From 472be557951027cfd81b085be8689c82a929571f Mon Sep 17 00:00:00 2001 From: runtianz Date: Tue, 17 Dec 2024 23:18:25 +0800 Subject: [PATCH] Feature gate permissioned signer --- .../data/permissioned_signer.yaml | 13 +++++++++++++ .../src/components/feature_flags.rs | 3 +++ .../sources/permissioned_signer.move | 12 ++++++++++++ .../move-stdlib/sources/configs/features.move | 8 ++++++++ types/src/on_chain_config/aptos_features.rs | 2 ++ 5 files changed, 38 insertions(+) create mode 100644 aptos-move/aptos-release-builder/data/permissioned_signer.yaml diff --git a/aptos-move/aptos-release-builder/data/permissioned_signer.yaml b/aptos-move/aptos-release-builder/data/permissioned_signer.yaml new file mode 100644 index 00000000000000..2212b4e38ca830 --- /dev/null +++ b/aptos-move/aptos-release-builder/data/permissioned_signer.yaml @@ -0,0 +1,13 @@ +--- +remote_endpoint: ~ +name: "v1.26-enable-permissioned_signer" +proposals: + - name: feature_flags + metadata: + title: "Enable permissioned signer feature flag" + description: "Enable permissioned signer in the aptos framework" + execution_mode: MultiStep + update_sequence: + - FeatureFlag: + enabled: + - permissioned_signer \ No newline at end of file diff --git a/aptos-move/aptos-release-builder/src/components/feature_flags.rs b/aptos-move/aptos-release-builder/src/components/feature_flags.rs index dc71091298b85c..eae971420da2b5 100644 --- a/aptos-move/aptos-release-builder/src/components/feature_flags.rs +++ b/aptos-move/aptos-release-builder/src/components/feature_flags.rs @@ -133,6 +133,7 @@ pub enum FeatureFlag { CollectionOwner, NativeMemoryOperations, EnableLoaderV2, + PermissionedSigner, } fn generate_features_blob(writer: &CodeWriter, data: &[u64]) { @@ -353,6 +354,7 @@ impl From for AptosFeatureFlag { FeatureFlag::CollectionOwner => AptosFeatureFlag::COLLECTION_OWNER, FeatureFlag::NativeMemoryOperations => AptosFeatureFlag::NATIVE_MEMORY_OPERATIONS, FeatureFlag::EnableLoaderV2 => AptosFeatureFlag::ENABLE_LOADER_V2, + FeatureFlag::PermissionedSigner => AptosFeatureFlag::PERMISSIONED_SIGNER, } } } @@ -500,6 +502,7 @@ impl From for FeatureFlag { AptosFeatureFlag::COLLECTION_OWNER => FeatureFlag::CollectionOwner, AptosFeatureFlag::NATIVE_MEMORY_OPERATIONS => FeatureFlag::NativeMemoryOperations, AptosFeatureFlag::ENABLE_LOADER_V2 => FeatureFlag::EnableLoaderV2, + AptosFeatureFlag::PERMISSIONED_SIGNER => FeatureFlag::PermissionedSigner, } } } diff --git a/aptos-move/framework/aptos-framework/sources/permissioned_signer.move b/aptos-move/framework/aptos-framework/sources/permissioned_signer.move index 9d3b446cee4343..b1857967479edd 100644 --- a/aptos-move/framework/aptos-framework/sources/permissioned_signer.move +++ b/aptos-move/framework/aptos-framework/sources/permissioned_signer.move @@ -14,6 +14,7 @@ /// After introducing the core functionality, examples are provided for withdraw limit on accounts, and /// for blind signing. module aptos_framework::permissioned_signer { + use std::features; use std::signer; use std::error; use std::vector; @@ -62,6 +63,9 @@ module aptos_framework::permissioned_signer { /// given master signer. const E_NOT_ACTIVE: u64 = 8; + /// Permissioned signer feature is not activated. + const EPERMISSION_SIGNER_DISABLED: u64 = 9; + const U256_MAX: u256 = 115792089237316195423570985008687907853269984665640564039457584007913129639935; @@ -210,6 +214,10 @@ module aptos_framework::permissioned_signer { /// signer interacts with various framework functions, it would subject to permission checks /// and would abort if check fails. public fun signer_from_permissioned_handle(p: &PermissionedHandle): signer { + assert!( + features::is_permissioned_signer_enabled(), + error::permission_denied(EPERMISSION_SIGNER_DISABLED) + ); signer_from_permissioned_handle_impl( p.master_account_addr, p.permissions_storage_addr ) @@ -219,6 +227,10 @@ module aptos_framework::permissioned_signer { public(friend) fun signer_from_storable_permissioned_handle( p: &StorablePermissionedHandle ): signer { + assert!( + features::is_permissioned_signer_enabled(), + error::permission_denied(EPERMISSION_SIGNER_DISABLED) + ); assert!( timestamp::now_seconds() < p.expiration_time, error::permission_denied(E_PERMISSION_EXPIRED) diff --git a/aptos-move/framework/move-stdlib/sources/configs/features.move b/aptos-move/framework/move-stdlib/sources/configs/features.move index 2b3a5291c600d7..734ae79e978289 100644 --- a/aptos-move/framework/move-stdlib/sources/configs/features.move +++ b/aptos-move/framework/move-stdlib/sources/configs/features.move @@ -615,6 +615,14 @@ module std::features { is_enabled(NATIVE_MEMORY_OPERATIONS) } + const PERMISSIONED_SIGNER: u64 = 82; + + public fun get_permissioned_signer_feature(): u64 { PERMISSIONED_SIGNER } + + public fun is_permissioned_signer_enabled(): bool acquires Features { + is_enabled(PERMISSIONED_SIGNER) + } + // ============================================================================================ // Feature Flag Implementation diff --git a/types/src/on_chain_config/aptos_features.rs b/types/src/on_chain_config/aptos_features.rs index 932338a25b6230..ee8857dcbe5817 100644 --- a/types/src/on_chain_config/aptos_features.rs +++ b/types/src/on_chain_config/aptos_features.rs @@ -100,6 +100,7 @@ pub enum FeatureFlag { /// AIP-105 (https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-105.md) NATIVE_MEMORY_OPERATIONS = 80, ENABLE_LOADER_V2 = 81, + PERMISSIONED_SIGNER = 82, } impl FeatureFlag { @@ -181,6 +182,7 @@ impl FeatureFlag { FeatureFlag::NATIVE_MEMORY_OPERATIONS, FeatureFlag::COLLECTION_OWNER, FeatureFlag::ENABLE_LOADER_V2, + FeatureFlag::PERMISSIONED_SIGNER, ] } }