1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-22 06:09:25 -05:00
Commit graph

7 commits

Author SHA1 Message Date
Luca Casonato
f3cc760f2f
fix(runtime): allow r/w access to /etc without --allow-all (#23718)
This is not a special path that can be used to escalate or bypass Deno
permissions, such as `--allow-env`.
2024-05-07 14:51:42 +02:00
Matt Mastracci
472a370640
feat(runtime): Allow embedders to perform additional access checks on file open (#23208)
Embedders may have special requirements around file opening, so we add a
new `check_open` permission check that is called as part of the file
open process.
2024-04-19 18:12:03 -06:00
Nayeem Rahman
2cd9c6a8e6
fix(runtime): use FQDN in NetDescriptor (#23084) 2024-03-26 23:27:40 +00:00
Matt Mastracci
c9a9d040a3
perf(permissions): Fast exit from checks when permission is in "fully-granted" state (#22894)
Skips the access check if the specific unary permission is in an
all-granted state. Generally prevents an allocation or two.

Hooks up a quiet "all" permission that is automatically inherited. This
permission will be used in the future to indicate that the user wishes
to accept all side-effects of the permissions they explicitly granted.

The "all" permission is an "ambient flag"-style permission that states
whether "allow-all" was passed on the command-line.
2024-03-13 14:30:48 -06:00
Matt Mastracci
eccdb0e99a
chore(permissions): add allow_all flag (#22890)
Unlocking a potential perf optimization at a later date -- carry the
`allow_all` flag into the permission container.
2024-03-13 16:07:24 +00:00
Nayeem Rahman
485b4c6301
fix(runtime): negate partial condition for deny flags (#22866) 2024-03-12 22:12:29 +00:00
Divy Srivastava
de28e6fc09
refactor: add deno_permissions crate (#22236)
Issue https://github.com/denoland/deno/issues/22222


![image](https://github.com/denoland/deno/assets/34997667/2af8474b-b919-4519-98ce-9d29bc7829f2)

This PR moves `runtime/permissions` code to a upstream crate called
`deno_permissions`. The `deno_permissions::PermissionsContainer` is put
into the OpState and can be used instead of the current trait-based
permissions system.

For this PR, I've migrated `deno_fetch` to the new crate but kept the
rest of the trait-based system as a wrapper of `deno_permissions` crate.
Doing the migration all at once is error prone and hard to review.

Comparing incremental compile times for `ext/fetch` on Mac M1:

| profile | `cargo build --bin deno` | `cargo plonk build --bin deno` |
| --------- | ------------- | ------------------- |
| `debug`   | 20 s          | 0.8s                |
| `release` | 4 mins 12 s   | 1.4s                  |
2024-03-12 10:42:26 -07:00
Renamed from runtime/permissions/mod.rs (Browse further)