[WIP] Refactor and simplify the implementation

Author: jasnell

lib/.eslintrc.yaml

@@ -93,3 +93,4 @@ globals:
   module: false
   internalBinding: false
   primordials: false
+  runInPrivilegedScope: false

lib/internal/process/policy.js

@@ -68,7 +68,7 @@ module.exports = ObjectFreeze({
     if (typeof permissions !== 'string')
       throw new ERR_INVALID_ARG_TYPE('permissions', 'string', permissions);
     const ret = policy.deny(permissions);
-    if (typeof ret === 'number')
+    if (ret === undefined)
       throw new ERR_INVALID_ARG_VALUE('permissions', permissions);
   },
 
@@ -83,7 +83,7 @@ module.exports = ObjectFreeze({
     if (typeof permissions !== 'string')
       throw new ERR_INVALID_ARG_TYPE('permission', 'string', permissions);
     const ret = policy.check(permissions);
-    if (typeof ret === 'number')
+    if (ret === undefined)
       throw new ERR_INVALID_ARG_VALUE('permissions', permissions);
     return ret;
   }

lib/internal/test/policy.js

@@ -0,0 +1,7 @@
+'use strict';
+
+process.emitWarning(
+  'These APIs are for internal testing only. Do not use them.',
+  'internal/test/policy');
+
+module.exports = { runInPrivilegedScope };

node.gyp

@@ -220,6 +220,7 @@
       'lib/internal/source_map/source_map.js',
       'lib/internal/source_map/source_map_cache.js',
       'lib/internal/test/binding.js',
+      'lib/internal/test/policy.js',
       'lib/internal/timers.js',
       'lib/internal/tls.js',
       'lib/internal/trace_events_async_hooks.js',
@@ -737,7 +738,6 @@
         'src/node_perf_common.h',
         'src/node_platform.h',
         'src/policy/policy.h',
-        'src/policy/policy-inl.h',
         'src/node_process.h',
         'src/node_report.h',
         'src/node_revert.h',

src/env-inl.h

@@ -29,7 +29,6 @@
 #include "env.h"
 #include "node.h"
 #include "util-inl.h"
-#include "policy/policy-inl.h"
 #include "uv.h"
 #include "v8.h"
 #include "node_perf_common.h"
@@ -247,8 +246,12 @@ inline size_t Environment::async_callback_scope_depth() const {
   return async_callback_scope_depth_;
 }
 
-policy::PrivilegedAccessContext* Environment::privileged_access_context() {
-  return &privileged_access_context_;
+inline void Environment::set_in_privileged_scope(bool on) {
+  in_privileged_scope_ = on;
+}
+
+inline bool Environment::in_privileged_scope() const {
+  return in_privileged_scope_;
 }
 
 inline void Environment::PushAsyncCallbackScope() {

src/env.cc

@@ -313,7 +313,6 @@ Environment::Environment(IsolateData* isolate_data,
                          ThreadId thread_id)
     : isolate_(isolate),
       isolate_data_(isolate_data),
-      privileged_access_context_(isolate_data->options()->per_env.get()),
       async_hooks_(isolate, MAYBE_FIELD_PTR(env_info, async_hooks)),
       immediate_info_(isolate, MAYBE_FIELD_PTR(env_info, immediate_info)),
       tick_info_(isolate, MAYBE_FIELD_PTR(env_info, tick_info)),

src/env.h

@@ -37,7 +37,6 @@
 #include "node_main_instance.h"
 #include "node_options.h"
 #include "node_perf_common.h"
-#include "policy/policy.h"
 #include "req_wrap.h"
 #include "util.h"
 #include "uv.h"
@@ -1040,8 +1039,6 @@ class Environment : public MemoryRetainer {
   inline const std::vector<std::string>& argv();
   const std::string& exec_path() const;
 
-  inline policy::PrivilegedAccessContext* privileged_access_context();
-
   typedef void (*HandleCleanupCb)(Environment* env,
                                   uv_handle_t* handle,
                                   void* arg);
@@ -1189,6 +1186,9 @@ class Environment : public MemoryRetainer {
   inline node_module* extra_linked_bindings_head();
   inline const Mutex& extra_linked_bindings_mutex() const;
 
+  inline void set_in_privileged_scope(bool on = true);
+  inline bool in_privileged_scope() const;
+
   inline bool filehandle_close_warning() const;
   inline void set_filehandle_close_warning(bool on);
 
@@ -1403,7 +1403,6 @@ class Environment : public MemoryRetainer {
   std::list<binding::DLib> loaded_addons_;
   v8::Isolate* const isolate_;
   IsolateData* const isolate_data_;
-  policy::PrivilegedAccessContext privileged_access_context_;
   uv_timer_t timer_handle_;
   uv_check_t immediate_check_handle_;
   uv_idle_t immediate_idle_handle_;
@@ -1425,6 +1424,8 @@ class Environment : public MemoryRetainer {
   size_t async_callback_scope_depth_ = 0;
   std::vector<double> destroy_async_id_list_;
 
+  bool in_privileged_scope_ = false;
+
 #if HAVE_INSPECTOR
   std::unique_ptr<profiler::V8CoverageConnection> coverage_connection_;
   std::unique_ptr<profiler::V8CpuProfilerConnection> cpu_profiler_connection_;

src/node.cc

@@ -298,9 +298,7 @@ void Environment::InitializeDiagnostics() {
 bool Environment::BootstrapPrivilegedAccessContext() {
   Local<Function> run_in_privileged_scope;
   MaybeLocal<Function> maybe_run_in_privileged_scope =
-    Function::New(
-        context(),
-        policy::PrivilegedAccessContext::Run);
+    Function::New(context(), policy::RunInPrivilegedScope);
   if (!maybe_run_in_privileged_scope.ToLocal(&run_in_privileged_scope))
     return false;
   set_run_in_privileged_scope(run_in_privileged_scope);
@@ -818,6 +816,14 @@ int ProcessGlobalArgs(std::vector<std::string>* args,
     }
   }
 
+  if (per_process::root_policy.Apply(
+        per_process::cli_options->policy_deny,
+        per_process::cli_options->policy_grant).IsNothing()) {
+    errors->emplace_back(
+        "invalid permissions passed to --policy-deny or --policy-grant");
+    return 12;
+  }
+
   if (per_process::cli_options->disable_proto != "delete" &&
       per_process::cli_options->disable_proto != "throw" &&
       per_process::cli_options->disable_proto != "") {

src/node_options.cc

@@ -322,14 +322,6 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() {
             &EnvironmentOptions::experimental_policy_integrity,
             kAllowedInEnvironment);
   Implies("--policy-integrity", "[has_policy_integrity_string]");
-  AddOption("--policy-deny",
-            "denied permissions",
-            &EnvironmentOptions::policy_deny,
-            kAllowedInEnvironment);
-  AddOption("--policy-grant",
-            "granted permissions",
-            &EnvironmentOptions::policy_grant,
-            kAllowedInEnvironment);
   AddOption("--experimental-repl-await",
             "experimental await keyword support in REPL",
             &EnvironmentOptions::experimental_repl_await,
@@ -712,6 +704,14 @@ PerProcessOptionsParser::PerProcessOptionsParser(
               "generate diagnostic report on fatal (internal) errors",
               &PerProcessOptions::report_on_fatalerror,
               kAllowedInEnvironment);
+  AddOption("--policy-deny",
+            "denied permissions",
+            &PerProcessOptions::policy_deny,
+            kAllowedInEnvironment);
+  AddOption("--policy-grant",
+            "granted permissions",
+            &PerProcessOptions::policy_grant,
+            kAllowedInEnvironment);
 
 #ifdef NODE_HAVE_I18N_SUPPORT
   AddOption("--icu-data-dir",

src/node_options.h

@@ -177,9 +177,6 @@ class EnvironmentOptions : public Options {
 
   std::vector<std::string> preload_modules;
 
-  std::string policy_deny;
-  std::string policy_grant;
-
   std::vector<std::string> user_argv;
 
   inline DebugOptions* get_debug_options() { return &debug_options_; }
@@ -263,6 +260,9 @@ class PerProcessOptions : public Options {
   bool trace_sigint = false;
   std::vector<std::string> cmdline;
 
+  std::string policy_grant;
+  std::string policy_deny;
+
   inline PerIsolateOptions* get_per_isolate_options();
   void CheckOptions(std::vector<std::string>* errors) override;
 };