re-enable isolation. fmt. default perms

2026-04-21 11:26:15 +02:00 · 2025-08-14 14:03:58 +02:00
parent 9804eeef03
commit d1edf783e1
8 changed files with 40 additions and 5 deletions
@@ -1295,6 +1295,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
 dependencies = [
 "generic-array",
+ "rand_core 0.6.4",
 "typenum",
 ]

@@ -6421,6 +6422,7 @@ dependencies = [
 "tray-icon",
 "url",
 "urlpattern",
+ "uuid",
 "webkit2gtk",
 "webview2-com",
 "window-vibrancy",
@@ -7062,10 +7064,12 @@ version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "41743bbbeb96c3a100d234e5a0b60a46d5aa068f266160862c7afdbf828ca02e"
 dependencies = [
+ "aes-gcm",
 "anyhow",
 "cargo_metadata",
 "ctor",
 "dunce",
+ "getrandom 0.2.15",
 "glob",
 "html5ever",
 "http",
@@ -7084,6 +7088,7 @@ dependencies = [
 "serde-untagged",
 "serde_json",
 "serde_with",
+ "serialize-to-javascript",
 "swift-rs",
 "thiserror 2.0.12",
 "toml",
@@ -12,7 +12,7 @@ name = "api_lib"
 crate-type = ["staticlib", "cdylib", "rlib"]

 [build-dependencies]
-tauri-build = { workspace = true, features = ["codegen"] }
+tauri-build = { workspace = true, features = ["codegen", "isolation"] }

 [dependencies]
 serde_json = { workspace = true }
@@ -49,6 +49,7 @@ features = [
  "x11",
  "image-ico",
  "image-png",
+  "isolation",
  "macos-private-api",
  "tray-icon",
  "protocol-asset",
@@ -13,6 +13,12 @@
    "withGlobalTauri": true,
    "macOSPrivateApi": true,
    "security": {
+      "pattern": {
+        "use": "isolation",
+        "options": {
+          "dir": "../isolation-dist/"
+        }
+      },
      "csp": {
        "default-src": "'self' customprotocol: asset:",
        "connect-src": "ipc: http://ipc.localhost",
@@ -2,7 +2,7 @@

 [default]
 description = """
-This set of permissions describes the what kind of
+This set of permissions describes what kind of
 file system access the `fs` plugin has enabled or denied by default.

 #### Granted Permissions
@@ -0,0 +1,23 @@
+"$schema" = "schemas/schema.json"
+
+# TODO: Discuss defaults. Also consider potentional encrypt/decrypt-like functions.
+[default]
+description = """
+This permission set configures which
+Secure Storage APIs are available by defaultt.
+
+#### Granted Permissions
+
+In the PoC phase all commands are allowed by default.
+
+"""
+
+permissions = [
+  "allow-arch",
+  "allow-exe-extension",
+  "allow-family",
+  "allow-locale",
+  "allow-os-type",
+  "allow-platform",
+  "allow-version",
+]
@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT

-use tauri::{AppHandle, Runtime, command};
+use tauri::{command, AppHandle, Runtime};

 use crate::{Result, SecureStorageExt};

@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT

-use serde::{Serialize, ser::Serializer};
+use serde::{ser::Serializer, Serialize};

 pub type Result<T> = std::result::Result<T, Error>;

@@ -4,8 +4,8 @@

 use keyring::Entry;
 use tauri::{
-    AppHandle, Manager, Runtime,
    plugin::{Builder, TauriPlugin},
+    AppHandle, Manager, Runtime,
 };

 mod commands;