* Allow SetUpgradeAuthority instruction in CPI calls (#16676)
* feat: allow SetAuthority in CLI calls
* chore: clippy match_like_matches_macro
* chore: clippy match_like_matches_macro
* chore: rename CLI to CPI
* chore: move check for cpi authorised instruction to syscalls
* chore: add set_upgrade_authority cpi test
* chore: assert upgrade authority was changed
* feat: gate set_upgrade_authority via cpi with a feature
* chore: move feature to the end of the list
* chore: remove white spaces
* chore: remove white spaces
* chore: update comment to rerun build
(cherry picked from commit 1a658c7f31
)
# Conflicts:
# programs/bpf/Cargo.toml
# programs/bpf_loader/src/syscalls.rs
# sdk/src/feature_set.rs
* chore: fixe merge conflicts
Co-authored-by: Sebastian Bor <Sebastian_Bor@hotmail.com>
This commit is contained in:
@@ -20,7 +20,8 @@ use solana_sdk::{
|
||||
epoch_schedule::EpochSchedule,
|
||||
feature_set::{
|
||||
cpi_data_cost, cpi_share_ro_and_exec_accounts, demote_sysvar_write_locks,
|
||||
enforce_aligned_host_addrs, sysvar_via_syscall, update_data_on_realloc,
|
||||
enforce_aligned_host_addrs, set_upgrade_authority_via_cpi_enabled, sysvar_via_syscall,
|
||||
update_data_on_realloc,
|
||||
},
|
||||
hash::{Hasher, HASH_BYTES},
|
||||
ic_msg,
|
||||
@@ -1817,12 +1818,16 @@ fn check_account_infos(
|
||||
fn check_authorized_program(
|
||||
program_id: &Pubkey,
|
||||
instruction_data: &[u8],
|
||||
invoke_context: &Ref<&mut dyn InvokeContext>,
|
||||
) -> Result<(), EbpfError<BpfError>> {
|
||||
if native_loader::check_id(program_id)
|
||||
|| bpf_loader::check_id(program_id)
|
||||
|| bpf_loader_deprecated::check_id(program_id)
|
||||
|| (bpf_loader_upgradeable::check_id(program_id)
|
||||
&& !bpf_loader_upgradeable::is_upgrade_instruction(instruction_data))
|
||||
&& !(bpf_loader_upgradeable::is_upgrade_instruction(instruction_data)
|
||||
|| (bpf_loader_upgradeable::is_set_authority_instruction(instruction_data)
|
||||
&& invoke_context
|
||||
.is_feature_active(&set_upgrade_authority_via_cpi_enabled::id()))))
|
||||
{
|
||||
return Err(SyscallError::ProgramNotSupported(*program_id).into());
|
||||
}
|
||||
@@ -1936,7 +1941,7 @@ fn call<'a>(
|
||||
}
|
||||
})
|
||||
.collect::<Vec<bool>>();
|
||||
check_authorized_program(&callee_program_id, &instruction.data)?;
|
||||
check_authorized_program(&callee_program_id, &instruction.data, &invoke_context)?;
|
||||
let (accounts, account_refs) = syscall.translate_accounts(
|
||||
&message.account_keys,
|
||||
&caller_write_privileges,
|
||||
|
Reference in New Issue
Block a user