Merge pull request #1697 from zcash/1686-zcb-tor-dir-perms

zcash_client_backend: Allow disabling Tor directory permissions tightening

Cargo.lock

@@ -6158,6 +6158,7 @@ dependencies = [
  "crossbeam-channel",
  "document-features",
  "dynosaur",
+ "fs-mistrust",
  "futures-util",
  "group",
  "gumdrop",

Cargo.toml

@@ -158,6 +158,7 @@ incrementalmerkletree-testing = "0.3"
 #   failure due to incompatible `libsqlite3-sys` versions.
 arti-client = { version = "0.23", default-features = false, features = ["compression", "rustls", "tokio"] }
 dynosaur = "0.1.1"
+fs-mistrust = "0.8"
 tokio = "1"
 tor-rtcompat = "0.23"
 tower = "0.4"

zcash_client_backend/CHANGELOG.md

@@ -11,6 +11,9 @@ and this library adheres to Rust's notion of
 - MSRV is now 1.81.0.
 - Migrated to `bip32 =0.6.0-pre.1`, `nonempty 0.11`, `incrementalmerkletree 0.8`,
   `shardtree 0.6`.
+- `zcash_client_backend::tor`:
+  - `tor::Client::create` now takes an optional `with_permissions` argument for
+    configuring `fs_mistrust::Mistrust`.
 - `zcash_client_backend::wallet::Recipient` has changed:
   - The `Recipient::External` variant is now a structured variant.
   - The `Recipient::EphemeralTransparent` variant is now only available if

zcash_client_backend/Cargo.toml

@@ -120,6 +120,7 @@ crossbeam-channel.workspace = true
 rayon.workspace = true
 
 # - Tor
+fs-mistrust = { workspace = true, optional = true }
 tokio = { workspace = true, optional = true, features = ["fs"] }
 tor-rtcompat = { workspace = true, optional = true }
 tower = { workspace = true, optional = true }
@@ -201,6 +202,7 @@ sync = [
 tor = [
     "dep:arti-client",
     "dep:dynosaur",
+    "dep:fs-mistrust",
     "dep:futures-util",
     "dep:http-body-util",
     "dep:hyper",

zcash_client_backend/src/tor.rs

@@ -24,20 +24,33 @@ impl Client {
     /// Preserving the contents of this directory will speed up subsequent calls to
     /// `Client::create`.
     ///
+    /// If `with_permissions` is `None`, the default from [`arti_client`] will be used
+    /// (enable permissions checks unless the `ARTI_FS_DISABLE_PERMISSION_CHECKS` env
+    /// variable is set).
+    ///
     /// Returns an error if `tor_dir` does not exist, or if bootstrapping fails.
-    pub async fn create(tor_dir: &Path) -> Result<Self, Error> {
+    pub async fn create(
+        tor_dir: &Path,
+        with_permissions: Option<impl FnOnce(&mut fs_mistrust::MistrustBuilder)>,
+    ) -> Result<Self, Error> {
         let runtime = PreferredRuntime::current()?;
 
         if !tokio::fs::try_exists(tor_dir).await? {
             return Err(Error::MissingTorDirectory);
         }
 
-        let config = TorClientConfigBuilder::from_directories(
+        let mut config_builder = TorClientConfigBuilder::from_directories(
             tor_dir.join("arti-data"),
             tor_dir.join("arti-cache"),
-        )
+        );
-        .build()
+
-        .expect("all required fields initialized");
+        if let Some(f) = with_permissions {
+            f(config_builder.storage().permissions());
+        }
+
+        let config = config_builder
+            .build()
+            .expect("all required fields initialized");
 
         let client_builder = TorClient::with_runtime(runtime).config(config);