Skip to content

Commit

Permalink
doc: rename policy references
Browse files Browse the repository at this point in the history
  • Loading branch information
RafaelGSS committed Aug 23, 2022
1 parent 311a003 commit 0d77b21
Show file tree
Hide file tree
Showing 4 changed files with 453 additions and 20 deletions.
2 changes: 1 addition & 1 deletion doc/api/errors.md
Original file line number Diff line number Diff line change
Expand Up @@ -3577,7 +3577,7 @@ The native call from `process.cpuUsage` could not be processed.
[domains]: domain.md
[event emitter-based]: events.md#class-eventemitter
[file descriptors]: https://en.wikipedia.org/wiki/File_descriptor
[policy]: policy.md
[policy]: permissions.md#policies
[self-reference a package using its name]: packages.md#self-referencing-a-package-using-its-name
[stream-based]: stream.md
[syscall]: https://man7.org/linux/man-pages/man2/syscalls.2.html
Expand Down
2 changes: 1 addition & 1 deletion doc/api/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
* [OS](os.md)
* [Path](path.md)
* [Performance hooks](perf_hooks.md)
* [Policies](policy.md)
* [Permissions](permissions.md)
* [Process](process.md)
* [Punycode](punycode.md)
* [Query strings](querystring.md)
Expand Down
37 changes: 19 additions & 18 deletions doc/api/permissions.md
Original file line number Diff line number Diff line change
@@ -1,26 +1,29 @@
# Permissions

This section exposes security features available to be adopted in a
Node.js application. The available scopes are:
Permissions can be used to control what system resources the
Node.js process has access to or what actions the process can take
with those resources. Permissions can also control what modules can
be accessed by other modules.

* [Resource-based permissions](#resource-based-permissions)
* [Process-based permissions](#process-based-permissions)
* [Process-based permissions](#process-based-permissions) control the Node.js process's access to
resources such as the file system or the network. The resource can be
entirely allowed or denied, or actions related to it can be controlled;
for example, you can allow file system reads while denying writes.

Resource-based permissions stands for the managment of modules using
policies. A policy can guarantee which module/resource is available
during the application execution.
* [Module-based permissions](#module-based-permissions) control which files or URLs are available
to other modules during application execution. This can be used to
control what modules can be accessed by third-party dependencies,
for example.

Process-based permissions stands for the management of resources such
as _File System_ or _Network_. A permission can be configured to restrict
access to specific resources, for instance, one can restrict access to
all the _File System_ write.
Both types of permissions can be used together to provide a
safer environment. If you find a potential security vulnerability,
please refer to our [Security Policy][].

Both permissions can be used together to provide a safer environment.
## Process-based permissions

**Note**: if you find a potential security vulnerability on Node.js,
refer to our [Security Policy][].
// STUB

## Resource-based permissions
## Module-based permissions

## Policies

Expand Down Expand Up @@ -447,9 +450,7 @@ not adopt the origin of the `blob:` URL.
Additionally, import maps only work on `import` so it may be desirable to add a
`"import"` condition to all dependency mappings.

## Process-based permissions

[Security Policy]: https://github.com/nodejs/node/blob/main/SECURITY.md
[import maps]: https://url.spec.whatwg.org/#relative-url-with-fragment-string
[relative-url string]: https://url.spec.whatwg.org/#relative-url-with-fragment-string
[special schemes]: https://url.spec.whatwg.org/#special-scheme
[Security Policy]: https://github.com/nodejs/node/blob/main/SECURITY.md
Loading

0 comments on commit 0d77b21

Please sign in to comment.