davidlattimore
commented
11 months ago Probably you're right. I've erred on the side of overclassifying rather than risking underclassifying. I think I probably need a more foolproof method to determine which functions actually access files to make sure I don't miss any. One way I've been considering is by disassembling functions to look for syscalls, then working back from there to determine what functions use each API.
In the meantime, if you delete (or rename) your cackle.toml, then run cargo acl again and select "Create custom initial config", you'll be able to inline each API definition rather than importing them. That will give you the chance to edit them. It also means that if the built-in API definitions change, you won't get those new API definitions which is maybe good, maybe bad. If you do come up with some alternative API definitions that you think are better than the ones currently built into cackle, I'd be open to integrating them.
I feel like this is not needed, I expected fs permission for only manipulating files like reads/writes etc, but requires fs permission just for creating paths from strings seems to much in my opinion.