Revert "Saving for revert"

This reverts commit 05a39e9.
denoland · dsherret · Sep 26, 2024 · Sep 5, 2024 · Sep 5, 2024 · Sep 17, 2024
commit f99c39c18aac067f43988bca2ca3d0fe3151f700
diff --git a/cli/factory.rs b/cli/factory.rs
@@ -67,7 +67,6 @@ use deno_runtime::deno_node::DenoFsNodeResolverEnv;
 use deno_runtime::deno_node::NodeResolver;
 use deno_runtime::deno_permissions::Permissions;
 use deno_runtime::deno_permissions::PermissionsContainer;
-use deno_runtime::deno_permissions::PermissionsContainerKind;
 use deno_runtime::deno_tls::rustls::RootCertStore;
 use deno_runtime::deno_tls::RootCertStoreProvider;
 use deno_runtime::deno_web::BlobStore;
@@ -771,11 +770,7 @@ impl CliFactory {
           desc_parser.as_ref(),
           &self.cli_options()?.permissions_options(),
         )?;
-        Ok(PermissionsContainer::new(
-          desc_parser,
-          permissions,
-          PermissionsContainerKind::Root,
-        ))
+        Ok(PermissionsContainer::new(desc_parser, permissions))
       })
   }
 

diff --git a/cli/lsp/testing/execution.rs b/cli/lsp/testing/execution.rs
@@ -32,7 +32,6 @@ use deno_core::unsync::spawn_blocking;
 use deno_core::ModuleSpecifier;
 use deno_runtime::deno_permissions::Permissions;
 use deno_runtime::deno_permissions::PermissionsContainer;
-use deno_runtime::deno_permissions::PermissionsContainerKind;
 use deno_runtime::tokio_util::create_and_run_current_thread;
 use indexmap::IndexMap;
 use std::borrow::Cow;
@@ -277,7 +276,6 @@ impl TestRun {
       let permissions_container = PermissionsContainer::new(
         permission_desc_parser.clone(),
         permissions.clone(),
-        PermissionsContainerKind::Root,
       );
       let worker_sender = test_event_sender_factory.worker();
       let fail_fast_tracker = fail_fast_tracker.clone();

diff --git a/cli/ops/bench.rs b/cli/ops/bench.rs
@@ -16,7 +16,6 @@ use deno_runtime::deno_permissions::create_child_permissions;
 use deno_runtime::deno_permissions::ChildPermissionsArg;
 use deno_runtime::deno_permissions::PermissionDescriptorParser;
 use deno_runtime::deno_permissions::PermissionsContainer;
-use deno_runtime::deno_permissions::PermissionsContainerKind;
 use tokio::sync::mpsc::UnboundedSender;
 use uuid::Uuid;
 
@@ -73,11 +72,7 @@ pub fn op_pledge_test_permissions(
       &mut parent_permissions,
       args,
     )?;
-    PermissionsContainer::new(
-      permission_desc_parser,
-      perms,
-      PermissionsContainerKind::Root,
-    )
+    PermissionsContainer::new(permission_desc_parser, perms)
   };
   let parent_permissions = parent_permissions.clone();
 

diff --git a/cli/ops/testing.rs b/cli/ops/testing.rs
@@ -20,7 +20,6 @@ use deno_runtime::deno_permissions::create_child_permissions;
 use deno_runtime::deno_permissions::ChildPermissionsArg;
 use deno_runtime::deno_permissions::PermissionDescriptorParser;
 use deno_runtime::deno_permissions::PermissionsContainer;
-use deno_runtime::deno_permissions::PermissionsContainerKind;
 use std::sync::atomic::AtomicUsize;
 use std::sync::atomic::Ordering;
 use std::sync::Arc;
@@ -68,11 +67,7 @@ pub fn op_pledge_test_permissions(
       &mut parent_permissions,
       args,
     )?;
-    PermissionsContainer::new(
-      permission_desc_parser,
-      perms,
-      PermissionsContainerKind::Root,
-    )
+    PermissionsContainer::new(permission_desc_parser, perms)
   };
   let parent_permissions = parent_permissions.clone();
 

diff --git a/cli/standalone/mod.rs b/cli/standalone/mod.rs
@@ -30,7 +30,6 @@ use deno_runtime::deno_node::create_host_defined_options;
 use deno_runtime::deno_node::NodeResolver;
 use deno_runtime::deno_permissions::Permissions;
 use deno_runtime::deno_permissions::PermissionsContainer;
-use deno_runtime::deno_permissions::PermissionsContainerKind;
 use deno_runtime::deno_tls::rustls::RootCertStore;
 use deno_runtime::deno_tls::RootCertStoreProvider;
 use deno_runtime::deno_web::BlobStore;
@@ -686,11 +685,7 @@ pub async fn run(
       Arc::new(RuntimePermissionDescriptorParser::new(fs.clone()));
     let permissions =
       Permissions::from_options(desc_parser.as_ref(), &permissions)?;
-    PermissionsContainer::new(
-      desc_parser,
-      permissions,
-      PermissionsContainerKind::Root,
-    )
+    PermissionsContainer::new(desc_parser, permissions)
   };
   let feature_checker = Arc::new({
     let mut checker = FeatureChecker::default();

diff --git a/cli/tools/bench/mod.rs b/cli/tools/bench/mod.rs
@@ -30,7 +30,6 @@ use deno_core::ModuleSpecifier;
 use deno_core::PollEventLoopOptions;
 use deno_runtime::deno_permissions::Permissions;
 use deno_runtime::deno_permissions::PermissionsContainer;
-use deno_runtime::deno_permissions::PermissionsContainerKind;
 use deno_runtime::permissions::RuntimePermissionDescriptorParser;
 use deno_runtime::tokio_util::create_and_run_current_thread;
 use deno_runtime::WorkerExecutionMode;
@@ -279,7 +278,6 @@ async fn bench_specifiers(
     let permissions_container = PermissionsContainer::new(
       permissions_desc_parser.clone(),
       permissions.clone(),
-      PermissionsContainerKind::Root,
     );
     let sender = sender.clone();
     let options = option_for_handles.clone();

diff --git a/cli/tools/jupyter/mod.rs b/cli/tools/jupyter/mod.rs
@@ -26,7 +26,6 @@ use deno_core::url::Url;
 use deno_runtime::deno_io::Stdio;
 use deno_runtime::deno_io::StdioPipe;
 use deno_runtime::deno_permissions::PermissionsContainer;
-use deno_runtime::deno_permissions::PermissionsContainerKind;
 use deno_runtime::WorkerExecutionMode;
 use deno_terminal::colors;
 use jupyter_runtime::jupyter::ConnectionInfo;
@@ -65,10 +64,8 @@ pub async fn kernel(
     resolve_url_or_path("./$deno$jupyter.ts", cli_options.initial_cwd())
       .unwrap();
   // TODO(bartlomieju): should we run with all permissions?
-  let permissions = PermissionsContainer::allow_all(
-    factory.permission_desc_parser()?.clone(),
-    PermissionsContainerKind::Root,
-  );
+  let permissions =
+    PermissionsContainer::allow_all(factory.permission_desc_parser()?.clone());
   let npm_resolver = factory.npm_resolver().await?.clone();
   let resolver = factory.resolver().await?.clone();
   let worker_factory = factory.create_cli_main_worker_factory().await?;

diff --git a/cli/tools/test/mod.rs b/cli/tools/test/mod.rs
@@ -52,7 +52,6 @@ use deno_runtime::deno_io::Stdio;
 use deno_runtime::deno_io::StdioPipe;
 use deno_runtime::deno_permissions::Permissions;
 use deno_runtime::deno_permissions::PermissionsContainer;
-use deno_runtime::deno_permissions::PermissionsContainerKind;
 use deno_runtime::fmt_errors::format_js_error;
 use deno_runtime::permissions::RuntimePermissionDescriptorParser;
 use deno_runtime::tokio_util::create_and_run_current_thread;
@@ -1223,7 +1222,6 @@ async fn test_specifiers(
     let permissions_container = PermissionsContainer::new(
       permission_desc_parser.clone(),
       permissions.clone(),
-      PermissionsContainerKind::Root,
     );
     let worker_sender = test_event_sender_factory.worker();
     let fail_fast_tracker = fail_fast_tracker.clone();

diff --git a/cli/worker.rs b/cli/worker.rs
@@ -25,7 +25,6 @@ use deno_runtime::deno_node;
 use deno_runtime::deno_node::NodeExtInitServices;
 use deno_runtime::deno_node::NodeResolver;
 use deno_runtime::deno_permissions::PermissionsContainer;
-use deno_runtime::deno_permissions::PermissionsContainerKind;
 use deno_runtime::deno_tls::RootCertStoreProvider;
 use deno_runtime::deno_web::BlobStore;
 use deno_runtime::fmt_errors::format_js_error;
@@ -535,7 +534,6 @@ impl CliMainWorkerFactory {
       shared.module_loader_factory.create_for_main(
         PermissionsContainer::allow_all(
           self.shared.permission_desc_parser.clone(),
-          PermissionsContainerKind::Root,
         ),
         permissions.clone(),
       );
@@ -845,15 +843,13 @@ mod tests {
   use deno_core::resolve_path;
   use deno_fs::RealFs;
   use deno_runtime::deno_permissions::Permissions;
-  use deno_runtime::deno_permissions::PermissionsContainerKind;
 
   fn create_test_worker() -> MainWorker {
     let main_module =
       resolve_path("./hello.js", &std::env::current_dir().unwrap()).unwrap();
     let permissions = PermissionsContainer::new(
       Arc::new(RuntimePermissionDescriptorParser::new(Arc::new(RealFs))),
       Permissions::none_without_prompt(),
-      PermissionsContainerKind::Root,
     );
 
     let options = WorkerOptions {

diff --git a/runtime/examples/extension/main.rs b/runtime/examples/extension/main.rs
@@ -12,7 +12,6 @@ use deno_core::op2;
 use deno_core::FsModuleLoader;
 use deno_core::ModuleSpecifier;
 use deno_fs::RealFs;
-use deno_permissions::PermissionsContainerKind;
 use deno_runtime::deno_permissions::PermissionsContainer;
 use deno_runtime::permissions::RuntimePermissionDescriptorParser;
 use deno_runtime::worker::MainWorker;
@@ -38,10 +37,9 @@ async fn main() -> Result<(), AnyError> {
   eprintln!("Running {main_module}...");
   let mut worker = MainWorker::bootstrap_from_options(
     main_module.clone(),
-    PermissionsContainer::allow_all(
-      Arc::new(RuntimePermissionDescriptorParser::new(Arc::new(RealFs))),
-      PermissionsContainerKind::Root,
-    ),
+    PermissionsContainer::allow_all(Arc::new(
+      RuntimePermissionDescriptorParser::new(Arc::new(RealFs)),
+    )),
     WorkerOptions {
       module_loader: Rc::new(FsModuleLoader),
       extensions: vec![hello_runtime::init_ops_and_esm()],

diff --git a/runtime/ops/worker_host.rs b/runtime/ops/worker_host.rs
@@ -21,7 +21,6 @@ use deno_permissions::create_child_permissions;
 use deno_permissions::ChildPermissionsArg;
 use deno_permissions::PermissionDescriptorParser;
 use deno_permissions::PermissionsContainer;
-use deno_permissions::PermissionsContainerKind;
 use deno_web::deserialize_js_transferables;
 use deno_web::JsMessageData;
 use log::debug;
@@ -167,11 +166,7 @@ fn op_create_worker(
       &mut parent_permissions,
       child_permissions_arg,
     )?;
-    PermissionsContainer::new(
-      permission_desc_parser,
-      perms,
-      PermissionsContainerKind::Child,
-    )
+    PermissionsContainer::new(permission_desc_parser, perms)
   } else {
     parent_permissions.clone()
   };

diff --git a/runtime/permissions/lib.rs b/runtime/permissions/lib.rs
@@ -2078,12 +2078,6 @@ pub fn specifier_to_file_path(
   }
 }
 
-#[derive(Debug, Clone, Copy)]
-pub enum PermissionsContainerKind {
-  Root,
-  Child,
-}
-
 /// Wrapper struct for `Permissions` that can be shared across threads.
 ///
 /// We need a way to have internal mutability for permissions as they might get
@@ -2098,41 +2092,33 @@ pub struct PermissionsContainer {
   // so that the code is not so verbose elsewhere.
   pub descriptor_parser: Arc<dyn PermissionDescriptorParser>,
   pub inner: Arc<Mutex<Permissions>>,
-  pub kind: PermissionsContainerKind,
 }
 
 impl PermissionsContainer {
   pub fn new(
     descriptor_parser: Arc<dyn PermissionDescriptorParser>,
     perms: Permissions,
-    kind: PermissionsContainerKind,
   ) -> Self {
     Self {
       descriptor_parser,
       inner: Arc::new(Mutex::new(perms)),
-      kind,
     }
   }
 
   pub fn allow_all(
     descriptor_parser: Arc<dyn PermissionDescriptorParser>,
-    kind: PermissionsContainerKind,
   ) -> Self {
-    Self::new(descriptor_parser, Permissions::allow_all(), kind)
+    Self::new(descriptor_parser, Permissions::allow_all())
   }
 
   #[inline(always)]
   pub fn check_specifier(
     &self,
     specifier: &ModuleSpecifier,
   ) -> Result<(), AnyError> {
+    let mut inner = self.inner.lock();
     match specifier.scheme() {
       "file" => {
-        // grant for the root?
-        if self.kind == PermissionsContainerKind::Root {
-          return Ok(());
-        }
-        let mut inner = self.inner.lock();
         if inner.read.is_allow_all() {
           return Ok(()); // avoid allocations below
         }
@@ -2154,14 +2140,9 @@ impl PermissionsContainer {
       "data" => Ok(()),
       "blob" => Ok(()),
       _ => {
-        let mut inner = self.inner.lock();
-        if inner.net.is_allow_all() && inner.import.is_allow_all() {
-          return Ok(()); // avoid allocations below
-        }
         let desc = self
           .descriptor_parser
           .parse_net_descriptor_from_url(specifier)?;
-        // todo(THIS PR): only query if in net, but prompt for allow import
         inner.net.check(&desc, Some("import()"))?;
         inner
           .import
@@ -3131,11 +3112,7 @@ mod tests {
       },
     )
     .unwrap();
-    let mut perms = PermissionsContainer::new(
-      Arc::new(parser),
-      perms,
-      PermissionsContainerKind::Root,
-    );
+    let mut perms = PermissionsContainer::new(Arc::new(parser), perms);
 
     let cases = [
       // Inside of /a/specific and /a/specific/dir/name
@@ -3332,11 +3309,7 @@ mod tests {
       },
     )
     .unwrap();
-    let mut perms = PermissionsContainer::new(
-      Arc::new(parser),
-      perms,
-      PermissionsContainerKind::Root,
-    );
+    let mut perms = PermissionsContainer::new(Arc::new(parser), perms);
 
     let url_tests = vec![
       // Any protocol + port for localhost should be ok, since we don't specify
@@ -3392,7 +3365,7 @@ mod tests {
       svec!["/a"]
     };
     let parser = TestPermissionDescriptorParser;
-    let perms = Permissions::from_options(
+    let mut perms = Permissions::from_options(
       &parser,
       &PermissionsOptions {
         allow_read: Some(read_allowlist),
@@ -3401,11 +3374,7 @@ mod tests {
       },
     )
     .unwrap();
-    let perms = PermissionsContainer::new(
-      Arc::new(parser),
-      perms,
-      PermissionsContainerKind::Root,
-    );
+    let mut perms = PermissionsContainer::new(Arc::new(parser), perms);
 
     let mut fixtures = vec![
       (
@@ -3453,7 +3422,6 @@ mod tests {
     let perms = PermissionsContainer::new(
       Arc::new(TestPermissionDescriptorParser),
       perms,
-      PermissionsContainerKind::Root,
     );
 
     let mut test_cases = vec![];
@@ -4043,11 +4011,7 @@ mod tests {
       },
     )
     .unwrap();
-    let mut perms = PermissionsContainer::new(
-      Arc::new(parser),
-      perms,
-      PermissionsContainerKind::Root,
-    );
+    let mut perms = PermissionsContainer::new(Arc::new(parser), perms);
     let cases = [
       ("allowed.domain.", true),
       ("1.1.1.1", true),