SC: privilege support #1311
SC: privilege support #1311
Conversation
| REGISTER_LEGACY_HOST_FUNCTION(get_resource_limits, privileged_check); | ||
| REGISTER_HOST_FUNCTION(get_parameters_packed, privileged_check); | ||
| REGISTER_HOST_FUNCTION(set_parameters_packed, privileged_check); | ||
| REGISTER_HOST_FUNCTION(set_parameters_packed, privileged_check, action_check); // Not allowed in sync calls. Change of max_sync_call_depth will interfere with active sync calls. |
There was a problem hiding this comment.
Does this prevent any useful sub-divide of the system contract?
There was a problem hiding this comment.
I hated to break the uniformity of privileged host function preconditions too. The worse is this restriction is due to implementation of sync call wasm allocator queue resizing.
With the restriction, implementation would be simpler. We can resize right at when set_parameters_packed is executed.
Without the restriction, we know set_parameters_packed cannot be called from read-only threads and in read-window. On the main thread, we will need to check if max_sync_call_depth has changed after every sync call. If changed, we resize the wasm allocator queue.
@spoonincode, @arhag What do you think about this?
There was a problem hiding this comment.
Personally I lean toward allowing it. The complication with resizing can be avoided by simply never shrinking the allocator vector/queue during operation. (yeah this leaves some resources unused until restart but seems no big deal)
There was a problem hiding this comment.
Thanks. I will revert to allow it.
Allow privileged host functions to be called if the receiver has the privileged permission.
Resolve #1279