diff --git a/aptos-move/aptos-release-builder/data/permissioned_signer.yaml b/aptos-move/aptos-release-builder/data/permissioned_signer.yaml new file mode 100644 index 0000000000000..2212b4e38ca83 --- /dev/null +++ b/aptos-move/aptos-release-builder/data/permissioned_signer.yaml @@ -0,0 +1,13 @@ +--- +remote_endpoint: ~ +name: "v1.26-enable-permissioned_signer" +proposals: + - name: feature_flags + metadata: + title: "Enable permissioned signer feature flag" + description: "Enable permissioned signer in the aptos framework" + execution_mode: MultiStep + update_sequence: + - FeatureFlag: + enabled: + - permissioned_signer \ No newline at end of file diff --git a/aptos-move/aptos-release-builder/src/components/feature_flags.rs b/aptos-move/aptos-release-builder/src/components/feature_flags.rs index b4334bbcd1322..0b669d2198bf1 100644 --- a/aptos-move/aptos-release-builder/src/components/feature_flags.rs +++ b/aptos-move/aptos-release-builder/src/components/feature_flags.rs @@ -134,6 +134,7 @@ pub enum FeatureFlag { NativeMemoryOperations, EnableLoaderV2, DisallowInitModuleToPublishModules, + PermissionedSigner, } fn generate_features_blob(writer: &CodeWriter, data: &[u64]) { @@ -357,6 +358,7 @@ impl From for AptosFeatureFlag { FeatureFlag::DisallowInitModuleToPublishModules => { AptosFeatureFlag::DISALLOW_INIT_MODULE_TO_PUBLISH_MODULES }, + FeatureFlag::PermissionedSigner => AptosFeatureFlag::PERMISSIONED_SIGNER, } } } @@ -507,6 +509,7 @@ impl From for FeatureFlag { AptosFeatureFlag::DISALLOW_INIT_MODULE_TO_PUBLISH_MODULES => { FeatureFlag::DisallowInitModuleToPublishModules }, + AptosFeatureFlag::PERMISSIONED_SIGNER => FeatureFlag::PermissionedSigner, } } } diff --git a/aptos-move/framework/aptos-framework/sources/permissioned_signer.move b/aptos-move/framework/aptos-framework/sources/permissioned_signer.move index 0debe0ebef866..ca53e43f61c9e 100644 --- a/aptos-move/framework/aptos-framework/sources/permissioned_signer.move +++ b/aptos-move/framework/aptos-framework/sources/permissioned_signer.move @@ -14,6 +14,7 @@ /// After introducing the core functionality, examples are provided for withdraw limit on accounts, and /// for blind signing. module aptos_framework::permissioned_signer { + use std::features; use std::signer; use std::error; use std::vector; @@ -49,6 +50,9 @@ module aptos_framework::permissioned_signer { /// given master signer. const E_NOT_ACTIVE: u64 = 8; + /// Permissioned signer feature is not activated. + const EPERMISSION_SIGNER_DISABLED: u64 = 9; + const U256_MAX: u256 = 115792089237316195423570985008687907853269984665640564039457584007913129639935; @@ -217,6 +221,10 @@ module aptos_framework::permissioned_signer { /// signer interacts with various framework functions, it would subject to permission checks /// and would abort if check fails. public fun signer_from_permissioned_handle(p: &PermissionedHandle): signer { + assert!( + features::is_permissioned_signer_enabled(), + error::permission_denied(EPERMISSION_SIGNER_DISABLED) + ); signer_from_permissioned_handle_impl( p.master_account_addr, p.permissions_storage_addr ) @@ -226,6 +234,10 @@ module aptos_framework::permissioned_signer { public(package) fun signer_from_storable_permissioned_handle( p: &StorablePermissionedHandle ): signer { + assert!( + features::is_permissioned_signer_enabled(), + error::permission_denied(EPERMISSION_SIGNER_DISABLED) + ); assert!( timestamp::now_seconds() < p.expiration_time, error::permission_denied(E_PERMISSION_EXPIRED) diff --git a/aptos-move/framework/move-stdlib/doc/features.md b/aptos-move/framework/move-stdlib/doc/features.md index ba2122e8a9788..bc291c952b7cd 100644 --- a/aptos-move/framework/move-stdlib/doc/features.md +++ b/aptos-move/framework/move-stdlib/doc/features.md @@ -135,6 +135,8 @@ return true. - [Function `is_collection_owner_enabled`](#0x1_features_is_collection_owner_enabled) - [Function `get_native_memory_operations_feature`](#0x1_features_get_native_memory_operations_feature) - [Function `is_native_memory_operations_enabled`](#0x1_features_is_native_memory_operations_enabled) +- [Function `get_permissioned_signer_feature`](#0x1_features_get_permissioned_signer_feature) +- [Function `is_permissioned_signer_enabled`](#0x1_features_is_permissioned_signer_enabled) - [Function `change_feature_flags`](#0x1_features_change_feature_flags) - [Function `change_feature_flags_internal`](#0x1_features_change_feature_flags_internal) - [Function `change_feature_flags_for_next_epoch`](#0x1_features_change_feature_flags_for_next_epoch) @@ -754,6 +756,15 @@ Lifetime: transient + + + + +
const PERMISSIONED_SIGNER: u64 = 82;
+
+ + + @@ -3330,6 +3341,52 @@ Deprecated feature + + + + +## Function `get_permissioned_signer_feature` + + + +
public fun get_permissioned_signer_feature(): u64
+
+ + + +
+Implementation + + +
public fun get_permissioned_signer_feature(): u64 { PERMISSIONED_SIGNER }
+
+ + + +
+ + + +## Function `is_permissioned_signer_enabled` + + + +
public fun is_permissioned_signer_enabled(): bool
+
+ + + +
+Implementation + + +
public fun is_permissioned_signer_enabled(): bool acquires Features {
+    is_enabled(PERMISSIONED_SIGNER)
+}
+
+ + +
diff --git a/aptos-move/framework/move-stdlib/sources/configs/features.move b/aptos-move/framework/move-stdlib/sources/configs/features.move index 2b3a5291c600d..62f60c569e424 100644 --- a/aptos-move/framework/move-stdlib/sources/configs/features.move +++ b/aptos-move/framework/move-stdlib/sources/configs/features.move @@ -615,6 +615,14 @@ module std::features { is_enabled(NATIVE_MEMORY_OPERATIONS) } + const PERMISSIONED_SIGNER: u64 = 83; + + public fun get_permissioned_signer_feature(): u64 { PERMISSIONED_SIGNER } + + public fun is_permissioned_signer_enabled(): bool acquires Features { + is_enabled(PERMISSIONED_SIGNER) + } + // ============================================================================================ // Feature Flag Implementation diff --git a/types/src/on_chain_config/aptos_features.rs b/types/src/on_chain_config/aptos_features.rs index 6b03fc343137d..2eb853194f837 100644 --- a/types/src/on_chain_config/aptos_features.rs +++ b/types/src/on_chain_config/aptos_features.rs @@ -104,6 +104,7 @@ pub enum FeatureFlag { /// that results in a new package created but without any code. With this feature, it is no /// longer possible and an explicit error is returned if publishing is attempted. DISALLOW_INIT_MODULE_TO_PUBLISH_MODULES = 82, + PERMISSIONED_SIGNER = 83, } impl FeatureFlag { @@ -186,6 +187,7 @@ impl FeatureFlag { FeatureFlag::COLLECTION_OWNER, FeatureFlag::ENABLE_LOADER_V2, FeatureFlag::DISALLOW_INIT_MODULE_TO_PUBLISH_MODULES, + FeatureFlag::PERMISSIONED_SIGNER, ] } }