1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-18 11:53:59 -05:00

fix: actually don't inherit runtime permissions (#14024)

This commit is contained in:
Luca Casonato 2022-03-20 22:46:39 +01:00 committed by GitHub
parent d0a7305676
commit daa7c6d32a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 192 additions and 83 deletions

View file

@ -17,8 +17,10 @@ for (const name of permissions) {
[name]: false, [name]: false,
}, },
async fn() { async fn() {
const status = await Deno.permissions.query({ name }); for await (const n of permissions) {
assertEquals(status.state, "prompt"); const status = await Deno.permissions.query({ name: n });
assertEquals(status.state, "prompt");
}
}, },
}); });
@ -28,8 +30,14 @@ for (const name of permissions) {
[name]: true, [name]: true,
}, },
async fn() { async fn() {
const status = await Deno.permissions.query({ name }); for await (const n of permissions) {
assertEquals(status.state, "granted"); const status = await Deno.permissions.query({ name: n });
if (n === name) {
assertEquals(status.state, "granted");
} else {
assertEquals(status.state, "prompt");
}
}
}, },
}); });
} }

View file

@ -17,8 +17,10 @@ for (const name of permissions) {
[name]: false, [name]: false,
}, },
async fn() { async fn() {
const status = await Deno.permissions.query({ name }); for await (const n of permissions) {
assertEquals(status.state, "prompt"); const status = await Deno.permissions.query({ name: n });
assertEquals(status.state, "prompt");
}
}, },
}); });
@ -28,8 +30,14 @@ for (const name of permissions) {
[name]: true, [name]: true,
}, },
async fn() { async fn() {
const status = await Deno.permissions.query({ name }); for await (const n of permissions) {
assertEquals(status.state, "granted"); const status = await Deno.permissions.query({ name: n });
if (n === name) {
assertEquals(status.state, "granted");
} else {
assertEquals(status.state, "prompt");
}
}
}, },
}); });
} }

View file

@ -0,0 +1,19 @@
self.onmessage = async () => {
const env = await Deno.permissions.query({ name: "env" });
const ffi = await Deno.permissions.query({ name: "ffi" });
const hrtime = await Deno.permissions.query({ name: "hrtime" });
const net = await Deno.permissions.query({ name: "net" });
const read = await Deno.permissions.query({ name: "read" });
const run = await Deno.permissions.query({ name: "run" });
const write = await Deno.permissions.query({ name: "write" });
self.postMessage({
env: env.state,
ffi: ffi.state,
hrtime: hrtime.state,
net: net.state,
read: read.state,
run: run.state,
write: write.state,
});
self.close();
};

View file

@ -584,6 +584,68 @@ Deno.test("Worker with disabled permissions", async function () {
worker.terminate(); worker.terminate();
}); });
Deno.test("Worker permissions are not inherited with empty permission object", async function () {
const worker = new Worker(
new URL("./permission_echo.js", import.meta.url).href,
{
type: "module",
deno: {
namespace: true,
permissions: {},
},
},
);
const promise = deferred();
worker.onmessage = (e) => {
promise.resolve(e.data);
};
worker.postMessage(null);
assertEquals(await promise, {
env: "prompt",
hrtime: "prompt",
net: "prompt",
ffi: "prompt",
read: "prompt",
run: "prompt",
write: "prompt",
});
worker.terminate();
});
Deno.test("Worker permissions are not inherited with single specified permission", async function () {
const worker = new Worker(
new URL("./permission_echo.js", import.meta.url).href,
{
type: "module",
deno: {
namespace: true,
permissions: {
net: true,
},
},
},
);
const promise = deferred();
worker.onmessage = (e) => {
promise.resolve(e.data);
};
worker.postMessage(null);
assertEquals(await promise, {
env: "prompt",
hrtime: "prompt",
net: "granted",
ffi: "prompt",
read: "prompt",
run: "prompt",
write: "prompt",
});
worker.terminate();
});
Deno.test("Worker with invalid permission arg", function () { Deno.test("Worker with invalid permission arg", function () {
assertThrows( assertThrows(
() => () =>

View file

@ -1180,7 +1180,7 @@ const decoder = new TextDecoder();
Deno.test({ Deno.test({
name: "http server compresses body", name: "http server compresses body",
permissions: { net: true }, permissions: { net: true, run: true },
async fn() { async fn() {
const hostname = "localhost"; const hostname = "localhost";
const port = 4501; const port = 4501;
@ -1231,7 +1231,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "http server doesn't compress small body", name: "http server doesn't compress small body",
permissions: { net: true }, permissions: { net: true, run: true },
async fn() { async fn() {
const hostname = "localhost"; const hostname = "localhost";
const port = 4501; const port = 4501;
@ -1282,7 +1282,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "http server respects accept-encoding weights", name: "http server respects accept-encoding weights",
permissions: { net: true }, permissions: { net: true, run: true },
async fn() { async fn() {
const hostname = "localhost"; const hostname = "localhost";
const port = 4501; const port = 4501;
@ -1336,7 +1336,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "http server augments vary header", name: "http server augments vary header",
permissions: { net: true }, permissions: { net: true, run: true },
async fn() { async fn() {
const hostname = "localhost"; const hostname = "localhost";
const port = 4501; const port = 4501;
@ -1387,7 +1387,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "http server weakens etag header", name: "http server weakens etag header",
permissions: { net: true }, permissions: { net: true, run: true },
async fn() { async fn() {
const hostname = "localhost"; const hostname = "localhost";
const port = 4501; const port = 4501;
@ -1444,7 +1444,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "http server passes through weak etag header", name: "http server passes through weak etag header",
permissions: { net: true }, permissions: { net: true, run: true },
async fn() { async fn() {
const hostname = "localhost"; const hostname = "localhost";
const port = 4501; const port = 4501;
@ -1501,7 +1501,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "http server doesn't compress body when no-transform is set", name: "http server doesn't compress body when no-transform is set",
permissions: { net: true }, permissions: { net: true, run: true },
async fn() { async fn() {
const hostname = "localhost"; const hostname = "localhost";
const port = 4501; const port = 4501;
@ -1555,7 +1555,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "http server doesn't compress body when content-range is set", name: "http server doesn't compress body when content-range is set",
permissions: { net: true }, permissions: { net: true, run: true },
async fn() { async fn() {
const hostname = "localhost"; const hostname = "localhost";
const port = 4501; const port = 4501;
@ -1609,7 +1609,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "http server doesn't compress streamed bodies", name: "http server doesn't compress streamed bodies",
permissions: { net: true }, permissions: { net: true, run: true },
async fn() { async fn() {
const hostname = "localhost"; const hostname = "localhost";
const port = 4501; const port = 4501;
@ -1675,7 +1675,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "http server updates content-length header if compression is applied", name: "http server updates content-length header if compression is applied",
permissions: { net: true }, permissions: { net: true, run: true },
async fn() { async fn() {
const hostname = "localhost"; const hostname = "localhost";
const port = 4501; const port = 4501;

View file

@ -380,7 +380,7 @@ Deno.test(
); );
Deno.test( Deno.test(
{ permissions: { net: true } }, { permissions: { net: true }, ignore: true },
async function netUdpSendReceiveBroadcast() { async function netUdpSendReceiveBroadcast() {
// Must bind sender to an address that can send to the broadcast address on MacOS. // Must bind sender to an address that can send to the broadcast address on MacOS.
// Macos will give us error 49 when sending the broadcast packet if we omit hostname here. // Macos will give us error 49 when sending the broadcast packet if we omit hostname here.

View file

@ -579,7 +579,7 @@ Deno.test(
Deno.test({ Deno.test({
name: "unrefTimer", name: "unrefTimer",
permissions: { run: true }, permissions: { run: true, read: true },
fn: async () => { fn: async () => {
const [statusCode, output] = await execCode(` const [statusCode, output] = await execCode(`
const timer = setTimeout(() => console.log("1")); const timer = setTimeout(() => console.log("1"));
@ -592,7 +592,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "unrefTimer - mix ref and unref 1", name: "unrefTimer - mix ref and unref 1",
permissions: { run: true }, permissions: { run: true, read: true },
fn: async () => { fn: async () => {
const [statusCode, output] = await execCode(` const [statusCode, output] = await execCode(`
const timer1 = setTimeout(() => console.log("1"), 200); const timer1 = setTimeout(() => console.log("1"), 200);
@ -607,7 +607,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "unrefTimer - mix ref and unref 2", name: "unrefTimer - mix ref and unref 2",
permissions: { run: true }, permissions: { run: true, read: true },
fn: async () => { fn: async () => {
const [statusCode, output] = await execCode(` const [statusCode, output] = await execCode(`
const timer1 = setTimeout(() => console.log("1"), 200); const timer1 = setTimeout(() => console.log("1"), 200);
@ -623,7 +623,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "unrefTimer - unref interval", name: "unrefTimer - unref interval",
permissions: { run: true }, permissions: { run: true, read: true },
fn: async () => { fn: async () => {
const [statusCode, output] = await execCode(` const [statusCode, output] = await execCode(`
let i = 0; let i = 0;
@ -642,7 +642,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "unrefTimer - unref then ref 1", name: "unrefTimer - unref then ref 1",
permissions: { run: true }, permissions: { run: true, read: true },
fn: async () => { fn: async () => {
const [statusCode, output] = await execCode(` const [statusCode, output] = await execCode(`
const timer1 = setTimeout(() => console.log("1"), 10); const timer1 = setTimeout(() => console.log("1"), 10);
@ -656,7 +656,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "unrefTimer - unref then ref", name: "unrefTimer - unref then ref",
permissions: { run: true }, permissions: { run: true, read: true },
fn: async () => { fn: async () => {
const [statusCode, output] = await execCode(` const [statusCode, output] = await execCode(`
const timer1 = setTimeout(() => { const timer1 = setTimeout(() => {
@ -673,7 +673,6 @@ Deno.test({
Deno.test({ Deno.test({
name: "unrefTimer - invalid calls do nothing", name: "unrefTimer - invalid calls do nothing",
permissions: { run: true },
fn: () => { fn: () => {
Deno.unrefTimer(NaN); Deno.unrefTimer(NaN);
Deno.refTimer(NaN); Deno.refTimer(NaN);
@ -682,7 +681,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "AbortSignal.timeout() with no listeners", name: "AbortSignal.timeout() with no listeners",
permissions: { run: true }, permissions: { run: true, read: true },
fn: async () => { fn: async () => {
const [statusCode, output] = await execCode(` const [statusCode, output] = await execCode(`
const signal = AbortSignal.timeout(2000); const signal = AbortSignal.timeout(2000);
@ -699,7 +698,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "AbortSignal.timeout() with listeners", name: "AbortSignal.timeout() with listeners",
permissions: { run: true }, permissions: { run: true, read: true },
fn: async () => { fn: async () => {
const [statusCode, output] = await execCode(` const [statusCode, output] = await execCode(`
const signal = AbortSignal.timeout(1000); const signal = AbortSignal.timeout(1000);
@ -712,7 +711,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "AbortSignal.timeout() with removed listeners", name: "AbortSignal.timeout() with removed listeners",
permissions: { run: true }, permissions: { run: true, read: true },
fn: async () => { fn: async () => {
const [statusCode, output] = await execCode(` const [statusCode, output] = await execCode(`
const signal = AbortSignal.timeout(2000); const signal = AbortSignal.timeout(2000);
@ -736,7 +735,7 @@ Deno.test({
Deno.test({ Deno.test({
name: "AbortSignal.timeout() with listener for a non-abort event", name: "AbortSignal.timeout() with listener for a non-abort event",
permissions: { run: true }, permissions: { run: true, read: true },
fn: async () => { fn: async () => {
const [statusCode, output] = await execCode(` const [statusCode, output] = await execCode(`
const signal = AbortSignal.timeout(2000); const signal = AbortSignal.timeout(2000);

View file

@ -3,12 +3,15 @@ import { assertEquals } from "./test_util.ts";
// Note tests for Deno.setRaw is in integration tests. // Note tests for Deno.setRaw is in integration tests.
Deno.test({ permissions: { run: true } }, async function noColorIfNotTty() { Deno.test(
const p = Deno.run({ { permissions: { run: true, read: true } },
cmd: [Deno.execPath(), "eval", "console.log(1)"], async function noColorIfNotTty() {
stdout: "piped", const p = Deno.run({
}); cmd: [Deno.execPath(), "eval", "console.log(1)"],
const output = new TextDecoder().decode(await p.output()); stdout: "piped",
assertEquals(output, "1\n"); });
p.close(); const output = new TextDecoder().decode(await p.output());
}); assertEquals(output, "1\n");
p.close();
},
);

View file

@ -1432,12 +1432,6 @@ pub enum ChildUnitPermissionArg {
NotGranted, NotGranted,
} }
impl Default for ChildUnitPermissionArg {
fn default() -> Self {
ChildUnitPermissionArg::Inherit
}
}
impl<'de> Deserialize<'de> for ChildUnitPermissionArg { impl<'de> Deserialize<'de> for ChildUnitPermissionArg {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where where
@ -1491,12 +1485,6 @@ pub enum ChildUnaryPermissionArg {
GrantedList(Vec<String>), GrantedList(Vec<String>),
} }
impl Default for ChildUnaryPermissionArg {
fn default() -> Self {
ChildUnaryPermissionArg::Inherit
}
}
impl<'de> Deserialize<'de> for ChildUnaryPermissionArg { impl<'de> Deserialize<'de> for ChildUnaryPermissionArg {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where where
@ -1557,7 +1545,7 @@ impl<'de> Deserialize<'de> for ChildUnaryPermissionArg {
} }
/// Directly deserializable from JS worker and test permission options. /// Directly deserializable from JS worker and test permission options.
#[derive(Debug, Default, PartialEq)] #[derive(Debug, PartialEq)]
pub struct ChildPermissionsArg { pub struct ChildPermissionsArg {
env: ChildUnaryPermissionArg, env: ChildUnaryPermissionArg,
hrtime: ChildUnitPermissionArg, hrtime: ChildUnitPermissionArg,
@ -1568,6 +1556,32 @@ pub struct ChildPermissionsArg {
write: ChildUnaryPermissionArg, write: ChildUnaryPermissionArg,
} }
impl ChildPermissionsArg {
pub fn inherit() -> Self {
ChildPermissionsArg {
env: ChildUnaryPermissionArg::Inherit,
hrtime: ChildUnitPermissionArg::Inherit,
net: ChildUnaryPermissionArg::Inherit,
ffi: ChildUnaryPermissionArg::Inherit,
read: ChildUnaryPermissionArg::Inherit,
run: ChildUnaryPermissionArg::Inherit,
write: ChildUnaryPermissionArg::Inherit,
}
}
pub fn none() -> Self {
ChildPermissionsArg {
env: ChildUnaryPermissionArg::NotGranted,
hrtime: ChildUnitPermissionArg::NotGranted,
net: ChildUnaryPermissionArg::NotGranted,
ffi: ChildUnaryPermissionArg::NotGranted,
read: ChildUnaryPermissionArg::NotGranted,
run: ChildUnaryPermissionArg::NotGranted,
write: ChildUnaryPermissionArg::NotGranted,
}
}
}
impl<'de> Deserialize<'de> for ChildPermissionsArg { impl<'de> Deserialize<'de> for ChildPermissionsArg {
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error> fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where where
@ -1585,7 +1599,7 @@ impl<'de> Deserialize<'de> for ChildPermissionsArg {
where where
E: de::Error, E: de::Error,
{ {
Ok(ChildPermissionsArg::default()) Ok(ChildPermissionsArg::inherit())
} }
fn visit_str<E>(self, v: &str) -> Result<ChildPermissionsArg, E> fn visit_str<E>(self, v: &str) -> Result<ChildPermissionsArg, E>
@ -1593,17 +1607,9 @@ impl<'de> Deserialize<'de> for ChildPermissionsArg {
E: de::Error, E: de::Error,
{ {
if v == "inherit" { if v == "inherit" {
Ok(ChildPermissionsArg::default()) Ok(ChildPermissionsArg::inherit())
} else if v == "none" { } else if v == "none" {
Ok(ChildPermissionsArg { Ok(ChildPermissionsArg::none())
env: ChildUnaryPermissionArg::NotGranted,
hrtime: ChildUnitPermissionArg::NotGranted,
net: ChildUnaryPermissionArg::NotGranted,
ffi: ChildUnaryPermissionArg::NotGranted,
read: ChildUnaryPermissionArg::NotGranted,
run: ChildUnaryPermissionArg::NotGranted,
write: ChildUnaryPermissionArg::NotGranted,
})
} else { } else {
Err(de::Error::invalid_value(de::Unexpected::Str(v), &self)) Err(de::Error::invalid_value(de::Unexpected::Str(v), &self))
} }
@ -1613,7 +1619,7 @@ impl<'de> Deserialize<'de> for ChildPermissionsArg {
where where
V: de::MapAccess<'de>, V: de::MapAccess<'de>,
{ {
let mut child_permissions_arg = ChildPermissionsArg::default(); let mut child_permissions_arg = ChildPermissionsArg::none();
while let Some((key, value)) = while let Some((key, value)) =
v.next_entry::<String, serde_json::Value>()? v.next_entry::<String, serde_json::Value>()?
{ {
@ -2647,7 +2653,7 @@ mod tests {
#[test] #[test]
fn test_deserialize_child_permissions_arg() { fn test_deserialize_child_permissions_arg() {
assert_eq!( assert_eq!(
ChildPermissionsArg::default(), ChildPermissionsArg::inherit(),
ChildPermissionsArg { ChildPermissionsArg {
env: ChildUnaryPermissionArg::Inherit, env: ChildUnaryPermissionArg::Inherit,
hrtime: ChildUnitPermissionArg::Inherit, hrtime: ChildUnitPermissionArg::Inherit,
@ -2659,11 +2665,7 @@ mod tests {
} }
); );
assert_eq!( assert_eq!(
serde_json::from_value::<ChildPermissionsArg>(json!("inherit")).unwrap(), ChildPermissionsArg::none(),
ChildPermissionsArg::default()
);
assert_eq!(
serde_json::from_value::<ChildPermissionsArg>(json!("none")).unwrap(),
ChildPermissionsArg { ChildPermissionsArg {
env: ChildUnaryPermissionArg::NotGranted, env: ChildUnaryPermissionArg::NotGranted,
hrtime: ChildUnitPermissionArg::NotGranted, hrtime: ChildUnitPermissionArg::NotGranted,
@ -2674,9 +2676,17 @@ mod tests {
write: ChildUnaryPermissionArg::NotGranted, write: ChildUnaryPermissionArg::NotGranted,
} }
); );
assert_eq!(
serde_json::from_value::<ChildPermissionsArg>(json!("inherit")).unwrap(),
ChildPermissionsArg::inherit()
);
assert_eq!(
serde_json::from_value::<ChildPermissionsArg>(json!("none")).unwrap(),
ChildPermissionsArg::none()
);
assert_eq!( assert_eq!(
serde_json::from_value::<ChildPermissionsArg>(json!({})).unwrap(), serde_json::from_value::<ChildPermissionsArg>(json!({})).unwrap(),
ChildPermissionsArg::default() ChildPermissionsArg::none()
); );
assert_eq!( assert_eq!(
serde_json::from_value::<ChildPermissionsArg>(json!({ serde_json::from_value::<ChildPermissionsArg>(json!({
@ -2685,7 +2695,7 @@ mod tests {
.unwrap(), .unwrap(),
ChildPermissionsArg { ChildPermissionsArg {
env: ChildUnaryPermissionArg::GrantedList(svec!["foo", "bar"]), env: ChildUnaryPermissionArg::GrantedList(svec!["foo", "bar"]),
..Default::default() ..ChildPermissionsArg::none()
} }
); );
assert_eq!( assert_eq!(
@ -2695,7 +2705,7 @@ mod tests {
.unwrap(), .unwrap(),
ChildPermissionsArg { ChildPermissionsArg {
hrtime: ChildUnitPermissionArg::Granted, hrtime: ChildUnitPermissionArg::Granted,
..Default::default() ..ChildPermissionsArg::none()
} }
); );
assert_eq!( assert_eq!(
@ -2705,7 +2715,7 @@ mod tests {
.unwrap(), .unwrap(),
ChildPermissionsArg { ChildPermissionsArg {
hrtime: ChildUnitPermissionArg::NotGranted, hrtime: ChildUnitPermissionArg::NotGranted,
..Default::default() ..ChildPermissionsArg::none()
} }
); );
assert_eq!( assert_eq!(
@ -2725,7 +2735,7 @@ mod tests {
read: ChildUnaryPermissionArg::Granted, read: ChildUnaryPermissionArg::Granted,
run: ChildUnaryPermissionArg::Granted, run: ChildUnaryPermissionArg::Granted,
write: ChildUnaryPermissionArg::Granted, write: ChildUnaryPermissionArg::Granted,
..Default::default() ..ChildPermissionsArg::none()
} }
); );
assert_eq!( assert_eq!(
@ -2745,7 +2755,7 @@ mod tests {
read: ChildUnaryPermissionArg::NotGranted, read: ChildUnaryPermissionArg::NotGranted,
run: ChildUnaryPermissionArg::NotGranted, run: ChildUnaryPermissionArg::NotGranted,
write: ChildUnaryPermissionArg::NotGranted, write: ChildUnaryPermissionArg::NotGranted,
..Default::default() ..ChildPermissionsArg::none()
} }
); );
assert_eq!( assert_eq!(
@ -2778,7 +2788,7 @@ mod tests {
"foo", "foo",
"file:///bar/baz" "file:///bar/baz"
]), ]),
..Default::default() ..ChildPermissionsArg::none()
} }
); );
} }
@ -2799,7 +2809,7 @@ mod tests {
hrtime: ChildUnitPermissionArg::NotGranted, hrtime: ChildUnitPermissionArg::NotGranted,
net: ChildUnaryPermissionArg::GrantedList(svec!["foo"]), net: ChildUnaryPermissionArg::GrantedList(svec!["foo"]),
ffi: ChildUnaryPermissionArg::NotGranted, ffi: ChildUnaryPermissionArg::NotGranted,
..Default::default() ..ChildPermissionsArg::none()
} }
) )
.unwrap(), .unwrap(),
@ -2813,7 +2823,7 @@ mod tests {
&mut main_perms.clone(), &mut main_perms.clone(),
ChildPermissionsArg { ChildPermissionsArg {
net: ChildUnaryPermissionArg::Granted, net: ChildUnaryPermissionArg::Granted,
..Default::default() ..ChildPermissionsArg::none()
} }
) )
.is_err()); .is_err());
@ -2821,7 +2831,7 @@ mod tests {
&mut main_perms.clone(), &mut main_perms.clone(),
ChildPermissionsArg { ChildPermissionsArg {
net: ChildUnaryPermissionArg::GrantedList(svec!["foo", "bar", "baz"]), net: ChildUnaryPermissionArg::GrantedList(svec!["foo", "bar", "baz"]),
..Default::default() ..ChildPermissionsArg::none()
} }
) )
.is_err()); .is_err());
@ -2829,7 +2839,7 @@ mod tests {
&mut main_perms, &mut main_perms,
ChildPermissionsArg { ChildPermissionsArg {
ffi: ChildUnaryPermissionArg::GrantedList(svec!["foo"]), ffi: ChildUnaryPermissionArg::GrantedList(svec!["foo"]),
..Default::default() ..ChildPermissionsArg::none()
} }
) )
.is_err()); .is_err());
@ -2848,7 +2858,7 @@ mod tests {
ChildPermissionsArg { ChildPermissionsArg {
read: ChildUnaryPermissionArg::Granted, read: ChildUnaryPermissionArg::Granted,
run: ChildUnaryPermissionArg::GrantedList(svec!["foo", "bar"]), run: ChildUnaryPermissionArg::GrantedList(svec!["foo", "bar"]),
..Default::default() ..ChildPermissionsArg::none()
}, },
) )
.unwrap(); .unwrap();
@ -2866,7 +2876,7 @@ mod tests {
assert!(main_perms.write.check(&PathBuf::from("foo")).is_err()); assert!(main_perms.write.check(&PathBuf::from("foo")).is_err());
let worker_perms = create_child_permissions( let worker_perms = create_child_permissions(
&mut main_perms.clone(), &mut main_perms.clone(),
ChildPermissionsArg::default(), ChildPermissionsArg::none(),
) )
.unwrap(); .unwrap();
assert_eq!(worker_perms.write.denied_list, main_perms.write.denied_list); assert_eq!(worker_perms.write.denied_list, main_perms.write.denied_list);