TBR global: s/acl/perms/g and related cleanups/fixes
I was hoping this would be a quick find-replace CL, but it
turns out that names such as "acl" were being used
incorrectly in many places, and various bits of code still
used old names like "TAM" (presumbly shorthand for "tagged
acl map"), so it ended up being more work than I'd expected.
Change-Id: I7d484ddf5d2392179c5a83b969fd8b620801d101
diff --git a/services/device/internal/impl/acl_propagator.go b/services/device/internal/impl/acl_propagator.go
deleted file mode 100644
index 37cfa38..0000000
--- a/services/device/internal/impl/acl_propagator.go
+++ /dev/null
@@ -1,45 +0,0 @@
-// Copyright 2015 The Vanadium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package impl
-
-import (
- "path/filepath"
-
- "v.io/v23/security"
- "v.io/v23/security/access"
-
- "v.io/x/ref/services/internal/acls"
-)
-
-// computePath builds the desired path for the debug acls.
-func computePath(path string) string {
- return filepath.Join(path, "debugacls")
-}
-
-// setACLsForDebugging constructs an ACL file for use by applications that
-// permits principals with a Debug right on an application instance to
-// access names in the app's __debug space.
-func setACLsForDebugging(blessings []string, acl access.Permissions, instancePath string, aclstore *acls.PathStore) error {
- path := computePath(instancePath)
- newACL := make(access.Permissions)
-
- // Add blessings for the DM so that it can access the app too.
-
- set := func(bl security.BlessingPattern) {
- for _, tag := range []access.Tag{access.Resolve, access.Debug} {
- newACL.Add(bl, string(tag))
- }
- }
-
- for _, b := range blessings {
- set(security.BlessingPattern(b))
- }
-
- // add Resolve for every blessing that has debug
- for _, v := range acl["Debug"].In {
- set(v)
- }
- return aclstore.Set(path, newACL, "")
-}
diff --git a/services/device/internal/impl/app_service.go b/services/device/internal/impl/app_service.go
index 4307bb6..ad6c452 100644
--- a/services/device/internal/impl/app_service.go
+++ b/services/device/internal/impl/app_service.go
@@ -54,13 +54,13 @@
// data(700d) - the AccessLists for this instance. These
// AccessLists control access to Run,
// Kill and Delete.
-// signature(700d) - the signature for these AccessLists.
+// signature(700d) - the signature for these AccessLists.
// <status>(700d) - one of the values for InstanceState enum
// systemname(700d) - the system name used to execute this instance
// debugacls (711d)/
-// data(644)/ - the ACLs for Debug access to the application. Shared
+// data(644)/ - the Permissions for Debug access to the application. Shared
// with the application.
-// signature(644)/ - the signature for these ACLs.
+// signature(644)/ - the signature for these Permissions.
// instance-<id b>(711d)
// ...
// installation-<id 2>(711d)
@@ -150,8 +150,8 @@
"v.io/x/ref/services/agent/agentlib"
"v.io/x/ref/services/agent/keymgr"
"v.io/x/ref/services/device/internal/config"
- "v.io/x/ref/services/internal/acls"
"v.io/x/ref/services/internal/packages"
+ "v.io/x/ref/services/internal/pathperms"
)
// instanceInfo holds state about a running instance.
@@ -197,9 +197,9 @@
// suffix contains the name components of the current invocation name
// suffix. It is used to identify an application, installation, or
// instance.
- suffix []string
- uat BlessingSystemAssociationStore
- aclstore *acls.PathStore
+ suffix []string
+ uat BlessingSystemAssociationStore
+ permsStore *pathperms.PathStore
// Reference to the devicemanager top-level AccessList list.
deviceAccessList access.Permissions
// securityAgent holds state related to the security agent (nil if not
@@ -649,16 +649,17 @@
return installFrom(overridePackages, installationDir)
}
-// initializeSubAccessLists updates the provided acl for instance-specific ACLs
-func (i *appService) initializeSubAccessLists(instanceDir string, blessings []string, acl access.Permissions) error {
+// initializeSubAccessLists updates the provided perms for instance-specific
+// Permissions.
+func (i *appService) initializeSubAccessLists(instanceDir string, blessings []string, perms access.Permissions) error {
for _, b := range blessings {
b = b + string(security.ChainSeparator) + string(security.NoExtension)
for _, tag := range access.AllTypicalTags() {
- acl.Add(security.BlessingPattern(b), string(tag))
+ perms.Add(security.BlessingPattern(b), string(tag))
}
}
- aclDir := path.Join(instanceDir, "acls")
- return i.aclstore.Set(aclDir, acl, "")
+ permsDir := path.Join(instanceDir, "acls")
+ return i.permsStore.Set(permsDir, perms, "")
}
func (i *appService) newInstance(ctx *context.T, call device.ApplicationInstantiateServerCall) (string, string, error) {
@@ -704,8 +705,8 @@
return instanceDir, instanceID, err
}
blessings, _ := security.RemoteBlessingNames(ctx, call.Security())
- aclCopy := i.deviceAccessList.Copy()
- if err := i.initializeSubAccessLists(instanceDir, blessings, aclCopy); err != nil {
+ permsCopy := i.deviceAccessList.Copy()
+ if err := i.initializeSubAccessLists(instanceDir, blessings, permsCopy); err != nil {
return instanceDir, instanceID, err
}
if err := initializeInstance(instanceDir, device.InstanceStateNotRunning); err != nil {
@@ -714,7 +715,7 @@
// TODO(rjkroege): Divide the permission lists into those used by the device manager
// and those used by the application itself.
dmBlessings := security.LocalBlessingNames(ctx, call.Security())
- if err := setACLsForDebugging(dmBlessings, aclCopy, instanceDir, i.aclstore); err != nil {
+ if err := setPermsForDebugging(dmBlessings, permsCopy, instanceDir, i.permsStore); err != nil {
return instanceDir, instanceID, err
}
return instanceDir, instanceID, nil
@@ -809,8 +810,8 @@
cfg.Set(mgmt.AddressConfigKey, "127.0.0.1:0")
cfg.Set(mgmt.ParentBlessingConfigKey, info.DeviceManagerPeerPattern)
- appAclDir := filepath.Join(instanceDir, "debugacls", "data")
- cfg.Set("v23.permissions.file", "runtime:"+appAclDir)
+ appPermsDir := filepath.Join(instanceDir, "debugacls", "data")
+ cfg.Set("v23.permissions.file", "runtime:"+appPermsDir)
// This adds to cmd.Extrafiles. The helper expects a fixed fd, so this call needs
// to go before anything that conditionally adds to Extrafiles, like the agent
@@ -1299,26 +1300,26 @@
}
// TODO(rjkroege): Consider maintaining an in-memory Permissions cache.
-func (i *appService) SetPermissions(ctx *context.T, call rpc.ServerCall, acl access.Permissions, version string) error {
+func (i *appService) SetPermissions(ctx *context.T, call rpc.ServerCall, perms access.Permissions, version string) error {
dir, isInstance, err := dirFromSuffix(i.suffix, i.config.Root)
if err != nil {
return err
}
if isInstance {
dmBlessings := security.LocalBlessingNames(ctx, call.Security())
- if err := setACLsForDebugging(dmBlessings, acl, dir, i.aclstore); err != nil {
+ if err := setPermsForDebugging(dmBlessings, perms, dir, i.permsStore); err != nil {
return err
}
}
- return i.aclstore.Set(path.Join(dir, "acls"), acl, version)
+ return i.permsStore.Set(path.Join(dir, "acls"), perms, version)
}
-func (i *appService) GetPermissions(*context.T, rpc.ServerCall) (acl access.Permissions, version string, err error) {
+func (i *appService) GetPermissions(*context.T, rpc.ServerCall) (perms access.Permissions, version string, err error) {
dir, _, err := dirFromSuffix(i.suffix, i.config.Root)
if err != nil {
return nil, "", err
}
- return i.aclstore.Get(path.Join(dir, "acls"))
+ return i.permsStore.Get(path.Join(dir, "acls"))
}
func (i *appService) Debug(ctx *context.T, call rpc.ServerCall) (string, error) {
diff --git a/services/device/internal/impl/claim.go b/services/device/internal/impl/claim.go
index 474507b..10133ea 100644
--- a/services/device/internal/impl/claim.go
+++ b/services/device/internal/impl/claim.go
@@ -15,7 +15,7 @@
"v.io/v23/security/access"
"v.io/v23/verror"
"v.io/x/lib/vlog"
- "v.io/x/ref/services/internal/acls"
+ "v.io/x/ref/services/internal/pathperms"
)
// claimable implements the device.Claimable RPC interface and the
@@ -23,10 +23,10 @@
//
// It allows the Claim RPC to be successfully invoked exactly once.
type claimable struct {
- token string
- aclstore *acls.PathStore
- aclDir string
- notify chan struct{} // GUARDED_BY(mu)
+ token string
+ permsStore *pathperms.PathStore
+ permsDir string
+ notify chan struct{} // GUARDED_BY(mu)
// Lock used to ensure that a successful claim can happen at most once.
// This is done by allowing only a single goroutine to execute the
@@ -66,30 +66,30 @@
return verror.New(ErrInvalidBlessing, ctx, err)
}
- // Create an AccessList with all the granted blessings (which are now the default blessings)
+ // Create Permissions with all the granted blessings (which are now the default blessings)
// (irrespective of caveats).
patterns := security.DefaultBlessingPatterns(principal)
if len(patterns) == 0 {
return verror.New(ErrInvalidBlessing, ctx)
}
- // Create AccessLists that allow principals with the caller's blessings to
+ // Create Permissions that allow principals with the caller's blessings to
// administer and use the device.
- acl := make(access.Permissions)
+ perms := make(access.Permissions)
for _, bp := range patterns {
// TODO(caprita,ataly,ashankar): Do we really need the
// NonExtendable restriction below?
patterns := bp.MakeNonExtendable().PrefixPatterns()
for _, p := range patterns {
for _, tag := range access.AllTypicalTags() {
- acl.Add(p, string(tag))
+ perms.Add(p, string(tag))
}
}
}
- if err := c.aclstore.Set(c.aclDir, acl, ""); err != nil {
+ if err := c.permsStore.Set(c.permsDir, perms, ""); err != nil {
return verror.New(ErrOperationFailed, ctx)
}
- vlog.Infof("Device claimed and AccessLists set to: %v", acl)
+ vlog.Infof("Device claimed and Permissions set to: %v", perms)
close(c.notify)
c.notify = nil
return nil
diff --git a/services/device/internal/impl/debug_acls_test.go b/services/device/internal/impl/debug_perms_test.go
similarity index 97%
rename from services/device/internal/impl/debug_acls_test.go
rename to services/device/internal/impl/debug_perms_test.go
index 79f6c6d..5179c07 100644
--- a/services/device/internal/impl/debug_acls_test.go
+++ b/services/device/internal/impl/debug_perms_test.go
@@ -22,12 +22,12 @@
func updateAccessList(t *testing.T, ctx *context.T, blessing, right string, name ...string) {
accessStub := permissions.ObjectClient(naming.Join(name...))
- acl, version, err := accessStub.GetPermissions(ctx)
+ perms, version, err := accessStub.GetPermissions(ctx)
if err != nil {
t.Fatalf(testutil.FormatLogLine(2, "GetPermissions(%v) failed %v", name, err))
}
- acl.Add(security.BlessingPattern(blessing), right)
- if err = accessStub.SetPermissions(ctx, acl, version); err != nil {
+ perms.Add(security.BlessingPattern(blessing), right)
+ if err = accessStub.SetPermissions(ctx, perms, version); err != nil {
t.Fatalf(testutil.FormatLogLine(2, "SetPermissions(%v, %v, %v) failed: %v", name, blessing, right, err))
}
}
@@ -158,7 +158,7 @@
verifyGlob(t, hjCtx, "app", globtestminus, res)
verifyStatsValues(t, hjCtx, "appV1", "__debug", "stats/system/start-time*")
- // Alice might be able to help but Bob didn't give Alice access to the debug ACLs.
+ // Alice might be able to help but Bob didn't give Alice access to the debug Permissionss.
testAccessFail(t, verror.ErrNoAccess.ID, aliceCtx, "Alice", "dm", "apps", appID, bobApp, "stats/system/pid")
// Bob forgets that Alice can't read the stats when he can.
diff --git a/services/device/internal/impl/device_service.go b/services/device/internal/impl/device_service.go
index fb35fa2..5235290 100644
--- a/services/device/internal/impl/device_service.go
+++ b/services/device/internal/impl/device_service.go
@@ -24,7 +24,7 @@
// acls/
// data
// signature
-// associated.accounts
+// associated.accounts
// persistent-args - list of persistent arguments for the device
// manager (json encoded)
//
@@ -615,14 +615,14 @@
return nil
}
-func (s *deviceService) SetPermissions(_ *context.T, _ rpc.ServerCall, acl access.Permissions, version string) error {
- d := AclDir(s.disp.config)
- return s.disp.aclstore.Set(d, acl, version)
+func (s *deviceService) SetPermissions(_ *context.T, _ rpc.ServerCall, perms access.Permissions, version string) error {
+ d := PermsDir(s.disp.config)
+ return s.disp.permsStore.Set(d, perms, version)
}
-func (s *deviceService) GetPermissions(*context.T, rpc.ServerCall) (acl access.Permissions, version string, err error) {
- d := AclDir(s.disp.config)
- return s.disp.aclstore.Get(d)
+func (s *deviceService) GetPermissions(*context.T, rpc.ServerCall) (perms access.Permissions, version string, err error) {
+ d := PermsDir(s.disp.config)
+ return s.disp.permsStore.Get(d)
}
// TODO(rjkroege): Make it possible for users on the same system to also
diff --git a/services/device/internal/impl/dispatcher.go b/services/device/internal/impl/dispatcher.go
index d649d84..7e2f25c 100644
--- a/services/device/internal/impl/dispatcher.go
+++ b/services/device/internal/impl/dispatcher.go
@@ -29,8 +29,8 @@
"v.io/x/ref/services/agent/keymgr"
s_device "v.io/x/ref/services/device"
"v.io/x/ref/services/device/internal/config"
- "v.io/x/ref/services/internal/acls"
"v.io/x/ref/services/internal/logreaderlib"
+ "v.io/x/ref/services/internal/pathperms"
)
// internalState wraps state shared between different device manager
@@ -53,8 +53,8 @@
// dispatcher methods.
mu sync.RWMutex
// TODO(rjkroege): Consider moving this inside internal.
- uat BlessingSystemAssociationStore
- aclstore *acls.PathStore
+ uat BlessingSystemAssociationStore
+ permsStore *pathperms.PathStore
// Namespace
mtAddress string // The address of the local mounttable.
// reap is the app process monitoring subsystem.
@@ -96,21 +96,21 @@
// It returns (nil, nil) if the device is no longer claimable.
func NewClaimableDispatcher(ctx *context.T, config *config.State, pairingToken string) (rpc.Dispatcher, <-chan struct{}) {
var (
- aclDir = AclDir(config)
- aclstore = acls.NewPathStore(v23.GetPrincipal(ctx))
+ permsDir = PermsDir(config)
+ permsStore = pathperms.NewPathStore(v23.GetPrincipal(ctx))
)
- if _, _, err := aclstore.Get(aclDir); !os.IsNotExist(err) {
+ if _, _, err := permsStore.Get(permsDir); !os.IsNotExist(err) {
return nil, nil
}
// The device is claimable only if Claim hasn't been called before. The
- // existence of the AccessList file is an indication of a successful prior
+ // existence of the Permissions file is an indication of a successful prior
// call to Claim.
notify := make(chan struct{})
- return &claimable{token: pairingToken, aclstore: aclstore, aclDir: aclDir, notify: notify}, notify
+ return &claimable{token: pairingToken, permsStore: permsStore, permsDir: permsDir, notify: notify}, notify
}
// NewDispatcher is the device manager dispatcher factory.
-func NewDispatcher(ctx *context.T, config *config.State, mtAddress string, testMode bool, restartHandler func(), permStore *acls.PathStore) (rpc.Dispatcher, error) {
+func NewDispatcher(ctx *context.T, config *config.State, mtAddress string, testMode bool, restartHandler func(), permStore *pathperms.PathStore) (rpc.Dispatcher, error) {
if err := config.Validate(); err != nil {
return nil, verror.New(errInvalidConfig, ctx, config, err)
}
@@ -130,11 +130,11 @@
restartHandler: restartHandler,
testMode: testMode,
},
- config: config,
- uat: uat,
- aclstore: permStore,
- mtAddress: mtAddress,
- reap: reap,
+ config: config,
+ uat: uat,
+ permsStore: permStore,
+ mtAddress: mtAddress,
+ reap: reap,
}
// If we're in 'security agent mode', set up the key manager agent.
@@ -231,15 +231,15 @@
return loggingInvoker, auth, nil
}
-func newTestableHierarchicalAuth(testMode bool, rootDir, childDir string, get acls.TAMGetter) (security.Authorizer, error) {
+func newTestableHierarchicalAuth(testMode bool, rootDir, childDir string, get pathperms.PermsGetter) (security.Authorizer, error) {
if testMode {
- // In test mode, the device manager will not be able to read
- // the AccessLists, because they were signed with the key of the real
- // device manager. It's not a problem because the
- // testModeDispatcher overrides the authorizer anyway.
+ // In test mode, the device manager will not be able to read the
+ // Permissions, because they were signed with the key of the real device
+ // manager. It's not a problem because the testModeDispatcher overrides the
+ // authorizer anyway.
return nil, nil
}
- return acls.NewHierarchicalAuthorizer(rootDir, childDir, get)
+ return pathperms.NewHierarchicalAuthorizer(rootDir, childDir, get)
}
func (d *dispatcher) internalLookup(suffix string) (interface{}, security.Authorizer, error) {
@@ -251,10 +251,9 @@
}
}
- // TODO(rjkroege): Permit the root AccessLists to diverge for the
- // device and app sub-namespaces of the device manager after
- // claiming.
- auth, err := newTestableHierarchicalAuth(d.internal.testMode, AclDir(d.config), AclDir(d.config), d.aclstore)
+ // TODO(rjkroege): Permit the root Permissions to diverge for the device and
+ // app sub-namespaces of the device manager after claiming.
+ auth, err := newTestableHierarchicalAuth(d.internal.testMode, PermsDir(d.config), PermsDir(d.config), d.permsStore)
if err != nil {
return nil, nil, err
}
@@ -291,7 +290,7 @@
case "logs":
logsDir := filepath.Join(appInstanceDir, "logs")
suffix := naming.Join(components[5:]...)
- appSpecificAuthorizer, err := newAppSpecificAuthorizer(auth, d.config, components[1:], d.aclstore)
+ appSpecificAuthorizer, err := newAppSpecificAuthorizer(auth, d.config, components[1:], d.permsStore)
if err != nil {
return nil, nil, err
}
@@ -315,7 +314,7 @@
remote := naming.JoinAddressName(info.AppCycleMgrName, suffix)
// Use hierarchical auth with debugacls under debug access.
- appSpecificAuthorizer, err := newAppSpecificAuthorizer(auth, d.config, components[1:], d.aclstore)
+ appSpecificAuthorizer, err := newAppSpecificAuthorizer(auth, d.config, components[1:], d.permsStore)
if err != nil {
return nil, nil, err
}
@@ -327,12 +326,12 @@
config: d.config,
suffix: components[1:],
uat: d.uat,
- aclstore: d.aclstore,
+ permsStore: d.permsStore,
securityAgent: d.internal.securityAgent,
mtAddress: d.mtAddress,
reap: d.reap,
})
- appSpecificAuthorizer, err := newAppSpecificAuthorizer(auth, d.config, components[1:], d.aclstore)
+ appSpecificAuthorizer, err := newAppSpecificAuthorizer(auth, d.config, components[1:], d.permsStore)
if err != nil {
return nil, nil, err
}
@@ -379,35 +378,35 @@
return verror.New(ErrInvalidSuffix, nil)
}
-func newAppSpecificAuthorizer(sec security.Authorizer, config *config.State, suffix []string, getter acls.TAMGetter) (security.Authorizer, error) {
+func newAppSpecificAuthorizer(sec security.Authorizer, config *config.State, suffix []string, getter pathperms.PermsGetter) (security.Authorizer, error) {
// TODO(rjkroege): This does not support <appname>.Start() to start all
// instances. Correct this.
- // If we are attempting a method invocation against "apps/", we use
- // the root AccessList.
+ // If we are attempting a method invocation against "apps/", we use the root
+ // Permissions.
if len(suffix) == 0 || len(suffix) == 1 {
return sec, nil
}
- // Otherwise, we require a per-installation and per-instance AccessList file.
+ // Otherwise, we require a per-installation and per-instance Permissions file.
if len(suffix) == 2 {
p, err := installationDirCore(suffix, config.Root)
if err != nil {
return nil, verror.New(ErrOperationFailed, nil, fmt.Sprintf("newAppSpecificAuthorizer failed: %v", err))
}
- return acls.NewHierarchicalAuthorizer(AclDir(config), path.Join(p, "acls"), getter)
+ return pathperms.NewHierarchicalAuthorizer(PermsDir(config), path.Join(p, "acls"), getter)
}
- // Use the special debugacls for instance/logs, instance/pprof, instance//stats.
+ // Use the special debugacls for instance/logs, instance/pprof, instance/stats.
if len(suffix) > 3 && (suffix[3] == "logs" || suffix[3] == "pprof" || suffix[3] == "stats") {
p, err := instanceDir(config.Root, suffix[0:3])
if err != nil {
return nil, verror.New(ErrOperationFailed, nil, fmt.Sprintf("newAppSpecificAuthorizer failed: %v", err))
}
- return acls.NewHierarchicalAuthorizer(AclDir(config), path.Join(p, "debugacls"), getter)
+ return pathperms.NewHierarchicalAuthorizer(PermsDir(config), path.Join(p, "debugacls"), getter)
}
p, err := instanceDir(config.Root, suffix[0:3])
if err != nil {
return nil, verror.New(ErrOperationFailed, nil, fmt.Sprintf("newAppSpecificAuthorizer failed: %v", err))
}
- return acls.NewHierarchicalAuthorizer(AclDir(config), path.Join(p, "acls"), getter)
+ return pathperms.NewHierarchicalAuthorizer(PermsDir(config), path.Join(p, "acls"), getter)
}
diff --git a/services/device/internal/impl/impl_test.go b/services/device/internal/impl/impl_test.go
index 24a8a4d..91718af 100644
--- a/services/device/internal/impl/impl_test.go
+++ b/services/device/internal/impl/impl_test.go
@@ -1073,12 +1073,12 @@
// manager version.
md5hash := md5.Sum(b.Bytes())
expectedVersion := hex.EncodeToString(md5hash[:])
- acl, version, err := deviceStub.GetPermissions(selfCtx)
+ perms, version, err := deviceStub.GetPermissions(selfCtx)
if err != nil {
t.Fatal(err)
}
if version != expectedVersion {
- t.Fatalf("getAccessList expected:%v(%v), got:%v(%v)", expectedAccessList, expectedVersion, acl, version)
+ t.Fatalf("getAccessList expected:%v(%v), got:%v(%v)", expectedAccessList, expectedVersion, perms, version)
}
// Install from octx should fail, since it does not match the AccessList.
installAppExpectError(t, octx, verror.ErrNoAccess.ID)
@@ -1568,7 +1568,7 @@
appID := installApp(t, selfCtx)
vlog.VI(2).Infof("Validate that the created app has the right permission lists.")
- acl, _, err := appStub(appID).GetPermissions(selfCtx)
+ perms, _, err := appStub(appID).GetPermissions(selfCtx)
if err != nil {
t.Fatalf("GetPermissions on appID: %v failed %v", appID, err)
}
@@ -1576,7 +1576,7 @@
for _, tag := range access.AllTypicalTags() {
expected[string(tag)] = access.AccessList{In: []security.BlessingPattern{"root/self/$"}}
}
- if got, want := acl.Normalize(), expected.Normalize(); !reflect.DeepEqual(got, want) {
+ if got, want := perms.Normalize(), expected.Normalize(); !reflect.DeepEqual(got, want) {
t.Errorf("got %#v, expected %#v", got, want)
}
@@ -1637,11 +1637,11 @@
for _, tag := range access.AllTypicalTags() {
expected[string(tag)] = access.AccessList{In: []security.BlessingPattern{"root/other/$"}}
}
- acl, _, err = appStub(appID, instance2ID).GetPermissions(selfCtx)
+ perms, _, err = appStub(appID, instance2ID).GetPermissions(selfCtx)
if err != nil {
t.Fatalf("GetPermissions on instance %v/%v failed: %v", appID, instance2ID, err)
}
- if got, want := acl.Normalize(), expected.Normalize(); !reflect.DeepEqual(got, want) {
+ if got, want := perms.Normalize(), expected.Normalize(); !reflect.DeepEqual(got, want) {
t.Errorf("got %#v, expected %#v ", got, want)
}
diff --git a/services/device/internal/impl/mock_repo_test.go b/services/device/internal/impl/mock_repo_test.go
index 987a086..7f6a03d 100644
--- a/services/device/internal/impl/mock_repo_test.go
+++ b/services/device/internal/impl/mock_repo_test.go
@@ -77,11 +77,11 @@
return i.envelope, nil
}
-func (i *arInvoker) GetPermissions(*context.T, rpc.ServerCall) (acl access.Permissions, version string, err error) {
+func (i *arInvoker) GetPermissions(*context.T, rpc.ServerCall) (perms access.Permissions, version string, err error) {
return nil, "", nil
}
-func (i *arInvoker) SetPermissions(_ *context.T, _ rpc.ServerCall, acl access.Permissions, version string) error {
+func (i *arInvoker) SetPermissions(_ *context.T, _ rpc.ServerCall, perms access.Permissions, version string) error {
return nil
}
@@ -171,10 +171,10 @@
return nil
}
-func (i *brInvoker) GetPermissions(*context.T, rpc.ServerCall) (acl access.Permissions, version string, err error) {
+func (i *brInvoker) GetPermissions(*context.T, rpc.ServerCall) (perms access.Permissions, version string, err error) {
return nil, "", nil
}
-func (i *brInvoker) SetPermissions(_ *context.T, _ rpc.ServerCall, acl access.Permissions, version string) error {
+func (i *brInvoker) SetPermissions(_ *context.T, _ rpc.ServerCall, perms access.Permissions, version string) error {
return nil
}
diff --git a/services/device/internal/impl/perms_propagator.go b/services/device/internal/impl/perms_propagator.go
new file mode 100644
index 0000000..ef3c0d1
--- /dev/null
+++ b/services/device/internal/impl/perms_propagator.go
@@ -0,0 +1,44 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package impl
+
+import (
+ "path/filepath"
+
+ "v.io/v23/security"
+ "v.io/v23/security/access"
+ "v.io/x/ref/services/internal/pathperms"
+)
+
+// computePath builds the desired path for the debug perms.
+func computePath(path string) string {
+ return filepath.Join(path, "debugacls")
+}
+
+// setPermsForDebugging constructs a Permissions file for use by applications
+// that permits principals with a Debug right on an application instance to
+// access names in the app's __debug space.
+func setPermsForDebugging(blessings []string, perms access.Permissions, instancePath string, permsStore *pathperms.PathStore) error {
+ path := computePath(instancePath)
+ newPerms := make(access.Permissions)
+
+ // Add blessings for the DM so that it can access the app too.
+
+ set := func(bl security.BlessingPattern) {
+ for _, tag := range []access.Tag{access.Resolve, access.Debug} {
+ newPerms.Add(bl, string(tag))
+ }
+ }
+
+ for _, b := range blessings {
+ set(security.BlessingPattern(b))
+ }
+
+ // add Resolve for every blessing that has debug
+ for _, v := range perms["Debug"].In {
+ set(v)
+ }
+ return permsStore.Set(path, newPerms, "")
+}
diff --git a/services/device/internal/impl/util.go b/services/device/internal/impl/util.go
index ce8ba53..dd22307 100644
--- a/services/device/internal/impl/util.go
+++ b/services/device/internal/impl/util.go
@@ -146,7 +146,7 @@
}
}
-func AclDir(c *config.State) string {
+func PermsDir(c *config.State) string {
return filepath.Join(c.Root, "device-manager", "device-data", "acls")
}
diff --git a/services/device/internal/starter/starter.go b/services/device/internal/starter/starter.go
index 4c059f9..9ea7dba 100644
--- a/services/device/internal/starter/starter.go
+++ b/services/device/internal/starter/starter.go
@@ -19,7 +19,7 @@
"v.io/x/ref/services/debug/debuglib"
"v.io/x/ref/services/device/internal/config"
"v.io/x/ref/services/device/internal/impl"
- "v.io/x/ref/services/internal/acls"
+ "v.io/x/ref/services/internal/pathperms"
"v.io/x/ref/services/mounttable/mounttablelib"
"v.io/v23"
@@ -40,9 +40,9 @@
)
type NamespaceArgs struct {
- Name string // Name to publish the mounttable service under.
- ListenSpec rpc.ListenSpec // ListenSpec for the server.
- AccessListFile string // Path to the AccessList file used by the mounttable.
+ Name string // Name to publish the mounttable service under.
+ ListenSpec rpc.ListenSpec // ListenSpec for the server.
+ PermissionsFile string // Path to the Permissions file used by the mounttable.
// Name in the local neighborhood on which to make the mounttable
// visible. If empty, the mounttable will not be visible in the local
// neighborhood.
@@ -90,8 +90,8 @@
}
// In test mode, we skip writing the info file to disk, and we skip
// attempting to start the claimable service: the device must have been
- // claimed already to enable updates anyway, and checking for acls in
- // NewClaimableDispatcher needlessly prints an acl signature
+ // claimed already to enable updates anyway, and checking for perms in
+ // NewClaimableDispatcher needlessly prints a perms signature
// verification error to the logs.
if args.Device.TestMode {
return startClaimedDevice(ctx, args)
@@ -222,9 +222,9 @@
}
func startClaimedDevice(ctx *context.T, args Args) (func(), error) {
- permStore := acls.NewPathStore(v23.GetPrincipal(ctx))
- acldir := impl.AclDir(args.Device.ConfigState)
- debugAuth, err := acls.NewHierarchicalAuthorizer(acldir, acldir, permStore)
+ permStore := pathperms.NewPathStore(v23.GetPrincipal(ctx))
+ permsdir := impl.PermsDir(args.Device.ConfigState)
+ debugAuth, err := pathperms.NewHierarchicalAuthorizer(permsdir, permsdir, permStore)
if err != nil {
return nil, err
}
@@ -304,7 +304,7 @@
}
func startMounttable(ctx *context.T, n NamespaceArgs) (string, func(), error) {
- mtName, stopMT, err := mounttablelib.StartServers(ctx, n.ListenSpec, n.Name, n.Neighborhood, n.AccessListFile, "mounttable")
+ mtName, stopMT, err := mounttablelib.StartServers(ctx, n.ListenSpec, n.Name, n.Neighborhood, n.PermissionsFile, "mounttable")
if err != nil {
vlog.Errorf("mounttablelib.StartServers(%#v) failed: %v", n, err)
} else {
@@ -329,7 +329,7 @@
// Returns:
// (1) Function to be called to force the service to shutdown
// (2) Any errors in starting the service (in which case, (1) will be nil)
-func startDeviceServer(ctx *context.T, args DeviceArgs, mt string, permStore *acls.PathStore) (shutdown func(), err error) {
+func startDeviceServer(ctx *context.T, args DeviceArgs, mt string, permStore *pathperms.PathStore) (shutdown func(), err error) {
server, err := v23.NewServer(ctx)
if err != nil {
return nil, err
