refactor: add deno_permissions crate (#22236)

Issue https://github.com/denoland/deno/issues/22222 ![image](2af8474b-b919-4519-98ce-9d29bc7829f2) This PR moves `runtime/permissions` code to a upstream crate called `deno_permissions`. The `deno_permissions::PermissionsContainer` is put into the OpState and can be used instead of the current trait-based permissions system. For this PR, I've migrated `deno_fetch` to the new crate but kept the rest of the trait-based system as a wrapper of `deno_permissions` crate. Doing the migration all at once is error prone and hard to review. Comparing incremental compile times for `ext/fetch` on Mac M1: | profile | `cargo build --bin deno` | `cargo plonk build --bin deno` | | --------- | ------------- | ------------------- | | `debug` | 20 s | 0.8s | | `release` | 4 mins 12 s | 1.4s |
2025-08-04 02:48:24 +00:00 · 2024-03-12 10:42:26 -07:00 · 2024-03-12 10:42:26 -07:00 · de28e6fc09
commit de28e6fc09
parent 4a88695563
16 changed files with 381 additions and 210 deletions
--- a/cli/ops/testing.rs
+++ b/cli/ops/testing.rs
@ -57,7 +57,7 @@ pub fn op_pledge_test_permissions(
  let token = Uuid::new_v4();
  let parent_permissions = state.borrow_mut::<PermissionsContainer>();
  let worker_permissions = {
-    let mut parent_permissions = parent_permissions.0.lock();
+    let mut parent_permissions = parent_permissions.0 .0.lock();
    let perms = create_child_permissions(&mut parent_permissions, args)?;
    PermissionsContainer::new(perms)
  };
@ -69,6 +69,7 @@ pub fn op_pledge_test_permissions(
  state.put::<PermissionsHolder>(PermissionsHolder(token, parent_permissions));

  // NOTE: This call overrides current permission set for the worker
+  state.put(worker_permissions.0.clone());
  state.put::<PermissionsContainer>(worker_permissions);

  Ok(token)
@ -85,6 +86,7 @@ pub fn op_restore_test_permissions(
    }

    let permissions = permissions_holder.1;
+    state.put(permissions.0.clone());
    state.put::<PermissionsContainer>(permissions);
    Ok(())
  } else {