Feature gate permissioned signer

aptos-labs · Dec 17, 2024 · 6494f73 · 6494f73
1 parent 60ce91a
commit 6494f73
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 0 deletions.
diff --git a/aptos-move/aptos-release-builder/data/permissioned_signer.yaml b/aptos-move/aptos-release-builder/data/permissioned_signer.yaml
@@ -0,0 +1,13 @@
+---
+remote_endpoint: ~
+name: "v1.26-enable-permissioned_signer"
+proposals:
+  - name: feature_flags
+    metadata:
+      title: "Enable permissioned signer feature flag"
+      description: "Enable permissioned signer in the aptos framework"
+    execution_mode: MultiStep
+    update_sequence:
+      - FeatureFlag:
+          enabled:
+            - permissioned_signer
diff --git a/aptos-move/aptos-release-builder/src/components/feature_flags.rs b/aptos-move/aptos-release-builder/src/components/feature_flags.rs
@@ -133,6 +133,7 @@ pub enum FeatureFlag {
     CollectionOwner,
     NativeMemoryOperations,
     EnableLoaderV2,
+    PermissionedSigner,
 }
 
 fn generate_features_blob(writer: &CodeWriter, data: &[u64]) {
@@ -351,6 +352,7 @@ impl From<FeatureFlag> for AptosFeatureFlag {
             FeatureFlag::CollectionOwner => AptosFeatureFlag::COLLECTION_OWNER,
             FeatureFlag::NativeMemoryOperations => AptosFeatureFlag::NATIVE_MEMORY_OPERATIONS,
             FeatureFlag::EnableLoaderV2 => AptosFeatureFlag::ENABLE_LOADER_V2,
+            FeatureFlag::PermissionedSigner => AptosFeatureFlag::PERMISSIONED_SIGNER,
         }
     }
 }
@@ -496,6 +498,7 @@ impl From<AptosFeatureFlag> for FeatureFlag {
             AptosFeatureFlag::COLLECTION_OWNER => FeatureFlag::CollectionOwner,
             AptosFeatureFlag::NATIVE_MEMORY_OPERATIONS => FeatureFlag::NativeMemoryOperations,
             AptosFeatureFlag::ENABLE_LOADER_V2 => FeatureFlag::EnableLoaderV2,
+            AptosFeatureFlag::PERMISSIONED_SIGNER => FeatureFlag::PermissionedSigner,
         }
     }
 }

diff --git a/aptos-move/framework/aptos-framework/sources/permissioned_signer.move b/aptos-move/framework/aptos-framework/sources/permissioned_signer.move
@@ -14,6 +14,7 @@
 /// After introducing the core functionality, examples are provided for withdraw limit on accounts, and
 /// for blind signing.
 module aptos_framework::permissioned_signer {
+    use std::features;
     use std::signer;
     use std::error;
     use std::vector;
@@ -62,6 +63,9 @@ module aptos_framework::permissioned_signer {
     /// given master signer.
     const E_NOT_ACTIVE: u64 = 8;
 
+    /// Permissioned signer feature is not activated.
+    const EPERMISSION_SIGNER_DISABLED: u64 = 9;
+
     const U256_MAX: u256 =
         115792089237316195423570985008687907853269984665640564039457584007913129639935;
 
@@ -210,6 +214,10 @@ module aptos_framework::permissioned_signer {
     /// signer interacts with various framework functions, it would subject to permission checks
     /// and would abort if check fails.
     public fun signer_from_permissioned_handle(p: &PermissionedHandle): signer {
+        assert!(
+            features::is_permissioned_signer_enabled(),
+            error::permission_denied(EPERMISSION_SIGNER_DISABLED)
+        );
         signer_from_permissioned_handle_impl(
             p.master_account_addr, p.permissions_storage_addr
         )
@@ -219,6 +227,10 @@ module aptos_framework::permissioned_signer {
     public(friend) fun signer_from_storable_permissioned_handle(
         p: &StorablePermissionedHandle
     ): signer {
+        assert!(
+            features::is_permissioned_signer_enabled(),
+            error::permission_denied(EPERMISSION_SIGNER_DISABLED)
+        );
         assert!(
             timestamp::now_seconds() < p.expiration_time,
             error::permission_denied(E_PERMISSION_EXPIRED)

diff --git a/aptos-move/framework/move-stdlib/sources/configs/features.move b/aptos-move/framework/move-stdlib/sources/configs/features.move
@@ -607,6 +607,14 @@ module std::features {
         is_enabled(COLLECTION_OWNER)
     }
 
+    const PERMISSIONED_SIGNER: u64 = 82;
+
+    public fun get_permissioned_signer_feature(): u64 { PERMISSIONED_SIGNER }
+
+    public fun is_permissioned_signer_enabled(): bool acquires Features {
+        is_enabled(PERMISSIONED_SIGNER)
+    }
+
     // ============================================================================================
     // Feature Flag Implementation
 

diff --git a/types/src/on_chain_config/aptos_features.rs b/types/src/on_chain_config/aptos_features.rs
@@ -100,6 +100,7 @@ pub enum FeatureFlag {
     /// AIP-105 (https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-105.md)
     NATIVE_MEMORY_OPERATIONS = 80,
     ENABLE_LOADER_V2 = 81,
+    PERMISSIONED_SIGNER = 82,
 }
 
 impl FeatureFlag {
@@ -179,6 +180,7 @@ impl FeatureFlag {
             FeatureFlag::NATIVE_MEMORY_OPERATIONS,
             FeatureFlag::COLLECTION_OWNER,
             FeatureFlag::ENABLE_LOADER_V2,
+            FeatureFlag::PERMISSIONED_SIGNER,
         ]
     }
 }