CalvinBackup/tauri-plugins-workspace
1
0
Fork 0
mirror of https://github.com/tauri-apps/plugins-workspace.git synced 2026-06-06 13:53:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Feat: Add default permissions to most plugins (#1460)

Browse Source 
* Add default permissions to most plugins.

Co-authored-by: chippers <chip@chip.sh>
Co-authored-by: fabianlars <fabianlars@fabianlars.de>

* updated default description

* mobile plugin relevant changes

---------

Co-authored-by: chippers <chip@chip.sh>
Co-authored-by: fabianlars <fabianlars@fabianlars.de>
This commit is contained in:
Tillmann
2024-06-26 14:35:08 +09:00
committed by GitHub
parent f1372adc9d
commit 0cb1baf09a
73 changed files with 1211 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/fs/permissions/autogenerated/reference.md
+17 -10
View File
@@ -273,23 +273,27 @@
|`deny-write-file`|Denies the write_file command without any pre-configured scope.|
|`allow-write-text-file`|Enables the write_text_file command without any pre-configured scope.|
|`deny-write-text-file`|Denies the write_text_file command without any pre-configured scope.|
|`default`|# Tauri `fs` default permissions
|`create-app-specific-dirs`|This permissions allows to create the application specific directories.
|
|`default`|This set of permissions describes the what kind of
file system access the `fs` plugin has enabled or denied by default.
This configuration file defines the default permissions granted
to the filesystem.
#### Granted Permissions
### Granted Permissions
This default permission set enables all read-related commands and
allows access to the `$APP` folder and sub directories created in it.
The location of the `$APP` folder depends on the operating system,
This default permission set enables read access to the
application specific directories (AppConfig, AppData, AppLocalData, AppCache,
AppLog) and all files and sub directories created in it.
The location of these directories depends on the operating system,
where the application is run.
In general the `$APP` folder needs to be manually created
In general these directories need to be manually created
by the application at runtime, before accessing files or folders
in it is possible.
### Denied Permissions
Therefore, it is also allowed to create all of these folders via
the `mkdir` command.
#### Denied Permissions
This default permission set prevents access to critical components
of the Tauri application by default.
@@ -304,6 +308,9 @@ Allowing access can lead to sensitive information disclosure and should be well
`$APPLOCALDATA/EBWebView` folder on windows as the webview data and configuration values are stored here.
Allowing access can lead to sensitive information disclosure and should be well considered.|
|`read-all`|This enables all read related commands without any pre-configured accessible paths.|
|`read-app-specific-dirs-recursive`|This permission allows recursive read functionality on the application
specific base directories.
|
|`read-dirs`|This enables directory read and file metadata related commands without any pre-configured accessible paths.|
|`read-files`|This enables file read related commands without any pre-configured accessible paths.|
|`read-meta`|This enables all index or metadata related commands without any pre-configured accessible paths.|
plugins/fs/permissions/create-app-specific-dirs.toml
+23
View File
@@ -0,0 +1,23 @@
"$schema" = "schemas/schema.json"
[[permission]]
identifier = "create-app-specific-dirs"
description = """
This permissions allows to create the application specific directories.
"""
commands.allow = ["mkdir"]
[[permission.scope.allow]]
path = "$APPCONFIG"
[[permission.scope.allow]]
path = "$APPDATA"
[[permission.scope.allow]]
path = "$APPLOCALDATA"
[[permission.scope.allow]]
path = "$APPCACHE"
[[permission.scope.allow]]
path = "$APPLOG"
plugins/fs/permissions/default.toml
+17 -11
View File
@@ -2,27 +2,33 @@
[default]
description = """
# Tauri `fs` default permissions
This set of permissions describes the what kind of
file system access the `fs` plugin has enabled or denied by default.
This configuration file defines the default permissions granted
to the filesystem.
#### Granted Permissions
### Granted Permissions
This default permission set enables all read-related commands and
allows access to the `$APP` folder and sub directories created in it.
The location of the `$APP` folder depends on the operating system,
This default permission set enables read access to the
application specific directories (AppConfig, AppData, AppLocalData, AppCache,
AppLog) and all files and sub directories created in it.
The location of these directories depends on the operating system,
where the application is run.
In general the `$APP` folder needs to be manually created
In general these directories need to be manually created
by the application at runtime, before accessing files or folders
in it is possible.
### Denied Permissions
Therefore, it is also allowed to create all of these folders via
the `mkdir` command.
#### Denied Permissions
This default permission set prevents access to critical components
of the Tauri application by default.
On Windows the webview data folder access is denied.
"""
permissions = ["read-all", "scope-app-recursive", "deny-default"]
permissions = [
"create-app-specific-dirs",
"read-app-specific-dirs-recursive",
"deny-default",
]
plugins/fs/permissions/read-app-specific-dirs-recursive.toml
+31
View File
@@ -0,0 +1,31 @@
"$schema" = "schemas/schema.json"
[[permission]]
identifier = "read-app-specific-dirs-recursive"
description = """
This permission allows recursive read functionality on the application
specific base directories.
"""
commands.allow = [
"read_dir",
"read_file",
"read_text_file",
"read_text_file_lines",
"read_text_file_lines_next",
"exists",
]
[[permission.scope.allow]]
path = "$APPCONFIG/**"
[[permission.scope.allow]]
path = "$APPDATA/**"
[[permission.scope.allow]]
path = "$APPLOCALDATA/**"
[[permission.scope.allow]]
path = "$APPCACHE/**"
[[permission.scope.allow]]
path = "$APPLOG/**"
plugins/fs/permissions/schemas/schema.json
+15 -1
View File
@@ -2206,7 +2206,14 @@
]
},
{
"description": "default -> # Tauri `fs` default permissions\n\nThis configuration file defines the default permissions granted\nto the filesystem.\n\n### Granted Permissions\n\nThis default permission set enables all read-related commands and\nallows access to the `$APP` folder and sub directories created in it.\nThe location of the `$APP` folder depends on the operating system,\nwhere the application is run.\n\nIn general the `$APP` folder needs to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\n### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n",
"description": "create-app-specific-dirs -> This permissions allows to create the application specific directories.\n",
"type": "string",
"enum": [
"create-app-specific-dirs"
]
},
{
"description": "default -> This set of permissions describes the what kind of\nfile system access the `fs` plugin has enabled or denied by default.\n\n#### Granted Permissions\n\nThis default permission set enables read access to the\napplication specific directories (AppConfig, AppData, AppLocalData, AppCache,\nAppLog) and all files and sub directories created in it.\nThe location of these directories depends on the operating system,\nwhere the application is run.\n\nIn general these directories need to be manually created\nby the application at runtime, before accessing files or folders\nin it is possible.\n\nTherefore, it is also allowed to create all of these folders via\nthe `mkdir` command.\n\n#### Denied Permissions\n\nThis default permission set prevents access to critical components\nof the Tauri application by default.\nOn Windows the webview data folder access is denied.\n\n",
"type": "string",
"enum": [
"default"
@@ -2240,6 +2247,13 @@
"read-all"
]
},
{
"description": "read-app-specific-dirs-recursive -> This permission allows recursive read functionality on the application\nspecific base directories. \n",
"type": "string",
"enum": [
"read-app-specific-dirs-recursive"
]
},
{
"description": "read-dirs -> This enables directory read and file metadata related commands without any pre-configured accessible paths.",
"type": "string",