src,permission: add --allow-addon flag

[RafaelGSS]

Ref: nodejs/security-wg#898 (comment)

cc: @nodejs/security-wg

[nodejs-github-bot]

Review requested:

• @nodejs/security-wg

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/56333/

[tniessen]

Is my understanding correct that the existing --addons flag is not supposed to affect the permission model? That might be a bit confusing, but on the other hand, this separation between feature control (--[no-]addons) and permissions (--experimental-permission --allow-addons) might actually be good.

[RafaelGSS]

this separation between feature control (--[no-]addons) and permissions (--experimental-permission --allow-addons) might actually be good.

That's the idea, I believe having specific flags to allow operations (even if a similar flag exists - --addons) is the best DX and more maintainable from the permission model side.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/56374/

[joyeecheung]

Instead of overloading the value used for --addons, can we just add allow_addons into the considerations in Environment::no_native_addons()? Also it would be clearer if allow_addons is renamed to something like allow_addons_in_permissions to differentiate this with --addons.

[RafaelGSS]

I'm following a pattern we use on the permission model:

• --allow-child-process
• --allow-worker
• --allow-fs-read
• --allow-fs-write

I feel naming it as --allow-addons-in-permissions would be odd. The reason I'm not touching the Environment::no_native_addons() logic is that it would be less clear from a permission model perspective if we handle permissions in a separate point of nodejs initialization/getter. That's pretty much what I told Tobias.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/56393/

[nodejs-github-bot]

Commit Queue failed

- Loading data for nodejs/node/pull/51183
✔  Done loading data for nodejs/node/pull/51183
----------------------------------- PR info ------------------------------------
Title      src,permission: add --allow-addon flag (#51183)
Author     Rafael Gonzaga  (@RafaelGSS)
Branch     RafaelGSS:permission-allow-addon -> nodejs:main
Labels     c++, semver-minor, process, needs-ci, permission
Commits    1
 - src,permission: add --allow-addon flag
Committers 1
 - RafaelGSS 
PR-URL: https://github.com/nodejs/node/pull/51183
Reviewed-By: Marco Ippolito 
------------------------------ Generated metadata ------------------------------
PR-URL: https://github.com/nodejs/node/pull/51183
Reviewed-By: Marco Ippolito 
--------------------------------------------------------------------------------
   ℹ  This PR was created on Sat, 16 Dec 2023 16:10:58 GMT
   ✔  Approvals: 1
   ✔  - Marco Ippolito (@marco-ippolito): https://github.com/nodejs/node/pull/51183#pullrequestreview-1792882483
   ✘  This PR needs to wait 51 more hours to land (or 0 hours if there is one more approval)
   ✔  Last GitHub CI successful
   ℹ  Last Full PR CI on 2023-12-19T18:26:42Z: https://ci.nodejs.org/job/node-test-pull-request/56393/
- Querying data for job/node-test-pull-request/56393/
   ✔  Last Jenkins CI successful
--------------------------------------------------------------------------------
   ✔  Aborted `git node land` session in /home/runner/work/node/node/.ncu

https://github.com/nodejs/node/actions/runs/7288256191

[ShogunPanda]

LGTM!

[nodejs-github-bot]

Landed in 918e36e