Skip to content

Commit

Permalink
Feature gate permissioned signer
Browse files Browse the repository at this point in the history
  • Loading branch information
@runtian-zhou
runtian-zhou committed Jan 15, 2025
1 parent 5d7f12a commit 61cd37b
Show file tree
Hide file tree
Showing 6 changed files with 94 additions and 0 deletions.
3 changes: 3 additions & 0 deletions aptos-move/aptos-release-builder/src/components/feature_flags.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ pub enum FeatureFlag {
EnableLoaderV2,
DisallowInitModuleToPublishModules,
EnableCallTreeAndInstructionVMCache,
PermissionedSigner,
}

fn generate_features_blob(writer: &CodeWriter, data: &[u64]) {
Expand Down Expand Up @@ -361,6 +362,7 @@ impl From<FeatureFlag> for AptosFeatureFlag {
FeatureFlag::EnableCallTreeAndInstructionVMCache => {
AptosFeatureFlag::ENABLE_CALL_TREE_AND_INSTRUCTION_VM_CACHE
},
FeatureFlag::PermissionedSigner => AptosFeatureFlag::PERMISSIONED_SIGNER,
}
}
}
Expand Down Expand Up @@ -514,6 +516,7 @@ impl From<AptosFeatureFlag> for FeatureFlag {
AptosFeatureFlag::ENABLE_CALL_TREE_AND_INSTRUCTION_VM_CACHE => {
FeatureFlag::EnableCallTreeAndInstructionVMCache
},
AptosFeatureFlag::PERMISSIONED_SIGNER => FeatureFlag::PermissionedSigner,
}
}
}
Expand Down
12 changes: 12 additions & 0 deletions aptos-move/framework/aptos-framework/sources/permissioned_signer.move
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
/// After introducing the core functionality, examples are provided for withdraw limit on accounts, and
/// for blind signing.
module aptos_framework::permissioned_signer {
use std::features;
use std::signer;
use std::error;
use std::vector;
Expand Down Expand Up @@ -49,6 +50,9 @@ module aptos_framework::permissioned_signer {
/// given master signer.
const E_NOT_ACTIVE: u64 = 8;

/// Permissioned signer feature is not activated.
const EPERMISSION_SIGNER_DISABLED: u64 = 9;

const U256_MAX: u256 =
115792089237316195423570985008687907853269984665640564039457584007913129639935;

Expand Down Expand Up @@ -135,6 +139,10 @@ module aptos_framework::permissioned_signer {
/// signer interacts with various framework functions, it would subject to permission checks
/// and would abort if check fails.
public fun signer_from_permissioned_handle(p: &PermissionedHandle): signer {
assert!(
features::is_permissioned_signer_enabled(),
error::permission_denied(EPERMISSION_SIGNER_DISABLED)
);
signer_from_permissioned_handle_impl(
p.master_account_addr, p.permissions_storage_addr
)
Expand Down Expand Up @@ -288,6 +296,10 @@ module aptos_framework::permissioned_signer {
public(package) fun signer_from_storable_permissioned_handle(
p: &StorablePermissionedHandle
): signer {
assert!(
features::is_permissioned_signer_enabled(),
error::permission_denied(EPERMISSION_SIGNER_DISABLED)
);
assert!(
timestamp::now_seconds() < p.expiration_time,
error::permission_denied(E_PERMISSION_EXPIRED)
Expand Down
57 changes: 57 additions & 0 deletions aptos-move/framework/move-stdlib/doc/features.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,8 @@ return true.
- [Function `is_collection_owner_enabled`](#0x1_features_is_collection_owner_enabled)
- [Function `get_native_memory_operations_feature`](#0x1_features_get_native_memory_operations_feature)
- [Function `is_native_memory_operations_enabled`](#0x1_features_is_native_memory_operations_enabled)
- [Function `get_permissioned_signer_feature`](#0x1_features_get_permissioned_signer_feature)
- [Function `is_permissioned_signer_enabled`](#0x1_features_is_permissioned_signer_enabled)
- [Function `change_feature_flags`](#0x1_features_change_feature_flags)
- [Function `change_feature_flags_internal`](#0x1_features_change_feature_flags_internal)
- [Function `change_feature_flags_for_next_epoch`](#0x1_features_change_feature_flags_for_next_epoch)
Expand Down Expand Up @@ -754,6 +756,15 @@ Lifetime: transient



<a id="0x1_features_PERMISSIONED_SIGNER"></a>



<pre><code><b>const</b> <a href="features.md#0x1_features_PERMISSIONED_SIGNER">PERMISSIONED_SIGNER</a>: u64 = 83;
</code></pre>



<a id="0x1_features_PRIMARY_APT_FUNGIBLE_STORE_AT_USER_ADDRESS"></a>


Expand Down Expand Up @@ -3330,6 +3341,52 @@ Deprecated feature



</details>

<a id="0x1_features_get_permissioned_signer_feature"></a>

## Function `get_permissioned_signer_feature`



<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_permissioned_signer_feature">get_permissioned_signer_feature</a>(): u64
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_permissioned_signer_feature">get_permissioned_signer_feature</a>(): u64 { <a href="features.md#0x1_features_PERMISSIONED_SIGNER">PERMISSIONED_SIGNER</a> }
</code></pre>



</details>

<a id="0x1_features_is_permissioned_signer_enabled"></a>

## Function `is_permissioned_signer_enabled`



<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_is_permissioned_signer_enabled">is_permissioned_signer_enabled</a>(): bool
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_is_permissioned_signer_enabled">is_permissioned_signer_enabled</a>(): bool <b>acquires</b> <a href="features.md#0x1_features_Features">Features</a> {
<a href="features.md#0x1_features_is_enabled">is_enabled</a>(<a href="features.md#0x1_features_PERMISSIONED_SIGNER">PERMISSIONED_SIGNER</a>)
}
</code></pre>



</details>

<a id="0x1_features_change_feature_flags"></a>
Expand Down
8 changes: 8 additions & 0 deletions aptos-move/framework/move-stdlib/sources/configs/features.move
View file
Original file line number Diff line number Diff line change
Expand Up @@ -615,6 +615,14 @@ module std::features {
is_enabled(NATIVE_MEMORY_OPERATIONS)
}

const PERMISSIONED_SIGNER: u64 = 84;

public fun get_permissioned_signer_feature(): u64 { PERMISSIONED_SIGNER }

public fun is_permissioned_signer_enabled(): bool acquires Features {
is_enabled(PERMISSIONED_SIGNER)
}

// ============================================================================================
// Feature Flag Implementation

Expand Down
11 changes: 11 additions & 0 deletions aptos-move/framework/src/natives/permissioned_signer.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ use move_vm_types::{
use smallvec::{smallvec, SmallVec};
use std::collections::VecDeque;

const EPERMISSION_SIGNER_DISABLED: u64 = 9;

/***************************************************************************************************
* native fun is_permissioned_signer_impl
*
Expand Down Expand Up @@ -76,6 +78,15 @@ fn native_signer_from_permissioned(
) -> SafeNativeResult<SmallVec<[Value; 1]>> {
debug_assert!(arguments.len() == 2);

if !context
.get_feature_flags()
.is_enabled(aptos_types::on_chain_config::FeatureFlag::PERMISSIONED_SIGNER)
{
return SafeNativeResult::Err(SafeNativeError::Abort {
abort_code: EPERMISSION_SIGNER_DISABLED,
});
}

let permission_addr = safely_pop_arg!(arguments, AccountAddress);
let master_addr = safely_pop_arg!(arguments, AccountAddress);
context.charge(SIGNER_FROM_PERMISSIONED_HANDLE_BASE)?;
Expand Down
3 changes: 3 additions & 0 deletions types/src/on_chain_config/aptos_features.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,8 @@ pub enum FeatureFlag {
/// implementations. If required in the future, we can add a flag
/// to explicitly disable the instruction cache.
ENABLE_CALL_TREE_AND_INSTRUCTION_VM_CACHE = 83,
/// AIP-103 (https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-103.md)
PERMISSIONED_SIGNER = 84,
}

impl FeatureFlag {
Expand Down Expand Up @@ -197,6 +199,7 @@ impl FeatureFlag {
FeatureFlag::COLLECTION_OWNER,
FeatureFlag::ENABLE_LOADER_V2,
FeatureFlag::DISALLOW_INIT_MODULE_TO_PUBLISH_MODULES,
FeatureFlag::PERMISSIONED_SIGNER,
]
}
}
Expand Down

0 comments on commit 61cd37b

Please sign in to comment.