From 8261f2c7f69c9e8d86e718137df743324b33e44d Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Fri, 12 Aug 2022 13:30:08 -0300 Subject: [PATCH] doc: rename policy references --- doc/api/errors.md | 2 +- doc/api/index.md | 2 +- doc/api/permissions.md | 33 ++++++++++++--------------------- doc/api/policy.md | 11 +++++++++++ 4 files changed, 25 insertions(+), 23 deletions(-) create mode 100644 doc/api/policy.md diff --git a/doc/api/errors.md b/doc/api/errors.md index 4c544ef734776e..0608cacce13ec0 100644 --- a/doc/api/errors.md +++ b/doc/api/errors.md @@ -3577,7 +3577,7 @@ The native call from `process.cpuUsage` could not be processed. [domains]: domain.md [event emitter-based]: events.md#class-eventemitter [file descriptors]: https://en.wikipedia.org/wiki/File_descriptor -[policy]: policy.md +[policy]: permissions.md#policies [self-reference a package using its name]: packages.md#self-referencing-a-package-using-its-name [stream-based]: stream.md [syscall]: https://man7.org/linux/man-pages/man2/syscalls.2.html diff --git a/doc/api/index.md b/doc/api/index.md index c999258769c95b..9c35550f5daf81 100644 --- a/doc/api/index.md +++ b/doc/api/index.md @@ -45,7 +45,7 @@ * [OS](os.md) * [Path](path.md) * [Performance hooks](perf_hooks.md) -* [Policies](policy.md) +* [Permissions](permissions.md) * [Process](process.md) * [Punycode](punycode.md) * [Query strings](querystring.md) diff --git a/doc/api/permissions.md b/doc/api/permissions.md index fe6385c7e1dd70..e2764c0ef957ad 100644 --- a/doc/api/permissions.md +++ b/doc/api/permissions.md @@ -1,26 +1,19 @@ # Permissions -This section exposes security features available to be adopted in a -Node.js application. The available scopes are: +Permissions can be used to control what system resources the +Node.js process has access to or what actions the process can take +with those resources. Permissions can also control what modules can +be accessed by other modules. -* [Resource-based permissions](#resource-based-permissions) -* [Process-based permissions](#process-based-permissions) +* [Module-based permissions](#module-based-permissions) control which files + or URLs are available to other modules during application execution. + This can be used to control what modules can be accessed by third-party + dependencies, for example. -Resource-based permissions stands for the managment of modules using -policies. A policy can guarantee which module/resource is available -during the application execution. +If you find a potential security vulnerability, please refer to our +[Security Policy][]. -Process-based permissions stands for the management of resources such -as _File System_ or _Network_. A permission can be configured to restrict -access to specific resources, for instance, one can restrict access to -all the _File System_ write. - -Both permissions can be used together to provide a safer environment. - -**Note**: if you find a potential security vulnerability on Node.js, -refer to our [Security Policy][]. - -## Resource-based permissions +## Module-based permissions ## Policies @@ -447,9 +440,7 @@ not adopt the origin of the `blob:` URL. Additionally, import maps only work on `import` so it may be desirable to add a `"import"` condition to all dependency mappings. -## Process-based permissions - +[Security Policy]: https://github.com/nodejs/node/blob/main/SECURITY.md [import maps]: https://url.spec.whatwg.org/#relative-url-with-fragment-string [relative-url string]: https://url.spec.whatwg.org/#relative-url-with-fragment-string [special schemes]: https://url.spec.whatwg.org/#special-scheme -[Security Policy]: https://github.com/nodejs/node/blob/main/SECURITY.md diff --git a/doc/api/policy.md b/doc/api/policy.md new file mode 100644 index 00000000000000..cf2ff88b7ffdaf --- /dev/null +++ b/doc/api/policy.md @@ -0,0 +1,11 @@ +# Policies + + + + + +> Stability: 1 - Experimental + +The former Policies documentation is now at [Permissions documentation][] + +[Permissions documentation]: permissions.md#policies