Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

userspace permissions #6493

Open
wants to merge 137 commits into
base: develop
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
137 commits
Select commit Hold shift + click to select a range
29eb359
wip: add initial permission types & logic to lull
Fang- Jul 12, 2022
1849e73
wip gall add perms to yoke and bowl
Jul 12, 2022
865c3c7
lull: fix obvious issues from wip commit
Fang- Jul 12, 2022
dbc00e7
gall: minimum viable no-op permission checks
Fang- Jul 12, 2022
8b4ded9
lull: tweak userspace permission groups
Fang- Jul 13, 2022
e64014a
lull: make $perm slightly more granular
Fang- Jul 14, 2022
d5e6769
gall: store permissions per-desk, not per-agent
Fang- Jul 18, 2022
8e169c0
gall: add permission change notifications
Fang- Jul 20, 2022
67327ba
kiln: add mark for /desk/seal files
Fang- Jul 20, 2022
dc82971
aqua: add %aqua-effect mark file
Fang- Jun 5, 2022
b058069
gall: add utilities to test suite
Jul 21, 2022
6a8e8c7
gall: test %free task on dummy agent
Jul 21, 2022
08e7fc7
gall: test %lock task on dummy agent
Jul 21, 2022
8d11742
Merge branch 'm/userspace-permissions' into jon/permissions-tests
Jul 25, 2022
70b7922
gall: make sure +ap-perm's sample can be bunted
Fang- Jul 26, 2022
a526cb1
gall: change perm tests to be desk oriented
Jul 25, 2022
ed543fa
gall: make sure +ap-perm's sample can be bunted
Fang- Jul 26, 2022
d503a03
gall: parameterize test dummy agent creation
Jul 26, 2022
7b2f647
lull: flesh out inter-agent permissions more
Fang- Jul 26, 2022
9a99205
lull, gall: implement permission check for scries
Fang- Jul 26, 2022
3242e9b
Merge branch 'm/userspace-permissions' into jon/permissions-tests
Jul 27, 2022
2abdc38
gall: more tests for userspace permissions
Jul 27, 2022
57198fc
gall: cleanup style for permission tests
Aug 2, 2022
ffba486
gall: ward/wink tests
Aug 2, 2022
6eaf393
gall: %base desk permissions test
Aug 2, 2022
7086d8b
gall: test agent permission notification
Aug 2, 2022
6deddac
gall: test non-base agent permission check
Aug 2, 2022
3b56bc4
Merge branch 'philip/agent-clay' into m/userspace-permissions
Fang- Aug 3, 2022
0985f7f
gall: add clay utilities to gall tests
Aug 3, 2022
a8d539f
gall, clay: include permissions on loadout comms
Fang- Aug 4, 2022
3efce88
Merge branch 'm/userspace-permissions' into jon/permissions-tests
Aug 4, 2022
7029364
gall: add %load tests
Aug 5, 2022
54e4277
gall: change existing tests to work with %load
Aug 8, 2022
8c35072
gall: add permissions handling to +mo-load
Aug 8, 2022
f043437
gall: change terms in gall state to dudes
Aug 8, 2022
2191caf
lull, gall, helm: redo perm notification for %load
Aug 8, 2022
23c0f9e
gall: add permission diff notifications for ducts
Aug 9, 2022
260c326
gall: remove %free and %lock tests
Aug 9, 2022
d20bc90
gall: change %ward/%wink test to work with %load
Aug 9, 2022
ef0dd3b
clay: change %rein to include userspace perms
Aug 9, 2022
a0f1e7e
clay: add userspace perms to /domes scry
Aug 9, 2022
4130e43
clay: add %g scry care for $foam
Aug 9, 2022
ab2bb0f
helm: add generators to add/remove userspace perms
Aug 10, 2022
19ed3fb
helm: add generators to jolt/idle agents via clay
Aug 10, 2022
d4f2eed
helm: add docs to clay-free/lock/jolt/idle
Aug 10, 2022
f51c1db
helm, kiln: move free/lock/jolt/idle to kiln
Aug 11, 2022
a46008f
base: add desk.seal to %base desk
Aug 11, 2022
b1bd465
gall: agents must sub for userspace perm diffs
Aug 15, 2022
388a3c4
lull: factor +cred for needed-perm helper function
Aug 15, 2022
d3aab85
gall, lull: make face for (set perm:gall) the same
Aug 15, 2022
3bdcb13
clay, lull: move %g scry to +read-buc
Aug 15, 2022
c287174
clay: factor +pers and +sats out of +goad
Aug 15, 2022
4f63ca4
clay, lull: add /agents scry to +read-buc
Aug 16, 2022
7069e51
kiln: fix clay-free/lock/jolt/idle for new scry UX
Aug 16, 2022
365b27c
lull: refactor +must into +cred, cache result
Aug 16, 2022
40be90f
clay: change %agents scry to %dudes
Aug 16, 2022
6c6affb
clay: add desk to path of +read-buc scries
Aug 16, 2022
61fa6f0
clay: add %visas scry to +read-buc
Aug 16, 2022
2b2bf38
clay: change %dudes +read-buc scry to %bills
Aug 16, 2022
79bd152
kiln: clay-free/lock/jolt/idle with %loams scry
Aug 16, 2022
51c5592
lull: clarify comment on pes.loam
Aug 16, 2022
ae0bf56
lull, gall: make $perm-gall desk-oriented
Aug 18, 2022
0e9470f
gall: add agencies=(jug desk dude) to state
Aug 21, 2022
ecae532
gall, lull: add gab and wat to bowl
Aug 21, 2022
8e32ac3
gall: remove +test-agent-perm-notification
Aug 21, 2022
34dfd53
gall: replace a get:ju with got:by
Aug 21, 2022
4ab818e
gall, lull: move per-agent perms into yoke/bowl
Aug 21, 2022
123a99d
lull, gall: refactor per-agent perms in yoke/bowl
Aug 22, 2022
e13bc10
gall: remove unused perm diff notification code
Aug 22, 2022
627cd84
clay: change %bills scry to %dudes
Aug 22, 2022
d569006
Merge branch 'philip/agent-clay' into m/userspace-permissions
Fang- Sep 8, 2022
f032226
clay: separate %curb out of %rein
Fang- Sep 13, 2022
b948c4b
gall: saner order of operations during %load
Fang- Sep 13, 2022
13a0956
pill: update
Fang- Sep 13, 2022
401a1f3
gall: stop tracking "wants" perm requests, unused
Fang- Sep 15, 2022
8cb7a73
gall: make cross-agent permissions work by-agent
Fang- Sep 16, 2022
3d35ba2
gall: remove film/membrane logic
Fang- Sep 16, 2022
a5a98ca
gall: remove %jolt and %idle
Fang- Sep 16, 2022
ebc464d
Merge branch 'philip/agent-clay' into m/userspace-permissions
Fang- Sep 17, 2022
fdbcf72
gall: +on-fail on unpermitted cards
Fang- Sep 20, 2022
13a8f21
gall: handle perms for loads and +on-fail better
Fang- Oct 28, 2022
bf8988a
lull: add care to scry permissions
Fang- Oct 31, 2022
42e7f3c
lull: more granular cross-agent/ship permissions
Fang- Nov 22, 2022
57fb1cf
lull: more granular clay permissions
Fang- Nov 23, 2022
c437333
lull: include care in clay read permissions
Fang- Nov 24, 2022
d9d4be7
Merge branch 'next/arvo' into m/userspace-permissions
Fang- Nov 30, 2022
39ad728
lull: remove dap argument from +cred and +must
Fang- Nov 30, 2022
45ba9e8
lull: always allow "unsubscribe" style tasks
Fang- Nov 30, 2022
99e6df1
tests: update gall tests to pass w/ recent changes
Fang- Nov 30, 2022
3d3c540
lull: let +have:gall check broad permissions also
Fang- Dec 7, 2022
0479c45
lull: add %super permission
Fang- Dec 7, 2022
763266b
clay: block %live desks on required permissions
Fang- Dec 9, 2022
b52c582
lull: check permissions for %reads in +have
Fang- Dec 9, 2022
ff2eb04
lull: separate %rekey from %private-keys perm
Fang- Dec 9, 2022
9a205e2
clay: include full permission state in $foam
Fang- Dec 9, 2022
379dce5
hood: include blocking perm details in +vat output
Fang- Dec 9, 2022
53a2af6
clay: make %seal a built-in mark
Fang- Jan 23, 2023
130761e
Merge branch 'develop' into m/userspace-permissions
Fang- Jan 24, 2023
9be19b4
clay: track missing perms required for liveness
Fang- Jan 26, 2023
5846e37
lull: update dill permissions
Fang- Feb 9, 2023
1a99593
gall: print warning when scry fails due to perms
Fang- Feb 9, 2023
65f80ba
clay: remove optional permissions from %seal mark
Fang- Feb 10, 2023
3bc22be
clay: add version tag to seal files
Fang- Feb 13, 2023
96c0194
clay: let desks request permissions dynamically
Fang- Feb 14, 2023
4be85d2
lull: add %plead permission for %clay %pine
Fang- Feb 14, 2023
dd9c3ed
lull: add notes about calling +rive prior to +must
Fang- Feb 14, 2023
9a40feb
kiln: reimplement perm generators with %helm-pass
Fang- Feb 14, 2023
3cfe404
Merge branch 'develop' into m/userspace-permissions
Fang- Mar 24, 2023
a5c4733
clay: once, auto-grants perms for installed apps
Fang- Mar 29, 2023
ab4f30b
gall: don't enforce permissions yet, only notify
Fang- Mar 29, 2023
a084375
kiln: auto-grant permissions to all boot desks
Fang- Mar 30, 2023
a46f8cc
clay: put in note to review kelvin nr on release
Fang- Mar 30, 2023
65de706
add missing arvo tasks to perms
tinnus-napbus Apr 6, 2023
1e5184b
lull: remove non-existent %flow dill task from userspace perms
tinnus-napbus Apr 9, 2023
cb94c19
lull: remove [%dill %space] perm as is already covered by [%dill %extra]
tinnus-napbus Apr 10, 2023
119a6aa
gall: add comment about .perms & .wards in state
tinnus-napbus Apr 11, 2023
3e43d99
Merge develop > tinnus/more-userspace-permissions
tinnus-napbus May 10, 2023
414b8a9
Merge branch 'develop' into tinnus/more-userspace-permissions
tinnus-napbus May 10, 2023
7e199c7
kiln/gens: remove clay-idle and clay-jolt generators
tinnus-napbus May 10, 2023
a0105a1
lull: add perms for %ames %keen, %yawn, %wham tasks
tinnus-napbus May 10, 2023
8e69815
bump sys.kelvin to 412
tinnus-napbus May 11, 2023
680b0ff
tests: fix gall tests for userspace perms
tinnus-napbus May 11, 2023
b82fd79
gall: comment out starting agent slog
tinnus-napbus May 11, 2023
e268bb9
/gen/hood/free: add optional args to approve blocking, requested or a…
tinnus-napbus May 18, 2023
7563169
lull: bump lull kelvin to %323
tinnus-napbus May 18, 2023
3adece8
gen: add +okay permission-review generator and perms lib
tinnus-napbus May 28, 2023
ba7e547
gen: |free - included blocking-commit in blocking option
tinnus-napbus May 29, 2023
ae3101c
gen: add =all and =extra (non-seal) options to |lock gen
tinnus-napbus May 29, 2023
6d4f287
clay: don't print missing perms when perm blocks live/commit
tinnus-napbus May 29, 2023
7aebdda
sur/hood: print count rather than all missing perms in +vats
tinnus-napbus May 29, 2023
34f1034
Merge branch 'develop' into tinnus/more-userspace-permissions
tinnus-napbus May 30, 2023
4b4971b
clay: rename %pine task to %hope, pin.dome to ask.dome
tinnus-napbus May 30, 2023
7faafca
gall: fix typo in +ap-douane
tinnus-napbus May 31, 2023
c7ec215
lib/perms: move to base-dev
tinnus-napbus Jun 1, 2023
6ad0363
gall: add %pes verbosity option for permission errors
tinnus-napbus Jun 2, 2023
6f9846e
hood/helm: add %helm-curb and %helm-hope for perms
tinnus-napbus Jun 6, 2023
8b6d2fa
lib/perms: implement have any/nil/all
tinnus-napbus Jun 15, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
lull, gall: implement permission check for scries
Fang- committed Jul 26, 2022
commit 9a992055c5c8b7c4d4c0fc18d6bca37ce79c3631
21 changes: 21 additions & 0 deletions pkg/arvo/sys/lull.hoon
Original file line number Diff line number Diff line change
@@ -1841,6 +1841,27 @@
== ==
==
::
++ rite !:
|= [our=ship [=view =beam] pers=(set perm)]
^- ?
?. =(our p.beam) |
=/ vane=term
?^ view way.view
?. =(2 (met 3 view))
view
(end 3 view)
%+ lien ~(tap in pers)
|= p=perm
?. ?=(%reads -.p) |
?& =(vane.p vane)
=(q.beam (fall desk.p q.beam))
::
|-
?~ spur.p &
?~ s.beam |
&(=(i.spur.p i.s.beam) $(spur.p t.spur.p, s.beam t.s.beam))
==
::
++ cred !:
|= [our=ship =card:agent pers=(set perm)]
^- ?
16 changes: 14 additions & 2 deletions pkg/arvo/sys/vane/gall.hoon
Original file line number Diff line number Diff line change
@@ -1642,7 +1642,7 @@
++ ap-mule
|= run=_^?(|.(*step:agent))
^- (each step:agent tang)
=/ res (mock [run %9 2 %0 1] (look rof ~))
=/ res (mock [run %9 2 %0 1] (ap-look rof ~))
?- -.res
%0 [%& !<(step:agent [-:!>(*step:agent) p.res])]
%1 [%| (smyt ;;(path p.res)) ~]
@@ -1653,12 +1653,24 @@
++ ap-mule-peek
|= run=_^?(|.(*(unit (unit cage))))
^- (each (unit (unit cage)) tang)
=/ res (mock [run %9 2 %0 1] (look rof ~))
=/ res (mock [run %9 2 %0 1] (ap-look rof ~))
?- -.res
%0 [%& !<((unit (unit cage)) [-:!>(*(unit (unit cage))) p.res])]
%1 [%| (smyt ;;(path p.res)) ~]
%2 [%| p.res]
==
:: +ap-look: namespace lookup with permission check
::
++ ap-look
|= [rof=roof lyc=gang]
=; rov=roof
(look rov lyc)
?: =(%base q.beak.yoke) rof
|= [lyc=gang vis=view bem=beam]
^- (unit (unit (cask vase)))
?. (rite our [vis bem] (~(get ju perms.state) q.beak.yoke))
~
(rof lyc vis bem)
:: +ap-ingest: call agent arm
::
:: Handle acks here because they need to be emitted before the