1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-21 21:50:00 -05:00

BREAKING(permissions): remove --allow-hrtime (#25367)

Remove `--allow-hrtime` and `--deny-hrtime`. We are doing this because
it is already possible to get access to high resolution timers through
workers and SharedArrayBuffer.

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
This commit is contained in:
Luca Casonato 2024-09-03 11:24:25 +02:00 committed by GitHub
parent b5695d02df
commit 5cf97f539b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
34 changed files with 30 additions and 270 deletions

View file

@ -619,8 +619,6 @@ pub struct PermissionFlags {
pub allow_all: bool, pub allow_all: bool,
pub allow_env: Option<Vec<String>>, pub allow_env: Option<Vec<String>>,
pub deny_env: Option<Vec<String>>, pub deny_env: Option<Vec<String>>,
pub allow_hrtime: bool,
pub deny_hrtime: bool,
pub allow_ffi: Option<Vec<String>>, pub allow_ffi: Option<Vec<String>>,
pub deny_ffi: Option<Vec<String>>, pub deny_ffi: Option<Vec<String>>,
pub allow_net: Option<Vec<String>>, pub allow_net: Option<Vec<String>>,
@ -641,8 +639,6 @@ impl PermissionFlags {
self.allow_all self.allow_all
|| self.allow_env.is_some() || self.allow_env.is_some()
|| self.deny_env.is_some() || self.deny_env.is_some()
|| self.allow_hrtime
|| self.deny_hrtime
|| self.allow_ffi.is_some() || self.allow_ffi.is_some()
|| self.deny_ffi.is_some() || self.deny_ffi.is_some()
|| self.allow_net.is_some() || self.allow_net.is_some()
@ -690,8 +686,6 @@ impl PermissionFlags {
allow_all: self.allow_all, allow_all: self.allow_all,
allow_env: self.allow_env.clone(), allow_env: self.allow_env.clone(),
deny_env: self.deny_env.clone(), deny_env: self.deny_env.clone(),
allow_hrtime: self.allow_hrtime,
deny_hrtime: self.deny_hrtime,
allow_net: self.allow_net.clone(), allow_net: self.allow_net.clone(),
deny_net: self.deny_net.clone(), deny_net: self.deny_net.clone(),
allow_ffi: convert_option_str_to_path_buf(&self.allow_ffi, initial_cwd)?, allow_ffi: convert_option_str_to_path_buf(&self.allow_ffi, initial_cwd)?,
@ -905,14 +899,6 @@ impl Flags {
_ => {} _ => {}
} }
if self.permissions.allow_hrtime {
args.push("--allow-hrtime".to_string());
}
if self.permissions.deny_hrtime {
args.push("--deny-hrtime".to_string());
}
args args
} }
@ -996,8 +982,6 @@ impl Flags {
pub fn has_permission_in_argv(&self) -> bool { pub fn has_permission_in_argv(&self) -> bool {
self.argv.iter().any(|arg| { self.argv.iter().any(|arg| {
arg == "--allow-all" arg == "--allow-all"
|| arg == "--allow-hrtime"
|| arg == "--deny-hrtime"
|| arg.starts_with("--allow-env") || arg.starts_with("--allow-env")
|| arg.starts_with("--deny-env") || arg.starts_with("--deny-env")
|| arg.starts_with("--allow-ffi") || arg.starts_with("--allow-ffi")
@ -1025,7 +1009,6 @@ impl Flags {
self.permissions.allow_write = Some(vec![]); self.permissions.allow_write = Some(vec![]);
self.permissions.allow_sys = Some(vec![]); self.permissions.allow_sys = Some(vec![]);
self.permissions.allow_ffi = Some(vec![]); self.permissions.allow_ffi = Some(vec![]);
self.permissions.allow_hrtime = true;
} }
pub fn resolve_watch_exclude_set( pub fn resolve_watch_exclude_set(
@ -1393,7 +1376,6 @@ fn handle_repl_flags(flags: &mut Flags, repl_flags: ReplFlags) {
flags.permissions.allow_sys = Some(vec![]); flags.permissions.allow_sys = Some(vec![]);
flags.permissions.allow_write = Some(vec![]); flags.permissions.allow_write = Some(vec![]);
flags.permissions.allow_ffi = Some(vec![]); flags.permissions.allow_ffi = Some(vec![]);
flags.permissions.allow_hrtime = true;
} }
flags.subcommand = DenoSubcommand::Repl(repl_flags); flags.subcommand = DenoSubcommand::Repl(repl_flags);
} }
@ -3098,8 +3080,6 @@ Docs: <c>https://docs.deno.com/go/permissions</>
<p(245)>--allow-run | --allow-run="whoami,ps"</> <p(245)>--allow-run | --allow-run="whoami,ps"</>
<g>--allow-ffi[=<<PATH>...]</> (Unstable) Allow loading dynamic libraries. Optionally specify allowed directories or files. <g>--allow-ffi[=<<PATH>...]</> (Unstable) Allow loading dynamic libraries. Optionally specify allowed directories or files.
<p(245)>--allow-ffi | --allow-ffi="./libfoo.so"</> <p(245)>--allow-ffi | --allow-ffi="./libfoo.so"</>
<g>--allow-hrtime</> Allow high-resolution time measurement. Note: this can enable timing attacks and fingerprinting.
<p(245)>--allow-hrtime</>
<g> --deny-read[=<<PATH>...]</> Deny file system read access. Optionally specify denied paths. <g> --deny-read[=<<PATH>...]</> Deny file system read access. Optionally specify denied paths.
<p(245)>--deny-read | --deny-read="/etc,/var/log.txt"</> <p(245)>--deny-read | --deny-read="/etc,/var/log.txt"</>
<g> --deny-write[=<<PATH>...]</> Deny file system write access. Optionally specify denied paths. <g> --deny-write[=<<PATH>...]</> Deny file system write access. Optionally specify denied paths.
@ -3114,8 +3094,6 @@ Docs: <c>https://docs.deno.com/go/permissions</>
<p(245)>--deny-run | --deny-run="whoami,ps"</> <p(245)>--deny-run | --deny-run="whoami,ps"</>
<g>--deny-ffi[=<<PATH>...]</> (Unstable) Deny loading dynamic libraries. Optionally specify denied directories or files. <g>--deny-ffi[=<<PATH>...]</> (Unstable) Deny loading dynamic libraries. Optionally specify denied directories or files.
<p(245)>--deny-ffi | --deny-ffi="./libfoo.so"</> <p(245)>--deny-ffi | --deny-ffi="./libfoo.so"</>
<g>--deny-hrtime</> Deny high-resolution time measurement.
<p(245)>--deny-hrtime</>
"#)) "#))
.arg( .arg(
Arg::new("allow-all") Arg::new("allow-all")
@ -3312,14 +3290,14 @@ Docs: <c>https://docs.deno.com/go/permissions</>
Arg::new("allow-hrtime") Arg::new("allow-hrtime")
.long("allow-hrtime") .long("allow-hrtime")
.action(ArgAction::SetTrue) .action(ArgAction::SetTrue)
.help("Allow high-resolution time measurement. Note: this can enable timing attacks and fingerprinting") .help("REMOVED in Deno 2.0")
.hide(true), .hide(true),
) )
.arg( .arg(
Arg::new("deny-hrtime") Arg::new("deny-hrtime")
.long("deny-hrtime") .long("deny-hrtime")
.action(ArgAction::SetTrue) .action(ArgAction::SetTrue)
.help("Deny high-resolution time measurement. Note: this can prevent timing attacks and fingerprinting") .help("REMOVED in Deno 2.0")
.hide(true), .hide(true),
) )
.arg( .arg(
@ -4802,12 +4780,8 @@ fn permission_args_parse(flags: &mut Flags, matches: &mut ArgMatches) {
debug!("ffi denylist: {:#?}", &flags.permissions.deny_ffi); debug!("ffi denylist: {:#?}", &flags.permissions.deny_ffi);
} }
if matches.get_flag("allow-hrtime") { if matches.get_flag("allow-hrtime") || matches.get_flag("deny-hrtime") {
flags.permissions.allow_hrtime = true; log::warn!("⚠️ Warning: `allow-hrtime` and `deny-hrtime` have been removed in Deno 2, as high resolution time is now always allowed.");
}
if matches.get_flag("deny-hrtime") {
flags.permissions.deny_hrtime = true;
} }
if matches.get_flag("allow-all") { if matches.get_flag("allow-all") {
@ -5784,7 +5758,6 @@ mod tests {
allow_sys: Some(vec![]), allow_sys: Some(vec![]),
allow_write: Some(vec![]), allow_write: Some(vec![]),
allow_ffi: Some(vec![]), allow_ffi: Some(vec![]),
allow_hrtime: true,
..Default::default() ..Default::default()
}, },
code_cache_enabled: true, code_cache_enabled: true,
@ -5856,44 +5829,6 @@ mod tests {
); );
} }
#[test]
fn allow_hrtime() {
let r = flags_from_vec(svec!["deno", "run", "--allow-hrtime", "gist.ts"]);
assert_eq!(
r.unwrap(),
Flags {
subcommand: DenoSubcommand::Run(RunFlags::new_default(
"gist.ts".to_string(),
)),
permissions: PermissionFlags {
allow_hrtime: true,
..Default::default()
},
code_cache_enabled: true,
..Flags::default()
}
);
}
#[test]
fn deny_hrtime() {
let r = flags_from_vec(svec!["deno", "run", "--deny-hrtime", "gist.ts"]);
assert_eq!(
r.unwrap(),
Flags {
subcommand: DenoSubcommand::Run(RunFlags::new_default(
"gist.ts".to_string(),
)),
permissions: PermissionFlags {
deny_hrtime: true,
..Default::default()
},
code_cache_enabled: true,
..Flags::default()
}
);
}
#[test] #[test]
fn double_hyphen() { fn double_hyphen() {
// notice that flags passed after double dash will not // notice that flags passed after double dash will not
@ -6717,7 +6652,6 @@ mod tests {
allow_sys: Some(vec![]), allow_sys: Some(vec![]),
allow_write: Some(vec![]), allow_write: Some(vec![]),
allow_ffi: Some(vec![]), allow_ffi: Some(vec![]),
allow_hrtime: true,
..Default::default() ..Default::default()
}, },
..Flags::default() ..Flags::default()
@ -6744,7 +6678,6 @@ mod tests {
allow_sys: Some(vec![]), allow_sys: Some(vec![]),
allow_write: Some(vec![]), allow_write: Some(vec![]),
allow_ffi: Some(vec![]), allow_ffi: Some(vec![]),
allow_hrtime: true,
..Default::default() ..Default::default()
}, },
..Flags::default() ..Flags::default()
@ -6776,7 +6709,6 @@ mod tests {
allow_sys: Some(vec![]), allow_sys: Some(vec![]),
allow_write: Some(vec![]), allow_write: Some(vec![]),
allow_ffi: Some(vec![]), allow_ffi: Some(vec![]),
allow_hrtime: true,
..Default::default() ..Default::default()
}, },
ext: Some("ts".to_string()), ext: Some("ts".to_string()),
@ -6817,7 +6749,6 @@ mod tests {
allow_sys: Some(vec![]), allow_sys: Some(vec![]),
allow_write: Some(vec![]), allow_write: Some(vec![]),
allow_ffi: Some(vec![]), allow_ffi: Some(vec![]),
allow_hrtime: true,
..Default::default() ..Default::default()
}, },
env_file: Some(".example.env".to_owned()), env_file: Some(".example.env".to_owned()),
@ -6852,7 +6783,6 @@ mod tests {
allow_sys: Some(vec![]), allow_sys: Some(vec![]),
allow_write: Some(vec![]), allow_write: Some(vec![]),
allow_ffi: Some(vec![]), allow_ffi: Some(vec![]),
allow_hrtime: true,
..Default::default() ..Default::default()
}, },
..Flags::default() ..Flags::default()
@ -6886,7 +6816,6 @@ mod tests {
deny_write: None, deny_write: None,
allow_ffi: Some(vec![]), allow_ffi: Some(vec![]),
deny_ffi: None, deny_ffi: None,
allow_hrtime: true,
..Default::default() ..Default::default()
}, },
..Flags::default() ..Flags::default()
@ -6940,7 +6869,6 @@ mod tests {
allow_sys: Some(vec![]), allow_sys: Some(vec![]),
allow_write: Some(vec![]), allow_write: Some(vec![]),
allow_ffi: Some(vec![]), allow_ffi: Some(vec![]),
allow_hrtime: true,
..Default::default() ..Default::default()
}, },
env_file: Some(".example.env".to_owned()), env_file: Some(".example.env".to_owned()),
@ -10312,7 +10240,6 @@ mod tests {
allow_sys: Some(vec![]), allow_sys: Some(vec![]),
allow_write: Some(vec![]), allow_write: Some(vec![]),
allow_ffi: Some(vec![]), allow_ffi: Some(vec![]),
allow_hrtime: true,
..Default::default() ..Default::default()
}, },
..Flags::default() ..Flags::default()

View file

@ -553,15 +553,6 @@ declare namespace Deno {
*/ */
sys?: "inherit" | boolean | string[]; sys?: "inherit" | boolean | string[];
/** Specifies if the `hrtime` permission should be requested or revoked.
* If set to `"inherit"`, the current `hrtime` permission will be inherited.
* If set to `true`, the global `hrtime` permission will be requested.
* If set to `false`, the global `hrtime` permission will be revoked.
*
* @default {false}
*/
hrtime?: "inherit" | boolean;
/** Specifies if the `net` permission should be requested or revoked. /** Specifies if the `net` permission should be requested or revoked.
* if set to `"inherit"`, the current `net` permission will be inherited. * if set to `"inherit"`, the current `net` permission will be inherited.
* if set to `true`, the global `net` permission will be requested. * if set to `true`, the global `net` permission will be requested.
@ -4741,8 +4732,7 @@ declare namespace Deno {
| "net" | "net"
| "env" | "env"
| "sys" | "sys"
| "ffi" | "ffi";
| "hrtime";
/** The current status of the permission: /** The current status of the permission:
* *
@ -4873,17 +4863,6 @@ declare namespace Deno {
path?: string | URL; path?: string | URL;
} }
/** The permission descriptor for the `allow-hrtime` and `deny-hrtime` permissions, which
* controls if the runtime code has access to high resolution time. High
* resolution time is considered sensitive information, because it can be used
* by malicious code to gain information about the host that it might not
* otherwise have access to.
*
* @category Permissions */
export interface HrtimePermissionDescriptor {
name: "hrtime";
}
/** Permission descriptors which define a permission and can be queried, /** Permission descriptors which define a permission and can be queried,
* requested, or revoked. * requested, or revoked.
* *
@ -4899,8 +4878,7 @@ declare namespace Deno {
| NetPermissionDescriptor | NetPermissionDescriptor
| EnvPermissionDescriptor | EnvPermissionDescriptor
| SysPermissionDescriptor | SysPermissionDescriptor
| FfiPermissionDescriptor | FfiPermissionDescriptor;
| HrtimePermissionDescriptor;
/** The interface which defines what event types are supported by /** The interface which defines what event types are supported by
* {@linkcode PermissionStatus} instances. * {@linkcode PermissionStatus} instances.

View file

@ -593,16 +593,12 @@ declare interface Performance extends EventTarget {
endMark?: string, endMark?: string,
): PerformanceMeasure; ): PerformanceMeasure;
/** Returns a current time from Deno's start in milliseconds. /** Returns a current time from Deno's start in fractional milliseconds.
*
* Use the permission flag `--allow-hrtime` to return a precise value.
* *
* ```ts * ```ts
* const t = performance.now(); * const t = performance.now();
* console.log(`${t} ms since start!`); * console.log(`${t} ms since start!`);
* ``` * ```
*
* @tags allow-hrtime
*/ */
now(): number; now(): number;

View file

@ -13,7 +13,7 @@ pub trait TimersPermission {
impl TimersPermission for deno_permissions::PermissionsContainer { impl TimersPermission for deno_permissions::PermissionsContainer {
#[inline(always)] #[inline(always)]
fn allow_hrtime(&mut self) -> bool { fn allow_hrtime(&mut self) -> bool {
deno_permissions::PermissionsContainer::allow_hrtime(self) true
} }
} }

View file

@ -37,7 +37,7 @@ const illegalConstructorKey = Symbol("illegalConstructorKey");
* @property {boolean} partial * @property {boolean} partial
*/ */
/** @type {ReadonlyArray<"read" | "write" | "net" | "env" | "sys" | "run" | "ffi" | "hrtime">} */ /** @type {ReadonlyArray<"read" | "write" | "net" | "env" | "sys" | "run" | "ffi">} */
const permissionNames = [ const permissionNames = [
"read", "read",
"write", "write",
@ -46,7 +46,6 @@ const permissionNames = [
"sys", "sys",
"run", "run",
"ffi", "ffi",
"hrtime",
]; ];
/** /**
@ -282,7 +281,7 @@ function serializePermissions(permissions) {
} }
} }
for ( for (
const key of new SafeArrayIterator(["env", "hrtime", "net", "sys"]) const key of new SafeArrayIterator(["env", "net", "sys"])
) { ) {
if (ArrayIsArray(permissions[key])) { if (ArrayIsArray(permissions[key])) {
serializedPermissions[key] = ArrayPrototypeSlice(permissions[key]); serializedPermissions[key] = ArrayPrototypeSlice(permissions[key]);

View file

@ -73,7 +73,6 @@ pub fn op_query_permission(
.query(args.kind.as_deref().map(parse_sys_kind).transpose()?), .query(args.kind.as_deref().map(parse_sys_kind).transpose()?),
"run" => permissions.run.query(args.command.as_deref()), "run" => permissions.run.query(args.command.as_deref()),
"ffi" => permissions.ffi.query(args.path.as_deref().map(Path::new)), "ffi" => permissions.ffi.query(args.path.as_deref().map(Path::new)),
"hrtime" => permissions.hrtime.query(),
n => { n => {
return Err(custom_error( return Err(custom_error(
"ReferenceError", "ReferenceError",
@ -108,7 +107,6 @@ pub fn op_revoke_permission(
.revoke(args.kind.as_deref().map(parse_sys_kind).transpose()?), .revoke(args.kind.as_deref().map(parse_sys_kind).transpose()?),
"run" => permissions.run.revoke(args.command.as_deref()), "run" => permissions.run.revoke(args.command.as_deref()),
"ffi" => permissions.ffi.revoke(args.path.as_deref().map(Path::new)), "ffi" => permissions.ffi.revoke(args.path.as_deref().map(Path::new)),
"hrtime" => permissions.hrtime.revoke(),
n => { n => {
return Err(custom_error( return Err(custom_error(
"ReferenceError", "ReferenceError",
@ -143,7 +141,6 @@ pub fn op_request_permission(
.request(args.kind.as_deref().map(parse_sys_kind).transpose()?), .request(args.kind.as_deref().map(parse_sys_kind).transpose()?),
"run" => permissions.run.request(args.command.as_deref()), "run" => permissions.run.request(args.command.as_deref()),
"ffi" => permissions.ffi.request(args.path.as_deref().map(Path::new)), "ffi" => permissions.ffi.request(args.path.as_deref().map(Path::new)),
"hrtime" => permissions.hrtime.request(),
n => { n => {
return Err(custom_error( return Err(custom_error(
"ReferenceError", "ReferenceError",

View file

@ -1416,7 +1416,6 @@ pub struct Permissions {
pub run: UnaryPermission<RunDescriptor>, pub run: UnaryPermission<RunDescriptor>,
pub ffi: UnaryPermission<FfiDescriptor>, pub ffi: UnaryPermission<FfiDescriptor>,
pub all: UnitPermission, pub all: UnitPermission,
pub hrtime: UnitPermission,
} }
#[derive(Clone, Debug, Eq, PartialEq, Default, Serialize, Deserialize)] #[derive(Clone, Debug, Eq, PartialEq, Default, Serialize, Deserialize)]
@ -1424,8 +1423,6 @@ pub struct PermissionsOptions {
pub allow_all: bool, pub allow_all: bool,
pub allow_env: Option<Vec<String>>, pub allow_env: Option<Vec<String>>,
pub deny_env: Option<Vec<String>>, pub deny_env: Option<Vec<String>>,
pub allow_hrtime: bool,
pub deny_hrtime: bool,
pub allow_net: Option<Vec<String>>, pub allow_net: Option<Vec<String>>,
pub deny_net: Option<Vec<String>>, pub deny_net: Option<Vec<String>>,
pub allow_ffi: Option<Vec<PathBuf>>, pub allow_ffi: Option<Vec<PathBuf>>,
@ -1460,19 +1457,6 @@ impl Permissions {
}) })
} }
pub const fn new_hrtime(
allow_state: bool,
deny_state: bool,
) -> UnitPermission {
unit_permission_from_flag_bools(
allow_state,
deny_state,
"hrtime",
"high precision time",
false, // never prompt for hrtime
)
}
pub const fn new_all(allow_state: bool) -> UnitPermission { pub const fn new_all(allow_state: bool) -> UnitPermission {
unit_permission_from_flag_bools( unit_permission_from_flag_bools(
allow_state, allow_state,
@ -1521,7 +1505,6 @@ impl Permissions {
opts.prompt, opts.prompt,
)?, )?,
all: Permissions::new_all(opts.allow_all), all: Permissions::new_all(opts.allow_all),
hrtime: Permissions::new_hrtime(opts.allow_hrtime, opts.deny_hrtime),
}) })
} }
@ -1536,7 +1519,6 @@ impl Permissions {
run: UnaryPermission::allow_all(), run: UnaryPermission::allow_all(),
ffi: UnaryPermission::allow_all(), ffi: UnaryPermission::allow_all(),
all: Permissions::new_all(true), all: Permissions::new_all(true),
hrtime: Permissions::new_hrtime(true, false),
} }
} }
@ -1560,7 +1542,6 @@ impl Permissions {
run: Permissions::new_unary(&None, &None, prompt).unwrap(), run: Permissions::new_unary(&None, &None, prompt).unwrap(),
ffi: Permissions::new_unary(&None, &None, prompt).unwrap(), ffi: Permissions::new_unary(&None, &None, prompt).unwrap(),
all: Permissions::new_all(false), all: Permissions::new_all(false),
hrtime: Permissions::new_hrtime(false, false),
} }
} }
@ -1598,11 +1579,6 @@ impl PermissionsContainer {
Self(Arc::new(Mutex::new(perms))) Self(Arc::new(Mutex::new(perms)))
} }
#[inline(always)]
pub fn allow_hrtime(&mut self) -> bool {
self.0.lock().hrtime.check().is_ok()
}
pub fn allow_all() -> Self { pub fn allow_all() -> Self {
Self::new(Permissions::allow_all()) Self::new(Permissions::allow_all())
} }
@ -2115,7 +2091,6 @@ impl<'de> Deserialize<'de> for ChildUnaryPermissionArg {
#[derive(Debug, Eq, PartialEq)] #[derive(Debug, Eq, PartialEq)]
pub struct ChildPermissionsArg { pub struct ChildPermissionsArg {
env: ChildUnaryPermissionArg, env: ChildUnaryPermissionArg,
hrtime: ChildUnitPermissionArg,
net: ChildUnaryPermissionArg, net: ChildUnaryPermissionArg,
ffi: ChildUnaryPermissionArg, ffi: ChildUnaryPermissionArg,
read: ChildUnaryPermissionArg, read: ChildUnaryPermissionArg,
@ -2128,7 +2103,6 @@ impl ChildPermissionsArg {
pub fn inherit() -> Self { pub fn inherit() -> Self {
ChildPermissionsArg { ChildPermissionsArg {
env: ChildUnaryPermissionArg::Inherit, env: ChildUnaryPermissionArg::Inherit,
hrtime: ChildUnitPermissionArg::Inherit,
net: ChildUnaryPermissionArg::Inherit, net: ChildUnaryPermissionArg::Inherit,
ffi: ChildUnaryPermissionArg::Inherit, ffi: ChildUnaryPermissionArg::Inherit,
read: ChildUnaryPermissionArg::Inherit, read: ChildUnaryPermissionArg::Inherit,
@ -2141,7 +2115,6 @@ impl ChildPermissionsArg {
pub fn none() -> Self { pub fn none() -> Self {
ChildPermissionsArg { ChildPermissionsArg {
env: ChildUnaryPermissionArg::NotGranted, env: ChildUnaryPermissionArg::NotGranted,
hrtime: ChildUnitPermissionArg::NotGranted,
net: ChildUnaryPermissionArg::NotGranted, net: ChildUnaryPermissionArg::NotGranted,
ffi: ChildUnaryPermissionArg::NotGranted, ffi: ChildUnaryPermissionArg::NotGranted,
read: ChildUnaryPermissionArg::NotGranted, read: ChildUnaryPermissionArg::NotGranted,
@ -2198,11 +2171,6 @@ impl<'de> Deserialize<'de> for ChildPermissionsArg {
child_permissions_arg.env = arg.map_err(|e| { child_permissions_arg.env = arg.map_err(|e| {
de::Error::custom(format!("(deno.permissions.env) {e}")) de::Error::custom(format!("(deno.permissions.env) {e}"))
})?; })?;
} else if key == "hrtime" {
let arg = serde_json::from_value::<ChildUnitPermissionArg>(value);
child_permissions_arg.hrtime = arg.map_err(|e| {
de::Error::custom(format!("(deno.permissions.hrtime) {e}"))
})?;
} else if key == "net" { } else if key == "net" {
let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value); let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value);
child_permissions_arg.net = arg.map_err(|e| { child_permissions_arg.net = arg.map_err(|e| {
@ -2258,13 +2226,6 @@ pub fn create_child_permissions(
} }
} }
fn is_granted_unit(arg: &ChildUnitPermissionArg) -> bool {
match arg {
ChildUnitPermissionArg::Inherit | ChildUnitPermissionArg::Granted => true,
ChildUnitPermissionArg::NotGranted => false,
}
}
let mut worker_perms = Permissions::none_without_prompt(); let mut worker_perms = Permissions::none_without_prompt();
worker_perms.all = main_perms worker_perms.all = main_perms
@ -2282,9 +2243,7 @@ pub fn create_child_permissions(
&child_permissions_arg.run, &child_permissions_arg.run,
&child_permissions_arg.ffi, &child_permissions_arg.ffi,
]; ];
let unit_perms = [&child_permissions_arg.hrtime]; let allow_all = unary_perms.into_iter().all(is_granted_unary);
let allow_all = unary_perms.into_iter().all(is_granted_unary)
&& unit_perms.into_iter().all(is_granted_unit);
if !allow_all { if !allow_all {
worker_perms.all.revoke(); worker_perms.all.revoke();
} }
@ -2313,9 +2272,6 @@ pub fn create_child_permissions(
worker_perms.ffi = main_perms worker_perms.ffi = main_perms
.ffi .ffi
.create_child_permissions(child_permissions_arg.ffi)?; .create_child_permissions(child_permissions_arg.ffi)?;
worker_perms.hrtime = main_perms
.hrtime
.create_child_permissions(child_permissions_arg.hrtime)?;
Ok(worker_perms) Ok(worker_perms)
} }
@ -2747,7 +2703,6 @@ mod tests {
.unwrap(), .unwrap(),
run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(), run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(),
all: Permissions::new_all(false), all: Permissions::new_all(false),
hrtime: Permissions::new_hrtime(false, false),
}; };
let perms3 = Permissions { let perms3 = Permissions {
read: Permissions::new_unary( read: Permissions::new_unary(
@ -2775,7 +2730,6 @@ mod tests {
.unwrap(), .unwrap(),
run: Permissions::new_unary(&None, &Some(svec!["deno"]), false).unwrap(), run: Permissions::new_unary(&None, &Some(svec!["deno"]), false).unwrap(),
all: Permissions::new_all(false), all: Permissions::new_all(false),
hrtime: Permissions::new_hrtime(false, true),
}; };
let perms4 = Permissions { let perms4 = Permissions {
read: Permissions::new_unary( read: Permissions::new_unary(
@ -2813,7 +2767,6 @@ mod tests {
run: Permissions::new_unary(&Some(vec![]), &Some(svec!["deno"]), false) run: Permissions::new_unary(&Some(vec![]), &Some(svec!["deno"]), false)
.unwrap(), .unwrap(),
all: Permissions::new_all(false), all: Permissions::new_all(false),
hrtime: Permissions::new_hrtime(true, true),
}; };
#[rustfmt::skip] #[rustfmt::skip]
{ {
@ -2889,10 +2842,6 @@ mod tests {
assert_eq!(perms4.run.query(None), PermissionState::GrantedPartial); assert_eq!(perms4.run.query(None), PermissionState::GrantedPartial);
assert_eq!(perms4.run.query(Some("deno")), PermissionState::Denied); assert_eq!(perms4.run.query(Some("deno")), PermissionState::Denied);
assert_eq!(perms4.run.query(Some("node")), PermissionState::Granted); assert_eq!(perms4.run.query(Some("node")), PermissionState::Granted);
assert_eq!(perms1.hrtime.query(), PermissionState::Granted);
assert_eq!(perms2.hrtime.query(), PermissionState::Prompt);
assert_eq!(perms3.hrtime.query(), PermissionState::Denied);
assert_eq!(perms4.hrtime.query(), PermissionState::Denied);
}; };
} }
@ -2937,10 +2886,6 @@ mod tests {
assert_eq!(perms.run.query(None), PermissionState::Prompt); assert_eq!(perms.run.query(None), PermissionState::Prompt);
prompt_value.set(false); prompt_value.set(false);
assert_eq!(perms.run.request(Some("deno")), PermissionState::Granted); assert_eq!(perms.run.request(Some("deno")), PermissionState::Granted);
prompt_value.set(false);
assert_eq!(perms.hrtime.request(), PermissionState::Denied);
prompt_value.set(true);
assert_eq!(perms.hrtime.request(), PermissionState::Denied);
}; };
} }
@ -2977,7 +2922,6 @@ mod tests {
.unwrap(), .unwrap(),
run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(), run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(),
all: Permissions::new_all(false), all: Permissions::new_all(false),
hrtime: Permissions::new_hrtime(false, true),
}; };
#[rustfmt::skip] #[rustfmt::skip]
{ {
@ -2996,7 +2940,6 @@ mod tests {
assert_eq!(perms.env.revoke(Some("HOME")), PermissionState::Prompt); assert_eq!(perms.env.revoke(Some("HOME")), PermissionState::Prompt);
assert_eq!(perms.env.revoke(Some("hostname")), PermissionState::Prompt); assert_eq!(perms.env.revoke(Some("hostname")), PermissionState::Prompt);
assert_eq!(perms.run.revoke(Some("deno")), PermissionState::Prompt); assert_eq!(perms.run.revoke(Some("deno")), PermissionState::Prompt);
assert_eq!(perms.hrtime.revoke(), PermissionState::Denied);
}; };
} }
@ -3080,8 +3023,6 @@ mod tests {
prompt_value.set(false); prompt_value.set(false);
assert!(perms.env.check("hostname", None).is_ok()); assert!(perms.env.check("hostname", None).is_ok());
assert!(perms.env.check("osRelease", None).is_err()); assert!(perms.env.check("osRelease", None).is_err());
assert!(perms.hrtime.check().is_err());
} }
#[test] #[test]
@ -3183,11 +3124,6 @@ mod tests {
assert!(perms.sys.check("osRelease", None).is_ok()); assert!(perms.sys.check("osRelease", None).is_ok());
prompt_value.set(false); prompt_value.set(false);
assert!(perms.sys.check("osRelease", None).is_ok()); assert!(perms.sys.check("osRelease", None).is_ok());
prompt_value.set(false);
assert!(perms.hrtime.check().is_err());
prompt_value.set(true);
assert!(perms.hrtime.check().is_err());
} }
#[test] #[test]
@ -3278,7 +3214,6 @@ mod tests {
ChildPermissionsArg::inherit(), ChildPermissionsArg::inherit(),
ChildPermissionsArg { ChildPermissionsArg {
env: ChildUnaryPermissionArg::Inherit, env: ChildUnaryPermissionArg::Inherit,
hrtime: ChildUnitPermissionArg::Inherit,
net: ChildUnaryPermissionArg::Inherit, net: ChildUnaryPermissionArg::Inherit,
ffi: ChildUnaryPermissionArg::Inherit, ffi: ChildUnaryPermissionArg::Inherit,
read: ChildUnaryPermissionArg::Inherit, read: ChildUnaryPermissionArg::Inherit,
@ -3291,7 +3226,6 @@ mod tests {
ChildPermissionsArg::none(), ChildPermissionsArg::none(),
ChildPermissionsArg { ChildPermissionsArg {
env: ChildUnaryPermissionArg::NotGranted, env: ChildUnaryPermissionArg::NotGranted,
hrtime: ChildUnitPermissionArg::NotGranted,
net: ChildUnaryPermissionArg::NotGranted, net: ChildUnaryPermissionArg::NotGranted,
ffi: ChildUnaryPermissionArg::NotGranted, ffi: ChildUnaryPermissionArg::NotGranted,
read: ChildUnaryPermissionArg::NotGranted, read: ChildUnaryPermissionArg::NotGranted,
@ -3322,26 +3256,6 @@ mod tests {
..ChildPermissionsArg::none() ..ChildPermissionsArg::none()
} }
); );
assert_eq!(
serde_json::from_value::<ChildPermissionsArg>(json!({
"hrtime": true,
}))
.unwrap(),
ChildPermissionsArg {
hrtime: ChildUnitPermissionArg::Granted,
..ChildPermissionsArg::none()
}
);
assert_eq!(
serde_json::from_value::<ChildPermissionsArg>(json!({
"hrtime": false,
}))
.unwrap(),
ChildPermissionsArg {
hrtime: ChildUnitPermissionArg::NotGranted,
..ChildPermissionsArg::none()
}
);
assert_eq!( assert_eq!(
serde_json::from_value::<ChildPermissionsArg>(json!({ serde_json::from_value::<ChildPermissionsArg>(json!({
"env": true, "env": true,
@ -3361,7 +3275,6 @@ mod tests {
run: ChildUnaryPermissionArg::Granted, run: ChildUnaryPermissionArg::Granted,
sys: ChildUnaryPermissionArg::Granted, sys: ChildUnaryPermissionArg::Granted,
write: ChildUnaryPermissionArg::Granted, write: ChildUnaryPermissionArg::Granted,
..ChildPermissionsArg::none()
} }
); );
assert_eq!( assert_eq!(
@ -3383,7 +3296,6 @@ mod tests {
run: ChildUnaryPermissionArg::NotGranted, run: ChildUnaryPermissionArg::NotGranted,
sys: ChildUnaryPermissionArg::NotGranted, sys: ChildUnaryPermissionArg::NotGranted,
write: ChildUnaryPermissionArg::NotGranted, write: ChildUnaryPermissionArg::NotGranted,
..ChildPermissionsArg::none()
} }
); );
assert_eq!( assert_eq!(
@ -3421,7 +3333,6 @@ mod tests {
"foo", "foo",
"file:///bar/baz" "file:///bar/baz"
]), ]),
..ChildPermissionsArg::none()
} }
); );
} }
@ -3431,7 +3342,6 @@ mod tests {
set_prompter(Box::new(TestPrompter)); set_prompter(Box::new(TestPrompter));
let mut main_perms = Permissions { let mut main_perms = Permissions {
env: Permissions::new_unary(&Some(vec![]), &None, false).unwrap(), env: Permissions::new_unary(&Some(vec![]), &None, false).unwrap(),
hrtime: Permissions::new_hrtime(true, false),
net: Permissions::new_unary(&Some(svec!["foo", "bar"]), &None, false) net: Permissions::new_unary(&Some(svec!["foo", "bar"]), &None, false)
.unwrap(), .unwrap(),
..Permissions::none_without_prompt() ..Permissions::none_without_prompt()
@ -3441,7 +3351,6 @@ mod tests {
&mut main_perms.clone(), &mut main_perms.clone(),
ChildPermissionsArg { ChildPermissionsArg {
env: ChildUnaryPermissionArg::Inherit, env: ChildUnaryPermissionArg::Inherit,
hrtime: ChildUnitPermissionArg::NotGranted,
net: ChildUnaryPermissionArg::GrantedList(svec!["foo"]), net: ChildUnaryPermissionArg::GrantedList(svec!["foo"]),
ffi: ChildUnaryPermissionArg::NotGranted, ffi: ChildUnaryPermissionArg::NotGranted,
..ChildPermissionsArg::none() ..ChildPermissionsArg::none()

View file

@ -153,11 +153,6 @@ itest!(_023_no_ext {
output: "run/023_no_ext.out", output: "run/023_no_ext.out",
}); });
itest!(_025_hrtime {
args: "run --quiet --allow-hrtime --reload run/025_hrtime.ts",
output: "run/025_hrtime.ts.out",
});
itest!(_025_reload_js_type_error { itest!(_025_reload_js_type_error {
args: "run --quiet --reload run/025_reload_js_type_error.js", args: "run --quiet --reload run/025_reload_js_type_error.js",
output: "run/025_reload_js_type_error.js.out", output: "run/025_reload_js_type_error.js.out",
@ -735,12 +730,12 @@ fn permission_request_long() {
} }
itest!(deny_all_permission_args { itest!(deny_all_permission_args {
args: "run --deny-env --deny-read --deny-write --deny-ffi --deny-run --deny-sys --deny-net --deny-hrtime run/deny_all_permission_args.js", args: "run --deny-env --deny-read --deny-write --deny-ffi --deny-run --deny-sys --deny-net run/deny_all_permission_args.js",
output: "run/deny_all_permission_args.out", output: "run/deny_all_permission_args.out",
}); });
itest!(deny_some_permission_args { itest!(deny_some_permission_args {
args: "run --allow-env --deny-env=FOO --allow-read --deny-read=/foo --allow-write --deny-write=/foo --allow-ffi --deny-ffi=/foo --allow-run --deny-run=foo --allow-sys --deny-sys=hostname --allow-net --deny-net=127.0.0.1 --allow-hrtime --deny-hrtime run/deny_some_permission_args.js", args: "run --allow-env --deny-env=FOO --allow-read --deny-read=/foo --allow-write --deny-write=/foo --allow-ffi --deny-ffi=/foo --allow-run --deny-run=foo --allow-sys --deny-sys=hostname --allow-net --deny-net=127.0.0.1 run/deny_some_permission_args.js",
output: "run/deny_some_permission_args.out", output: "run/deny_some_permission_args.out",
}); });

View file

@ -6,7 +6,7 @@ Runtime | Deno [WILDLINE] ([WILDLINE])
[WILDLINE]/allow_all.ts [WILDLINE]/allow_all.ts
benchmark time/iter (avg) iter/s (min … max) p75 p99 p995 benchmark time/iter (avg) iter/s (min … max) p75 p99 p995
-------------- ----------------------------- --------------------- -------------------------- ------------- ----------------------------- --------------------- --------------------------
read false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] read false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
read true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] read true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
write false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] write false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
@ -19,6 +19,4 @@ run false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE
run true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] run true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
ffi false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] ffi false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
ffi true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE] ffi true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
hrtime false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
hrtime true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]

View file

@ -7,7 +7,6 @@ const permissions: Deno.PermissionName[] = [
"env", "env",
"run", "run",
"ffi", "ffi",
"hrtime",
]; ];
for (const name of permissions) { for (const name of permissions) {

View file

@ -18,6 +18,4 @@ run error: PermissionDenied: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
ffi error: PermissionDenied: Can't escalate parent thread permissions ffi error: PermissionDenied: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
hrtime error: PermissionDenied: Can't escalate parent thread permissions
[WILDCARD]
error: Bench failed error: Bench failed

View file

@ -5,7 +5,6 @@ const permissions: Deno.PermissionName[] = [
"env", "env",
"run", "run",
"ffi", "ffi",
"hrtime",
]; ];
for (const name of permissions) { for (const name of permissions) {

View file

@ -7,7 +7,6 @@ Deno.bench({
env: true, env: true,
run: true, run: true,
ffi: true, ffi: true,
hrtime: true,
}, },
ignore: true, ignore: true,
fn() { fn() {

View file

@ -18,5 +18,3 @@ run false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD
run true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD] run true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
ffi false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD] ffi false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
ffi true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD] ffi true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
hrtime false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
hrtime true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]

View file

@ -18,6 +18,4 @@ run error: PermissionDenied: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
ffi error: PermissionDenied: Can't escalate parent thread permissions ffi error: PermissionDenied: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
hrtime error: PermissionDenied: Can't escalate parent thread permissions
[WILDCARD]
error: Bench failed error: Bench failed

View file

@ -1,5 +0,0 @@
globalThis.onload = async () => {
console.log(performance.now() % 2 !== 0);
await Deno.permissions.revoke({ name: "hrtime" });
console.log(performance.now() % 2 === 0);
};

View file

@ -1,2 +0,0 @@
true
true

View file

@ -5,4 +5,3 @@ console.log(Deno.permissions.querySync({ name: "ffi" }));
console.log(Deno.permissions.querySync({ name: "run" })); console.log(Deno.permissions.querySync({ name: "run" }));
console.log(Deno.permissions.querySync({ name: "sys" })); console.log(Deno.permissions.querySync({ name: "sys" }));
console.log(Deno.permissions.querySync({ name: "net" })); console.log(Deno.permissions.querySync({ name: "net" }));
console.log(Deno.permissions.querySync({ name: "hrtime" }));

View file

@ -5,4 +5,3 @@ PermissionStatus { state: "denied", onchange: null }
PermissionStatus { state: "denied", onchange: null } PermissionStatus { state: "denied", onchange: null }
PermissionStatus { state: "denied", onchange: null } PermissionStatus { state: "denied", onchange: null }
PermissionStatus { state: "denied", onchange: null } PermissionStatus { state: "denied", onchange: null }
PermissionStatus { state: "denied", onchange: null }

View file

@ -19,4 +19,3 @@ console.log(Deno.permissions.querySync({ name: "sys", kind: "loadavg" }));
console.log(Deno.permissions.querySync({ name: "net" })); console.log(Deno.permissions.querySync({ name: "net" }));
console.log(Deno.permissions.querySync({ name: "net", host: "127.0.0.1" })); console.log(Deno.permissions.querySync({ name: "net", host: "127.0.0.1" }));
console.log(Deno.permissions.querySync({ name: "net", host: "192.168.0.1" })); console.log(Deno.permissions.querySync({ name: "net", host: "192.168.0.1" }));
console.log(Deno.permissions.querySync({ name: "hrtime" }));

View file

@ -19,4 +19,3 @@ PermissionStatus { state: "granted", onchange: null }
PermissionStatus { state: "granted", onchange: null, partial: true } PermissionStatus { state: "granted", onchange: null, partial: true }
PermissionStatus { state: "denied", onchange: null } PermissionStatus { state: "denied", onchange: null }
PermissionStatus { state: "granted", onchange: null } PermissionStatus { state: "granted", onchange: null }
PermissionStatus { state: "denied", onchange: null }

View file

@ -1,5 +1,5 @@
[WILDCARD] [WILDCARD]
running 14 tests from [WILDCARD] running 12 tests from [WILDCARD]
read false ... ok [WILDCARD] read false ... ok [WILDCARD]
read true ... ok [WILDCARD] read true ... ok [WILDCARD]
write false ... ok [WILDCARD] write false ... ok [WILDCARD]
@ -12,7 +12,5 @@ run false ... ok [WILDCARD]
run true ... ok [WILDCARD] run true ... ok [WILDCARD]
ffi false ... ok [WILDCARD] ffi false ... ok [WILDCARD]
ffi true ... ok [WILDCARD] ffi true ... ok [WILDCARD]
hrtime false ... ok [WILDCARD]
hrtime true ... ok [WILDCARD]
ok | 14 passed | 0 failed [WILDCARD] ok | 12 passed | 0 failed [WILDCARD]

View file

@ -7,7 +7,6 @@ const permissions: Deno.PermissionName[] = [
"env", "env",
"run", "run",
"ffi", "ffi",
"hrtime",
]; ];
for (const name of permissions) { for (const name of permissions) {

View file

@ -1,12 +1,11 @@
[WILDCARD] [WILDCARD]
running 7 tests from [WILDCARD] running 6 tests from [WILDCARD]
read ... FAILED [WILDCARD] read ... FAILED [WILDCARD]
write ... FAILED [WILDCARD] write ... FAILED [WILDCARD]
net ... FAILED [WILDCARD] net ... FAILED [WILDCARD]
env ... FAILED [WILDCARD] env ... FAILED [WILDCARD]
run ... FAILED [WILDCARD] run ... FAILED [WILDCARD]
ffi ... FAILED [WILDCARD] ffi ... FAILED [WILDCARD]
hrtime ... FAILED [WILDCARD]
ERRORS ERRORS
@ -32,10 +31,6 @@ error: PermissionDenied: Can't escalate parent thread permissions
ffi => ./test/allow_none.ts:[WILDCARD] ffi => ./test/allow_none.ts:[WILDCARD]
error: PermissionDenied: Can't escalate parent thread permissions error: PermissionDenied: Can't escalate parent thread permissions
[WILDCARD]
hrtime => ./test/allow_none.ts:[WILDCARD]
error: PermissionDenied: Can't escalate parent thread permissions
[WILDCARD] [WILDCARD]
FAILURES FAILURES
@ -46,6 +41,5 @@ net => ./test/allow_none.ts:[WILDCARD]
env => ./test/allow_none.ts:[WILDCARD] env => ./test/allow_none.ts:[WILDCARD]
run => ./test/allow_none.ts:[WILDCARD] run => ./test/allow_none.ts:[WILDCARD]
ffi => ./test/allow_none.ts:[WILDCARD] ffi => ./test/allow_none.ts:[WILDCARD]
hrtime => ./test/allow_none.ts:[WILDCARD]
FAILED | 0 passed | 7 failed [WILDCARD] FAILED | 0 passed | 6 failed [WILDCARD]

View file

@ -7,7 +7,6 @@ const permissions: Deno.PermissionName[] = [
"env", "env",
"run", "run",
"ffi", "ffi",
"hrtime",
]; ];
for (const name of permissions) { for (const name of permissions) {

View file

@ -7,7 +7,6 @@ Deno.test({
env: true, env: true,
run: true, run: true,
ffi: true, ffi: true,
hrtime: true,
}, },
ignore: true, ignore: true,
fn() { fn() {

View file

@ -1,12 +1,10 @@
self.onmessage = async () => { self.onmessage = async () => {
const hrtime = await Deno.permissions.query({ name: "hrtime" });
const net = await Deno.permissions.query({ name: "net" }); const net = await Deno.permissions.query({ name: "net" });
const ffi = await Deno.permissions.query({ name: "ffi" }); const ffi = await Deno.permissions.query({ name: "ffi" });
const read = await Deno.permissions.query({ name: "read" }); const read = await Deno.permissions.query({ name: "read" });
const run = await Deno.permissions.query({ name: "run" }); const run = await Deno.permissions.query({ name: "run" });
const write = await Deno.permissions.query({ name: "write" }); const write = await Deno.permissions.query({ name: "write" });
self.postMessage( self.postMessage(
hrtime.state === "prompt" &&
net.state === "prompt" && net.state === "prompt" &&
ffi.state === "prompt" && ffi.state === "prompt" &&
read.state === "prompt" && read.state === "prompt" &&

View file

@ -1,7 +1,6 @@
self.onmessage = async () => { self.onmessage = async () => {
const env = await Deno.permissions.query({ name: "env" }); const env = await Deno.permissions.query({ name: "env" });
const ffi = await Deno.permissions.query({ name: "ffi" }); const ffi = await Deno.permissions.query({ name: "ffi" });
const hrtime = await Deno.permissions.query({ name: "hrtime" });
const net = await Deno.permissions.query({ name: "net" }); const net = await Deno.permissions.query({ name: "net" });
const read = await Deno.permissions.query({ name: "read" }); const read = await Deno.permissions.query({ name: "read" });
const run = await Deno.permissions.query({ name: "run" }); const run = await Deno.permissions.query({ name: "run" });
@ -9,7 +8,6 @@ self.onmessage = async () => {
self.postMessage({ self.postMessage({
env: env.state, env: env.state,
ffi: ffi.state, ffi: ffi.state,
hrtime: hrtime.state,
net: net.state, net: net.state,
read: read.state, read: read.state,
run: run.state, run: run.state,

View file

@ -3,7 +3,6 @@ postMessage({
envGlobal: (await Deno.permissions.query({ name: "env" })).state, envGlobal: (await Deno.permissions.query({ name: "env" })).state,
envFoo: (await Deno.permissions.query({ name: "env", variable: "foo" })).state, envFoo: (await Deno.permissions.query({ name: "env", variable: "foo" })).state,
envAbsent: (await Deno.permissions.query({ name: "env", variable: "absent" })).state, envAbsent: (await Deno.permissions.query({ name: "env", variable: "absent" })).state,
hrtime: (await Deno.permissions.query({ name: "hrtime" })).state,
netGlobal: (await Deno.permissions.query({ name: "net" })).state, netGlobal: (await Deno.permissions.query({ name: "net" })).state,
netFoo: (await Deno.permissions.query({ name: "net", host: "foo" })).state, netFoo: (await Deno.permissions.query({ name: "net", host: "foo" })).state,
netFoo8000: (await Deno.permissions.query({ name: "net", host: "foo:8000" })).state, netFoo8000: (await Deno.permissions.query({ name: "net", host: "foo:8000" })).state,

View file

@ -782,14 +782,14 @@ Deno.test({ permissions: { read: true } }, function fsFileIsTerminal() {
}); });
Deno.test( Deno.test(
{ permissions: { read: true, run: true, hrtime: true } }, { permissions: { read: true, run: true } },
async function fsFileLockFileSync() { async function fsFileLockFileSync() {
await runFlockTests({ sync: true }); await runFlockTests({ sync: true });
}, },
); );
Deno.test( Deno.test(
{ permissions: { read: true, run: true, hrtime: true } }, { permissions: { read: true, run: true } },
async function fsFileLockFileAsync() { async function fsFileLockFileAsync() {
await runFlockTests({ sync: false }); await runFlockTests({ sync: false });
}, },

View file

@ -7,7 +7,7 @@ import {
assertThrows, assertThrows,
} from "./test_util.ts"; } from "./test_util.ts";
Deno.test({ permissions: { hrtime: false } }, async function performanceNow() { Deno.test({ permissions: {} }, async function performanceNow() {
const { promise, resolve } = Promise.withResolvers<void>(); const { promise, resolve } = Promise.withResolvers<void>();
const start = performance.now(); const start = performance.now();
let totalTime = 0; let totalTime = 0;

View file

@ -70,7 +70,7 @@ Deno.test(function permissionSysInvalidKindSync() {
}); });
Deno.test(async function permissionQueryReturnsEventTarget() { Deno.test(async function permissionQueryReturnsEventTarget() {
const status = await Deno.permissions.query({ name: "hrtime" }); const status = await Deno.permissions.query({ name: "read", path: "." });
assert(["granted", "denied", "prompt"].includes(status.state)); assert(["granted", "denied", "prompt"].includes(status.state));
let called = false; let called = false;
status.addEventListener("change", () => { status.addEventListener("change", () => {
@ -78,11 +78,13 @@ Deno.test(async function permissionQueryReturnsEventTarget() {
}); });
status.dispatchEvent(new Event("change")); status.dispatchEvent(new Event("change"));
assert(called); assert(called);
assert(status === (await Deno.permissions.query({ name: "hrtime" }))); assert(
status === (await Deno.permissions.query({ name: "read", path: "." })),
);
}); });
Deno.test(function permissionQueryReturnsEventTargetSync() { Deno.test(function permissionQueryReturnsEventTargetSync() {
const status = Deno.permissions.querySync({ name: "hrtime" }); const status = Deno.permissions.querySync({ name: "read", path: "." });
assert(["granted", "denied", "prompt"].includes(status.state)); assert(["granted", "denied", "prompt"].includes(status.state));
let called = false; let called = false;
status.addEventListener("change", () => { status.addEventListener("change", () => {
@ -90,7 +92,7 @@ Deno.test(function permissionQueryReturnsEventTargetSync() {
}); });
status.dispatchEvent(new Event("change")); status.dispatchEvent(new Event("change"));
assert(called); assert(called);
assert(status === Deno.permissions.querySync({ name: "hrtime" })); assert(status === Deno.permissions.querySync({ name: "read", path: "." }));
}); });
Deno.test(async function permissionQueryForReadReturnsSameStatus() { Deno.test(async function permissionQueryForReadReturnsSameStatus() {

View file

@ -451,7 +451,6 @@ Deno.test("Worker limit children permissions granularly", async function () {
deno: { deno: {
permissions: { permissions: {
env: ["foo"], env: ["foo"],
hrtime: true,
net: ["foo", "bar:8000"], net: ["foo", "bar:8000"],
ffi: [new URL("foo", workerUrl), "bar"], ffi: [new URL("foo", workerUrl), "bar"],
read: [new URL("foo", workerUrl), "bar"], read: [new URL("foo", workerUrl), "bar"],
@ -468,7 +467,6 @@ Deno.test("Worker limit children permissions granularly", async function () {
envGlobal: "prompt", envGlobal: "prompt",
envFoo: "granted", envFoo: "granted",
envAbsent: "prompt", envAbsent: "prompt",
hrtime: "granted",
netGlobal: "prompt", netGlobal: "prompt",
netFoo: "granted", netFoo: "granted",
netFoo8000: "granted", netFoo8000: "granted",
@ -508,7 +506,6 @@ Deno.test("Nested worker limit children permissions", async function () {
envGlobal: "prompt", envGlobal: "prompt",
envFoo: "prompt", envFoo: "prompt",
envAbsent: "prompt", envAbsent: "prompt",
hrtime: "prompt",
netGlobal: "prompt", netGlobal: "prompt",
netFoo: "prompt", netFoo: "prompt",
netFoo8000: "prompt", netFoo8000: "prompt",
@ -586,7 +583,6 @@ Deno.test("Worker permissions are not inherited with empty permission object", a
worker.postMessage(null); worker.postMessage(null);
assertEquals(await promise, { assertEquals(await promise, {
env: "prompt", env: "prompt",
hrtime: "prompt",
net: "prompt", net: "prompt",
ffi: "prompt", ffi: "prompt",
read: "prompt", read: "prompt",
@ -611,7 +607,6 @@ Deno.test("Worker permissions are not inherited with single specified permission
worker.postMessage(null); worker.postMessage(null);
assertEquals(await promise, { assertEquals(await promise, {
env: "prompt", env: "prompt",
hrtime: "prompt",
net: "granted", net: "granted",
ffi: "prompt", ffi: "prompt",
read: "prompt", read: "prompt",

View file

@ -221,7 +221,7 @@ async function ensureNoNewITests() {
"pm_tests.rs": 0, "pm_tests.rs": 0,
"publish_tests.rs": 0, "publish_tests.rs": 0,
"repl_tests.rs": 0, "repl_tests.rs": 0,
"run_tests.rs": 352, "run_tests.rs": 351,
"shared_library_tests.rs": 0, "shared_library_tests.rs": 0,
"task_tests.rs": 30, "task_tests.rs": 30,
"test_tests.rs": 75, "test_tests.rs": 75,