BREAKING(permissions): remove --allow-hrtime (#25367)

Remove `--allow-hrtime` and `--deny-hrtime`. We are doing this because
it is already possible to get access to high resolution timers through
workers and SharedArrayBuffer.

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>

cli/args/flags.rs

@@ -619,8 +619,6 @@ pub struct PermissionFlags {
   pub allow_all: bool,
   pub allow_env: Option<Vec<String>>,
   pub deny_env: Option<Vec<String>>,
-  pub allow_hrtime: bool,
-  pub deny_hrtime: bool,
   pub allow_ffi: Option<Vec<String>>,
   pub deny_ffi: Option<Vec<String>>,
   pub allow_net: Option<Vec<String>>,
@@ -641,8 +639,6 @@ impl PermissionFlags {
     self.allow_all
       || self.allow_env.is_some()
       || self.deny_env.is_some()
-      || self.allow_hrtime
-      || self.deny_hrtime
       || self.allow_ffi.is_some()
       || self.deny_ffi.is_some()
       || self.allow_net.is_some()
@@ -690,8 +686,6 @@ impl PermissionFlags {
       allow_all: self.allow_all,
       allow_env: self.allow_env.clone(),
       deny_env: self.deny_env.clone(),
-      allow_hrtime: self.allow_hrtime,
-      deny_hrtime: self.deny_hrtime,
       allow_net: self.allow_net.clone(),
       deny_net: self.deny_net.clone(),
       allow_ffi: convert_option_str_to_path_buf(&self.allow_ffi, initial_cwd)?,
@@ -905,14 +899,6 @@ impl Flags {
       _ => {}
     }
 
-    if self.permissions.allow_hrtime {
-      args.push("--allow-hrtime".to_string());
-    }
-
-    if self.permissions.deny_hrtime {
-      args.push("--deny-hrtime".to_string());
-    }
-
     args
   }
 
@@ -996,8 +982,6 @@ impl Flags {
   pub fn has_permission_in_argv(&self) -> bool {
     self.argv.iter().any(|arg| {
       arg == "--allow-all"
-        || arg == "--allow-hrtime"
-        || arg == "--deny-hrtime"
         || arg.starts_with("--allow-env")
         || arg.starts_with("--deny-env")
         || arg.starts_with("--allow-ffi")
@@ -1025,7 +1009,6 @@ impl Flags {
     self.permissions.allow_write = Some(vec![]);
     self.permissions.allow_sys = Some(vec![]);
     self.permissions.allow_ffi = Some(vec![]);
-    self.permissions.allow_hrtime = true;
   }
 
   pub fn resolve_watch_exclude_set(
@@ -1393,7 +1376,6 @@ fn handle_repl_flags(flags: &mut Flags, repl_flags: ReplFlags) {
     flags.permissions.allow_sys = Some(vec![]);
     flags.permissions.allow_write = Some(vec![]);
     flags.permissions.allow_ffi = Some(vec![]);
-    flags.permissions.allow_hrtime = true;
   }
   flags.subcommand = DenoSubcommand::Repl(repl_flags);
 }
@@ -3098,8 +3080,6 @@ Docs: <c>https://docs.deno.com/go/permissions</>
                                            <p(245)>--allow-run  |  --allow-run="whoami,ps"</>
       <g>--allow-ffi[=<<PATH>...]</>            (Unstable) Allow loading dynamic libraries. Optionally specify allowed directories or files.
                                            <p(245)>--allow-ffi  |  --allow-ffi="./libfoo.so"</>
-      <g>--allow-hrtime</>                     Allow high-resolution time measurement. Note: this can enable timing attacks and fingerprinting.
-                                           <p(245)>--allow-hrtime</>
   <g>    --deny-read[=<<PATH>...]</>            Deny file system read access. Optionally specify denied paths.
                                            <p(245)>--deny-read  |  --deny-read="/etc,/var/log.txt"</>
   <g>    --deny-write[=<<PATH>...]</>           Deny file system write access. Optionally specify denied paths.
@@ -3114,8 +3094,6 @@ Docs: <c>https://docs.deno.com/go/permissions</>
                                            <p(245)>--deny-run  |  --deny-run="whoami,ps"</>
       <g>--deny-ffi[=<<PATH>...]</>             (Unstable) Deny loading dynamic libraries. Optionally specify denied directories or files.
                                            <p(245)>--deny-ffi  |  --deny-ffi="./libfoo.so"</>
-      <g>--deny-hrtime</>                      Deny high-resolution time measurement.
-                                           <p(245)>--deny-hrtime</>
 "#))
     .arg(
       Arg::new("allow-all")
@@ -3312,14 +3290,14 @@ Docs: <c>https://docs.deno.com/go/permissions</>
       Arg::new("allow-hrtime")
         .long("allow-hrtime")
         .action(ArgAction::SetTrue)
-        .help("Allow high-resolution time measurement. Note: this can enable timing attacks and fingerprinting")
+        .help("REMOVED in Deno 2.0")
         .hide(true),
     )
     .arg(
       Arg::new("deny-hrtime")
         .long("deny-hrtime")
         .action(ArgAction::SetTrue)
-        .help("Deny high-resolution time measurement. Note: this can prevent timing attacks and fingerprinting")
+        .help("REMOVED in Deno 2.0")
         .hide(true),
     )
     .arg(
@@ -4802,12 +4780,8 @@ fn permission_args_parse(flags: &mut Flags, matches: &mut ArgMatches) {
     debug!("ffi denylist: {:#?}", &flags.permissions.deny_ffi);
   }
 
-  if matches.get_flag("allow-hrtime") {
+  if matches.get_flag("allow-hrtime") || matches.get_flag("deny-hrtime") {
-    flags.permissions.allow_hrtime = true;
+    log::warn!("⚠️ Warning: `allow-hrtime` and `deny-hrtime` have been removed in Deno 2, as high resolution time is now always allowed.");
-  }
-
-  if matches.get_flag("deny-hrtime") {
-    flags.permissions.deny_hrtime = true;
   }
 
   if matches.get_flag("allow-all") {
@@ -5784,7 +5758,6 @@ mod tests {
           allow_sys: Some(vec![]),
           allow_write: Some(vec![]),
           allow_ffi: Some(vec![]),
-          allow_hrtime: true,
           ..Default::default()
         },
         code_cache_enabled: true,
@@ -5856,44 +5829,6 @@ mod tests {
     );
   }
 
-  #[test]
-  fn allow_hrtime() {
-    let r = flags_from_vec(svec!["deno", "run", "--allow-hrtime", "gist.ts"]);
-    assert_eq!(
-      r.unwrap(),
-      Flags {
-        subcommand: DenoSubcommand::Run(RunFlags::new_default(
-          "gist.ts".to_string(),
-        )),
-        permissions: PermissionFlags {
-          allow_hrtime: true,
-          ..Default::default()
-        },
-        code_cache_enabled: true,
-        ..Flags::default()
-      }
-    );
-  }
-
-  #[test]
-  fn deny_hrtime() {
-    let r = flags_from_vec(svec!["deno", "run", "--deny-hrtime", "gist.ts"]);
-    assert_eq!(
-      r.unwrap(),
-      Flags {
-        subcommand: DenoSubcommand::Run(RunFlags::new_default(
-          "gist.ts".to_string(),
-        )),
-        permissions: PermissionFlags {
-          deny_hrtime: true,
-          ..Default::default()
-        },
-        code_cache_enabled: true,
-        ..Flags::default()
-      }
-    );
-  }
-
   #[test]
   fn double_hyphen() {
     // notice that flags passed after double dash will not
@@ -6717,7 +6652,6 @@ mod tests {
           allow_sys: Some(vec![]),
           allow_write: Some(vec![]),
           allow_ffi: Some(vec![]),
-          allow_hrtime: true,
           ..Default::default()
         },
         ..Flags::default()
@@ -6744,7 +6678,6 @@ mod tests {
           allow_sys: Some(vec![]),
           allow_write: Some(vec![]),
           allow_ffi: Some(vec![]),
-          allow_hrtime: true,
           ..Default::default()
         },
         ..Flags::default()
@@ -6776,7 +6709,6 @@ mod tests {
           allow_sys: Some(vec![]),
           allow_write: Some(vec![]),
           allow_ffi: Some(vec![]),
-          allow_hrtime: true,
           ..Default::default()
         },
         ext: Some("ts".to_string()),
@@ -6817,7 +6749,6 @@ mod tests {
           allow_sys: Some(vec![]),
           allow_write: Some(vec![]),
           allow_ffi: Some(vec![]),
-          allow_hrtime: true,
           ..Default::default()
         },
         env_file: Some(".example.env".to_owned()),
@@ -6852,7 +6783,6 @@ mod tests {
           allow_sys: Some(vec![]),
           allow_write: Some(vec![]),
           allow_ffi: Some(vec![]),
-          allow_hrtime: true,
           ..Default::default()
         },
         ..Flags::default()
@@ -6886,7 +6816,6 @@ mod tests {
           deny_write: None,
           allow_ffi: Some(vec![]),
           deny_ffi: None,
-          allow_hrtime: true,
           ..Default::default()
         },
         ..Flags::default()
@@ -6940,7 +6869,6 @@ mod tests {
           allow_sys: Some(vec![]),
           allow_write: Some(vec![]),
           allow_ffi: Some(vec![]),
-          allow_hrtime: true,
           ..Default::default()
         },
         env_file: Some(".example.env".to_owned()),
@@ -10312,7 +10240,6 @@ mod tests {
           allow_sys: Some(vec![]),
           allow_write: Some(vec![]),
           allow_ffi: Some(vec![]),
-          allow_hrtime: true,
           ..Default::default()
         },
         ..Flags::default()

cli/tsc/dts/lib.deno.ns.d.ts

@@ -553,15 +553,6 @@ declare namespace Deno {
      */
     sys?: "inherit" | boolean | string[];
 
-    /** Specifies if the `hrtime` permission should be requested or revoked.
-     * If set to `"inherit"`, the current `hrtime` permission will be inherited.
-     * If set to `true`, the global `hrtime` permission will be requested.
-     * If set to `false`, the global `hrtime` permission will be revoked.
-     *
-     * @default {false}
-     */
-    hrtime?: "inherit" | boolean;
-
     /** Specifies if the `net` permission should be requested or revoked.
      * if set to `"inherit"`, the current `net` permission will be inherited.
      * if set to `true`, the global `net` permission will be requested.
@@ -4741,8 +4732,7 @@ declare namespace Deno {
     | "net"
     | "env"
     | "sys"
-    | "ffi"
+    | "ffi";
-    | "hrtime";
 
   /** The current status of the permission:
    *
@@ -4873,17 +4863,6 @@ declare namespace Deno {
     path?: string | URL;
   }
 
-  /** The permission descriptor for the `allow-hrtime` and `deny-hrtime` permissions, which
-   * controls if the runtime code has access to high resolution time. High
-   * resolution time is considered sensitive information, because it can be used
-   * by malicious code to gain information about the host that it might not
-   * otherwise have access to.
-   *
-   * @category Permissions */
-  export interface HrtimePermissionDescriptor {
-    name: "hrtime";
-  }
-
   /** Permission descriptors which define a permission and can be queried,
    * requested, or revoked.
    *
@@ -4899,8 +4878,7 @@ declare namespace Deno {
     | NetPermissionDescriptor
     | EnvPermissionDescriptor
     | SysPermissionDescriptor
-    | FfiPermissionDescriptor
+    | FfiPermissionDescriptor;
-    | HrtimePermissionDescriptor;
 
   /** The interface which defines what event types are supported by
    * {@linkcode PermissionStatus} instances.

cli/tsc/dts/lib.deno.shared_globals.d.ts

@@ -593,16 +593,12 @@ declare interface Performance extends EventTarget {
     endMark?: string,
   ): PerformanceMeasure;
 
-  /** Returns a current time from Deno's start in milliseconds.
+  /** Returns a current time from Deno's start in fractional milliseconds.
-   *
-   * Use the permission flag `--allow-hrtime` to return a precise value.
    *
    * ```ts
    * const t = performance.now();
    * console.log(`${t} ms since start!`);
    * ```
-   *
-   * @tags allow-hrtime
    */
   now(): number;
 

ext/web/timers.rs

@@ -13,7 +13,7 @@ pub trait TimersPermission {
 impl TimersPermission for deno_permissions::PermissionsContainer {
   #[inline(always)]
   fn allow_hrtime(&mut self) -> bool {
-    deno_permissions::PermissionsContainer::allow_hrtime(self)
+    true
   }
 }
 

runtime/js/10_permissions.js

@@ -37,7 +37,7 @@ const illegalConstructorKey = Symbol("illegalConstructorKey");
  * @property {boolean} partial
  */
 
-/** @type {ReadonlyArray<"read" | "write" | "net" | "env" | "sys" | "run" | "ffi" | "hrtime">} */
+/** @type {ReadonlyArray<"read" | "write" | "net" | "env" | "sys" | "run" | "ffi">} */
 const permissionNames = [
   "read",
   "write",
@@ -46,7 +46,6 @@ const permissionNames = [
   "sys",
   "run",
   "ffi",
-  "hrtime",
 ];
 
 /**
@@ -282,7 +281,7 @@ function serializePermissions(permissions) {
       }
     }
     for (
-      const key of new SafeArrayIterator(["env", "hrtime", "net", "sys"])
+      const key of new SafeArrayIterator(["env", "net", "sys"])
     ) {
       if (ArrayIsArray(permissions[key])) {
         serializedPermissions[key] = ArrayPrototypeSlice(permissions[key]);

runtime/ops/permissions.rs

@@ -73,7 +73,6 @@ pub fn op_query_permission(
       .query(args.kind.as_deref().map(parse_sys_kind).transpose()?),
     "run" => permissions.run.query(args.command.as_deref()),
     "ffi" => permissions.ffi.query(args.path.as_deref().map(Path::new)),
-    "hrtime" => permissions.hrtime.query(),
     n => {
       return Err(custom_error(
         "ReferenceError",
@@ -108,7 +107,6 @@ pub fn op_revoke_permission(
       .revoke(args.kind.as_deref().map(parse_sys_kind).transpose()?),
     "run" => permissions.run.revoke(args.command.as_deref()),
     "ffi" => permissions.ffi.revoke(args.path.as_deref().map(Path::new)),
-    "hrtime" => permissions.hrtime.revoke(),
     n => {
       return Err(custom_error(
         "ReferenceError",
@@ -143,7 +141,6 @@ pub fn op_request_permission(
       .request(args.kind.as_deref().map(parse_sys_kind).transpose()?),
     "run" => permissions.run.request(args.command.as_deref()),
     "ffi" => permissions.ffi.request(args.path.as_deref().map(Path::new)),
-    "hrtime" => permissions.hrtime.request(),
     n => {
       return Err(custom_error(
         "ReferenceError",

runtime/permissions/lib.rs

@@ -1416,7 +1416,6 @@ pub struct Permissions {
   pub run: UnaryPermission<RunDescriptor>,
   pub ffi: UnaryPermission<FfiDescriptor>,
   pub all: UnitPermission,
-  pub hrtime: UnitPermission,
 }
 
 #[derive(Clone, Debug, Eq, PartialEq, Default, Serialize, Deserialize)]
@@ -1424,8 +1423,6 @@ pub struct PermissionsOptions {
   pub allow_all: bool,
   pub allow_env: Option<Vec<String>>,
   pub deny_env: Option<Vec<String>>,
-  pub allow_hrtime: bool,
-  pub deny_hrtime: bool,
   pub allow_net: Option<Vec<String>>,
   pub deny_net: Option<Vec<String>>,
   pub allow_ffi: Option<Vec<PathBuf>>,
@@ -1460,19 +1457,6 @@ impl Permissions {
     })
   }
 
-  pub const fn new_hrtime(
-    allow_state: bool,
-    deny_state: bool,
-  ) -> UnitPermission {
-    unit_permission_from_flag_bools(
-      allow_state,
-      deny_state,
-      "hrtime",
-      "high precision time",
-      false, // never prompt for hrtime
-    )
-  }
-
   pub const fn new_all(allow_state: bool) -> UnitPermission {
     unit_permission_from_flag_bools(
       allow_state,
@@ -1521,7 +1505,6 @@ impl Permissions {
         opts.prompt,
       )?,
       all: Permissions::new_all(opts.allow_all),
-      hrtime: Permissions::new_hrtime(opts.allow_hrtime, opts.deny_hrtime),
     })
   }
 
@@ -1536,7 +1519,6 @@ impl Permissions {
       run: UnaryPermission::allow_all(),
       ffi: UnaryPermission::allow_all(),
       all: Permissions::new_all(true),
-      hrtime: Permissions::new_hrtime(true, false),
     }
   }
 
@@ -1560,7 +1542,6 @@ impl Permissions {
       run: Permissions::new_unary(&None, &None, prompt).unwrap(),
       ffi: Permissions::new_unary(&None, &None, prompt).unwrap(),
       all: Permissions::new_all(false),
-      hrtime: Permissions::new_hrtime(false, false),
     }
   }
 
@@ -1598,11 +1579,6 @@ impl PermissionsContainer {
     Self(Arc::new(Mutex::new(perms)))
   }
 
-  #[inline(always)]
-  pub fn allow_hrtime(&mut self) -> bool {
-    self.0.lock().hrtime.check().is_ok()
-  }
-
   pub fn allow_all() -> Self {
     Self::new(Permissions::allow_all())
   }
@@ -2115,7 +2091,6 @@ impl<'de> Deserialize<'de> for ChildUnaryPermissionArg {
 #[derive(Debug, Eq, PartialEq)]
 pub struct ChildPermissionsArg {
   env: ChildUnaryPermissionArg,
-  hrtime: ChildUnitPermissionArg,
   net: ChildUnaryPermissionArg,
   ffi: ChildUnaryPermissionArg,
   read: ChildUnaryPermissionArg,
@@ -2128,7 +2103,6 @@ impl ChildPermissionsArg {
   pub fn inherit() -> Self {
     ChildPermissionsArg {
       env: ChildUnaryPermissionArg::Inherit,
-      hrtime: ChildUnitPermissionArg::Inherit,
       net: ChildUnaryPermissionArg::Inherit,
       ffi: ChildUnaryPermissionArg::Inherit,
       read: ChildUnaryPermissionArg::Inherit,
@@ -2141,7 +2115,6 @@ impl ChildPermissionsArg {
   pub fn none() -> Self {
     ChildPermissionsArg {
       env: ChildUnaryPermissionArg::NotGranted,
-      hrtime: ChildUnitPermissionArg::NotGranted,
       net: ChildUnaryPermissionArg::NotGranted,
       ffi: ChildUnaryPermissionArg::NotGranted,
       read: ChildUnaryPermissionArg::NotGranted,
@@ -2198,11 +2171,6 @@ impl<'de> Deserialize<'de> for ChildPermissionsArg {
             child_permissions_arg.env = arg.map_err(|e| {
               de::Error::custom(format!("(deno.permissions.env) {e}"))
             })?;
-          } else if key == "hrtime" {
-            let arg = serde_json::from_value::<ChildUnitPermissionArg>(value);
-            child_permissions_arg.hrtime = arg.map_err(|e| {
-              de::Error::custom(format!("(deno.permissions.hrtime) {e}"))
-            })?;
           } else if key == "net" {
             let arg = serde_json::from_value::<ChildUnaryPermissionArg>(value);
             child_permissions_arg.net = arg.map_err(|e| {
@@ -2258,13 +2226,6 @@ pub fn create_child_permissions(
     }
   }
 
-  fn is_granted_unit(arg: &ChildUnitPermissionArg) -> bool {
-    match arg {
-      ChildUnitPermissionArg::Inherit | ChildUnitPermissionArg::Granted => true,
-      ChildUnitPermissionArg::NotGranted => false,
-    }
-  }
-
   let mut worker_perms = Permissions::none_without_prompt();
 
   worker_perms.all = main_perms
@@ -2282,9 +2243,7 @@ pub fn create_child_permissions(
       &child_permissions_arg.run,
       &child_permissions_arg.ffi,
     ];
-    let unit_perms = [&child_permissions_arg.hrtime];
+    let allow_all = unary_perms.into_iter().all(is_granted_unary);
-    let allow_all = unary_perms.into_iter().all(is_granted_unary)
-      && unit_perms.into_iter().all(is_granted_unit);
     if !allow_all {
       worker_perms.all.revoke();
     }
@@ -2313,9 +2272,6 @@ pub fn create_child_permissions(
   worker_perms.ffi = main_perms
     .ffi
     .create_child_permissions(child_permissions_arg.ffi)?;
-  worker_perms.hrtime = main_perms
-    .hrtime
-    .create_child_permissions(child_permissions_arg.hrtime)?;
 
   Ok(worker_perms)
 }
@@ -2747,7 +2703,6 @@ mod tests {
         .unwrap(),
       run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(),
       all: Permissions::new_all(false),
-      hrtime: Permissions::new_hrtime(false, false),
     };
     let perms3 = Permissions {
       read: Permissions::new_unary(
@@ -2775,7 +2730,6 @@ mod tests {
         .unwrap(),
       run: Permissions::new_unary(&None, &Some(svec!["deno"]), false).unwrap(),
       all: Permissions::new_all(false),
-      hrtime: Permissions::new_hrtime(false, true),
     };
     let perms4 = Permissions {
       read: Permissions::new_unary(
@@ -2813,7 +2767,6 @@ mod tests {
       run: Permissions::new_unary(&Some(vec![]), &Some(svec!["deno"]), false)
         .unwrap(),
       all: Permissions::new_all(false),
-      hrtime: Permissions::new_hrtime(true, true),
     };
     #[rustfmt::skip]
     {
@@ -2889,10 +2842,6 @@ mod tests {
       assert_eq!(perms4.run.query(None), PermissionState::GrantedPartial);
       assert_eq!(perms4.run.query(Some("deno")), PermissionState::Denied);
       assert_eq!(perms4.run.query(Some("node")), PermissionState::Granted);
-      assert_eq!(perms1.hrtime.query(), PermissionState::Granted);
-      assert_eq!(perms2.hrtime.query(), PermissionState::Prompt);
-      assert_eq!(perms3.hrtime.query(), PermissionState::Denied);
-      assert_eq!(perms4.hrtime.query(), PermissionState::Denied);
     };
   }
 
@@ -2937,10 +2886,6 @@ mod tests {
       assert_eq!(perms.run.query(None), PermissionState::Prompt);
       prompt_value.set(false);
       assert_eq!(perms.run.request(Some("deno")), PermissionState::Granted);
-      prompt_value.set(false);
-      assert_eq!(perms.hrtime.request(), PermissionState::Denied);
-      prompt_value.set(true);
-      assert_eq!(perms.hrtime.request(), PermissionState::Denied);
     };
   }
 
@@ -2977,7 +2922,6 @@ mod tests {
         .unwrap(),
       run: Permissions::new_unary(&Some(svec!["deno"]), &None, false).unwrap(),
       all: Permissions::new_all(false),
-      hrtime: Permissions::new_hrtime(false, true),
     };
     #[rustfmt::skip]
     {
@@ -2996,7 +2940,6 @@ mod tests {
       assert_eq!(perms.env.revoke(Some("HOME")), PermissionState::Prompt);
       assert_eq!(perms.env.revoke(Some("hostname")), PermissionState::Prompt);
       assert_eq!(perms.run.revoke(Some("deno")), PermissionState::Prompt);
-      assert_eq!(perms.hrtime.revoke(), PermissionState::Denied);
     };
   }
 
@@ -3080,8 +3023,6 @@ mod tests {
     prompt_value.set(false);
     assert!(perms.env.check("hostname", None).is_ok());
     assert!(perms.env.check("osRelease", None).is_err());
-
-    assert!(perms.hrtime.check().is_err());
   }
 
   #[test]
@@ -3183,11 +3124,6 @@ mod tests {
     assert!(perms.sys.check("osRelease", None).is_ok());
     prompt_value.set(false);
     assert!(perms.sys.check("osRelease", None).is_ok());
-
-    prompt_value.set(false);
-    assert!(perms.hrtime.check().is_err());
-    prompt_value.set(true);
-    assert!(perms.hrtime.check().is_err());
   }
 
   #[test]
@@ -3278,7 +3214,6 @@ mod tests {
       ChildPermissionsArg::inherit(),
       ChildPermissionsArg {
         env: ChildUnaryPermissionArg::Inherit,
-        hrtime: ChildUnitPermissionArg::Inherit,
         net: ChildUnaryPermissionArg::Inherit,
         ffi: ChildUnaryPermissionArg::Inherit,
         read: ChildUnaryPermissionArg::Inherit,
@@ -3291,7 +3226,6 @@ mod tests {
       ChildPermissionsArg::none(),
       ChildPermissionsArg {
         env: ChildUnaryPermissionArg::NotGranted,
-        hrtime: ChildUnitPermissionArg::NotGranted,
         net: ChildUnaryPermissionArg::NotGranted,
         ffi: ChildUnaryPermissionArg::NotGranted,
         read: ChildUnaryPermissionArg::NotGranted,
@@ -3322,26 +3256,6 @@ mod tests {
         ..ChildPermissionsArg::none()
       }
     );
-    assert_eq!(
-      serde_json::from_value::<ChildPermissionsArg>(json!({
-        "hrtime": true,
-      }))
-      .unwrap(),
-      ChildPermissionsArg {
-        hrtime: ChildUnitPermissionArg::Granted,
-        ..ChildPermissionsArg::none()
-      }
-    );
-    assert_eq!(
-      serde_json::from_value::<ChildPermissionsArg>(json!({
-        "hrtime": false,
-      }))
-      .unwrap(),
-      ChildPermissionsArg {
-        hrtime: ChildUnitPermissionArg::NotGranted,
-        ..ChildPermissionsArg::none()
-      }
-    );
     assert_eq!(
       serde_json::from_value::<ChildPermissionsArg>(json!({
         "env": true,
@@ -3361,7 +3275,6 @@ mod tests {
         run: ChildUnaryPermissionArg::Granted,
         sys: ChildUnaryPermissionArg::Granted,
         write: ChildUnaryPermissionArg::Granted,
-        ..ChildPermissionsArg::none()
       }
     );
     assert_eq!(
@@ -3383,7 +3296,6 @@ mod tests {
         run: ChildUnaryPermissionArg::NotGranted,
         sys: ChildUnaryPermissionArg::NotGranted,
         write: ChildUnaryPermissionArg::NotGranted,
-        ..ChildPermissionsArg::none()
       }
     );
     assert_eq!(
@@ -3421,7 +3333,6 @@ mod tests {
           "foo",
           "file:///bar/baz"
         ]),
-        ..ChildPermissionsArg::none()
       }
     );
   }
@@ -3431,7 +3342,6 @@ mod tests {
     set_prompter(Box::new(TestPrompter));
     let mut main_perms = Permissions {
       env: Permissions::new_unary(&Some(vec![]), &None, false).unwrap(),
-      hrtime: Permissions::new_hrtime(true, false),
       net: Permissions::new_unary(&Some(svec!["foo", "bar"]), &None, false)
         .unwrap(),
       ..Permissions::none_without_prompt()
@@ -3441,7 +3351,6 @@ mod tests {
         &mut main_perms.clone(),
         ChildPermissionsArg {
           env: ChildUnaryPermissionArg::Inherit,
-          hrtime: ChildUnitPermissionArg::NotGranted,
           net: ChildUnaryPermissionArg::GrantedList(svec!["foo"]),
           ffi: ChildUnaryPermissionArg::NotGranted,
           ..ChildPermissionsArg::none()

tests/integration/run_tests.rs

@@ -153,11 +153,6 @@ itest!(_023_no_ext {
   output: "run/023_no_ext.out",
 });
 
-itest!(_025_hrtime {
-  args: "run --quiet --allow-hrtime --reload run/025_hrtime.ts",
-  output: "run/025_hrtime.ts.out",
-});
-
 itest!(_025_reload_js_type_error {
   args: "run --quiet --reload run/025_reload_js_type_error.js",
   output: "run/025_reload_js_type_error.js.out",
@@ -735,12 +730,12 @@ fn permission_request_long() {
 }
 
 itest!(deny_all_permission_args {
-  args: "run --deny-env --deny-read --deny-write --deny-ffi --deny-run --deny-sys --deny-net --deny-hrtime run/deny_all_permission_args.js",
+  args: "run --deny-env --deny-read --deny-write --deny-ffi --deny-run --deny-sys --deny-net run/deny_all_permission_args.js",
   output: "run/deny_all_permission_args.out",
 });
 
 itest!(deny_some_permission_args {
-  args: "run --allow-env --deny-env=FOO --allow-read --deny-read=/foo --allow-write --deny-write=/foo --allow-ffi --deny-ffi=/foo --allow-run --deny-run=foo --allow-sys --deny-sys=hostname --allow-net --deny-net=127.0.0.1 --allow-hrtime --deny-hrtime run/deny_some_permission_args.js",
+  args: "run --allow-env --deny-env=FOO --allow-read --deny-read=/foo --allow-write --deny-write=/foo --allow-ffi --deny-ffi=/foo --allow-run --deny-run=foo --allow-sys --deny-sys=hostname --allow-net --deny-net=127.0.0.1 run/deny_some_permission_args.js",
   output: "run/deny_some_permission_args.out",
 });
 

tests/specs/bench/allow_all/allow_all.out

@@ -5,8 +5,8 @@ Runtime | Deno [WILDLINE] ([WILDLINE])
 
 [WILDLINE]/allow_all.ts
 
-benchmark      time/iter (avg)        iter/s      (min … max)           p75      p99     p995
+benchmark     time/iter (avg)        iter/s      (min … max)           p75      p99     p995
--------------- ----------------------------- --------------------- --------------------------
+------------- ----------------------------- --------------------- --------------------------
 read false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
 read true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
 write false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
@@ -19,6 +19,4 @@ run false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE
 run true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
 ffi false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
 ffi true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
-hrtime false [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
-hrtime true [WILDLINE] [WILDLINE] [WILDLINE] ([WILDLINE] … [WILDLINE]) [WILDLINE]
 

tests/specs/bench/allow_all/allow_all.ts

@@ -7,7 +7,6 @@ const permissions: Deno.PermissionName[] = [
   "env",
   "run",
   "ffi",
-  "hrtime",
 ];
 
 for (const name of permissions) {

tests/specs/bench/allow_none/allow_none.out

@@ -18,6 +18,4 @@ run         error: PermissionDenied: Can't escalate parent thread permissions
 [WILDCARD]
 ffi         error: PermissionDenied: Can't escalate parent thread permissions
 [WILDCARD]
-hrtime      error: PermissionDenied: Can't escalate parent thread permissions
-[WILDCARD]
 error: Bench failed

tests/specs/bench/allow_none/allow_none.ts

@@ -5,7 +5,6 @@ const permissions: Deno.PermissionName[] = [
   "env",
   "run",
   "ffi",
-  "hrtime",
 ];
 
 for (const name of permissions) {

tests/specs/bench/ignore_permissions/ignore_permissions.ts

@@ -7,7 +7,6 @@ Deno.bench({
     env: true,
     run: true,
     ffi: true,
-    hrtime: true,
   },
   ignore: true,
   fn() {

tests/testdata/bench/allow_all.out

@@ -18,5 +18,3 @@ run false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD
 run true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
 ffi false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
 ffi true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
-hrtime false [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]
-hrtime true [WILDCARD] [WILDCARD] [WILDCARD] ([WILDCARD] … [WILDCARD]) [WILDCARD]

tests/testdata/bench/allow_none.out

@@ -18,6 +18,4 @@ run         error: PermissionDenied: Can't escalate parent thread permissions
 [WILDCARD]
 ffi         error: PermissionDenied: Can't escalate parent thread permissions
 [WILDCARD]
-hrtime      error: PermissionDenied: Can't escalate parent thread permissions
-[WILDCARD]
 error: Bench failed

tests/testdata/run/025_hrtime.ts

@@ -1,5 +0,0 @@
-globalThis.onload = async () => {
-  console.log(performance.now() % 2 !== 0);
-  await Deno.permissions.revoke({ name: "hrtime" });
-  console.log(performance.now() % 2 === 0);
-};

tests/testdata/run/025_hrtime.ts.out

@@ -1,2 +0,0 @@
-true
-true

tests/testdata/run/deny_all_permission_args.js

@@ -5,4 +5,3 @@ console.log(Deno.permissions.querySync({ name: "ffi" }));
 console.log(Deno.permissions.querySync({ name: "run" }));
 console.log(Deno.permissions.querySync({ name: "sys" }));
 console.log(Deno.permissions.querySync({ name: "net" }));
-console.log(Deno.permissions.querySync({ name: "hrtime" }));

tests/testdata/run/deny_all_permission_args.out

@@ -5,4 +5,3 @@ PermissionStatus { state: "denied", onchange: null }
 PermissionStatus { state: "denied", onchange: null }
 PermissionStatus { state: "denied", onchange: null }
 PermissionStatus { state: "denied", onchange: null }
-PermissionStatus { state: "denied", onchange: null }

tests/testdata/run/deny_some_permission_args.js

@@ -19,4 +19,3 @@ console.log(Deno.permissions.querySync({ name: "sys", kind: "loadavg" }));
 console.log(Deno.permissions.querySync({ name: "net" }));
 console.log(Deno.permissions.querySync({ name: "net", host: "127.0.0.1" }));
 console.log(Deno.permissions.querySync({ name: "net", host: "192.168.0.1" }));
-console.log(Deno.permissions.querySync({ name: "hrtime" }));

tests/testdata/run/deny_some_permission_args.out

@@ -19,4 +19,3 @@ PermissionStatus { state: "granted", onchange: null }
 PermissionStatus { state: "granted", onchange: null, partial: true }
 PermissionStatus { state: "denied", onchange: null }
 PermissionStatus { state: "granted", onchange: null }
-PermissionStatus { state: "denied", onchange: null }

tests/testdata/test/allow_all.out

@@ -1,5 +1,5 @@
 [WILDCARD]
-running 14 tests from [WILDCARD]
+running 12 tests from [WILDCARD]
 read false ... ok [WILDCARD]
 read true ... ok [WILDCARD]
 write false ... ok [WILDCARD]
@@ -12,7 +12,5 @@ run false ... ok [WILDCARD]
 run true ... ok [WILDCARD]
 ffi false ... ok [WILDCARD]
 ffi true ... ok [WILDCARD]
-hrtime false ... ok [WILDCARD]
-hrtime true ... ok [WILDCARD]
 
-ok | 14 passed | 0 failed [WILDCARD]
+ok | 12 passed | 0 failed [WILDCARD]

tests/testdata/test/allow_all.ts

@@ -7,7 +7,6 @@ const permissions: Deno.PermissionName[] = [
   "env",
   "run",
   "ffi",
-  "hrtime",
 ];
 
 for (const name of permissions) {

tests/testdata/test/allow_none.out

@@ -1,12 +1,11 @@
 [WILDCARD]
-running 7 tests from [WILDCARD]
+running 6 tests from [WILDCARD]
 read ... FAILED [WILDCARD]
 write ... FAILED [WILDCARD]
 net ... FAILED [WILDCARD]
 env ... FAILED [WILDCARD]
 run ... FAILED [WILDCARD]
 ffi ... FAILED [WILDCARD]
-hrtime ... FAILED [WILDCARD]
 
  ERRORS 
 
@@ -32,10 +31,6 @@ error: PermissionDenied: Can't escalate parent thread permissions
 
 ffi => ./test/allow_none.ts:[WILDCARD]
 error: PermissionDenied: Can't escalate parent thread permissions
-[WILDCARD]
-
-hrtime => ./test/allow_none.ts:[WILDCARD]
-error: PermissionDenied: Can't escalate parent thread permissions
 [WILDCARD]
 
  FAILURES 
@@ -46,6 +41,5 @@ net => ./test/allow_none.ts:[WILDCARD]
 env => ./test/allow_none.ts:[WILDCARD]
 run => ./test/allow_none.ts:[WILDCARD]
 ffi => ./test/allow_none.ts:[WILDCARD]
-hrtime => ./test/allow_none.ts:[WILDCARD]
 
-FAILED | 0 passed | 7 failed [WILDCARD]
+FAILED | 0 passed | 6 failed [WILDCARD]

tests/testdata/test/allow_none.ts

@@ -7,7 +7,6 @@ const permissions: Deno.PermissionName[] = [
   "env",
   "run",
   "ffi",
-  "hrtime",
 ];
 
 for (const name of permissions) {

tests/testdata/test/ignore_permissions.ts

@@ -7,7 +7,6 @@ Deno.test({
     env: true,
     run: true,
     ffi: true,
-    hrtime: true,
   },
   ignore: true,
   fn() {

tests/testdata/workers/no_permissions_worker.js

@@ -1,13 +1,11 @@
 self.onmessage = async () => {
-  const hrtime = await Deno.permissions.query({ name: "hrtime" });
   const net = await Deno.permissions.query({ name: "net" });
   const ffi = await Deno.permissions.query({ name: "ffi" });
   const read = await Deno.permissions.query({ name: "read" });
   const run = await Deno.permissions.query({ name: "run" });
   const write = await Deno.permissions.query({ name: "write" });
   self.postMessage(
-    hrtime.state === "prompt" &&
+    net.state === "prompt" &&
-      net.state === "prompt" &&
       ffi.state === "prompt" &&
       read.state === "prompt" &&
       run.state === "prompt" &&

tests/testdata/workers/permission_echo.js

@@ -1,7 +1,6 @@
 self.onmessage = async () => {
   const env = await Deno.permissions.query({ name: "env" });
   const ffi = await Deno.permissions.query({ name: "ffi" });
-  const hrtime = await Deno.permissions.query({ name: "hrtime" });
   const net = await Deno.permissions.query({ name: "net" });
   const read = await Deno.permissions.query({ name: "read" });
   const run = await Deno.permissions.query({ name: "run" });
@@ -9,7 +8,6 @@ self.onmessage = async () => {
   self.postMessage({
     env: env.state,
     ffi: ffi.state,
-    hrtime: hrtime.state,
     net: net.state,
     read: read.state,
     run: run.state,

tests/testdata/workers/read_check_granular_worker.js

@@ -3,7 +3,6 @@ postMessage({
   envGlobal: (await Deno.permissions.query({ name: "env" })).state,
   envFoo: (await Deno.permissions.query({ name: "env", variable: "foo" })).state,
   envAbsent: (await Deno.permissions.query({ name: "env", variable: "absent" })).state,
-  hrtime: (await Deno.permissions.query({ name: "hrtime" })).state,
   netGlobal: (await Deno.permissions.query({ name: "net" })).state,
   netFoo: (await Deno.permissions.query({ name: "net", host: "foo" })).state,
   netFoo8000: (await Deno.permissions.query({ name: "net", host: "foo:8000" })).state,

tests/unit/files_test.ts

@@ -782,14 +782,14 @@ Deno.test({ permissions: { read: true } }, function fsFileIsTerminal() {
 });
 
 Deno.test(
-  { permissions: { read: true, run: true, hrtime: true } },
+  { permissions: { read: true, run: true } },
   async function fsFileLockFileSync() {
     await runFlockTests({ sync: true });
   },
 );
 
 Deno.test(
-  { permissions: { read: true, run: true, hrtime: true } },
+  { permissions: { read: true, run: true } },
   async function fsFileLockFileAsync() {
     await runFlockTests({ sync: false });
   },

tests/unit/performance_test.ts

@@ -7,7 +7,7 @@ import {
   assertThrows,
 } from "./test_util.ts";
 
-Deno.test({ permissions: { hrtime: false } }, async function performanceNow() {
+Deno.test({ permissions: {} }, async function performanceNow() {
   const { promise, resolve } = Promise.withResolvers<void>();
   const start = performance.now();
   let totalTime = 0;

tests/unit/permissions_test.ts

@@ -70,7 +70,7 @@ Deno.test(function permissionSysInvalidKindSync() {
 });
 
 Deno.test(async function permissionQueryReturnsEventTarget() {
-  const status = await Deno.permissions.query({ name: "hrtime" });
+  const status = await Deno.permissions.query({ name: "read", path: "." });
   assert(["granted", "denied", "prompt"].includes(status.state));
   let called = false;
   status.addEventListener("change", () => {
@@ -78,11 +78,13 @@ Deno.test(async function permissionQueryReturnsEventTarget() {
   });
   status.dispatchEvent(new Event("change"));
   assert(called);
-  assert(status === (await Deno.permissions.query({ name: "hrtime" })));
+  assert(
+    status === (await Deno.permissions.query({ name: "read", path: "." })),
+  );
 });
 
 Deno.test(function permissionQueryReturnsEventTargetSync() {
-  const status = Deno.permissions.querySync({ name: "hrtime" });
+  const status = Deno.permissions.querySync({ name: "read", path: "." });
   assert(["granted", "denied", "prompt"].includes(status.state));
   let called = false;
   status.addEventListener("change", () => {
@@ -90,7 +92,7 @@ Deno.test(function permissionQueryReturnsEventTargetSync() {
   });
   status.dispatchEvent(new Event("change"));
   assert(called);
-  assert(status === Deno.permissions.querySync({ name: "hrtime" }));
+  assert(status === Deno.permissions.querySync({ name: "read", path: "." }));
 });
 
 Deno.test(async function permissionQueryForReadReturnsSameStatus() {

tests/unit/worker_test.ts

@@ -451,7 +451,6 @@ Deno.test("Worker limit children permissions granularly", async function () {
       deno: {
         permissions: {
           env: ["foo"],
-          hrtime: true,
           net: ["foo", "bar:8000"],
           ffi: [new URL("foo", workerUrl), "bar"],
           read: [new URL("foo", workerUrl), "bar"],
@@ -468,7 +467,6 @@ Deno.test("Worker limit children permissions granularly", async function () {
     envGlobal: "prompt",
     envFoo: "granted",
     envAbsent: "prompt",
-    hrtime: "granted",
     netGlobal: "prompt",
     netFoo: "granted",
     netFoo8000: "granted",
@@ -508,7 +506,6 @@ Deno.test("Nested worker limit children permissions", async function () {
     envGlobal: "prompt",
     envFoo: "prompt",
     envAbsent: "prompt",
-    hrtime: "prompt",
     netGlobal: "prompt",
     netFoo: "prompt",
     netFoo8000: "prompt",
@@ -586,7 +583,6 @@ Deno.test("Worker permissions are not inherited with empty permission object", a
   worker.postMessage(null);
   assertEquals(await promise, {
     env: "prompt",
-    hrtime: "prompt",
     net: "prompt",
     ffi: "prompt",
     read: "prompt",
@@ -611,7 +607,6 @@ Deno.test("Worker permissions are not inherited with single specified permission
   worker.postMessage(null);
   assertEquals(await promise, {
     env: "prompt",
-    hrtime: "prompt",
     net: "granted",
     ffi: "prompt",
     read: "prompt",

tools/lint.js

@@ -221,7 +221,7 @@ async function ensureNoNewITests() {
     "pm_tests.rs": 0,
     "publish_tests.rs": 0,
     "repl_tests.rs": 0,
-    "run_tests.rs": 352,
+    "run_tests.rs": 351,
     "shared_library_tests.rs": 0,
     "task_tests.rs": 30,
     "test_tests.rs": 75,