Add permission check to account

[runtian-zhou]

Description

Adds permission checks to account operations in the Aptos Framework to restrict key rotation and signer capability management. This introduces a new AccountPermission type and associated functions to control access to privileged account operations.

Key changes:

• Added check_signer_permission function to verify permissions
• Added grant_permission function to authorize signers
• Added permission checks to all account rotation and capability management functions
• Introduced new error code ENO_ACCOUNT_PERMISSION

Type of Change

• New feature
• Breaking change

Which Components or Systems Does This Change Impact?

• Move/Aptos Virtual Machine
• Aptos Framework

How Has This Been Tested?

TBA

Key Areas to Review

• Permission check implementation in check_signer_permission
• Integration of permission checks across account operations
• Error handling for unauthorized operations
• Permission granting mechanism in grant_permission

Checklist

• I have read and followed the CONTRIBUTING doc
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I identified and added all stakeholders and component owners affected by this change as reviewers
• I tested both happy and unhappy path of the functionality
• I have made corresponding changes to the documentation

[trunk-io]

⏱️ 3h 5m total CI duration on this PR

Slowest 15 Jobs	Cumulative Duration	Recent Runs
rust-move-unit-coverage	20m	🟩
rust-move-unit-coverage	19m	🟩
rust-move-unit-coverage	16m	🟩
rust-move-unit-coverage	15m	🟩
rust-move-unit-coverage	14m	🟩
general-lints	13m	🟩 🟩 🟩 🟩 🟩 (+2 more)
rust-cargo-deny	12m	🟩 🟩 🟩 🟩 🟩 (+2 more)
rust-move-unit-coverage	11m	🟩
check-dynamic-deps	11m	🟩 🟩 🟩 🟩 🟩 (+4 more)
rust-move-tests	9m	🟥
rust-move-tests	8m	🟥
rust-move-tests	8m	🟥
rust-move-tests	8m	🟥
semgrep/ci	3m	🟩 🟩 🟩 🟩 🟩 (+3 more)
rust-move-unit-coverage	3m	⬜

_{settings ⋅ feedback ⋅ docs ⋅ learn more about trunk.io}

[runtian-zhou]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• Add another flavor of permission api #15609
• Feature gate permissioned signer #15622
• Create benchmark #14916
• permission for framework #14605
• add perimission checks to object #14582
• Add permission check to account #14535 👈 (View in Graphite)
• add permissions for fungible assets operation #14567
• [feature] Add permissioned signer functionality #14521
• create permissioned signer example #14469
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Please upload report for BASE (asset_permission@444ac11). Learn more about missing BASE report.

Additional details and impacted files

@@                 Coverage Diff                 @@
##             asset_permission   #14535   +/-   ##
===================================================
  Coverage                    ?    59.4%           
===================================================
  Files                       ?      857           
  Lines                       ?   210762           
  Branches                    ?        0           
===================================================
  Hits                        ?   125197           
  Misses                      ?    85565           
  Partials                    ?        0           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[igor-aptos]

I don't follow fully what all of the function below do - but not all are related to key rotation, right?

If so, can we organize them, and have AccountKeyRotationPermission as a separate category, and see for the rest if we need 1 or more.

If all below are related to key rotation - then rename to AccountKeyRotationPermission - as that sounds much scarier (as it should), than AccountPermission

[graphite-app]

Add a test-only flag to optionally skip permission checks in tests by modifying check_signer_permission() to check this flag first

Spotted by Graphite Reviewer (based on CI logs)

Is this helpful? React 👍 or 👎 to let us know.