Add permission check to account

[runtian-zhou]

Description

Adds permission checks to account operations in the Aptos Framework to restrict key rotation and signer capability management. This introduces a new AccountPermission type and associated functions to control access to privileged account operations.

Key changes:

• Added check_signer_permission function to verify permissions
• Added grant_permission function to authorize signers
• Added permission checks to all account rotation and capability management functions
• Introduced new error code ENO_ACCOUNT_PERMISSION

Type of Change

• New feature
• Breaking change

Which Components or Systems Does This Change Impact?

• Move/Aptos Virtual Machine
• Aptos Framework

How Has This Been Tested?

TBA

Key Areas to Review

• Permission check implementation in check_signer_permission
• Integration of permission checks across account operations
• Error handling for unauthorized operations
• Permission granting mechanism in grant_permission

Checklist

• I have read and followed the CONTRIBUTING doc
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I identified and added all stakeholders and component owners affected by this change as reviewers
• I tested both happy and unhappy path of the functionality
• I have made corresponding changes to the documentation

[trunk-io]

⏱️ 3h 6m total CI duration on this PR

Slowest 15 Jobs	Cumulative Duration	Recent Runs
rust-move-unit-coverage	20m	🟩
rust-move-unit-coverage	19m	🟩
rust-move-unit-coverage	16m	🟩
rust-move-unit-coverage	15m	🟩
rust-move-unit-coverage	14m	🟩
general-lints	13m	🟩 🟩 🟩 🟩 🟩 (+2 more)
rust-cargo-deny	12m	🟩 🟩 🟩 🟩 🟩 (+2 more)
rust-move-unit-coverage	11m	🟩
check-dynamic-deps	11m	🟩 🟩 🟩 🟩 🟩 (+4 more)
rust-move-tests	9m	🟥
rust-move-tests	8m	🟥
rust-move-tests	8m	🟥
rust-move-tests	8m	🟥
semgrep/ci	4m	🟩 🟩 🟩 🟩 🟩 (+5 more)
rust-move-unit-coverage	3m	⬜

_{settings ⋅ feedback ⋅ docs ⋅ learn more about trunk.io}

[runtian-zhou]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• Add permission check to account #14535 👈 (View in Graphite)
• Feature gate permissioned signer #15622
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (asset_permission@444ac11). Learn more about missing BASE report.

Additional details and impacted files

@@                 Coverage Diff                 @@
##             asset_permission   #14535   +/-   ##
===================================================
  Coverage                    ?    59.4%           
===================================================
  Files                       ?      857           
  Lines                       ?   210762           
  Branches                    ?        0           
===================================================
  Hits                        ?   125197           
  Misses                      ?    85565           
  Partials                    ?        0           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

✅ Forge suite realistic_env_max_load success on c85335f662f24d59ca799cb72037961841e97ed1

two traffics test: inner traffic : committed: 15043.59 txn/s, latency: 2639.88 ms, (p50: 2700 ms, p70: 2700, p90: 2700 ms, p99: 3000 ms), latency samples: 5719920
two traffics test : committed: 99.96 txn/s, latency: 1373.69 ms, (p50: 1300 ms, p70: 1400, p90: 1500 ms, p99: 2300 ms), latency samples: 1760
Latency breakdown for phase 0: ["MempoolToBlockCreation: max: 1.551, avg: 1.496", "ConsensusProposalToOrdered: max: 0.289, avg: 0.284", "ConsensusOrderedToCommit: max: 0.302, avg: 0.297", "ConsensusProposalToCommit: max: 0.587, avg: 0.581"]
Max non-epoch-change gap was: 0 rounds at version 0 (avg 0.00) [limit 4], 0.53s no progress at version 531 (avg 0.19s) [limit 15].
Max epoch-change gap was: 0 rounds at version 0 (avg 0.00) [limit 4], 0.54s no progress at version 2331639 (avg 0.54s) [limit 16].
Test Ok

• Grafana dashboard
• Humio Logs
• Axiom Logs
• Validator CPU Profile
• Fullnode CPU Profile
• Test runner output
• Test run is land-blocking

[github-actions]

✅ Forge suite compat success on 6593fb81261f25490ffddc2252a861c994234c2a ==> c85335f662f24d59ca799cb72037961841e97ed1

Compatibility test results for 6593fb81261f25490ffddc2252a861c994234c2a ==> c85335f662f24d59ca799cb72037961841e97ed1 (PR)
1. Check liveness of validators at old version: 6593fb81261f25490ffddc2252a861c994234c2a
compatibility::simple-validator-upgrade::liveness-check : committed: 16898.09 txn/s, latency: 2012.69 ms, (p50: 2100 ms, p70: 2100, p90: 2200 ms, p99: 2800 ms), latency samples: 564640
2. Upgrading first Validator to new version: c85335f662f24d59ca799cb72037961841e97ed1
compatibility::simple-validator-upgrade::single-validator-upgrading : committed: 4944.70 txn/s, latency: 6237.84 ms, (p50: 7000 ms, p70: 7600, p90: 7800 ms, p99: 7900 ms), latency samples: 98780
compatibility::simple-validator-upgrade::single-validator-upgrade : committed: 4887.81 txn/s, latency: 7062.07 ms, (p50: 7700 ms, p70: 7800, p90: 8000 ms, p99: 8200 ms), latency samples: 173940
3. Upgrading rest of first batch to new version: c85335f662f24d59ca799cb72037961841e97ed1
compatibility::simple-validator-upgrade::half-validator-upgrading : committed: 4695.32 txn/s, latency: 6349.01 ms, (p50: 6600 ms, p70: 7500, p90: 8400 ms, p99: 8500 ms), latency samples: 89300
compatibility::simple-validator-upgrade::half-validator-upgrade : committed: 4305.25 txn/s, latency: 7868.64 ms, (p50: 8800 ms, p70: 8900, p90: 9100 ms, p99: 9300 ms), latency samples: 153460
4. upgrading second batch to new version: c85335f662f24d59ca799cb72037961841e97ed1
compatibility::simple-validator-upgrade::rest-validator-upgrading : committed: 8308.20 txn/s, latency: 3678.14 ms, (p50: 4000 ms, p70: 4300, p90: 5200 ms, p99: 5400 ms), latency samples: 150060
compatibility::simple-validator-upgrade::rest-validator-upgrade : committed: 8252.56 txn/s, latency: 4101.99 ms, (p50: 4100 ms, p70: 4800, p90: 5300 ms, p99: 5500 ms), latency samples: 274220
5. check swarm health
Compatibility test for 6593fb81261f25490ffddc2252a861c994234c2a ==> c85335f662f24d59ca799cb72037961841e97ed1 passed
Test Ok

• Grafana dashboard
• Humio Logs
• Axiom Logs
• Validator CPU Profile
• Fullnode CPU Profile
• Test runner output
• Test run is land-blocking