Fence snaps endowments and permissions for stable/flask (#18847)

* Fence snaps endowments and permissions for stable/flask * Fix lint * Fix tests * Actually fix tests * Fix another test
2024-11-22 09:57:02 +01:00 · 2023-05-02 14:51:16 +02:00 · 2023-05-02 14:51:16 +02:00 · 4d015de43e
commit 4d015de43e
parent 88ae10418b
4 changed files with 42 additions and 30 deletions
--- a/app/scripts/controllers/permissions/snaps/snap-permissions.test.js
+++ b/app/scripts/controllers/permissions/snaps/snap-permissions.test.js
@ -1,6 +1,7 @@
 import {
  EndowmentPermissions,
  RestrictedMethods,
+  ExcludedSnapEndowments,
 } from '../../../../../shared/constants/permissions';
 import {
  buildSnapEndowmentSpecifications,
@ -39,6 +40,13 @@ describe('buildSnapEndowmentSpecifications', () => {
  it('creates valid permission specification objects', () => {
    expect(
      Object.keys(buildSnapEndowmentSpecifications()).sort(),
-    ).toStrictEqual(Object.keys(EndowmentPermissions).sort());
+    ).toStrictEqual(
+      Object.keys(EndowmentPermissions)
+        .filter(
+          (targetKey) =>
+            !Object.keys(ExcludedSnapEndowments).includes(targetKey),
+        )
+        .sort(),
+    );
  });
 });
--- a/shared/constants/permissions.test.js
+++ b/shared/constants/permissions.test.js
@ -9,13 +9,15 @@ import {

 describe('EndowmentPermissions', () => {
  it('has the expected permission keys', () => {
+    // Since long-running is fenced out this causes problems with the test, we re-add it here.
    expect(Object.keys(EndowmentPermissions).sort()).toStrictEqual(
-      Object.keys(endowmentPermissionBuilders)
-        .filter(
+      [
+        'endowment:long-running',
+        ...Object.keys(endowmentPermissionBuilders).filter(
          (targetKey) =>
            !Object.keys(ExcludedSnapEndowments).includes(targetKey),
-        )
-        .sort(),
+        ),
+      ].sort(),
    );
  });
 });
--- a/shared/constants/permissions.ts
+++ b/shared/constants/permissions.ts
@ -17,29 +17,5 @@ export const RestrictedMethods = Object.freeze({
 } as const);

 ///: BEGIN:ONLY_INCLUDE_IN(snaps)
-/**
- * Exclude permissions by code fencing them to avoid any potential usage of excluded permissions at runtime. See: https://github.com/MetaMask/metamask-extension/pull/17321#pullrequestreview-1287014285.
- * This is a fix for https://github.com/MetaMask/snaps-monorepo/issues/1103 and https://github.com/MetaMask/snaps-monorepo/issues/990.
- * TODO: Disable endowment:long-running and eth_account in stable.
- */
-export const EndowmentPermissions = Object.freeze({
-  'endowment:network-access': 'endowment:network-access',
-  'endowment:transaction-insight': 'endowment:transaction-insight',
-  'endowment:cronjob': 'endowment:cronjob',
-  'endowment:ethereum-provider': 'endowment:ethereum-provider',
-  'endowment:rpc': 'endowment:rpc',
-  'endowment:long-running': 'endowment:long-running',
-  'endowment:webassembly': 'endowment:webassembly',
-} as const);
-
-// Methods / permissions in external packages that we are temporarily excluding.
-export const ExcludedSnapPermissions = Object.freeze({
-  eth_accounts:
-    'eth_accounts is disabled. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/990.',
-});
-
-export const ExcludedSnapEndowments = Object.freeze({
-  'endowment:keyring':
-    'This endowment is still in development therefore not available.',
-});
+export * from './snaps/permissions';
 ///: END:ONLY_INCLUDE_IN
--- a/shared/constants/snaps/permissions.ts
+++ b/shared/constants/snaps/permissions.ts
@ -0,0 +1,26 @@
+export const EndowmentPermissions = Object.freeze({
+  'endowment:network-access': 'endowment:network-access',
+  'endowment:transaction-insight': 'endowment:transaction-insight',
+  'endowment:cronjob': 'endowment:cronjob',
+  'endowment:ethereum-provider': 'endowment:ethereum-provider',
+  'endowment:rpc': 'endowment:rpc',
+  'endowment:webassembly': 'endowment:webassembly',
+  ///: BEGIN:ONLY_INCLUDE_IN(build-flask)
+  'endowment:long-running': 'endowment:long-running',
+  ///: END:ONLY_INCLUDE_IN
+} as const);
+
+// Methods / permissions in external packages that we are temporarily excluding.
+export const ExcludedSnapPermissions = Object.freeze({
+  eth_accounts:
+    'eth_accounts is disabled. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/990.',
+});
+
+export const ExcludedSnapEndowments = Object.freeze({
+  'endowment:keyring':
+    'This endowment is still in development therefore not available.',
+  ///: BEGIN:ONLY_INCLUDE_IN(build-main)
+  'endowment:long-running':
+    'endowment:long-running is deprecated. For more information please see https://github.com/MetaMask/snaps-monorepo/issues/945.',
+  ///: END:ONLY_INCLUDE_IN
+});