Skip to content

Commit

Permalink
Feature gate permissioned signer
Browse files Browse the repository at this point in the history
  • Loading branch information
@runtian-zhou
runtian-zhou committed Jan 13, 2025
1 parent afcf6ee commit ce6813c
Show file tree
Hide file tree
Showing 6 changed files with 95 additions and 0 deletions.
13 changes: 13 additions & 0 deletions aptos-move/aptos-release-builder/data/permissioned_signer.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
---
remote_endpoint: ~
name: "v1.26-enable-permissioned_signer"
proposals:
- name: feature_flags
metadata:
title: "Enable permissioned signer feature flag"
description: "Enable permissioned signer in the aptos framework"
execution_mode: MultiStep
update_sequence:
- FeatureFlag:
enabled:
- permissioned_signer
3 changes: 3 additions & 0 deletions aptos-move/aptos-release-builder/src/components/feature_flags.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@ pub enum FeatureFlag {
NativeMemoryOperations,
EnableLoaderV2,
DisallowInitModuleToPublishModules,
PermissionedSigner,
}

fn generate_features_blob(writer: &CodeWriter, data: &[u64]) {
Expand Down Expand Up @@ -357,6 +358,7 @@ impl From<FeatureFlag> for AptosFeatureFlag {
FeatureFlag::DisallowInitModuleToPublishModules => {
AptosFeatureFlag::DISALLOW_INIT_MODULE_TO_PUBLISH_MODULES
},
FeatureFlag::PermissionedSigner => AptosFeatureFlag::PERMISSIONED_SIGNER,
}
}
}
Expand Down Expand Up @@ -507,6 +509,7 @@ impl From<AptosFeatureFlag> for FeatureFlag {
AptosFeatureFlag::DISALLOW_INIT_MODULE_TO_PUBLISH_MODULES => {
FeatureFlag::DisallowInitModuleToPublishModules
},
AptosFeatureFlag::PERMISSIONED_SIGNER => FeatureFlag::PermissionedSigner,
}
}
}
Expand Down
12 changes: 12 additions & 0 deletions aptos-move/framework/aptos-framework/sources/permissioned_signer.move
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
/// After introducing the core functionality, examples are provided for withdraw limit on accounts, and
/// for blind signing.
module aptos_framework::permissioned_signer {
use std::features;
use std::signer;
use std::error;
use std::vector;
Expand Down Expand Up @@ -49,6 +50,9 @@ module aptos_framework::permissioned_signer {
/// given master signer.
const E_NOT_ACTIVE: u64 = 8;

/// Permissioned signer feature is not activated.
const EPERMISSION_SIGNER_DISABLED: u64 = 9;

const U256_MAX: u256 =
115792089237316195423570985008687907853269984665640564039457584007913129639935;

Expand Down Expand Up @@ -217,6 +221,10 @@ module aptos_framework::permissioned_signer {
/// signer interacts with various framework functions, it would subject to permission checks
/// and would abort if check fails.
public fun signer_from_permissioned_handle(p: &PermissionedHandle): signer {
assert!(
features::is_permissioned_signer_enabled(),
error::permission_denied(EPERMISSION_SIGNER_DISABLED)
);
signer_from_permissioned_handle_impl(
p.master_account_addr, p.permissions_storage_addr
)
Expand All @@ -226,6 +234,10 @@ module aptos_framework::permissioned_signer {
public(package) fun signer_from_storable_permissioned_handle(
p: &StorablePermissionedHandle
): signer {
assert!(
features::is_permissioned_signer_enabled(),
error::permission_denied(EPERMISSION_SIGNER_DISABLED)
);
assert!(
timestamp::now_seconds() < p.expiration_time,
error::permission_denied(E_PERMISSION_EXPIRED)
Expand Down
57 changes: 57 additions & 0 deletions aptos-move/framework/move-stdlib/doc/features.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,8 @@ return true.
- [Function `is_collection_owner_enabled`](#0x1_features_is_collection_owner_enabled)
- [Function `get_native_memory_operations_feature`](#0x1_features_get_native_memory_operations_feature)
- [Function `is_native_memory_operations_enabled`](#0x1_features_is_native_memory_operations_enabled)
- [Function `get_permissioned_signer_feature`](#0x1_features_get_permissioned_signer_feature)
- [Function `is_permissioned_signer_enabled`](#0x1_features_is_permissioned_signer_enabled)
- [Function `change_feature_flags`](#0x1_features_change_feature_flags)
- [Function `change_feature_flags_internal`](#0x1_features_change_feature_flags_internal)
- [Function `change_feature_flags_for_next_epoch`](#0x1_features_change_feature_flags_for_next_epoch)
Expand Down Expand Up @@ -754,6 +756,15 @@ Lifetime: transient



<a id="0x1_features_PERMISSIONED_SIGNER"></a>



<pre><code><b>const</b> <a href="features.md#0x1_features_PERMISSIONED_SIGNER">PERMISSIONED_SIGNER</a>: u64 = 82;
</code></pre>



<a id="0x1_features_PRIMARY_APT_FUNGIBLE_STORE_AT_USER_ADDRESS"></a>


Expand Down Expand Up @@ -3330,6 +3341,52 @@ Deprecated feature



</details>

<a id="0x1_features_get_permissioned_signer_feature"></a>

## Function `get_permissioned_signer_feature`



<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_permissioned_signer_feature">get_permissioned_signer_feature</a>(): u64
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_get_permissioned_signer_feature">get_permissioned_signer_feature</a>(): u64 { <a href="features.md#0x1_features_PERMISSIONED_SIGNER">PERMISSIONED_SIGNER</a> }
</code></pre>



</details>

<a id="0x1_features_is_permissioned_signer_enabled"></a>

## Function `is_permissioned_signer_enabled`



<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_is_permissioned_signer_enabled">is_permissioned_signer_enabled</a>(): bool
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code><b>public</b> <b>fun</b> <a href="features.md#0x1_features_is_permissioned_signer_enabled">is_permissioned_signer_enabled</a>(): bool <b>acquires</b> <a href="features.md#0x1_features_Features">Features</a> {
<a href="features.md#0x1_features_is_enabled">is_enabled</a>(<a href="features.md#0x1_features_PERMISSIONED_SIGNER">PERMISSIONED_SIGNER</a>)
}
</code></pre>



</details>

<a id="0x1_features_change_feature_flags"></a>
Expand Down
8 changes: 8 additions & 0 deletions aptos-move/framework/move-stdlib/sources/configs/features.move
View file
Original file line number Diff line number Diff line change
Expand Up @@ -615,6 +615,14 @@ module std::features {
is_enabled(NATIVE_MEMORY_OPERATIONS)
}

const PERMISSIONED_SIGNER: u64 = 83;

public fun get_permissioned_signer_feature(): u64 { PERMISSIONED_SIGNER }

public fun is_permissioned_signer_enabled(): bool acquires Features {
is_enabled(PERMISSIONED_SIGNER)
}

// ============================================================================================
// Feature Flag Implementation

Expand Down
2 changes: 2 additions & 0 deletions types/src/on_chain_config/aptos_features.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ pub enum FeatureFlag {
/// that results in a new package created but without any code. With this feature, it is no
/// longer possible and an explicit error is returned if publishing is attempted.
DISALLOW_INIT_MODULE_TO_PUBLISH_MODULES = 82,
PERMISSIONED_SIGNER = 83,
}

impl FeatureFlag {
Expand Down Expand Up @@ -186,6 +187,7 @@ impl FeatureFlag {
FeatureFlag::COLLECTION_OWNER,
FeatureFlag::ENABLE_LOADER_V2,
FeatureFlag::DISALLOW_INIT_MODULE_TO_PUBLISH_MODULES,
FeatureFlag::PERMISSIONED_SIGNER,
]
}
}
Expand Down

0 comments on commit ce6813c

Please sign in to comment.