From d1edf783e10bc13b5eea2761580066cb15bbdf77 Mon Sep 17 00:00:00 2001
From: FabianLars <github@fabianlars.de>
Date: Thu, 14 Aug 2025 14:03:58 +0200
Subject: [PATCH] re-enable isolation. fmt. default perms

---
 Cargo.lock                                    |  5 ++++
 examples/api/src-tauri/Cargo.toml             |  3 ++-
 examples/api/src-tauri/tauri.conf.json        |  6 +++++
 plugins/fs/permissions/default.toml           |  2 +-
 .../secure-storage/permissions/default.toml   | 23 +++++++++++++++++++
 plugins/secure-storage/src/commands.rs        |  2 +-
 plugins/secure-storage/src/error.rs           |  2 +-
 plugins/secure-storage/src/lib.rs             |  2 +-
 8 files changed, 40 insertions(+), 5 deletions(-)
 create mode 100644 plugins/secure-storage/permissions/default.toml

diff --git a/Cargo.lock b/Cargo.lock
index 676c88795..ad3365f23 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1295,6 +1295,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
 dependencies = [
  "generic-array",
+ "rand_core 0.6.4",
  "typenum",
 ]
 
@@ -6421,6 +6422,7 @@ dependencies = [
  "tray-icon",
  "url",
  "urlpattern",
+ "uuid",
  "webkit2gtk",
  "webview2-com",
  "window-vibrancy",
@@ -7062,10 +7064,12 @@ version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "41743bbbeb96c3a100d234e5a0b60a46d5aa068f266160862c7afdbf828ca02e"
 dependencies = [
+ "aes-gcm",
  "anyhow",
  "cargo_metadata",
  "ctor",
  "dunce",
+ "getrandom 0.2.15",
  "glob",
  "html5ever",
  "http",
@@ -7084,6 +7088,7 @@ dependencies = [
  "serde-untagged",
  "serde_json",
  "serde_with",
+ "serialize-to-javascript",
  "swift-rs",
  "thiserror 2.0.12",
  "toml",
diff --git a/examples/api/src-tauri/Cargo.toml b/examples/api/src-tauri/Cargo.toml
index b5e508e63..5557e09bd 100644
--- a/examples/api/src-tauri/Cargo.toml
+++ b/examples/api/src-tauri/Cargo.toml
@@ -12,7 +12,7 @@ name = "api_lib"
 crate-type = ["staticlib", "cdylib", "rlib"]
 
 [build-dependencies]
-tauri-build = { workspace = true, features = ["codegen"] }
+tauri-build = { workspace = true, features = ["codegen", "isolation"] }
 
 [dependencies]
 serde_json = { workspace = true }
@@ -49,6 +49,7 @@ features = [
   "x11",
   "image-ico",
   "image-png",
+  "isolation",
   "macos-private-api",
   "tray-icon",
   "protocol-asset",
diff --git a/examples/api/src-tauri/tauri.conf.json b/examples/api/src-tauri/tauri.conf.json
index cd4a3d026..00b095be8 100644
--- a/examples/api/src-tauri/tauri.conf.json
+++ b/examples/api/src-tauri/tauri.conf.json
@@ -13,6 +13,12 @@
     "withGlobalTauri": true,
     "macOSPrivateApi": true,
     "security": {
+      "pattern": {
+        "use": "isolation",
+        "options": {
+          "dir": "../isolation-dist/"
+        }
+      },
       "csp": {
         "default-src": "'self' customprotocol: asset:",
         "connect-src": "ipc: http://ipc.localhost",
diff --git a/plugins/fs/permissions/default.toml b/plugins/fs/permissions/default.toml
index 78836df71..002fd9c12 100644
--- a/plugins/fs/permissions/default.toml
+++ b/plugins/fs/permissions/default.toml
@@ -2,7 +2,7 @@
 
 [default]
 description = """
-This set of permissions describes the what kind of
+This set of permissions describes what kind of
 file system access the `fs` plugin has enabled or denied by default.
 
 #### Granted Permissions
diff --git a/plugins/secure-storage/permissions/default.toml b/plugins/secure-storage/permissions/default.toml
new file mode 100644
index 000000000..423fe170b
--- /dev/null
+++ b/plugins/secure-storage/permissions/default.toml
@@ -0,0 +1,23 @@
+"$schema" = "schemas/schema.json"
+
+# TODO: Discuss defaults. Also consider potentional encrypt/decrypt-like functions.
+[default]
+description = """
+This permission set configures which
+Secure Storage APIs are available by defaultt.
+
+#### Granted Permissions
+
+In the PoC phase all commands are allowed by default.
+
+"""
+
+permissions = [
+  "allow-arch",
+  "allow-exe-extension",
+  "allow-family",
+  "allow-locale",
+  "allow-os-type",
+  "allow-platform",
+  "allow-version",
+]
diff --git a/plugins/secure-storage/src/commands.rs b/plugins/secure-storage/src/commands.rs
index ef1e074e4..b8c373204 100644
--- a/plugins/secure-storage/src/commands.rs
+++ b/plugins/secure-storage/src/commands.rs
@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT
 
-use tauri::{AppHandle, Runtime, command};
+use tauri::{command, AppHandle, Runtime};
 
 use crate::{Result, SecureStorageExt};
 
diff --git a/plugins/secure-storage/src/error.rs b/plugins/secure-storage/src/error.rs
index 42cb83f59..7af8ece59 100644
--- a/plugins/secure-storage/src/error.rs
+++ b/plugins/secure-storage/src/error.rs
@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT
 
-use serde::{Serialize, ser::Serializer};
+use serde::{ser::Serializer, Serialize};
 
 pub type Result<T> = std::result::Result<T, Error>;
 
diff --git a/plugins/secure-storage/src/lib.rs b/plugins/secure-storage/src/lib.rs
index 31e395873..7b2a88b78 100644
--- a/plugins/secure-storage/src/lib.rs
+++ b/plugins/secure-storage/src/lib.rs
@@ -4,8 +4,8 @@
 
 use keyring::Entry;
 use tauri::{
-    AppHandle, Manager, Runtime,
     plugin::{Builder, TauriPlugin},
+    AppHandle, Manager, Runtime,
 };
 
 mod commands;