diff options
Diffstat (limited to 'runtime')
| -rw-r--r-- | runtime/examples/extension/main.rs | 2 | ||||
| -rw-r--r-- | runtime/lib.rs | 1 | ||||
| -rw-r--r-- | runtime/ops/fs_events.rs | 2 | ||||
| -rw-r--r-- | runtime/ops/os/mod.rs | 2 | ||||
| -rw-r--r-- | runtime/ops/process.rs | 2 | ||||
| -rw-r--r-- | runtime/ops/runtime.rs | 2 | ||||
| -rw-r--r-- | runtime/ops/worker_host.rs | 8 | ||||
| -rw-r--r-- | runtime/permissions.rs | 268 | ||||
| -rw-r--r-- | runtime/snapshot.rs | 8 | ||||
| -rw-r--r-- | runtime/web_worker.rs | 6 | ||||
| -rw-r--r-- | runtime/worker.rs | 8 |
11 files changed, 21 insertions, 288 deletions
diff --git a/runtime/examples/extension/main.rs b/runtime/examples/extension/main.rs index 0d7c4efb0..4339bdf67 100644 --- a/runtime/examples/extension/main.rs +++ b/runtime/examples/extension/main.rs @@ -10,7 +10,7 @@ use deno_core::error::AnyError; use deno_core::op2; use deno_core::FsModuleLoader; use deno_core::ModuleSpecifier; -use deno_runtime::permissions::PermissionsContainer; +use deno_runtime::deno_permissions::PermissionsContainer; use deno_runtime::worker::MainWorker; use deno_runtime::worker::WorkerOptions; diff --git a/runtime/lib.rs b/runtime/lib.rs index ec751f207..c92f5aea2 100644 --- a/runtime/lib.rs +++ b/runtime/lib.rs @@ -33,7 +33,6 @@ pub mod fs_util; pub mod inspector_server; pub mod js; pub mod ops; -pub mod permissions; pub mod snapshot; pub mod tokio_util; pub mod web_worker; diff --git a/runtime/ops/fs_events.rs b/runtime/ops/fs_events.rs index 1e8fab936..367866162 100644 --- a/runtime/ops/fs_events.rs +++ b/runtime/ops/fs_events.rs @@ -1,6 +1,5 @@ // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license. -use crate::permissions::PermissionsContainer; use deno_core::error::AnyError; use deno_core::parking_lot::Mutex; use deno_core::AsyncRefCell; @@ -13,6 +12,7 @@ use deno_core::ResourceId; use deno_core::op2; +use deno_permissions::PermissionsContainer; use notify::event::Event as NotifyEvent; use notify::Error as NotifyError; use notify::EventKind; diff --git a/runtime/ops/os/mod.rs b/runtime/ops/os/mod.rs index f6f55f68f..c2611f869 100644 --- a/runtime/ops/os/mod.rs +++ b/runtime/ops/os/mod.rs @@ -1,7 +1,6 @@ // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license. use super::utils::into_string; -use crate::permissions::PermissionsContainer; use crate::worker::ExitCode; use deno_core::error::type_error; use deno_core::error::AnyError; @@ -10,6 +9,7 @@ use deno_core::url::Url; use deno_core::v8; use deno_core::OpState; use deno_node::NODE_ENV_VAR_ALLOWLIST; +use deno_permissions::PermissionsContainer; use serde::Serialize; use std::collections::HashMap; use std::env; diff --git a/runtime/ops/process.rs b/runtime/ops/process.rs index bda6045ac..b894b35db 100644 --- a/runtime/ops/process.rs +++ b/runtime/ops/process.rs @@ -1,7 +1,6 @@ // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license. use super::check_unstable; -use crate::permissions::PermissionsContainer; use deno_core::anyhow::Context; use deno_core::error::type_error; use deno_core::error::AnyError; @@ -18,6 +17,7 @@ use deno_io::fs::FileResource; use deno_io::ChildStderrResource; use deno_io::ChildStdinResource; use deno_io::ChildStdoutResource; +use deno_permissions::PermissionsContainer; use serde::Deserialize; use serde::Serialize; use std::borrow::Cow; diff --git a/runtime/ops/runtime.rs b/runtime/ops/runtime.rs index 5b0b092c1..306e6ce8f 100644 --- a/runtime/ops/runtime.rs +++ b/runtime/ops/runtime.rs @@ -1,10 +1,10 @@ // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license. -use crate::permissions::PermissionsContainer; use deno_core::error::AnyError; use deno_core::op2; use deno_core::ModuleSpecifier; use deno_core::OpState; +use deno_permissions::PermissionsContainer; deno_core::extension!( deno_runtime, diff --git a/runtime/ops/worker_host.rs b/runtime/ops/worker_host.rs index e3360b830..19475fedf 100644 --- a/runtime/ops/worker_host.rs +++ b/runtime/ops/worker_host.rs @@ -1,9 +1,6 @@ // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license. use crate::ops::TestingFeaturesEnabled; -use crate::permissions::create_child_permissions; -use crate::permissions::ChildPermissionsArg; -use crate::permissions::PermissionsContainer; use crate::web_worker::run_web_worker; use crate::web_worker::SendableWebWorkerHandle; use crate::web_worker::WebWorker; @@ -20,6 +17,9 @@ use deno_core::CancelFuture; use deno_core::CancelHandle; use deno_core::ModuleSpecifier; use deno_core::OpState; +use deno_permissions::create_child_permissions; +use deno_permissions::ChildPermissionsArg; +use deno_permissions::PermissionsContainer; use deno_web::deserialize_js_transferables; use deno_web::JsMessageData; use log::debug; @@ -156,7 +156,7 @@ fn op_create_worker( let parent_permissions = state.borrow_mut::<PermissionsContainer>(); let worker_permissions = if let Some(child_permissions_arg) = args.permissions { - let mut parent_permissions = parent_permissions.0 .0.lock(); + let mut parent_permissions = parent_permissions.0.lock(); let perms = create_child_permissions(&mut parent_permissions, child_permissions_arg)?; PermissionsContainer::new(perms) diff --git a/runtime/permissions.rs b/runtime/permissions.rs deleted file mode 100644 index edd03e1d5..000000000 --- a/runtime/permissions.rs +++ /dev/null @@ -1,268 +0,0 @@ -// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license. - -use std::borrow::Cow; -use std::path::Path; - -use deno_core::error::AnyError; -use deno_core::url::Url; -pub use deno_io::fs::FsError; -pub use deno_permissions::create_child_permissions; -pub use deno_permissions::parse_sys_kind; -pub use deno_permissions::set_prompt_callbacks; -pub use deno_permissions::ChildPermissionsArg; -pub use deno_permissions::Permissions; -pub use deno_permissions::PermissionsOptions; - -// NOTE: Temporary permissions container to satisfy traits. We are migrating to the deno_permissions -// crate. -#[derive(Debug, Clone)] - -pub struct PermissionsContainer(pub deno_permissions::PermissionsContainer); - -impl PermissionsContainer { - pub fn new(permissions: deno_permissions::Permissions) -> Self { - Self(deno_permissions::PermissionsContainer::new(permissions)) - } - - pub fn allow_all() -> Self { - Self(deno_permissions::PermissionsContainer::allow_all()) - } -} - -impl std::ops::Deref for PermissionsContainer { - type Target = deno_permissions::PermissionsContainer; - - fn deref(&self) -> &Self::Target { - &self.0 - } -} - -impl std::ops::DerefMut for PermissionsContainer { - fn deref_mut(&mut self) -> &mut Self::Target { - &mut self.0 - } -} - -impl deno_node::NodePermissions for PermissionsContainer { - #[inline(always)] - fn check_net_url( - &mut self, - url: &Url, - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_net_url(url, api_name) - } - - #[inline(always)] - fn check_read_with_api_name( - &self, - path: &Path, - api_name: Option<&str>, - ) -> Result<(), AnyError> { - self.0.check_read_with_api_name(path, api_name) - } - - #[inline(always)] - fn check_write_with_api_name( - &self, - path: &Path, - api_name: Option<&str>, - ) -> Result<(), AnyError> { - self.0.check_write_with_api_name(path, api_name) - } - - fn check_sys(&self, kind: &str, api_name: &str) -> Result<(), AnyError> { - self.0.check_sys(kind, api_name) - } -} - -impl deno_fetch::FetchPermissions for PermissionsContainer { - #[inline(always)] - fn check_net_url( - &mut self, - url: &Url, - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_net_url(url, api_name) - } - - #[inline(always)] - fn check_read( - &mut self, - path: &Path, - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_read(path, api_name) - } -} - -impl deno_net::NetPermissions for PermissionsContainer { - #[inline(always)] - fn check_net<T: AsRef<str>>( - &mut self, - host: &(T, Option<u16>), - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_net(host, api_name) - } - - #[inline(always)] - fn check_read( - &mut self, - path: &Path, - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_read(path, api_name) - } - - #[inline(always)] - fn check_write( - &mut self, - path: &Path, - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_write(path, api_name) - } -} - -impl deno_web::TimersPermission for PermissionsContainer { - #[inline(always)] - fn allow_hrtime(&mut self) -> bool { - self.0.allow_hrtime() - } -} - -impl deno_websocket::WebSocketPermissions for PermissionsContainer { - #[inline(always)] - fn check_net_url( - &mut self, - url: &Url, - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_net_url(url, api_name) - } -} - -impl deno_fs::FsPermissions for PermissionsContainer { - fn check_open<'a>( - &mut self, - resolved: bool, - read: bool, - write: bool, - path: &'a Path, - api_name: &str, - ) -> Result<Cow<'a, Path>, FsError> { - if resolved { - self.check_special_file(path, api_name).map_err(|_| { - std::io::Error::from(std::io::ErrorKind::PermissionDenied) - })?; - return Ok(Cow::Borrowed(path)); - } - - // If somehow read or write aren't specified, use read - let read = read || !write; - if read { - deno_fs::FsPermissions::check_read(self, path, api_name) - .map_err(|_| FsError::PermissionDenied("read"))?; - } - if write { - deno_fs::FsPermissions::check_write(self, path, api_name) - .map_err(|_| FsError::PermissionDenied("write"))?; - } - Ok(Cow::Borrowed(path)) - } - - fn check_read( - &mut self, - path: &Path, - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_read(path, api_name) - } - - fn check_read_blind( - &mut self, - path: &Path, - display: &str, - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_read_blind(path, display, api_name) - } - - fn check_write( - &mut self, - path: &Path, - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_write(path, api_name) - } - - fn check_write_partial( - &mut self, - path: &Path, - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_write_partial(path, api_name) - } - - fn check_write_blind( - &mut self, - p: &Path, - display: &str, - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_write_blind(p, display, api_name) - } - - fn check_read_all(&mut self, api_name: &str) -> Result<(), AnyError> { - self.0.check_read_all(api_name) - } - - fn check_write_all(&mut self, api_name: &str) -> Result<(), AnyError> { - self.0.check_write_all(api_name) - } -} - -// NOTE(bartlomieju): for now, NAPI uses `--allow-ffi` flag, but that might -// change in the future. -impl deno_napi::NapiPermissions for PermissionsContainer { - #[inline(always)] - fn check(&mut self, path: Option<&Path>) -> Result<(), AnyError> { - self.0.check_ffi(path) - } -} - -impl deno_ffi::FfiPermissions for PermissionsContainer { - #[inline(always)] - fn check_partial(&mut self, path: Option<&Path>) -> Result<(), AnyError> { - self.0.check_ffi_partial(path) - } -} - -impl deno_kv::sqlite::SqliteDbHandlerPermissions for PermissionsContainer { - #[inline(always)] - fn check_read(&mut self, p: &Path, api_name: &str) -> Result<(), AnyError> { - self.0.check_read(p, api_name) - } - - #[inline(always)] - fn check_write(&mut self, p: &Path, api_name: &str) -> Result<(), AnyError> { - self.0.check_write(p, api_name) - } -} - -impl deno_kv::remote::RemoteDbHandlerPermissions for PermissionsContainer { - #[inline(always)] - fn check_env(&mut self, var: &str) -> Result<(), AnyError> { - self.0.check_env(var) - } - - #[inline(always)] - fn check_net_url( - &mut self, - url: &Url, - api_name: &str, - ) -> Result<(), AnyError> { - self.0.check_net_url(url, api_name) - } -} diff --git a/runtime/snapshot.rs b/runtime/snapshot.rs index 923ea0b75..7ae5e3ae5 100644 --- a/runtime/snapshot.rs +++ b/runtime/snapshot.rs @@ -81,21 +81,21 @@ impl deno_node::NodePermissions for Permissions { unreachable!("snapshotting!") } fn check_read_with_api_name( - &self, + &mut self, _p: &Path, _api_name: Option<&str>, ) -> Result<(), deno_core::error::AnyError> { unreachable!("snapshotting!") } fn check_write_with_api_name( - &self, + &mut self, _p: &Path, _api_name: Option<&str>, ) -> Result<(), deno_core::error::AnyError> { unreachable!("snapshotting!") } fn check_sys( - &self, + &mut self, _kind: &str, _api_name: &str, ) -> Result<(), deno_core::error::AnyError> { @@ -254,7 +254,7 @@ pub fn create_runtime_snapshot( deno_http::deno_http::init_ops_and_esm::<DefaultHttpPropertyExtractor>(), deno_io::deno_io::init_ops_and_esm(Default::default()), deno_fs::deno_fs::init_ops_and_esm::<Permissions>(fs.clone()), - deno_node::deno_node::init_ops_and_esm::<Permissions>(None, fs), + deno_node::deno_node::init_ops_and_esm::<Permissions>(None, None, fs), runtime::init_ops_and_esm(), ops::runtime::deno_runtime::init_ops("deno:runtime".parse().unwrap()), ops::worker_host::deno_worker_host::init_ops( diff --git a/runtime/web_worker.rs b/runtime/web_worker.rs index 836035694..07a955efb 100644 --- a/runtime/web_worker.rs +++ b/runtime/web_worker.rs @@ -2,7 +2,6 @@ use crate::inspector_server::InspectorServer; use crate::ops; use crate::ops::worker_host::WorkersTable; -use crate::permissions::PermissionsContainer; use crate::shared::maybe_transpile_source; use crate::shared::runtime; use crate::tokio_util::create_and_run_current_thread; @@ -45,6 +44,8 @@ use deno_fs::FileSystem; use deno_http::DefaultHttpPropertyExtractor; use deno_io::Stdio; use deno_kv::dynamic::MultiBackendDbHandler; +use deno_node::NodeResolver; +use deno_permissions::PermissionsContainer; use deno_terminal::colors; use deno_tls::RootCertStoreProvider; use deno_tls::TlsKeys; @@ -364,6 +365,7 @@ pub struct WebWorkerOptions { pub seed: Option<u64>, pub fs: Arc<dyn FileSystem>, pub module_loader: Rc<dyn ModuleLoader>, + pub node_resolver: Option<Arc<NodeResolver>>, pub npm_resolver: Option<Arc<dyn deno_node::NpmResolver>>, pub create_web_worker_cb: Arc<ops::worker_host::CreateWebWorkerCb>, pub format_js_error_fn: Option<Arc<FormatJsErrorFn>>, @@ -411,7 +413,6 @@ impl WebWorker { enable_testing_features: bool, }, state = |state, options| { - state.put::<deno_permissions::PermissionsContainer>(options.permissions.0.clone()); state.put::<PermissionsContainer>(options.permissions); state.put(ops::TestingFeaturesEnabled(options.enable_testing_features)); }, @@ -491,6 +492,7 @@ impl WebWorker { options.fs.clone(), ), deno_node::deno_node::init_ops_and_esm::<PermissionsContainer>( + options.node_resolver, options.npm_resolver, options.fs, ), diff --git a/runtime/worker.rs b/runtime/worker.rs index 09faa6e08..4e16afeeb 100644 --- a/runtime/worker.rs +++ b/runtime/worker.rs @@ -39,6 +39,7 @@ use deno_fs::FileSystem; use deno_http::DefaultHttpPropertyExtractor; use deno_io::Stdio; use deno_kv::dynamic::MultiBackendDbHandler; +use deno_permissions::PermissionsContainer; use deno_tls::RootCertStoreProvider; use deno_tls::TlsKeys; use deno_web::BlobStore; @@ -48,7 +49,6 @@ use crate::code_cache::CodeCache; use crate::code_cache::CodeCacheType; use crate::inspector_server::InspectorServer; use crate::ops; -use crate::permissions::PermissionsContainer; use crate::shared::maybe_transpile_source; use crate::shared::runtime; use crate::BootstrapOptions; @@ -156,6 +156,7 @@ pub struct WorkerOptions { /// If not provided runtime will error if code being /// executed tries to load modules. pub module_loader: Rc<dyn ModuleLoader>, + pub node_resolver: Option<Arc<deno_node::NodeResolver>>, pub npm_resolver: Option<Arc<dyn deno_node::NpmResolver>>, // Callbacks invoked when creating new instance of WebWorker pub create_web_worker_cb: Arc<ops::worker_host::CreateWebWorkerCb>, @@ -227,6 +228,7 @@ impl Default for WorkerOptions { broadcast_channel: Default::default(), source_map_getter: Default::default(), root_cert_store_provider: Default::default(), + node_resolver: Default::default(), npm_resolver: Default::default(), blob_store: Default::default(), extensions: Default::default(), @@ -329,9 +331,6 @@ impl MainWorker { enable_testing_features: bool, }, state = |state, options| { - // Save the permissions container and the wrapper. - state.put::<deno_permissions::PermissionsContainer>(options.permissions.0.clone()); - // This is temporary until we migrate all exts/ to the deno_permissions crate. state.put::<PermissionsContainer>(options.permissions); state.put(ops::TestingFeaturesEnabled(options.enable_testing_features)); }, @@ -419,6 +418,7 @@ impl MainWorker { options.fs.clone(), ), deno_node::deno_node::init_ops_and_esm::<PermissionsContainer>( + options.node_resolver, options.npm_resolver, options.fs, ), |