core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon MetaMask

Replace wildcard permissions in favour of permissions with caveats

Open GuillaumeRx opened this issue 2 years ago • 1 comments

Description

Wildcards are a kind of attenuation. Caveats are the means by which permissions are attenuated in ZCAP-LD. Everything we can do with wildcards can be done with caveats. Wildcards therefore add unnecessary complexity to the PermissionController, and should be removed in favour of caveats that provides easier readability.

For example

The getBip32Entropy permission would become something like this:

Before

// PermissionController state
{
  `snap_getBip32Entropy_m/44'/1'`: { ... },
  `snap_getBip32Entropy_m/44'/60'`: { ... },
}

After

// PermissionController state
{
  `snap_getBip32Entropy`: {
    caveats: [
      {
        type: 'permittedPaths',
        value: [
          `m/44'/1'`,
          `m/44'/60'`,
        ]
    ]
  },
}

GuillaumeRx avatar Aug 09 '22 17:08 GuillaumeRx

Upon closer review, this issue is significantly complicated by our use of wildcard permissions for the snap permissions themselves. For example, in the PermissionController state, the permission to communicate with the Filecoin snap currently looks like this:

"wallet_snap_npm:@chainsafe/filsnap": {
    "caveats": null,
    "date": 1654882874322,
    "id": "Y34wk3O654MSvS1hOwXs7",
    "invoker": "https://filsnap.chainsafe.io",
    "parentCapability": "wallet_snap_npm:@chainsafe/filsnap"
}

If we got rid of wildcards, it would look something like this instead:

"wallet_snap": {
    "caveats": [{
      "type": "snapIds",
      "value": {
        "npm:@chainsafe/filsnap": {
          "version": "1.0.0"
        }
      }
    }],
    "date": 1654882874322,
    "id": "Y34wk3O654MSvS1hOwXs7",
    "invoker": "https://filsnap.chainsafe.io",
    "parentCapability": "wallet_snap"
}

The good news is that we already ask people to use wallet_enable to connect to snaps, and that already conforms to what the API would look like with caveats instead of wildcards:

async function connect () {
  await ethereum.request({
    method: 'wallet_enable',
    params: [{
      wallet_snap: { [snapId]: {} },
    }]
  })
}

Still, this significantly increases the scope of the refactor required on the Snaps side of things. We'll have to see how big and whether to proceed.

rekmarks avatar Aug 10 '22 17:08 rekmarks

We need to research this now because when we reach v1 release we will not be able to go back and change this

Montoya avatar Nov 30 '22 16:11 Montoya

Hey team! Please add your planning poker estimate with Zenhub @david0xd @FrederikBolding @GuillaumeRx @hmalik88 @Mrtenz @ritave

kenhkan avatar Dec 01 '22 22:12 kenhkan

Please see https://github.com/MetaMask/MetaMask-planning/issues/297

hmalik88 avatar Jan 06 '23 05:01 hmalik88