Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[demo][acl] Apply multiple ACLs for a single object #226

Closed
t2ym opened this issue Mar 5, 2018 · 1 comment
Closed

[demo][acl] Apply multiple ACLs for a single object #226

t2ym opened this issue Mar 5, 2018 · 1 comment
Labels
enhancement

Comments

@t2ym
Copy link
Owner

t2ym commented Mar 5, 2018

[demo][acl] Apply multiple ACLs for a single object

Example ACLs

  • Apply both acl.navigator and acl.clientInformation for navigator object
    • The access must be permitted by ALL the ACLs
const acl = {
  navigator: {
    serviceWorker: '---',
    ...
  },
  clientInformation: { // clientInformation === navigator
    usb: '---',
    ...
  },
};
navigator.serviceWorker; // access denied
clientInformation.serviceWorker; // access denied
navigator.usb; // access denied
clientInformation.usb; // access denied

Implementation

  • [BREAKING CHANGE] _globalObjects.get(obj) returns a Set object containing object names
    • The first argument of applyAcl() can be either a Set object or a string
  // _globalObject is a SetMap instance
  class SetMap extends Map {
    set(key, value) {
      let set;
      if (super.has(key)) {
        set = super.get(key);
      }
      else {
        set = new Set();
        super.set(key, set);
      }
      set.add(value);
      return this;
    }
  };
/errorReport.json { context: '/components/thin-hook/demo/spread.js',
  error: 'Error',
  message: 'Permission Denied: Cannot access clientInformation navigator DummyContainer.navigator',
  name: 'clientInformation navigator DummyContainer.navigator',
  isStatic: false,
  isObject: true,
  property: 'serviceWorker',
  opType: 'r' }
@t2ym
Copy link
Owner Author

t2ym commented Mar 5, 2018
edited
Loading

Ad-hoc method of application of ACLs for properties copied from globals

  const acl = {
    DummyContainer: {
      [S_OBJECT]: {
        [S_DEFAULT]: 'r--',
        '@normalization_checker': 'rwxRW',
      },
      [S_DEFAULT]: '---',
      navigator: {
        [S_DEFAULT]: function _copiedNavigatorAcl(normalizedThisArg,
                                                  normalizedArgs /* ['property', args], ['property', value], etc. */,
                                                  aclArgs /* [name, isStatic, isObject, property, opType, context] */,
                                                  hookArgs /* [f, thisArg, args, context, newTarget] */,
                                                  applyAcl /* for recursive application of ACL */) {
          // TODO: automate and force this process
          let opType = aclArgs[4];
          let target;
          if (opType === 'r') {
            Policy.trackClass('DummyContainer.navigator', normalizedThisArg[normalizedArgs[0]]);
            return true;
          }
          return false;
        },
        language: {
          [S_DEFAULT]: 'r--',
          '@normalization_checker': '---',
        },
      },
    },
    'DummyContainer.navigator': {
      [S_DEFAULT]: 'r--', // avoid redundant calls of Policy.trackClass('DummyContainer.navigator', target)
      [S_CHAIN]: () => acl.DummyContainer.navigator,
    },
  }
  // multipath
  window.DummyContainer = { navigator: navigator };

  DummyContainer.navigator.serviceWorker; // acl.navigator.serviceWorker is applied to DummyContainer.navigator

  DummyContainer.navigator.language; // acl.DummyContainer.navigator.language is applied to DummyContainer.navigator

  navigator.language; // acl.DummyContainer.navigator.language is applied to global navigator

t2ym added a commit that referenced this issue Mar 5, 2018
@t2ym
[README] Update notes for Fix #226, Fix #227
3c93ccd
@t2ym t2ym closed this as completed in 32aa53e Mar 5, 2018
t2ym added a commit that referenced this issue Mar 5, 2018
@t2ym
0.0.224 with Fix #226 Multiple ACLs, Fix #227 Private API in strict m…
951d07f 
…ode, and Fix #228 Empty string property
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@t2ym