Skip to content

Commit

Permalink
Restrict internal APIs of all actors (#809)
Browse files Browse the repository at this point in the history
  • Loading branch information
arajasek committed Dec 7, 2022
1 parent 09a067b commit f9452de
Show file tree
Hide file tree
Showing 9 changed files with 21 additions and 7 deletions.
3 changes: 2 additions & 1 deletion actors/cron/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// SPDX-License-Identifier: Apache-2.0, MIT

use fil_actors_runtime::runtime::{ActorCode, Runtime};
use fil_actors_runtime::{actor_error, cbor, ActorError, SYSTEM_ACTOR_ADDR};
use fil_actors_runtime::{actor_error, cbor, restrict_internal_api, ActorError, SYSTEM_ACTOR_ADDR};

use fvm_ipld_encoding::tuple::*;
use fvm_ipld_encoding::RawBytes;
Expand Down Expand Up @@ -83,6 +83,7 @@ impl ActorCode for Actor {
where
RT: Runtime,
{
restrict_internal_api(rt, method)?;
match FromPrimitive::from_u64(method) {
Some(Method::Constructor) => {
Self::constructor(rt, cbor::deserialize_params(params)?)?;
Expand Down
1 change: 1 addition & 0 deletions actors/cron/tests/cron_actor_test.rs
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ fn epoch_tick_with_entries() {
}

fn construct_and_verify(rt: &mut MockRuntime, params: &ConstructorParams) {
rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
let ret = rt.call::<CronActor>(1, &RawBytes::serialize(&params).unwrap()).unwrap();
assert_eq!(RawBytes::default(), ret);
Expand Down
3 changes: 2 additions & 1 deletion actors/paych/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
use fil_actors_runtime::runtime::builtins::Type;
use fil_actors_runtime::runtime::{ActorCode, Runtime};
use fil_actors_runtime::{
actor_error, cbor, resolve_to_actor_id, ActorDowncast, ActorError, Array,
actor_error, cbor, resolve_to_actor_id, restrict_internal_api, ActorDowncast, ActorError, Array,
};
use fvm_ipld_blockstore::Blockstore;
use fvm_ipld_encoding::RawBytes;
Expand Down Expand Up @@ -324,6 +324,7 @@ impl ActorCode for Actor {
where
RT: Runtime,
{
restrict_internal_api(rt, method)?;
match FromPrimitive::from_u64(method) {
Some(Method::Constructor) => {
Self::constructor(rt, cbor::deserialize_params(params)?)?;
Expand Down
4 changes: 4 additions & 0 deletions actors/paych/tests/paych_actor_test.rs
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ mod paych_constructor {
#[test]
fn actor_doesnt_exist_test() {
let mut rt = construct_runtime();
rt.set_caller(*INIT_ACTOR_CODE_ID, INIT_ACTOR_ADDR);
rt.expect_validate_caller_type(vec![Type::Init]);
let params = ConstructorParams {
to: Address::new_id(TEST_PAYCH_ADDR),
Expand Down Expand Up @@ -226,6 +227,7 @@ mod paych_constructor {
ExitCode::OK,
);

rt.set_caller(*INIT_ACTOR_CODE_ID, INIT_ACTOR_ADDR);
rt.expect_validate_caller_type(vec![Type::Init]);
let params = ConstructorParams { from: non_id_addr, to: to_addr };
expect_abort(
Expand Down Expand Up @@ -263,6 +265,7 @@ mod paych_constructor {
ExitCode::OK,
);

rt.set_caller(*INIT_ACTOR_CODE_ID, INIT_ACTOR_ADDR);
rt.expect_validate_caller_type(vec![Type::Init]);
let params = ConstructorParams { from: from_addr, to: non_id_addr };
expect_abort(
Expand Down Expand Up @@ -1198,6 +1201,7 @@ fn require_add_new_lane(rt: &mut MockRuntime, param: LaneParams) -> SignedVouche

fn construct_and_verify(rt: &mut MockRuntime, sender: Address, receiver: Address) {
let params = ConstructorParams { from: sender, to: receiver };
rt.set_caller(*INIT_ACTOR_CODE_ID, INIT_ACTOR_ADDR);
rt.expect_validate_caller_type(vec![Type::Init]);
call(rt, METHOD_CONSTRUCTOR, &RawBytes::serialize(&params).unwrap());
rt.verify();
Expand Down
5 changes: 3 additions & 2 deletions actors/power/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ use ext::init;
use fil_actors_runtime::runtime::builtins::Type;
use fil_actors_runtime::runtime::{ActorCode, Runtime};
use fil_actors_runtime::{
actor_error, cbor, make_map_with_root_and_bitwidth, ActorDowncast, ActorError, Multimap,
CRON_ACTOR_ADDR, INIT_ACTOR_ADDR, REWARD_ACTOR_ADDR, SYSTEM_ACTOR_ADDR,
actor_error, cbor, make_map_with_root_and_bitwidth, restrict_internal_api, ActorDowncast,
ActorError, Multimap, CRON_ACTOR_ADDR, INIT_ACTOR_ADDR, REWARD_ACTOR_ADDR, SYSTEM_ACTOR_ADDR,
};
use fvm_ipld_encoding::RawBytes;
use fvm_shared::address::Address;
Expand Down Expand Up @@ -625,6 +625,7 @@ impl ActorCode for Actor {
where
RT: Runtime,
{
restrict_internal_api(rt, method)?;
match FromPrimitive::from_u64(method) {
Some(Method::Constructor) => {
Self::constructor(rt)?;
Expand Down
1 change: 1 addition & 0 deletions actors/power/tests/harness/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ pub struct Harness {

impl Harness {
pub fn construct(&self, rt: &mut MockRuntime) {
rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
rt.call::<PowerActor>(Method::Constructor as MethodNum, &RawBytes::default()).unwrap();
rt.verify()
Expand Down
5 changes: 3 additions & 2 deletions actors/reward/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@

use fil_actors_runtime::runtime::{ActorCode, Runtime};
use fil_actors_runtime::{
actor_error, cbor, ActorError, BURNT_FUNDS_ACTOR_ADDR, EXPECTED_LEADERS_PER_EPOCH,
STORAGE_POWER_ACTOR_ADDR, SYSTEM_ACTOR_ADDR,
actor_error, cbor, restrict_internal_api, ActorError, BURNT_FUNDS_ACTOR_ADDR,
EXPECTED_LEADERS_PER_EPOCH, STORAGE_POWER_ACTOR_ADDR, SYSTEM_ACTOR_ADDR,
};

use fvm_ipld_encoding::RawBytes;
Expand Down Expand Up @@ -223,6 +223,7 @@ impl ActorCode for Actor {
where
RT: Runtime,
{
restrict_internal_api(rt, method)?;
match FromPrimitive::from_u64(method) {
Some(Method::Constructor) => {
let param: Option<BigIntDe> = cbor::deserialize_params(params)?;
Expand Down
1 change: 1 addition & 0 deletions actors/reward/tests/reward_actor_test.rs
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,7 @@ fn construct_and_verify(curr_power: &StoragePower) -> MockRuntime {
caller_type: *SYSTEM_ACTOR_CODE_ID,
..Default::default()
};
rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
let ret = rt
.call::<RewardActor>(
Expand Down
5 changes: 4 additions & 1 deletion actors/system/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@ use num_derive::FromPrimitive;
use num_traits::FromPrimitive;

use fil_actors_runtime::runtime::{ActorCode, Runtime};
use fil_actors_runtime::{actor_error, ActorContext, ActorError, AsActorError, SYSTEM_ACTOR_ADDR};
use fil_actors_runtime::{
actor_error, restrict_internal_api, ActorContext, ActorError, AsActorError, SYSTEM_ACTOR_ADDR,
};

#[cfg(feature = "fil-actor")]
fil_actors_runtime::wasm_trampoline!(Actor);
Expand Down Expand Up @@ -73,6 +75,7 @@ impl ActorCode for Actor {
where
RT: Runtime,
{
restrict_internal_api(rt, method)?;
match FromPrimitive::from_u64(method) {
Some(Method::Constructor) => {
Self::constructor(rt)?;
Expand Down

0 comments on commit f9452de

Please sign in to comment.