11cb0ef41Sopenharmony_ci#ifndef SRC_PERMISSION_PERMISSION_H_ 21cb0ef41Sopenharmony_ci#define SRC_PERMISSION_PERMISSION_H_ 31cb0ef41Sopenharmony_ci 41cb0ef41Sopenharmony_ci#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS 51cb0ef41Sopenharmony_ci 61cb0ef41Sopenharmony_ci#include "debug_utils.h" 71cb0ef41Sopenharmony_ci#include "node_options.h" 81cb0ef41Sopenharmony_ci#include "permission/child_process_permission.h" 91cb0ef41Sopenharmony_ci#include "permission/fs_permission.h" 101cb0ef41Sopenharmony_ci#include "permission/permission_base.h" 111cb0ef41Sopenharmony_ci#include "permission/worker_permission.h" 121cb0ef41Sopenharmony_ci#include "v8.h" 131cb0ef41Sopenharmony_ci 141cb0ef41Sopenharmony_ci#include <string_view> 151cb0ef41Sopenharmony_ci#include <unordered_map> 161cb0ef41Sopenharmony_ci 171cb0ef41Sopenharmony_cinamespace node { 181cb0ef41Sopenharmony_ci 191cb0ef41Sopenharmony_ciclass Environment; 201cb0ef41Sopenharmony_ci 211cb0ef41Sopenharmony_cinamespace permission { 221cb0ef41Sopenharmony_ci 231cb0ef41Sopenharmony_ci#define THROW_IF_INSUFFICIENT_PERMISSIONS(env, perm_, resource_, ...) \ 241cb0ef41Sopenharmony_ci do { \ 251cb0ef41Sopenharmony_ci if (UNLIKELY(!(env)->permission()->is_granted(perm_, resource_))) { \ 261cb0ef41Sopenharmony_ci node::permission::Permission::ThrowAccessDenied( \ 271cb0ef41Sopenharmony_ci (env), perm_, resource_); \ 281cb0ef41Sopenharmony_ci return __VA_ARGS__; \ 291cb0ef41Sopenharmony_ci } \ 301cb0ef41Sopenharmony_ci } while (0) 311cb0ef41Sopenharmony_ci 321cb0ef41Sopenharmony_ciclass Permission { 331cb0ef41Sopenharmony_ci public: 341cb0ef41Sopenharmony_ci Permission(); 351cb0ef41Sopenharmony_ci 361cb0ef41Sopenharmony_ci FORCE_INLINE bool is_granted(const PermissionScope permission, 371cb0ef41Sopenharmony_ci const std::string_view& res = "") const { 381cb0ef41Sopenharmony_ci if (LIKELY(!enabled_)) return true; 391cb0ef41Sopenharmony_ci return is_scope_granted(permission, res); 401cb0ef41Sopenharmony_ci } 411cb0ef41Sopenharmony_ci 421cb0ef41Sopenharmony_ci static PermissionScope StringToPermission(const std::string& perm); 431cb0ef41Sopenharmony_ci static const char* PermissionToString(PermissionScope perm); 441cb0ef41Sopenharmony_ci static void ThrowAccessDenied(Environment* env, 451cb0ef41Sopenharmony_ci PermissionScope perm, 461cb0ef41Sopenharmony_ci const std::string_view& res); 471cb0ef41Sopenharmony_ci 481cb0ef41Sopenharmony_ci // CLI Call 491cb0ef41Sopenharmony_ci void Apply(const std::string& allow, PermissionScope scope); 501cb0ef41Sopenharmony_ci void EnablePermissions(); 511cb0ef41Sopenharmony_ci 521cb0ef41Sopenharmony_ci private: 531cb0ef41Sopenharmony_ci COLD_NOINLINE bool is_scope_granted(const PermissionScope permission, 541cb0ef41Sopenharmony_ci const std::string_view& res = "") const { 551cb0ef41Sopenharmony_ci auto perm_node = nodes_.find(permission); 561cb0ef41Sopenharmony_ci if (perm_node != nodes_.end()) { 571cb0ef41Sopenharmony_ci return perm_node->second->is_granted(permission, res); 581cb0ef41Sopenharmony_ci } 591cb0ef41Sopenharmony_ci return false; 601cb0ef41Sopenharmony_ci } 611cb0ef41Sopenharmony_ci 621cb0ef41Sopenharmony_ci std::unordered_map<PermissionScope, std::shared_ptr<PermissionBase>> nodes_; 631cb0ef41Sopenharmony_ci bool enabled_; 641cb0ef41Sopenharmony_ci}; 651cb0ef41Sopenharmony_ci 661cb0ef41Sopenharmony_ci} // namespace permission 671cb0ef41Sopenharmony_ci 681cb0ef41Sopenharmony_ci} // namespace node 691cb0ef41Sopenharmony_ci 701cb0ef41Sopenharmony_ci#endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS 711cb0ef41Sopenharmony_ci#endif // SRC_PERMISSION_PERMISSION_H_ 72