feat(runtime): stabilize Deno.link and Deno.linkSync (#9417)

This commit makes "Deno.link" and "Deno.linkSync" stable.

The permission required has been changed to read-write to 
ensure one cannot escape the sandbox.

cli/diagnostics.rs

@@ -44,8 +44,6 @@ const UNSTABLE_DENO_PROPS: &[&str] = &[
   "ftruncateSync",
   "hostname",
   "kill",
-  "link",
-  "linkSync",
   "listen",
   "listenDatagram",
   "loadavg",

cli/dts/lib.deno.ns.d.ts

@@ -265,6 +265,27 @@ declare namespace Deno {
    */
   export function cwd(): string;
 
+  /**
+   * Synchronously creates `newpath` as a hard link to `oldpath`.
+   *
+   * ```ts
+   * Deno.linkSync("old/name", "new/name");
+   * ```
+   *
+   * Requires `allow-read` and `allow-write` permissions. */
+  export function linkSync(oldpath: string, newpath: string): void;
+
+  /**
+   *
+   * Creates `newpath` as a hard link to `oldpath`.
+   *
+   * ```ts
+   * await Deno.link("old/name", "new/name");
+   * ```
+   *
+   * Requires `allow-read` and `allow-write` permissions. */
+  export function link(oldpath: string, newpath: string): Promise<void>;
+
   export enum SeekMode {
     Start = 0,
     Current = 1,

cli/dts/lib.deno.unstable.d.ts

@@ -21,28 +21,6 @@ declare namespace Deno {
    */
   export function umask(mask?: number): number;
 
-  /** **UNSTABLE**: This API needs a security review.
-   *
-   * Synchronously creates `newpath` as a hard link to `oldpath`.
-   *
-   * ```ts
-   * Deno.linkSync("old/name", "new/name");
-   * ```
-   *
-   * Requires `allow-read` and `allow-write` permissions. */
-  export function linkSync(oldpath: string, newpath: string): void;
-
-  /** **UNSTABLE**: This API needs a security review.
-   *
-   * Creates `newpath` as a hard link to `oldpath`.
-   *
-   * ```ts
-   * await Deno.link("old/name", "new/name");
-   * ```
-   *
-   * Requires `allow-read` and `allow-write` permissions. */
-  export function link(oldpath: string, newpath: string): Promise<void>;
-
   /** **UNSTABLE**: New API, yet to be vetted.
    *
    * Gets the size of the console as columns/rows.

runtime/js/90_deno_ns.js

@@ -88,6 +88,8 @@
     fsync: __bootstrap.fs.fsync,
     fdatasyncSync: __bootstrap.fs.fdatasyncSync,
     fdatasync: __bootstrap.fs.fdatasync,
+    link: __bootstrap.fs.link,
+    linkSync: __bootstrap.fs.linkSync,
     permissions: __bootstrap.permissions.permissions,
     Permissions: __bootstrap.permissions.Permissions,
     PermissionStatus: __bootstrap.permissions.PermissionStatus,
@@ -122,8 +124,6 @@
     ftruncateSync: __bootstrap.fs.ftruncateSync,
     ftruncate: __bootstrap.fs.ftruncate,
     umask: __bootstrap.fs.umask,
-    link: __bootstrap.fs.link,
-    linkSync: __bootstrap.fs.linkSync,
     futime: __bootstrap.fs.futime,
     futimeSync: __bootstrap.fs.futimeSync,
     utime: __bootstrap.fs.utime,

runtime/ops/fs.rs

@@ -1140,13 +1140,14 @@ fn op_link_sync(
   args: Value,
   _zero_copy: &mut [ZeroCopyBuf],
 ) -> Result<Value, AnyError> {
-  super::check_unstable(state, "Deno.link");
   let args: LinkArgs = serde_json::from_value(args)?;
   let oldpath = PathBuf::from(&args.oldpath);
   let newpath = PathBuf::from(&args.newpath);
 
   let permissions = state.borrow::<Permissions>();
   permissions.check_read(&oldpath)?;
+  permissions.check_write(&oldpath)?;
+  permissions.check_read(&newpath)?;
   permissions.check_write(&newpath)?;
 
   debug!("op_link_sync {} {}", oldpath.display(), newpath.display());
@@ -1159,8 +1160,6 @@ async fn op_link_async(
   args: Value,
   _zero_copy: BufVec,
 ) -> Result<Value, AnyError> {
-  super::check_unstable2(&state, "Deno.link");
-
   let args: LinkArgs = serde_json::from_value(args)?;
   let oldpath = PathBuf::from(&args.oldpath);
   let newpath = PathBuf::from(&args.newpath);
@@ -1169,6 +1168,8 @@ async fn op_link_async(
     let state = state.borrow();
     let permissions = state.borrow::<Permissions>();
     permissions.check_read(&oldpath)?;
+    permissions.check_write(&oldpath)?;
+    permissions.check_read(&newpath)?;
     permissions.check_write(&newpath)?;
   }