - .check(&path, Some("Deno.removeSync()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write(&path, "Deno.removeSync()")?; #[cfg(not(unix))] use std::os::windows::prelude::MetadataExt; @@ -802,9 +793,8 @@ async fn op_remove_async( { let mut state = state.borrow_mut(); state - .borrow_mut::<Permissions>() - .write - .check(&path, Some("Deno.remove()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write(&path, "Deno.remove()")?; } tokio::task::spawn_blocking(move || { @@ -854,13 +844,9 @@ fn op_copy_file_sync( let from_path = PathBuf::from(&from); let to_path = PathBuf::from(&to); - let permissions = state.borrow_mut::<Permissions>(); - permissions - .read - .check(&from_path, Some("Deno.copyFileSync()"))?; - permissions - .write - .check(&to_path, Some("Deno.copyFileSync()"))?; + let permissions = state.borrow_mut::<PermissionsContainer>(); + permissions.check_read(&from_path, "Deno.copyFileSync()")?; + permissions.check_write(&to_path, "Deno.copyFileSync()")?; // On *nix, Rust reports non-existent `from` as ErrorKind::InvalidInput // See https://github.com/rust-lang/rust/issues/54800 @@ -955,9 +941,9 @@ async fn op_copy_file_async( { let mut state = state.borrow_mut(); - let permissions = state.borrow_mut::<Permissions>(); - permissions.read.check(&from, Some("Deno.copyFile()"))?; - permissions.write.check(&to, Some("Deno.copyFile()"))?; + let permissions = state.borrow_mut::<PermissionsContainer>(); + permissions.check_read(&from, "Deno.copyFile()")?; + permissions.check_write(&to, "Deno.copyFile()")?; } tokio::task::spawn_blocking(move || { @@ -1116,9 +1102,8 @@ fn op_stat_sync( ) -> Result<(), AnyError> { let path = PathBuf::from(&path); state - .borrow_mut::<Permissions>() - .read - .check(&path, Some("Deno.statSync()"))?; + .borrow_mut::<PermissionsContainer>() + .check_read(&path, "Deno.statSync()")?; let err_mapper = |err: Error| { Error::new(err.kind(), format!("{}, stat '{}'", err, path.display())) }; @@ -1145,9 +1130,8 @@ async fn op_stat_async( { let mut state = state.borrow_mut(); state - .borrow_mut::<Permissions>() - .read - .check(&path, Some("Deno.stat()"))?; + .borrow_mut::<PermissionsContainer>() + .check_read(&path, "Deno.stat()")?; } tokio::task::spawn_blocking(move || { @@ -1173,10 +1157,10 @@ fn op_realpath_sync( ) -> Result<String, AnyError> { let path = PathBuf::from(&path); - let permissions = state.borrow_mut::<Permissions>(); - permissions.read.check(&path, Some("Deno.realPathSync()"))?; + let permissions = state.borrow_mut::<PermissionsContainer>(); + permissions.check_read(&path, "Deno.realPathSync()")?; if path.is_relative() { - permissions.read.check_blind( + permissions.check_read_blind( ¤t_dir()?, "CWD", "Deno.realPathSync()", @@ -1200,10 +1184,10 @@ async fn op_realpath_async( { let mut state = state.borrow_mut(); - let permissions = state.borrow_mut::<Permissions>(); - permissions.read.check(&path, Some("Deno.realPath()"))?; + let permissions = state.borrow_mut::<PermissionsContainer>(); + permissions.check_read(&path, "Deno.realPath()")?; if path.is_relative() { - permissions.read.check_blind( + permissions.check_read_blind( ¤t_dir()?, "CWD", "Deno.realPath()", @@ -1240,9 +1224,8 @@ fn op_read_dir_sync( let path = PathBuf::from(&path); state - .borrow_mut::<Permissions>() - .read - .check(&path, Some("Deno.readDirSync()"))?; + .borrow_mut::<PermissionsContainer>() + .check_read(&path, "Deno.readDirSync()")?; debug!("op_read_dir_sync {}", path.display()); let err_mapper = |err: Error| { @@ -1284,9 +1267,8 @@ async fn op_read_dir_async( { let mut state = state.borrow_mut(); state - .borrow_mut::<Permissions>() - .read - .check(&path, Some("Deno.readDir()"))?; + .borrow_mut::<PermissionsContainer>() + .check_read(&path, "Deno.readDir()")?; } tokio::task::spawn_blocking(move || { debug!("op_read_dir_async {}", path.display()); @@ -1332,16 +1314,10 @@ fn op_rename_sync( let oldpath = PathBuf::from(&oldpath); let newpath = PathBuf::from(&newpath); - let permissions = state.borrow_mut::<Permissions>(); - permissions - .read - .check(&oldpath, Some("Deno.renameSync()"))?; - permissions - .write - .check(&oldpath, Some("Deno.renameSync()"))?; - permissions - .write - .check(&newpath, Some("Deno.renameSync()"))?; + let permissions = state.borrow_mut::<PermissionsContainer>(); + permissions.check_read(&oldpath, "Deno.renameSync()")?; + permissions.check_write(&oldpath, "Deno.renameSync()")?; + permissions.check_write(&newpath, "Deno.renameSync()")?; let err_mapper = |err: Error| { Error::new( @@ -1368,10 +1344,10 @@ async fn op_rename_async( let newpath = PathBuf::from(&newpath); { let mut state = state.borrow_mut(); - let permissions = state.borrow_mut::<Permissions>(); - permissions.read.check(&oldpath, Some("Deno.rename()"))?; - permissions.write.check(&oldpath, Some("Deno.rename()"))?; - permissions.write.check(&newpath, Some("Deno.rename()"))?; + let permissions = state.borrow_mut::<PermissionsContainer>(); + permissions.check_read(&oldpath, "Deno.rename()")?; + permissions.check_write(&oldpath, "Deno.rename()")?; + permissions.check_write(&newpath, "Deno.rename()")?; } tokio::task::spawn_blocking(move || { let err_mapper = |err: Error| { @@ -1401,11 +1377,11 @@ fn op_link_sync( let oldpath = PathBuf::from(&oldpath); let newpath = PathBuf::from(&newpath); - let permissions = state.borrow_mut::<Permissions>(); - permissions.read.check(&oldpath, Some("Deno.linkSync()"))?; - permissions.write.check(&oldpath, Some("Deno.linkSync()"))?; - permissions.read.check(&newpath, Some("Deno.linkSync()"))?; - permissions.write.check(&newpath, Some("Deno.linkSync()"))?; + let permissions = state.borrow_mut::<PermissionsContainer>(); + permissions.check_read(&oldpath, "Deno.linkSync()")?; + permissions.check_write(&oldpath, "Deno.linkSync()")?; + permissions.check_read(&newpath, "Deno.linkSync()")?; + permissions.check_write(&newpath, "Deno.linkSync()")?; let err_mapper = |err: Error| { Error::new( @@ -1433,11 +1409,11 @@ async fn op_link_async( { let mut state = state.borrow_mut(); - let permissions = state.borrow_mut::<Permissions>(); - permissions.read.check(&oldpath, Some("Deno.link()"))?; - permissions.write.check(&oldpath, Some("Deno.link()"))?; - permissions.read.check(&newpath, Some("Deno.link()"))?; - permissions.write.check(&newpath, Some("Deno.link()"))?; + let permissions = state.borrow_mut::<PermissionsContainer>(); + permissions.check_read(&oldpath, "Deno.link()")?; + permissions.check_write(&oldpath, "Deno.link()")?; + permissions.check_read(&newpath, "Deno.link()")?; + permissions.check_write(&newpath, "Deno.link()")?; } tokio::task::spawn_blocking(move || { @@ -1470,13 +1446,11 @@ fn op_symlink_sync( let newpath = PathBuf::from(&newpath); state - .borrow_mut::<Permissions>() - .write - .check_all(Some("Deno.symlinkSync()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write_all("Deno.symlinkSync()")?; state - .borrow_mut::<Permissions>() - .read - .check_all(Some("Deno.symlinkSync()"))?; + .borrow_mut::<PermissionsContainer>() + .check_read_all("Deno.symlinkSync()")?; let err_mapper = |err: Error| { Error::new( @@ -1536,13 +1510,11 @@ async fn op_symlink_async( { let mut state = state.borrow_mut(); state - .borrow_mut::<Permissions>() - .write - .check_all(Some("Deno.symlink()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write_all("Deno.symlink()")?; state - .borrow_mut::<Permissions>() - .read - .check_all(Some("Deno.symlink()"))?; + .borrow_mut::<PermissionsContainer>() + .check_read_all("Deno.symlink()")?; } tokio::task::spawn_blocking(move || { @@ -1602,9 +1574,8 @@ fn op_read_link_sync( let path = PathBuf::from(&path); state - .borrow_mut::<Permissions>() - .read - .check(&path, Some("Deno.readLink()"))?; + .borrow_mut::<PermissionsContainer>() + .check_read(&path, "Deno.readLink()")?; debug!("op_read_link_value {}", path.display()); let err_mapper = |err: Error| { @@ -1629,9 +1600,8 @@ async fn op_read_link_async( { let mut state = state.borrow_mut(); state - .borrow_mut::<Permissions>() - .read - .check(&path, Some("Deno.readLink()"))?; + .borrow_mut::<PermissionsContainer>() + .check_read(&path, "Deno.readLink()")?; } tokio::task::spawn_blocking(move || { debug!("op_read_link_async {}", path.display()); @@ -1688,9 +1658,8 @@ fn op_truncate_sync( let path = PathBuf::from(&path); state - .borrow_mut::<Permissions>() - .write - .check(&path, Some("Deno.truncateSync()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write(&path, "Deno.truncateSync()")?; debug!("op_truncate_sync {} {}", path.display(), len); let err_mapper = |err: Error| { @@ -1718,9 +1687,8 @@ async fn op_truncate_async( { let mut state = state.borrow_mut(); state - .borrow_mut::<Permissions>() - .write - .check(&path, Some("Deno.truncate()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write(&path, "Deno.truncate()")?; } tokio::task::spawn_blocking(move || { debug!("op_truncate_async {} {}", path.display(), len); @@ -1803,9 +1771,9 @@ fn op_make_temp_dir_sync( let prefix = args.prefix.map(String::from); let suffix = args.suffix.map(String::from); - state.borrow_mut::<Permissions>().write.check( + state.borrow_mut::<PermissionsContainer>().check_write( dir.clone().unwrap_or_else(temp_dir).as_path(), - Some("Deno.makeTempDirSync()"), + "Deno.makeTempDirSync()", )?; // TODO(piscisaureus): use byte vector for paths, not a string. @@ -1833,9 +1801,9 @@ async fn op_make_temp_dir_async( let suffix = args.suffix.map(String::from); { let mut state = state.borrow_mut(); - state.borrow_mut::<Permissions>().write.check( + state.borrow_mut::<PermissionsContainer>().check_write( dir.clone().unwrap_or_else(temp_dir).as_path(), - Some("Deno.makeTempDir()"), + "Deno.makeTempDir()", )?; } tokio::task::spawn_blocking(move || { @@ -1866,9 +1834,9 @@ fn op_make_temp_file_sync( let prefix = args.prefix.map(String::from); let suffix = args.suffix.map(String::from); - state.borrow_mut::<Permissions>().write.check( + state.borrow_mut::<PermissionsContainer>().check_write( dir.clone().unwrap_or_else(temp_dir).as_path(), - Some("Deno.makeTempFileSync()"), + "Deno.makeTempFileSync()", )?; // TODO(piscisaureus): use byte vector for paths, not a string. @@ -1896,9 +1864,9 @@ async fn op_make_temp_file_async( let suffix = args.suffix.map(String::from); { let mut state = state.borrow_mut(); - state.borrow_mut::<Permissions>().write.check( + state.borrow_mut::<PermissionsContainer>().check_write( dir.clone().unwrap_or_else(temp_dir).as_path(), - Some("Deno.makeTempFile()"), + "Deno.makeTempFile()", )?; } tokio::task::spawn_blocking(move || { @@ -1973,9 +1941,8 @@ fn op_utime_sync( let mtime = filetime::FileTime::from_unix_time(mtime_secs, mtime_nanos); state - .borrow_mut::<Permissions>() - .write - .check(&path, Some("Deno.utime()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write(&path, "Deno.utime()")?; filetime::set_file_times(&path, atime, mtime).map_err(|err| { Error::new(err.kind(), format!("{}, utime '{}'", err, path.display())) })?; @@ -1997,9 +1964,8 @@ async fn op_utime_async( state .borrow_mut() - .borrow_mut::<Permissions>() - .write - .check(&path, Some("Deno.utime()"))?; + .borrow_mut::<PermissionsContainer>() + .check_write(&path, "Deno.utime()")?; tokio::task::spawn_blocking(move || { filetime::set_file_times(&path, atime, mtime).map_err(|err| { @@ -2014,11 +1980,9 @@ async fn op_utime_async( #[op] fn op_cwd(state: &mut OpState) -> Result<String, AnyError> { let path = current_dir()?; - state.borrow_mut::<Permissions>().read.check_blind( - &path, - "CWD", - "Deno.cwd()", - )?; + state + .borrow_mut::<PermissionsContainer>() + .check_read_blind(&path, "CWD", "Deno.cwd()")?; let path_str = into_string(path.into_os_string())?; Ok(path_str) } @@ -2028,9 +1992,10 @@ fn op_readfile_sync( state: &mut OpState, path: String, ) -> Result<ZeroCopyBuf, AnyError> { - let permissions = state.borrow_mut::<Permissions>(); let path = Path::new(&path); - permissions.read.check(path, Some("Deno.readFileSync()"))?; + state + .borrow_mut::<PermissionsContainer>() + .check_read(path, "Deno.readFileSync()")?; Ok(std::fs::read(path)?.into()) } @@ -2039,11 +2004,10 @@ fn op_readfile_text_sync( state: &mut OpState, path: String, ) -> Result<String, AnyError> { - let permissions = state.borrow_mut::<Permissions>(); let path = Path::new(&path); - permissions - .read - .check(path, Some("Deno.readTextFileSync()"))?; + state + .borrow_mut::<PermissionsContainer>() + .check_read(path, "Deno.readTextFileSync()")?; Ok(string_from_utf8_lossy(std::fs::read(path)?)) } @@ -2057,9 +2021,8 @@ async fn op_readfile_async( let path = Path::new(&path); let mut state = state.borrow_mut(); state - .borrow_mut::<Permissions>() - .read - .check(path, Some("Deno.readFile()"))?; + .borrow_mut::<PermissionsContainer>() + .check_read(path, "Deno.readFile()")?; } let fut = tokio::task::spawn_blocking(move || { let path = Path::new(&path); @@ -2087,9 +2050,8 @@ async fn op_readfile_text_async( let path = Path::new(&path); let mut state = state.borrow_mut(); state - .borrow_mut::<Permissions>() - .read - .check(path, Some("Deno.readTextFile()"))?; + .borrow_mut::<PermissionsContainer>() + .check_read(path, "Deno.readTextFile()")?; } let fut = tokio::task::spawn_blocking(move || { let path = Path::new(&path); diff --git a/runtime/ops/fs_events.rs b/runtime/ops/fs_events.rs index d7c4b4670..6cda48ef3 100644 --- a/runtime/ops/fs_events.rs +++ b/runtime/ops/fs_events.rs @@ -1,6 +1,6 @@ // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. -use crate::permissions::Permissions; +use crate::permissions::PermissionsContainer; use deno_core::error::AnyError; use deno_core::parking_lot::Mutex; use deno_core::AsyncRefCell; @@ -119,9 +119,8 @@ fn op_fs_events_open( for path in &args.paths { let path = PathBuf::from(path); state - .borrow_mut::<Permissions>() - .read - .check(&path, Some("Deno.watchFs()"))?; + .borrow_mut::<PermissionsContainer>() + .check_read(&path, "Deno.watchFs()")?; watcher.watch(&path, recursive_mode)?; } let resource = FsEventsResource { diff --git a/runtime/ops/os/mod.rs b/runtime/ops/os/mod.rs index 28184c949..537bb33f9 100644 --- a/runtime/ops/os/mod.rs +++ b/runtime/ops/os/mod.rs @@ -1,7 +1,7 @@ // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. use super::utils::into_string; -use crate::permissions::Permissions; +use crate::permissions::PermissionsContainer; use crate::worker::ExitCode; use deno_core::error::{type_error, AnyError}; use deno_core::op; @@ -68,11 +68,9 @@ fn noop_op() -> Result<(), AnyError> { #[op] fn op_exec_path(state: &mut OpState) -> Result<String, AnyError> { let current_exe = env::current_exe().unwrap(); - state.borrow_mut::<Permissions>().read.check_blind( - ¤t_exe, - "exec_path", - "Deno.execPath()", - )?; + state + .borrow_mut::<PermissionsContainer>() + .check_read_blind(¤t_exe, "exec_path", "Deno.execPath()")?; // Now apply URL parser to current exe to get fully resolved path, otherwise // we might get `./` and `../` bits in `exec_path` let exe_url = Url::from_file_path(current_exe).unwrap(); @@ -87,7 +85,7 @@ fn op_set_env( key: String, value: String, ) -> Result<(), AnyError> { - state.borrow_mut::<Permissions>().env.check(&key)?; + state.borrow_mut::<PermissionsContainer>().check_env(&key)?; if key.is_empty() { return Err(type_error("Key is an empty string.")); } @@ -109,7 +107,7 @@ fn op_set_env( #[op] fn op_env(state: &mut OpState) -> Result<HashMap<String, String>, AnyError> { - state.borrow_mut::<Permissions>().env.check_all()?; + state.borrow_mut::<PermissionsContainer>().check_env_all()?; Ok(env::vars().collect()) } @@ -121,7 +119,7 @@ fn op_get_env( let skip_permission_check = NODE_ENV_VAR_ALLOWLIST.contains(&key); if !skip_permission_check { - state.borrow_mut::<Permissions>().env.check(&key)?; + state.borrow_mut::<PermissionsContainer>().check_env(&key)?; } if key.is_empty() { @@ -144,7 +142,7 @@ fn op_get_env( #[op] fn op_delete_env(state: &mut OpState, key: String) -> Result<(), AnyError> { - state.borrow_mut::<Permissions>().env.check(&key)?; + state.borrow_mut::<PermissionsContainer>().check_env(&key)?; if key.is_empty() || key.contains(&['=', '\0'] as &[char]) { return Err(type_error("Key contains invalid characters.")); } @@ -166,27 +164,24 @@ fn op_exit(state: &mut OpState) { #[op] fn op_loadavg(state: &mut OpState) -> Result<(f64, f64, f64), AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("loadavg", Some("Deno.loadavg()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("loadavg", "Deno.loadavg()")?; Ok(sys_info::loadavg()) } #[op] fn op_hostname(state: &mut OpState) -> Result<String, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("hostname", Some("Deno.hostname()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("hostname", "Deno.hostname()")?; Ok(sys_info::hostname()) } #[op] fn op_os_release(state: &mut OpState) -> Result<String, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("osRelease", Some("Deno.osRelease()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("osRelease", "Deno.osRelease()")?; Ok(sys_info::os_release()) } @@ -195,9 +190,8 @@ fn op_network_interfaces( state: &mut OpState, ) -> Result<Vec<NetworkInterface>, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("networkInterfaces", Some("Deno.networkInterfaces()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("networkInterfaces", "Deno.networkInterfaces()")?; Ok(netif::up()?.map(NetworkInterface::from).collect()) } @@ -250,9 +244,8 @@ fn op_system_memory_info( state: &mut OpState, ) -> Result<Option<sys_info::MemInfo>, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("systemMemoryInfo", Some("Deno.systemMemoryInfo()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("systemMemoryInfo", "Deno.systemMemoryInfo()")?; Ok(sys_info::mem_info()) } @@ -260,9 +253,8 @@ fn op_system_memory_info( #[op] fn op_gid(state: &mut OpState) -> Result<Option<u32>, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("gid", Some("Deno.gid()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("gid", "Deno.gid()")?; // TODO(bartlomieju): #[allow(clippy::undocumented_unsafe_blocks)] unsafe { @@ -274,9 +266,8 @@ fn op_gid(state: &mut OpState) -> Result<Option<u32>, AnyError> { #[op] fn op_gid(state: &mut OpState) -> Result<Option<u32>, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("gid", Some("Deno.gid()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("gid", "Deno.gid()")?; Ok(None) } @@ -284,9 +275,8 @@ fn op_gid(state: &mut OpState) -> Result<Option<u32>, AnyError> { #[op] fn op_uid(state: &mut OpState) -> Result<Option<u32>, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("uid", Some("Deno.uid()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("uid", "Deno.uid()")?; // TODO(bartlomieju): #[allow(clippy::undocumented_unsafe_blocks)] unsafe { @@ -298,9 +288,8 @@ fn op_uid(state: &mut OpState) -> Result<Option<u32>, AnyError> { #[op] fn op_uid(state: &mut OpState) -> Result<Option<u32>, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("uid", Some("Deno.uid()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("uid", "Deno.uid()")?; Ok(None) } @@ -428,9 +417,8 @@ fn rss() -> usize { fn os_uptime(state: &mut OpState) -> Result<u64, AnyError> { state - .borrow_mut::<Permissions>() - .sys - .check("osUptime", Some("Deno.osUptime()"))?; + .borrow_mut::<PermissionsContainer>() + .check_sys("osUptime", "Deno.osUptime()")?; Ok(sys_info::os_uptime()) } diff --git a/runtime/ops/permissions.rs b/runtime/ops/permissions.rs index 8a2244676..d0b0cdd8b 100644 --- a/runtime/ops/permissions.rs +++ b/runtime/ops/permissions.rs @@ -1,7 +1,7 @@ // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. use crate::permissions::parse_sys_kind; -use crate::permissions::Permissions; +use crate::permissions::PermissionsContainer; use deno_core::error::custom_error; use deno_core::error::uri_error; use deno_core::error::AnyError; @@ -37,7 +37,7 @@ pub fn op_query_permission( state: &mut OpState, args: PermissionArgs, ) -> Result<String, AnyError> { - let permissions = state.borrow::<Permissions>(); + let permissions = state.borrow::<PermissionsContainer>().0.lock(); let path = args.path.as_deref(); let perm = match args.name.as_ref() { "read" => permissions.read.query(path.map(Path::new)), @@ -71,7 +71,7 @@ pub fn op_revoke_permission( state: &mut OpState, args: PermissionArgs, ) -> Result<String, AnyError> { - let permissions = state.borrow_mut::<Permissions>(); + let mut permissions = state.borrow_mut::<PermissionsContainer>().0.lock(); let path = args.path.as_deref(); let perm = match args.name.as_ref() { "read" => permissions.read.revoke(path.map(Path::new)), @@ -105,7 +105,7 @@ pub fn op_request_permission( state: &mut OpState, args: PermissionArgs, ) -> Result<String, AnyError> { - let permissions = state.borrow_mut::<Permissions>(); + let mut permissions = state.borrow_mut::<PermissionsContainer>().0.lock(); let path = args.path.as_deref(); let perm = match args.name.as_ref() { "read" => permissions.read.request(path.map(Path::new)), diff --git a/runtime/ops/process.rs b/runtime/ops/process.rs index b831f1338..86ad292b8 100644 --- a/runtime/ops/process.rs +++ b/runtime/ops/process.rs @@ -4,7 +4,7 @@ use super::io::ChildStderrResource; use super::io::ChildStdinResource; use super::io::ChildStdoutResource; use super::io::StdFileResource; -use crate::permissions::Permissions; +use crate::permissions::PermissionsContainer; use deno_core::error::AnyError; use deno_core::op; @@ -145,9 +145,8 @@ struct RunInfo { fn op_run(state: &mut OpState, run_args: RunArgs) -> Result<RunInfo, AnyError> { let args = run_args.cmd; state - .borrow_mut::<Permissions>() - .run - .check(&args[0], Some("Deno.run()"))?; + .borrow_mut::<PermissionsContainer>() + .check_run(&args[0], "Deno.run()")?; let env = run_args.env; let cwd = run_args.cwd; @@ -354,9 +353,8 @@ fn op_kill( api_name: String, ) -> Result<(), AnyError> { state - .borrow_mut::<Permissions>() - .run - .check_all(Some(&api_name))?; + .borrow_mut::<PermissionsContainer>() + .check_run_all(&api_name)?; kill(pid, &signal)?; Ok(()) } diff --git a/runtime/ops/runtime.rs b/runtime/ops/runtime.rs index 582fb18fc..52dc3f745 100644 --- a/runtime/ops/runtime.rs +++ b/runtime/ops/runtime.rs @@ -1,6 +1,6 @@ // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. -use crate::permissions::Permissions; +use crate::permissions::PermissionsContainer; use deno_core::anyhow::Context; use deno_core::error::AnyError; use deno_core::op; @@ -26,11 +26,9 @@ fn op_main_module(state: &mut OpState) -> Result<String, AnyError> { let main_path = std::env::current_dir() .context("Failed to get current working directory")? .join(main_url.to_string()); - state.borrow_mut::<Permissions>().read.check_blind( - &main_path, - "main_module", - "Deno.mainModule", - )?; + state + .borrow_mut::<PermissionsContainer>() + .check_read_blind(&main_path, "main_module", "Deno.mainModule")?; } Ok(main) } diff --git a/runtime/ops/spawn.rs b/runtime/ops/spawn.rs index 11940013c..4bbf1ef48 100644 --- a/runtime/ops/spawn.rs +++ b/runtime/ops/spawn.rs @@ -5,7 +5,7 @@ use super::io::ChildStdinResource; use super::io::ChildStdoutResource; use super::process::Stdio; use super::process::StdioOrRid; -use crate::permissions::Permissions; +use crate::permissions::PermissionsContainer; use deno_core::error::AnyError; use deno_core::op; use deno_core::Extension; @@ -131,9 +131,8 @@ fn node_unstable_create_command( api_name: &str, ) -> Result<std::process::Command, AnyError> { state - .borrow_mut::<Permissions>() - .run - .check(&args.cmd, Some(api_name))?; + .borrow_mut::<PermissionsContainer>() + .check_run(&args.cmd, api_name)?; let mut command = std::process::Command::new(args.cmd); @@ -196,9 +195,8 @@ fn create_command( ) -> Result<std::process::Command, AnyError> { super::check_unstable(state, "Deno.spawn"); state - .borrow_mut::<Permissions>() - .run - .check(&args.cmd, Some(api_name))?; + .borrow_mut::<PermissionsContainer>() + .check_run(&args.cmd, api_name)?; let mut command = std::process::Command::new(args.cmd); diff --git a/runtime/ops/worker_host.rs b/runtime/ops/worker_host.rs index 54aa0d916..041d3ee6f 100644 --- a/runtime/ops/worker_host.rs +++ b/runtime/ops/worker_host.rs @@ -3,7 +3,7 @@ use crate::ops::TestingFeaturesEnabled; use crate::permissions::create_child_permissions; use crate::permissions::ChildPermissionsArg; -use crate::permissions::Permissions; +use crate::permissions::PermissionsContainer; use crate::web_worker::run_web_worker; use crate::web_worker::SendableWebWorkerHandle; use crate::web_worker::WebWorker; @@ -15,7 +15,6 @@ use crate::worker::FormatJsErrorFn; use deno_core::error::AnyError; use deno_core::futures::future::LocalFutureObj; use deno_core::op; - use deno_core::serde::Deserialize; use deno_core::CancelFuture; use deno_core::CancelHandle; @@ -32,8 +31,8 @@ use std::sync::Arc; pub struct CreateWebWorkerArgs { pub name: String, pub worker_id: WorkerId, - pub parent_permissions: Permissions, - pub permissions: Permissions, + pub parent_permissions: PermissionsContainer, + pub permissions: PermissionsContainer, pub main_module: ModuleSpecifier, pub worker_type: WebWorkerType, } @@ -164,10 +163,13 @@ fn op_create_worker( if args.permissions.is_some() { super::check_unstable(state, "Worker.deno.permissions"); } - let parent_permissions = state.borrow_mut::<Permissions>(); + let parent_permissions = state.borrow_mut::<PermissionsContainer>(); let worker_permissions = if let Some(child_permissions_arg) = args.permissions { - create_child_permissions(parent_permissions, child_permissions_arg)? + let mut parent_permissions = parent_permissions.0.lock(); + let perms = + create_child_permissions(&mut parent_permissions, child_permissions_arg)?; + PermissionsContainer::new(perms) } else { parent_permissions.clone() }; |