Implement FIX_LINKAUTH_RESTRICTION protocol feature

libraries/chain/authorization_manager.cpp

@@ -331,16 +331,20 @@ namespace eosio { namespace chain {
       EOS_ASSERT( auth.actor == link.account, irrelevant_auth_exception,
                   "the owner of the linked permission needs to be the actor of the declared authorization" );
 
-      EOS_ASSERT( link.type != updateauth::get_name(),  action_validate_exception,
-                  "Cannot link eosio::updateauth to a minimum permission" );
-      EOS_ASSERT( link.type != deleteauth::get_name(),  action_validate_exception,
-                  "Cannot link eosio::deleteauth to a minimum permission" );
-      EOS_ASSERT( link.type != linkauth::get_name(),    action_validate_exception,
-                  "Cannot link eosio::linkauth to a minimum permission" );
-      EOS_ASSERT( link.type != unlinkauth::get_name(),  action_validate_exception,
-                  "Cannot link eosio::unlinkauth to a minimum permission" );
-      EOS_ASSERT( link.type != canceldelay::get_name(), action_validate_exception,
-                  "Cannot link eosio::canceldelay to a minimum permission" );
+      if( link.code == config::system_account_name
+            || !_control.is_builtin_activated( builtin_protocol_feature_t::fix_linkauth_restriction ) ) 
+      {
+         EOS_ASSERT( link.type != updateauth::get_name(),  action_validate_exception,
+                     "Cannot link eosio::updateauth to a minimum permission" );
+         EOS_ASSERT( link.type != deleteauth::get_name(),  action_validate_exception,
+                     "Cannot link eosio::deleteauth to a minimum permission" );
+         EOS_ASSERT( link.type != linkauth::get_name(),    action_validate_exception,
+                     "Cannot link eosio::linkauth to a minimum permission" );
+         EOS_ASSERT( link.type != unlinkauth::get_name(),  action_validate_exception,
+                     "Cannot link eosio::unlinkauth to a minimum permission" );
+         EOS_ASSERT( link.type != canceldelay::get_name(), action_validate_exception,
+                     "Cannot link eosio::canceldelay to a minimum permission" );
+      }
 
       const auto linked_permission_name = lookup_minimum_permission(link.account, link.code, link.type);
 

libraries/chain/include/eosio/chain/protocol_feature_manager.hpp

@@ -16,7 +16,8 @@ enum class protocol_feature_t : uint32_t {
 enum class builtin_protocol_feature_t : uint32_t {
    preactivate_feature,
    only_link_to_existing_permission,
-   replace_deferred
+   replace_deferred,
+   fix_linkauth_restriction
 };
 
 struct protocol_feature_subjective_restrictions {

libraries/chain/protocol_feature_manager.cpp

@@ -50,6 +50,18 @@ Builtin protocol feature: REPLACE_DEFERRED
 
 Fix the problems associated with replacing an existing deferred transaction.
 Also corrects the RAM usage of accounts affected by the replace deferred transaction bug.
+*/
+            {}
+         } )
+         (  builtin_protocol_feature_t::fix_linkauth_restriction, builtin_protocol_feature_spec{
+            "FIX_LINKAUTH_RESTRICTION",
+            fc::variant("a98241c83511dc86c857221b9372b4aa7cea3aaebc567a48604e1d3db3557050").as<digest_type>(),
+            // SHA256 hash of the raw message below within the comment delimiters (do not modify message below).
+/*
+Builtin protocol feature: FIX_LINKAUTH_RESTRICTION
+
+Removes the restriction on eosio::linkauth for non-native actions named one of the five special action names:
+updateauth, deleteauth, linkauth, unlinkauth, or canceldelay.
 */
             {}
          } )

unittests/protocol_feature_tests.cpp

@@ -485,4 +485,74 @@ BOOST_AUTO_TEST_CASE( replace_deferred_test ) try {
 
 } FC_LOG_AND_RETHROW()
 
+BOOST_AUTO_TEST_CASE( fix_linkauth_restriction ) { try {
+   tester chain( setup_policy::preactivate_feature_and_new_bios );
+
+   const auto& tester_account = N(tester);
+
+   chain.produce_blocks();
+   chain.create_account(N(currency));
+   chain.create_account(tester_account);
+   chain.produce_blocks();
+
+   chain.push_action(config::system_account_name, updateauth::get_name(), tester_account, fc::mutable_variant_object()
+           ("account", name(tester_account).to_string())
+           ("permission", "first")
+           ("parent", "active")
+           ("auth",  authority(chain.get_public_key(tester_account, "first"), 5))
+   );
+
+   auto validate_disallow = [&] (const char *code, const char *type) {
+      BOOST_REQUIRE_EXCEPTION(
+         chain.push_action(config::system_account_name, linkauth::get_name(), tester_account, fc::mutable_variant_object()
+               ("account", name(tester_account).to_string())
+               ("code", code)
+               ("type", type)
+               ("requirement", "first")),
+         action_validate_exception,
+         fc_exception_message_is(std::string("Cannot link eosio::") + std::string(type) + std::string(" to a minimum permission"))
+      );
+   };
+
+   validate_disallow("eosio", "linkauth");
+   validate_disallow("eosio", "unlinkauth");
+   validate_disallow("eosio", "deleteauth");
+   validate_disallow("eosio", "updateauth");
+   validate_disallow("eosio", "canceldelay");
+
+   validate_disallow("currency", "linkauth");
+   validate_disallow("currency", "unlinkauth");
+   validate_disallow("currency", "deleteauth");
+   validate_disallow("currency", "updateauth");
+   validate_disallow("currency", "canceldelay");
+
+   const auto& pfm = chain.control->get_protocol_feature_manager();
+   auto d = pfm.get_builtin_digest( builtin_protocol_feature_t::fix_linkauth_restriction );
+   BOOST_REQUIRE( d );
+
+   chain.preactivate_protocol_features( {*d} );
+   chain.produce_block();
+
+   auto validate_allowed = [&] (const char *code, const char *type) {
+     chain.push_action(config::system_account_name, linkauth::get_name(), tester_account, fc::mutable_variant_object()
+            ("account", name(tester_account).to_string())
+            ("code", code)
+            ("type", type)
+            ("requirement", "first"));
+   };
+
+   validate_disallow("eosio", "linkauth");
+   validate_disallow("eosio", "unlinkauth");
+   validate_disallow("eosio", "deleteauth");
+   validate_disallow("eosio", "updateauth");
+   validate_disallow("eosio", "canceldelay");
+
+   validate_allowed("currency", "linkauth");
+   validate_allowed("currency", "unlinkauth");
+   validate_allowed("currency", "deleteauth");
+   validate_allowed("currency", "updateauth");
+   validate_allowed("currency", "canceldelay");
+
+} FC_LOG_AND_RETHROW() }
+
 BOOST_AUTO_TEST_SUITE_END()