refactor: core plugin permissions are now prefixed core:, closes #10359 (#10390)

* refactor: core plugin permissions are now prefixed core:, closes #10359

* code review

* expand reserved plugin names

* fix

* add core:default permission set

* fix permission usage

---------

Co-authored-by: Tillmann <28728469+tweidinger@users.noreply.github.com>

.changes/core-plugin-namespace.md

@@ -0,0 +1,9 @@
+---
+"tauri": patch:breaking
+"tauri-plugin": patch:breaking
+"@tauri-apps/cli": patch:breaking
+"tauri-cli": patch:breaking
+---
+
+Core plugin permissions are now prefixed with `core:`, the `core:default` permission set can now be used and the `core` plugin name is reserved.
+The `tauri migrate` tool will automate the migration process, which involves prefixing all `app`, `event`, `image`, `menu`, `path`, `resources`, `tray`, `webview` and `window` permissions with `core:`.

core/tauri-acl-schema/capability-schema.json

@@ -1,7 +1,7 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "title": "Capability",
-  "description": "A grouping and boundary mechanism developers can use to isolate access to the IPC layer.\n\n It controls application windows fine grained access to the Tauri core, application, or plugin commands.\n If a window is not matching any capability then it has no access to the IPC layer at all.\n\n This can be done to create groups of windows, based on their required system access, which can reduce\n impact of frontend vulnerabilities in less privileged windows.\n Windows can be added to a capability by exact name (e.g. `main-window`) or glob patterns like `*` or `admin-*`.\n A Window can have none, one, or multiple associated capabilities.\n\n ## Example\n\n ```json\n {\n   \"identifier\": \"main-user-files-write\",\n   \"description\": \"This capability allows the `main` window on macOS and Windows access to `filesystem` write related commands and `dialog` commands to enable programatic access to files selected by the user.\",\n   \"windows\": [\n     \"main\"\n   ],\n  \"permissions\": [\n   \"path:default\",\n   \"dialog:open\",\n   {\n     \"identifier\": \"fs:allow-write-text-file\",\n     \"allow\": [{ \"path\": \"$HOME/test.txt\" }]\n   },\n  \"platforms\": [\"macOS\",\"windows\"]\n }\n ```",
+  "description": "A grouping and boundary mechanism developers can use to isolate access to the IPC layer.\n\n It controls application windows fine grained access to the Tauri core, application, or plugin commands.\n If a window is not matching any capability then it has no access to the IPC layer at all.\n\n This can be done to create groups of windows, based on their required system access, which can reduce\n impact of frontend vulnerabilities in less privileged windows.\n Windows can be added to a capability by exact name (e.g. `main-window`) or glob patterns like `*` or `admin-*`.\n A Window can have none, one, or multiple associated capabilities.\n\n ## Example\n\n ```json\n {\n   \"identifier\": \"main-user-files-write\",\n   \"description\": \"This capability allows the `main` window on macOS and Windows access to `filesystem` write related commands and `dialog` commands to enable programatic access to files selected by the user.\",\n   \"windows\": [\n     \"main\"\n   ],\n  \"permissions\": [\n   \"core:default\",\n   \"dialog:open\",\n   {\n     \"identifier\": \"fs:allow-write-text-file\",\n     \"allow\": [{ \"path\": \"$HOME/test.txt\" }]\n   },\n  \"platforms\": [\"macOS\",\"windows\"]\n }\n ```",
   "type": "object",
   "required": [
     "identifier",
@@ -48,7 +48,7 @@
       }
     },
     "permissions": {
-      "description": "List of permissions attached to this capability.\n\n Must include the plugin name as prefix in the form of `${plugin-name}:${permission-name}`.\n For commands directly implemented in the application itself only `${permission-name}`\n is required.\n\n ## Example\n\n ```json\n [\n  \"path:default\",\n  \"event:default\",\n  \"window:default\",\n  \"app:default\",\n  \"image:default\",\n  \"resources:default\",\n  \"menu:default\",\n  \"tray:default\",\n  \"shell:allow-open\",\n  \"dialog:open\",\n  {\n    \"identifier\": \"fs:allow-write-text-file\",\n    \"allow\": [{ \"path\": \"$HOME/test.txt\" }]\n  }\n ```",
+      "description": "List of permissions attached to this capability.\n\n Must include the plugin name as prefix in the form of `${plugin-name}:${permission-name}`.\n For commands directly implemented in the application itself only `${permission-name}`\n is required.\n\n ## Example\n\n ```json\n [\n  \"core:default\",\n  \"shell:allow-open\",\n  \"dialog:open\",\n  {\n    \"identifier\": \"fs:allow-write-text-file\",\n    \"allow\": [{ \"path\": \"$HOME/test.txt\" }]\n  }\n ```",
       "type": "array",
       "items": {
         "$ref": "#/definitions/PermissionEntry"

core/tauri-build/src/acl.rs

@@ -473,10 +473,13 @@ pub fn validate_capabilities(
 
     for permission_entry in &capability.permissions {
       let permission_id = permission_entry.identifier();
-      let (key, permission_name) = permission_id
-        .get()
-        .split_once(':')
-        .unwrap_or_else(|| (APP_ACL_KEY, permission_id.get()));
+
+      let key = permission_id.get_prefix().unwrap_or(APP_ACL_KEY);
+      let permission_name = permission_id.get_base();
+
+      if key == "core" && permission_name == "default" {
+        continue;
+      }
 
       let permission_exists = acl_manifests
         .get(key)

core/tauri-config-schema/schema.json

@@ -1082,7 +1082,7 @@
       ]
     },
     "Capability": {
-      "description": "A grouping and boundary mechanism developers can use to isolate access to the IPC layer.\n\n It controls application windows fine grained access to the Tauri core, application, or plugin commands.\n If a window is not matching any capability then it has no access to the IPC layer at all.\n\n This can be done to create groups of windows, based on their required system access, which can reduce\n impact of frontend vulnerabilities in less privileged windows.\n Windows can be added to a capability by exact name (e.g. `main-window`) or glob patterns like `*` or `admin-*`.\n A Window can have none, one, or multiple associated capabilities.\n\n ## Example\n\n ```json\n {\n   \"identifier\": \"main-user-files-write\",\n   \"description\": \"This capability allows the `main` window on macOS and Windows access to `filesystem` write related commands and `dialog` commands to enable programatic access to files selected by the user.\",\n   \"windows\": [\n     \"main\"\n   ],\n  \"permissions\": [\n   \"path:default\",\n   \"dialog:open\",\n   {\n     \"identifier\": \"fs:allow-write-text-file\",\n     \"allow\": [{ \"path\": \"$HOME/test.txt\" }]\n   },\n  \"platforms\": [\"macOS\",\"windows\"]\n }\n ```",
+      "description": "A grouping and boundary mechanism developers can use to isolate access to the IPC layer.\n\n It controls application windows fine grained access to the Tauri core, application, or plugin commands.\n If a window is not matching any capability then it has no access to the IPC layer at all.\n\n This can be done to create groups of windows, based on their required system access, which can reduce\n impact of frontend vulnerabilities in less privileged windows.\n Windows can be added to a capability by exact name (e.g. `main-window`) or glob patterns like `*` or `admin-*`.\n A Window can have none, one, or multiple associated capabilities.\n\n ## Example\n\n ```json\n {\n   \"identifier\": \"main-user-files-write\",\n   \"description\": \"This capability allows the `main` window on macOS and Windows access to `filesystem` write related commands and `dialog` commands to enable programatic access to files selected by the user.\",\n   \"windows\": [\n     \"main\"\n   ],\n  \"permissions\": [\n   \"core:default\",\n   \"dialog:open\",\n   {\n     \"identifier\": \"fs:allow-write-text-file\",\n     \"allow\": [{ \"path\": \"$HOME/test.txt\" }]\n   },\n  \"platforms\": [\"macOS\",\"windows\"]\n }\n ```",
       "type": "object",
       "required": [
         "identifier",
@@ -1129,7 +1129,7 @@
           }
         },
         "permissions": {
-          "description": "List of permissions attached to this capability.\n\n Must include the plugin name as prefix in the form of `${plugin-name}:${permission-name}`.\n For commands directly implemented in the application itself only `${permission-name}`\n is required.\n\n ## Example\n\n ```json\n [\n  \"path:default\",\n  \"event:default\",\n  \"window:default\",\n  \"app:default\",\n  \"image:default\",\n  \"resources:default\",\n  \"menu:default\",\n  \"tray:default\",\n  \"shell:allow-open\",\n  \"dialog:open\",\n  {\n    \"identifier\": \"fs:allow-write-text-file\",\n    \"allow\": [{ \"path\": \"$HOME/test.txt\" }]\n  }\n ```",
+          "description": "List of permissions attached to this capability.\n\n Must include the plugin name as prefix in the form of `${plugin-name}:${permission-name}`.\n For commands directly implemented in the application itself only `${permission-name}`\n is required.\n\n ## Example\n\n ```json\n [\n  \"core:default\",\n  \"shell:allow-open\",\n  \"dialog:open\",\n  {\n    \"identifier\": \"fs:allow-write-text-file\",\n    \"allow\": [{ \"path\": \"$HOME/test.txt\" }]\n  }\n ```",
           "type": "array",
           "items": {
             "$ref": "#/definitions/PermissionEntry"

core/tauri-plugin/src/build/mod.rs

@@ -13,6 +13,8 @@ use serde::de::DeserializeOwned;
 
 use std::{env::var, io::Cursor};
 
+const RESERVED_PLUGIN_NAMES: &[&str] = &["core", "tauri"];
+
 pub fn plugin_config<T: DeserializeOwned>(name: &str) -> Option<T> {
   let config_env_var_name = format!(
     "TAURI_{}_PLUGIN_CONFIG",
@@ -93,6 +95,9 @@ impl<'a> Builder<'a> {
     if name.contains('_') {
       anyhow::bail!("plugin names cannot contain underscores");
     }
+    if RESERVED_PLUGIN_NAMES.contains(&name.as_str()) {
+      anyhow::bail!("plugin name `{name}` is reserved");
+    }
 
     let out_dir = PathBuf::from(build_var("OUT_DIR")?);
 

core/tauri-utils/src/acl/capability.rs

@@ -94,7 +94,7 @@ impl<'de> Deserialize<'de> for PermissionEntry {
 ///     "main"
 ///   ],
 ///  "permissions": [
-///   "path:default",
+///   "core:default",
 ///   "dialog:open",
 ///   {
 ///     "identifier": "fs:allow-write-text-file",
@@ -174,14 +174,7 @@ pub struct Capability {
   ///
   /// ```json
   /// [
-  ///  "path:default",
-  ///  "event:default",
-  ///  "window:default",
-  ///  "app:default",
-  ///  "image:default",
-  ///  "resources:default",
-  ///  "menu:default",
-  ///  "tray:default",
+  ///  "core:default",
   ///  "shell:allow-open",
   ///  "dialog:open",
   ///  {

core/tauri-utils/src/acl/identifier.rs

@@ -10,6 +10,7 @@ use thiserror::Error;
 
 const IDENTIFIER_SEPARATOR: u8 = b':';
 const PLUGIN_PREFIX: &str = "tauri-plugin-";
+const CORE_PLUGIN_IDENTIFIER_PREFIX: &str = "core:";
 
 // https://doc.rust-lang.org/cargo/reference/manifest.html#the-name-field
 const MAX_LEN_PREFIX: usize = 64 - PLUGIN_PREFIX.len();
@@ -156,11 +157,14 @@ impl TryFrom<String> for Identifier {
       return Err(Self::Error::Empty);
     }
 
-    let mut bytes = value.bytes();
-    if bytes.len() > MAX_LEN_IDENTIFIER {
-      return Err(Self::Error::Humongous(bytes.len()));
+    if value.len() > MAX_LEN_IDENTIFIER {
+      return Err(Self::Error::Humongous(value.len()));
     }
 
+    let is_core_identifier = value.starts_with(CORE_PLUGIN_IDENTIFIER_PREFIX);
+
+    let mut bytes = value.bytes();
+
     // grab the first byte only before parsing the rest
     let mut prev = bytes
       .next()
@@ -175,7 +179,7 @@ impl TryFrom<String> for Identifier {
         None => return Err(Self::Error::InvalidFormat),
         Some(next @ ValidByte::Byte(_)) => prev = next,
         Some(ValidByte::Separator) => {
-          if separator.is_none() {
+          if separator.is_none() || is_core_identifier {
             // safe to unwrap because idx starts at 1 and cannot go over MAX_IDENTIFIER_LEN
             separator = Some(idx.try_into().unwrap());
             prev = ValidByte::Separator

core/tauri-utils/src/acl/resolved.rs

@@ -17,6 +17,18 @@ use super::{
 /// A key for a scope, used to link a [`ResolvedCommand#structfield.scope`] to the store [`Resolved#structfield.scopes`].
 pub type ScopeKey = u64;
 
+const CORE_PLUGINS: &[&str] = &[
+  "core:app",
+  "core:event",
+  "core:image",
+  "core:menu",
+  "core:path",
+  "core:resources",
+  "core:tray",
+  "core:webview",
+  "core:window",
+];
+
 /// Metadata for what referenced a [`ResolvedCommand`].
 #[cfg(debug_assertions)]
 #[derive(Default, Clone, PartialEq, Eq)]
@@ -80,7 +92,7 @@ impl Resolved {
   /// Resolves the ACL for the given plugin permissions and app capabilities.
   pub fn resolve(
     acl: &BTreeMap<String, Manifest>,
-    capabilities: BTreeMap<String, Capability>,
+    mut capabilities: BTreeMap<String, Capability>,
     target: Target,
   ) -> Result<Self, Error> {
     let mut allowed_commands = BTreeMap::new();
@@ -91,7 +103,7 @@ impl Resolved {
     let mut global_scope: BTreeMap<String, Vec<Scopes>> = BTreeMap::new();
 
     // resolve commands
-    for capability in capabilities.values() {
+    for capability in capabilities.values_mut() {
       if !capability
         .platforms
         .as_ref()
@@ -101,6 +113,20 @@ impl Resolved {
         continue;
       }
 
+      if let Some(core_default_index) = capability.permissions.iter().position(|permission| {
+        matches!(
+          permission,
+          PermissionEntry::PermissionRef(i) if i.get() == "core:default"
+        )
+      }) {
+        capability.permissions.remove(core_default_index);
+        for plugin in CORE_PLUGINS {
+          capability.permissions.push(PermissionEntry::PermissionRef(
+            format!("{plugin}:default").try_into().unwrap(),
+          ));
+        }
+      }
+
       with_resolved_permissions(
         capability,
         acl,
@@ -134,6 +160,8 @@ impl Resolved {
                 &mut allowed_commands,
                 if key == APP_ACL_KEY {
                   allowed_command.to_string()
+                } else if let Some(core_plugin_name) = key.strip_prefix("core:") {
+                  format!("plugin:{core_plugin_name}|{allowed_command}")
                 } else {
                   format!("plugin:{key}|{allowed_command}")
                 },
@@ -149,6 +177,8 @@ impl Resolved {
                 &mut denied_commands,
                 if key == APP_ACL_KEY {
                   denied_command.to_string()
+                } else if let Some(core_plugin_name) = key.strip_prefix("core:") {
+                  format!("plugin:{core_plugin_name}|{denied_command}")
                 } else {
                   format!("plugin:{key}|{denied_command}")
                 },

core/tauri/build.rs

@@ -18,8 +18,9 @@ use std::{
 static CHECKED_FEATURES: OnceLock<Mutex<Vec<String>>> = OnceLock::new();
 const PLUGINS: &[(&str, &[(&str, bool)])] = &[
   // (plugin_name, &[(command, enabled-by_default)])
+  // note that when adding new core plugins, they must be added to the ACL resolver aswell
   (
-    "path",
+    "core:path",
     &[
       ("resolve_directory", true),
       ("resolve", true),
@@ -32,7 +33,7 @@ const PLUGINS: &[(&str, &[(&str, bool)])] = &[
     ],
   ),
   (
-    "event",
+    "core:event",
     &[
       ("listen", true),
       ("unlisten", true),
@@ -41,7 +42,7 @@ const PLUGINS: &[(&str, &[(&str, bool)])] = &[
     ],
   ),
   (
-    "window",
+    "core:window",
     &[
       ("create", false),
       // getters
@@ -114,7 +115,7 @@ const PLUGINS: &[(&str, &[(&str, bool)])] = &[
     ],
   ),
   (
-    "webview",
+    "core:webview",
     &[
       ("create_webview", false),
       ("create_webview_window", false),
@@ -134,7 +135,7 @@ const PLUGINS: &[(&str, &[(&str, bool)])] = &[
     ],
   ),
   (
-    "app",
+    "core:app",
     &[
       ("version", true),
       ("name", true),
@@ -145,7 +146,7 @@ const PLUGINS: &[(&str, &[(&str, bool)])] = &[
     ],
   ),
   (
-    "image",
+    "core:image",
     &[
       ("new", true),
       ("from_bytes", true),
@@ -154,9 +155,9 @@ const PLUGINS: &[(&str, &[(&str, bool)])] = &[
       ("size", true),
     ],
   ),
-  ("resources", &[("close", true)]),
+  ("core:resources", &[("close", true)]),
   (
-    "menu",
+    "core:menu",
     &[
       ("new", true),
       ("append", true),
@@ -183,7 +184,7 @@ const PLUGINS: &[(&str, &[(&str, bool)])] = &[
     ],
   ),
   (
-    "tray",
+    "core:tray",
     &[
       ("new", true),
       ("get_by_id", true),
@@ -328,7 +329,8 @@ fn define_permissions(out_dir: &Path) {
 ";
 
   for (plugin, commands) in PLUGINS {
-    let permissions_out_dir = out_dir.join("permissions").join(plugin);
+    let plugin_directory_name = plugin.strip_prefix("core:").unwrap_or(plugin);
+    let permissions_out_dir = out_dir.join("permissions").join(plugin_directory_name);
     let autogenerated =
       permissions_out_dir.join(tauri_utils::acl::build::AUTOGENERATED_FOLDER_NAME);
     let commands_dir = autogenerated.join("commands");
@@ -375,7 +377,9 @@ permissions = [{default_permissions}]
     )
     .unwrap_or_else(|e| panic!("failed to define permissions for {plugin}: {e}"));
 
-    let docs_out_dir = Path::new("permissions").join(plugin).join("autogenerated");
+    let docs_out_dir = Path::new("permissions")
+      .join(plugin_directory_name)
+      .join("autogenerated");
     create_dir_all(&docs_out_dir).expect("failed to create plugin documentation directory");
     tauri_utils::acl::build::generate_docs(
       &permissions,

core/tauri/permissions/app/autogenerated/reference.md

@@ -18,7 +18,7 @@ Default permissions for the plugin.
 <tr>
 <td>
 
-`app:allow-app-hide`
+`core:app:allow-app-hide`
 
 </td>
 <td>
@@ -31,7 +31,7 @@ Enables the app_hide command without any pre-configured scope.
 <tr>
 <td>
 
-`app:deny-app-hide`
+`core:app:deny-app-hide`
 
 </td>
 <td>
@@ -44,7 +44,7 @@ Denies the app_hide command without any pre-configured scope.
 <tr>
 <td>
 
-`app:allow-app-show`
+`core:app:allow-app-show`
 
 </td>
 <td>
@@ -57,7 +57,7 @@ Enables the app_show command without any pre-configured scope.
 <tr>
 <td>
 
-`app:deny-app-show`
+`core:app:deny-app-show`
 
 </td>
 <td>
@@ -70,7 +70,7 @@ Denies the app_show command without any pre-configured scope.
 <tr>
 <td>
 
-`app:allow-default-window-icon`
+`core:app:allow-default-window-icon`
 
 </td>
 <td>
@@ -83,7 +83,7 @@ Enables the default_window_icon command without any pre-configured scope.
 <tr>
 <td>
 
-`app:deny-default-window-icon`
+`core:app:deny-default-window-icon`
 
 </td>
 <td>
@@ -96,7 +96,7 @@ Denies the default_window_icon command without any pre-configured scope.
 <tr>
 <td>
 
-`app:allow-name`
+`core:app:allow-name`
 
 </td>
 <td>
@@ -109,7 +109,7 @@ Enables the name command without any pre-configured scope.
 <tr>
 <td>
 
-`app:deny-name`
+`core:app:deny-name`
 
 </td>
 <td>
@@ -122,7 +122,7 @@ Denies the name command without any pre-configured scope.
 <tr>
 <td>
 
-`app:allow-tauri-version`
+`core:app:allow-tauri-version`
 
 </td>
 <td>
@@ -135,7 +135,7 @@ Enables the tauri_version command without any pre-configured scope.
 <tr>
 <td>
 
-`app:deny-tauri-version`
+`core:app:deny-tauri-version`
 
 </td>
 <td>
@@ -148,7 +148,7 @@ Denies the tauri_version command without any pre-configured scope.
 <tr>
 <td>
 
-`app:allow-version`
+`core:app:allow-version`
 
 </td>
 <td>
@@ -161,7 +161,7 @@ Enables the version command without any pre-configured scope.
 <tr>
 <td>
 
-`app:deny-version`
+`core:app:deny-version`
 
 </td>
 <td>

core/tauri/permissions/event/autogenerated/reference.md

@@ -19,7 +19,7 @@ Default permissions for the plugin.
 <tr>
 <td>
 
-`event:allow-emit`
+`core:event:allow-emit`
 
 </td>
 <td>
@@ -32,7 +32,7 @@ Enables the emit command without any pre-configured scope.
 <tr>
 <td>
 
-`event:deny-emit`
+`core:event:deny-emit`
 
 </td>
 <td>
@@ -45,7 +45,7 @@ Denies the emit command without any pre-configured scope.
 <tr>
 <td>
 
-`event:allow-emit-to`
+`core:event:allow-emit-to`
 
 </td>
 <td>
@@ -58,7 +58,7 @@ Enables the emit_to command without any pre-configured scope.
 <tr>
 <td>
 
-`event:deny-emit-to`
+`core:event:deny-emit-to`
 
 </td>
 <td>
@@ -71,7 +71,7 @@ Denies the emit_to command without any pre-configured scope.
 <tr>
 <td>
 
-`event:allow-listen`
+`core:event:allow-listen`
 
 </td>
 <td>
@@ -84,7 +84,7 @@ Enables the listen command without any pre-configured scope.
 <tr>
 <td>
 
-`event:deny-listen`
+`core:event:deny-listen`
 
 </td>
 <td>
@@ -97,7 +97,7 @@ Denies the listen command without any pre-configured scope.
 <tr>
 <td>
 
-`event:allow-unlisten`
+`core:event:allow-unlisten`
 
 </td>
 <td>
@@ -110,7 +110,7 @@ Enables the unlisten command without any pre-configured scope.
 <tr>
 <td>
 
-`event:deny-unlisten`
+`core:event:deny-unlisten`
 
 </td>
 <td>

core/tauri/permissions/image/autogenerated/reference.md

@@ -20,7 +20,7 @@ Default permissions for the plugin.
 <tr>
 <td>
 
-`image:allow-from-bytes`
+`core:image:allow-from-bytes`
 
 </td>
 <td>
@@ -33,7 +33,7 @@ Enables the from_bytes command without any pre-configured scope.
 <tr>
 <td>
 
-`image:deny-from-bytes`
+`core:image:deny-from-bytes`
 
 </td>
 <td>
@@ -46,7 +46,7 @@ Denies the from_bytes command without any pre-configured scope.
 <tr>
 <td>
 
-`image:allow-from-path`
+`core:image:allow-from-path`
 
 </td>
 <td>
@@ -59,7 +59,7 @@ Enables the from_path command without any pre-configured scope.
 <tr>
 <td>
 
-`image:deny-from-path`
+`core:image:deny-from-path`
 
 </td>
 <td>
@@ -72,7 +72,7 @@ Denies the from_path command without any pre-configured scope.
 <tr>
 <td>
 
-`image:allow-new`
+`core:image:allow-new`
 
 </td>
 <td>
@@ -85,7 +85,7 @@ Enables the new command without any pre-configured scope.
 <tr>
 <td>
 
-`image:deny-new`
+`core:image:deny-new`
 
 </td>
 <td>
@@ -98,7 +98,7 @@ Denies the new command without any pre-configured scope.
 <tr>
 <td>
 
-`image:allow-rgba`
+`core:image:allow-rgba`
 
 </td>
 <td>
@@ -111,7 +111,7 @@ Enables the rgba command without any pre-configured scope.
 <tr>
 <td>
 
-`image:deny-rgba`
+`core:image:deny-rgba`
 
 </td>
 <td>
@@ -124,7 +124,7 @@ Denies the rgba command without any pre-configured scope.
 <tr>
 <td>
 
-`image:allow-size`
+`core:image:allow-size`
 
 </td>
 <td>
@@ -137,7 +137,7 @@ Enables the size command without any pre-configured scope.
 <tr>
 <td>
 
-`image:deny-size`
+`core:image:deny-size`
 
 </td>
 <td>

core/tauri/permissions/menu/autogenerated/reference.md

@@ -37,7 +37,7 @@ Default permissions for the plugin.
 <tr>
 <td>
 
-`menu:allow-append`
+`core:menu:allow-append`
 
 </td>
 <td>
@@ -50,7 +50,7 @@ Enables the append command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-append`
+`core:menu:deny-append`
 
 </td>
 <td>
@@ -63,7 +63,7 @@ Denies the append command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-create-default`
+`core:menu:allow-create-default`
 
 </td>
 <td>
@@ -76,7 +76,7 @@ Enables the create_default command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-create-default`
+`core:menu:deny-create-default`
 
 </td>
 <td>
@@ -89,7 +89,7 @@ Denies the create_default command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-get`
+`core:menu:allow-get`
 
 </td>
 <td>
@@ -102,7 +102,7 @@ Enables the get command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-get`
+`core:menu:deny-get`
 
 </td>
 <td>
@@ -115,7 +115,7 @@ Denies the get command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-insert`
+`core:menu:allow-insert`
 
 </td>
 <td>
@@ -128,7 +128,7 @@ Enables the insert command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-insert`
+`core:menu:deny-insert`
 
 </td>
 <td>
@@ -141,7 +141,7 @@ Denies the insert command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-is-checked`
+`core:menu:allow-is-checked`
 
 </td>
 <td>
@@ -154,7 +154,7 @@ Enables the is_checked command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-is-checked`
+`core:menu:deny-is-checked`
 
 </td>
 <td>
@@ -167,7 +167,7 @@ Denies the is_checked command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-is-enabled`
+`core:menu:allow-is-enabled`
 
 </td>
 <td>
@@ -180,7 +180,7 @@ Enables the is_enabled command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-is-enabled`
+`core:menu:deny-is-enabled`
 
 </td>
 <td>
@@ -193,7 +193,7 @@ Denies the is_enabled command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-items`
+`core:menu:allow-items`
 
 </td>
 <td>
@@ -206,7 +206,7 @@ Enables the items command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-items`
+`core:menu:deny-items`
 
 </td>
 <td>
@@ -219,7 +219,7 @@ Denies the items command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-new`
+`core:menu:allow-new`
 
 </td>
 <td>
@@ -232,7 +232,7 @@ Enables the new command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-new`
+`core:menu:deny-new`
 
 </td>
 <td>
@@ -245,7 +245,7 @@ Denies the new command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-popup`
+`core:menu:allow-popup`
 
 </td>
 <td>
@@ -258,7 +258,7 @@ Enables the popup command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-popup`
+`core:menu:deny-popup`
 
 </td>
 <td>
@@ -271,7 +271,7 @@ Denies the popup command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-prepend`
+`core:menu:allow-prepend`
 
 </td>
 <td>
@@ -284,7 +284,7 @@ Enables the prepend command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-prepend`
+`core:menu:deny-prepend`
 
 </td>
 <td>
@@ -297,7 +297,7 @@ Denies the prepend command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-remove`
+`core:menu:allow-remove`
 
 </td>
 <td>
@@ -310,7 +310,7 @@ Enables the remove command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-remove`
+`core:menu:deny-remove`
 
 </td>
 <td>
@@ -323,7 +323,7 @@ Denies the remove command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-remove-at`
+`core:menu:allow-remove-at`
 
 </td>
 <td>
@@ -336,7 +336,7 @@ Enables the remove_at command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-remove-at`
+`core:menu:deny-remove-at`
 
 </td>
 <td>
@@ -349,7 +349,7 @@ Denies the remove_at command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-set-accelerator`
+`core:menu:allow-set-accelerator`
 
 </td>
 <td>
@@ -362,7 +362,7 @@ Enables the set_accelerator command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-set-accelerator`
+`core:menu:deny-set-accelerator`
 
 </td>
 <td>
@@ -375,7 +375,7 @@ Denies the set_accelerator command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-set-as-app-menu`
+`core:menu:allow-set-as-app-menu`
 
 </td>
 <td>
@@ -388,7 +388,7 @@ Enables the set_as_app_menu command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-set-as-app-menu`
+`core:menu:deny-set-as-app-menu`
 
 </td>
 <td>
@@ -401,7 +401,7 @@ Denies the set_as_app_menu command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-set-as-help-menu-for-nsapp`
+`core:menu:allow-set-as-help-menu-for-nsapp`
 
 </td>
 <td>
@@ -414,7 +414,7 @@ Enables the set_as_help_menu_for_nsapp command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-set-as-help-menu-for-nsapp`
+`core:menu:deny-set-as-help-menu-for-nsapp`
 
 </td>
 <td>
@@ -427,7 +427,7 @@ Denies the set_as_help_menu_for_nsapp command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-set-as-window-menu`
+`core:menu:allow-set-as-window-menu`
 
 </td>
 <td>
@@ -440,7 +440,7 @@ Enables the set_as_window_menu command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-set-as-window-menu`
+`core:menu:deny-set-as-window-menu`
 
 </td>
 <td>
@@ -453,7 +453,7 @@ Denies the set_as_window_menu command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-set-as-windows-menu-for-nsapp`
+`core:menu:allow-set-as-windows-menu-for-nsapp`
 
 </td>
 <td>
@@ -466,7 +466,7 @@ Enables the set_as_windows_menu_for_nsapp command without any pre-configured sco
 <tr>
 <td>
 
-`menu:deny-set-as-windows-menu-for-nsapp`
+`core:menu:deny-set-as-windows-menu-for-nsapp`
 
 </td>
 <td>
@@ -479,7 +479,7 @@ Denies the set_as_windows_menu_for_nsapp command without any pre-configured scop
 <tr>
 <td>
 
-`menu:allow-set-checked`
+`core:menu:allow-set-checked`
 
 </td>
 <td>
@@ -492,7 +492,7 @@ Enables the set_checked command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-set-checked`
+`core:menu:deny-set-checked`
 
 </td>
 <td>
@@ -505,7 +505,7 @@ Denies the set_checked command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-set-enabled`
+`core:menu:allow-set-enabled`
 
 </td>
 <td>
@@ -518,7 +518,7 @@ Enables the set_enabled command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-set-enabled`
+`core:menu:deny-set-enabled`
 
 </td>
 <td>
@@ -531,7 +531,7 @@ Denies the set_enabled command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-set-icon`
+`core:menu:allow-set-icon`
 
 </td>
 <td>
@@ -544,7 +544,7 @@ Enables the set_icon command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-set-icon`
+`core:menu:deny-set-icon`
 
 </td>
 <td>
@@ -557,7 +557,7 @@ Denies the set_icon command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-set-text`
+`core:menu:allow-set-text`
 
 </td>
 <td>
@@ -570,7 +570,7 @@ Enables the set_text command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-set-text`
+`core:menu:deny-set-text`
 
 </td>
 <td>
@@ -583,7 +583,7 @@ Denies the set_text command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:allow-text`
+`core:menu:allow-text`
 
 </td>
 <td>
@@ -596,7 +596,7 @@ Enables the text command without any pre-configured scope.
 <tr>
 <td>
 
-`menu:deny-text`
+`core:menu:deny-text`
 
 </td>
 <td>

core/tauri/permissions/path/autogenerated/reference.md

@@ -23,7 +23,7 @@ Default permissions for the plugin.
 <tr>
 <td>
 
-`path:allow-basename`
+`core:path:allow-basename`
 
 </td>
 <td>
@@ -36,7 +36,7 @@ Enables the basename command without any pre-configured scope.
 <tr>
 <td>
 
-`path:deny-basename`
+`core:path:deny-basename`
 
 </td>
 <td>
@@ -49,7 +49,7 @@ Denies the basename command without any pre-configured scope.
 <tr>
 <td>
 
-`path:allow-dirname`
+`core:path:allow-dirname`
 
 </td>
 <td>
@@ -62,7 +62,7 @@ Enables the dirname command without any pre-configured scope.
 <tr>
 <td>
 
-`path:deny-dirname`
+`core:path:deny-dirname`
 
 </td>
 <td>
@@ -75,7 +75,7 @@ Denies the dirname command without any pre-configured scope.
 <tr>
 <td>
 
-`path:allow-extname`
+`core:path:allow-extname`
 
 </td>
 <td>
@@ -88,7 +88,7 @@ Enables the extname command without any pre-configured scope.
 <tr>
 <td>
 
-`path:deny-extname`
+`core:path:deny-extname`
 
 </td>
 <td>
@@ -101,7 +101,7 @@ Denies the extname command without any pre-configured scope.
 <tr>
 <td>
 
-`path:allow-is-absolute`
+`core:path:allow-is-absolute`
 
 </td>
 <td>
@@ -114,7 +114,7 @@ Enables the is_absolute command without any pre-configured scope.
 <tr>
 <td>
 
-`path:deny-is-absolute`
+`core:path:deny-is-absolute`
 
 </td>
 <td>
@@ -127,7 +127,7 @@ Denies the is_absolute command without any pre-configured scope.
 <tr>
 <td>
 
-`path:allow-join`
+`core:path:allow-join`
 
 </td>
 <td>
@@ -140,7 +140,7 @@ Enables the join command without any pre-configured scope.
 <tr>
 <td>
 
-`path:deny-join`
+`core:path:deny-join`
 
 </td>
 <td>
@@ -153,7 +153,7 @@ Denies the join command without any pre-configured scope.
 <tr>
 <td>
 
-`path:allow-normalize`
+`core:path:allow-normalize`
 
 </td>
 <td>
@@ -166,7 +166,7 @@ Enables the normalize command without any pre-configured scope.
 <tr>
 <td>
 
-`path:deny-normalize`
+`core:path:deny-normalize`
 
 </td>
 <td>
@@ -179,7 +179,7 @@ Denies the normalize command without any pre-configured scope.
 <tr>
 <td>
 
-`path:allow-resolve`
+`core:path:allow-resolve`
 
 </td>
 <td>
@@ -192,7 +192,7 @@ Enables the resolve command without any pre-configured scope.
 <tr>
 <td>
 
-`path:deny-resolve`
+`core:path:deny-resolve`
 
 </td>
 <td>
@@ -205,7 +205,7 @@ Denies the resolve command without any pre-configured scope.
 <tr>
 <td>
 
-`path:allow-resolve-directory`
+`core:path:allow-resolve-directory`
 
 </td>
 <td>
@@ -218,7 +218,7 @@ Enables the resolve_directory command without any pre-configured scope.
 <tr>
 <td>
 
-`path:deny-resolve-directory`
+`core:path:deny-resolve-directory`
 
 </td>
 <td>

core/tauri/permissions/resources/autogenerated/reference.md

@@ -16,7 +16,7 @@ Default permissions for the plugin.
 <tr>
 <td>
 
-`resources:allow-close`
+`core:resources:allow-close`
 
 </td>
 <td>
@@ -29,7 +29,7 @@ Enables the close command without any pre-configured scope.
 <tr>
 <td>
 
-`resources:deny-close`
+`core:resources:deny-close`
 
 </td>
 <td>

core/tauri/permissions/tray/autogenerated/reference.md

@@ -26,7 +26,7 @@ Default permissions for the plugin.
 <tr>
 <td>
 
-`tray:allow-get-by-id`
+`core:tray:allow-get-by-id`
 
 </td>
 <td>
@@ -39,7 +39,7 @@ Enables the get_by_id command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:deny-get-by-id`
+`core:tray:deny-get-by-id`
 
 </td>
 <td>
@@ -52,7 +52,7 @@ Denies the get_by_id command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:allow-new`
+`core:tray:allow-new`
 
 </td>
 <td>
@@ -65,7 +65,7 @@ Enables the new command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:deny-new`
+`core:tray:deny-new`
 
 </td>
 <td>
@@ -78,7 +78,7 @@ Denies the new command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:allow-remove-by-id`
+`core:tray:allow-remove-by-id`
 
 </td>
 <td>
@@ -91,7 +91,7 @@ Enables the remove_by_id command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:deny-remove-by-id`
+`core:tray:deny-remove-by-id`
 
 </td>
 <td>
@@ -104,7 +104,7 @@ Denies the remove_by_id command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:allow-set-icon`
+`core:tray:allow-set-icon`
 
 </td>
 <td>
@@ -117,7 +117,7 @@ Enables the set_icon command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:deny-set-icon`
+`core:tray:deny-set-icon`
 
 </td>
 <td>
@@ -130,7 +130,7 @@ Denies the set_icon command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:allow-set-icon-as-template`
+`core:tray:allow-set-icon-as-template`
 
 </td>
 <td>
@@ -143,7 +143,7 @@ Enables the set_icon_as_template command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:deny-set-icon-as-template`
+`core:tray:deny-set-icon-as-template`
 
 </td>
 <td>
@@ -156,7 +156,7 @@ Denies the set_icon_as_template command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:allow-set-menu`
+`core:tray:allow-set-menu`
 
 </td>
 <td>
@@ -169,7 +169,7 @@ Enables the set_menu command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:deny-set-menu`
+`core:tray:deny-set-menu`
 
 </td>
 <td>
@@ -182,7 +182,7 @@ Denies the set_menu command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:allow-set-show-menu-on-left-click`
+`core:tray:allow-set-show-menu-on-left-click`
 
 </td>
 <td>
@@ -195,7 +195,7 @@ Enables the set_show_menu_on_left_click command without any pre-configured scope
 <tr>
 <td>
 
-`tray:deny-set-show-menu-on-left-click`
+`core:tray:deny-set-show-menu-on-left-click`
 
 </td>
 <td>
@@ -208,7 +208,7 @@ Denies the set_show_menu_on_left_click command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:allow-set-temp-dir-path`
+`core:tray:allow-set-temp-dir-path`
 
 </td>
 <td>
@@ -221,7 +221,7 @@ Enables the set_temp_dir_path command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:deny-set-temp-dir-path`
+`core:tray:deny-set-temp-dir-path`
 
 </td>
 <td>
@@ -234,7 +234,7 @@ Denies the set_temp_dir_path command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:allow-set-title`
+`core:tray:allow-set-title`
 
 </td>
 <td>
@@ -247,7 +247,7 @@ Enables the set_title command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:deny-set-title`
+`core:tray:deny-set-title`
 
 </td>
 <td>
@@ -260,7 +260,7 @@ Denies the set_title command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:allow-set-tooltip`
+`core:tray:allow-set-tooltip`
 
 </td>
 <td>
@@ -273,7 +273,7 @@ Enables the set_tooltip command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:deny-set-tooltip`
+`core:tray:deny-set-tooltip`
 
 </td>
 <td>
@@ -286,7 +286,7 @@ Denies the set_tooltip command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:allow-set-visible`
+`core:tray:allow-set-visible`
 
 </td>
 <td>
@@ -299,7 +299,7 @@ Enables the set_visible command without any pre-configured scope.
 <tr>
 <td>
 
-`tray:deny-set-visible`
+`core:tray:deny-set-visible`
 
 </td>
 <td>

core/tauri/permissions/webview/autogenerated/reference.md

@@ -18,7 +18,7 @@ Default permissions for the plugin.
 <tr>
 <td>
 
-`webview:allow-create-webview`
+`core:webview:allow-create-webview`
 
 </td>
 <td>
@@ -31,7 +31,7 @@ Enables the create_webview command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:deny-create-webview`
+`core:webview:deny-create-webview`
 
 </td>
 <td>
@@ -44,7 +44,7 @@ Denies the create_webview command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:allow-create-webview-window`
+`core:webview:allow-create-webview-window`
 
 </td>
 <td>
@@ -57,7 +57,7 @@ Enables the create_webview_window command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:deny-create-webview-window`
+`core:webview:deny-create-webview-window`
 
 </td>
 <td>
@@ -70,7 +70,7 @@ Denies the create_webview_window command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:allow-internal-toggle-devtools`
+`core:webview:allow-internal-toggle-devtools`
 
 </td>
 <td>
@@ -83,7 +83,7 @@ Enables the internal_toggle_devtools command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:deny-internal-toggle-devtools`
+`core:webview:deny-internal-toggle-devtools`
 
 </td>
 <td>
@@ -96,7 +96,7 @@ Denies the internal_toggle_devtools command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:allow-print`
+`core:webview:allow-print`
 
 </td>
 <td>
@@ -109,7 +109,7 @@ Enables the print command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:deny-print`
+`core:webview:deny-print`
 
 </td>
 <td>
@@ -122,7 +122,7 @@ Denies the print command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:allow-reparent`
+`core:webview:allow-reparent`
 
 </td>
 <td>
@@ -135,7 +135,7 @@ Enables the reparent command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:deny-reparent`
+`core:webview:deny-reparent`
 
 </td>
 <td>
@@ -148,7 +148,7 @@ Denies the reparent command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:allow-set-webview-focus`
+`core:webview:allow-set-webview-focus`
 
 </td>
 <td>
@@ -161,7 +161,7 @@ Enables the set_webview_focus command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:deny-set-webview-focus`
+`core:webview:deny-set-webview-focus`
 
 </td>
 <td>
@@ -174,7 +174,7 @@ Denies the set_webview_focus command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:allow-set-webview-position`
+`core:webview:allow-set-webview-position`
 
 </td>
 <td>
@@ -187,7 +187,7 @@ Enables the set_webview_position command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:deny-set-webview-position`
+`core:webview:deny-set-webview-position`
 
 </td>
 <td>
@@ -200,7 +200,7 @@ Denies the set_webview_position command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:allow-set-webview-size`
+`core:webview:allow-set-webview-size`
 
 </td>
 <td>
@@ -213,7 +213,7 @@ Enables the set_webview_size command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:deny-set-webview-size`
+`core:webview:deny-set-webview-size`
 
 </td>
 <td>
@@ -226,7 +226,7 @@ Denies the set_webview_size command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:allow-set-webview-zoom`
+`core:webview:allow-set-webview-zoom`
 
 </td>
 <td>
@@ -239,7 +239,7 @@ Enables the set_webview_zoom command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:deny-set-webview-zoom`
+`core:webview:deny-set-webview-zoom`
 
 </td>
 <td>
@@ -252,7 +252,7 @@ Denies the set_webview_zoom command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:allow-webview-close`
+`core:webview:allow-webview-close`
 
 </td>
 <td>
@@ -265,7 +265,7 @@ Enables the webview_close command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:deny-webview-close`
+`core:webview:deny-webview-close`
 
 </td>
 <td>
@@ -278,7 +278,7 @@ Denies the webview_close command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:allow-webview-position`
+`core:webview:allow-webview-position`
 
 </td>
 <td>
@@ -291,7 +291,7 @@ Enables the webview_position command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:deny-webview-position`
+`core:webview:deny-webview-position`
 
 </td>
 <td>
@@ -304,7 +304,7 @@ Denies the webview_position command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:allow-webview-size`
+`core:webview:allow-webview-size`
 
 </td>
 <td>
@@ -317,7 +317,7 @@ Enables the webview_size command without any pre-configured scope.
 <tr>
 <td>
 
-`webview:deny-webview-size`
+`core:webview:deny-webview-size`
 
 </td>
 <td>

core/tauri/src/ipc/authority.rs

@@ -426,7 +426,11 @@ impl RuntimeAuthority {
           )
         }
       } else {
-        let permission_error_detail = if let Some(manifest) = self.acl.get(key) {
+        let permission_error_detail = if let Some(manifest) = self
+          .acl
+          .get(key)
+          .or_else(|| self.acl.get(&format!("core:{key}")))
+        {
           let mut permissions_referencing_command = Vec::new();
 
           if let Some(default) = &manifest.default_permission {

examples/api/src-tauri/Cargo.lock

@@ -3033,7 +3033,7 @@ checksum = "e1fc403891a21bcfb7c37834ba66a547a8f402146eba7265b5a6d88059c9ff2f"
 
 [[package]]
 name = "tauri"
-version = "2.0.0-beta.24"
+version = "2.0.0-beta.25"
 dependencies = [
  "anyhow",
  "bytes",
@@ -3168,7 +3168,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-runtime"
-version = "2.0.0-beta.20"
+version = "2.0.0-beta.21"
 dependencies = [
  "dpi",
  "gtk",
@@ -3185,7 +3185,7 @@ dependencies = [
 
 [[package]]
 name = "tauri-runtime-wry"
-version = "2.0.0-beta.20"
+version = "2.0.0-beta.21"
 dependencies = [
  "cocoa",
  "gtk",

examples/api/src-tauri/capabilities/run-app.json

@@ -20,53 +20,46 @@
     "app-menu:default",
     "sample:allow-ping-scoped",
     "sample:global-scope",
-    "path:default",
-    "event:default",
-    "window:default",
-    "app:default",
-    "resources:default",
-    "image:default",
-    "menu:default",
-    "tray:default",
-    "app:allow-app-hide",
-    "app:allow-app-show",
-    "window:allow-center",
-    "window:allow-request-user-attention",
-    "window:allow-set-resizable",
-    "window:allow-set-maximizable",
-    "window:allow-set-minimizable",
-    "window:allow-set-closable",
-    "window:allow-set-title",
-    "window:allow-maximize",
-    "window:allow-unmaximize",
-    "window:allow-minimize",
-    "window:allow-unminimize",
-    "window:allow-show",
-    "window:allow-hide",
-    "window:allow-close",
-    "window:allow-set-decorations",
-    "window:allow-set-shadow",
-    "window:allow-set-effects",
-    "window:allow-set-always-on-top",
-    "window:allow-set-always-on-bottom",
-    "window:allow-set-content-protected",
-    "window:allow-set-size",
-    "window:allow-set-min-size",
-    "window:allow-set-max-size",
-    "window:allow-set-position",
-    "window:allow-set-fullscreen",
-    "window:allow-set-focus",
-    "window:allow-set-skip-taskbar",
-    "window:allow-set-cursor-grab",
-    "window:allow-set-cursor-visible",
-    "window:allow-set-cursor-icon",
-    "window:allow-set-cursor-position",
-    "window:allow-set-ignore-cursor-events",
-    "window:allow-start-dragging",
-    "window:allow-set-progress-bar",
-    "window:allow-set-icon",
-    "window:allow-toggle-maximize",
-    "webview:allow-create-webview-window",
-    "webview:allow-print"
+    "core:default",
+    "core:app:allow-app-hide",
+    "core:app:allow-app-show",
+    "core:window:allow-center",
+    "core:window:allow-request-user-attention",
+    "core:window:allow-set-resizable",
+    "core:window:allow-set-maximizable",
+    "core:window:allow-set-minimizable",
+    "core:window:allow-set-closable",
+    "core:window:allow-set-title",
+    "core:window:allow-maximize",
+    "core:window:allow-unmaximize",
+    "core:window:allow-minimize",
+    "core:window:allow-unminimize",
+    "core:window:allow-show",
+    "core:window:allow-hide",
+    "core:window:allow-close",
+    "core:window:allow-set-decorations",
+    "core:window:allow-set-shadow",
+    "core:window:allow-set-effects",
+    "core:window:allow-set-always-on-top",
+    "core:window:allow-set-always-on-bottom",
+    "core:window:allow-set-content-protected",
+    "core:window:allow-set-size",
+    "core:window:allow-set-min-size",
+    "core:window:allow-set-max-size",
+    "core:window:allow-set-position",
+    "core:window:allow-set-fullscreen",
+    "core:window:allow-set-focus",
+    "core:window:allow-set-skip-taskbar",
+    "core:window:allow-set-cursor-grab",
+    "core:window:allow-set-cursor-visible",
+    "core:window:allow-set-cursor-icon",
+    "core:window:allow-set-cursor-position",
+    "core:window:allow-set-ignore-cursor-events",
+    "core:window:allow-start-dragging",
+    "core:window:allow-set-progress-bar",
+    "core:window:allow-set-icon",
+    "core:window:allow-toggle-maximize",
+    "core:webview:allow-create-webview-window",
+    "core:webview:allow-print"
   ]
 }

examples/resources/src-tauri/capabilities/app.json

@@ -1,6 +1,11 @@
 {
   "$schema": "../gen/schemas/desktop-schema.json",
   "identifier": "app",
-  "permissions": ["event:default", "window:default"],
-  "windows": ["main"]
-}
+  "permissions": [
+    "core:event:default",
+    "core:window:default"
+  ],
+  "windows": [
+    "main"
+  ]
+}

tooling/cli/schema.json

@@ -1082,7 +1082,7 @@
       ]
     },
     "Capability": {
-      "description": "A grouping and boundary mechanism developers can use to isolate access to the IPC layer.\n\n It controls application windows fine grained access to the Tauri core, application, or plugin commands.\n If a window is not matching any capability then it has no access to the IPC layer at all.\n\n This can be done to create groups of windows, based on their required system access, which can reduce\n impact of frontend vulnerabilities in less privileged windows.\n Windows can be added to a capability by exact name (e.g. `main-window`) or glob patterns like `*` or `admin-*`.\n A Window can have none, one, or multiple associated capabilities.\n\n ## Example\n\n ```json\n {\n   \"identifier\": \"main-user-files-write\",\n   \"description\": \"This capability allows the `main` window on macOS and Windows access to `filesystem` write related commands and `dialog` commands to enable programatic access to files selected by the user.\",\n   \"windows\": [\n     \"main\"\n   ],\n  \"permissions\": [\n   \"path:default\",\n   \"dialog:open\",\n   {\n     \"identifier\": \"fs:allow-write-text-file\",\n     \"allow\": [{ \"path\": \"$HOME/test.txt\" }]\n   },\n  \"platforms\": [\"macOS\",\"windows\"]\n }\n ```",
+      "description": "A grouping and boundary mechanism developers can use to isolate access to the IPC layer.\n\n It controls application windows fine grained access to the Tauri core, application, or plugin commands.\n If a window is not matching any capability then it has no access to the IPC layer at all.\n\n This can be done to create groups of windows, based on their required system access, which can reduce\n impact of frontend vulnerabilities in less privileged windows.\n Windows can be added to a capability by exact name (e.g. `main-window`) or glob patterns like `*` or `admin-*`.\n A Window can have none, one, or multiple associated capabilities.\n\n ## Example\n\n ```json\n {\n   \"identifier\": \"main-user-files-write\",\n   \"description\": \"This capability allows the `main` window on macOS and Windows access to `filesystem` write related commands and `dialog` commands to enable programatic access to files selected by the user.\",\n   \"windows\": [\n     \"main\"\n   ],\n  \"permissions\": [\n   \"core:default\",\n   \"dialog:open\",\n   {\n     \"identifier\": \"fs:allow-write-text-file\",\n     \"allow\": [{ \"path\": \"$HOME/test.txt\" }]\n   },\n  \"platforms\": [\"macOS\",\"windows\"]\n }\n ```",
       "type": "object",
       "required": [
         "identifier",
@@ -1129,7 +1129,7 @@
           }
         },
         "permissions": {
-          "description": "List of permissions attached to this capability.\n\n Must include the plugin name as prefix in the form of `${plugin-name}:${permission-name}`.\n For commands directly implemented in the application itself only `${permission-name}`\n is required.\n\n ## Example\n\n ```json\n [\n  \"path:default\",\n  \"event:default\",\n  \"window:default\",\n  \"app:default\",\n  \"image:default\",\n  \"resources:default\",\n  \"menu:default\",\n  \"tray:default\",\n  \"shell:allow-open\",\n  \"dialog:open\",\n  {\n    \"identifier\": \"fs:allow-write-text-file\",\n    \"allow\": [{ \"path\": \"$HOME/test.txt\" }]\n  }\n ```",
+          "description": "List of permissions attached to this capability.\n\n Must include the plugin name as prefix in the form of `${plugin-name}:${permission-name}`.\n For commands directly implemented in the application itself only `${permission-name}`\n is required.\n\n ## Example\n\n ```json\n [\n  \"core:default\",\n  \"shell:allow-open\",\n  \"dialog:open\",\n  {\n    \"identifier\": \"fs:allow-write-text-file\",\n    \"allow\": [{ \"path\": \"$HOME/test.txt\" }]\n  }\n ```",
           "type": "array",
           "items": {
             "$ref": "#/definitions/PermissionEntry"

tooling/cli/src/migrate/config.rs

@@ -23,18 +23,10 @@ pub fn migrate(tauri_dir: &Path) -> Result<MigratedConfig> {
     let migrated = migrate_config(&mut config)?;
     fs::write(&config_path, serde_json::to_string_pretty(&config)?)?;
 
-    let mut permissions: Vec<PermissionEntry> = vec![
-      "path:default",
-      "event:default",
-      "window:default",
-      "app:default",
-      "resources:default",
-      "menu:default",
-      "tray:default",
-    ]
-    .into_iter()
-    .map(|p| PermissionEntry::PermissionRef(p.to_string().try_into().unwrap()))
-    .collect();
+    let mut permissions: Vec<PermissionEntry> = vec!["core:default"]
+      .into_iter()
+      .map(|p| PermissionEntry::PermissionRef(p.to_string().try_into().unwrap()))
+      .collect();
     permissions.extend(migrated.permissions.clone());
 
     let capabilities_path = config_path.parent().unwrap().join("capabilities");
@@ -381,39 +373,39 @@ fn allowlist_to_permissions(
   }
 
   // window
-  permissions!(allowlist, permissions, window, create => "window:allow-create");
-  permissions!(allowlist, permissions, window, center => "window:allow-center");
-  permissions!(allowlist, permissions, window, request_user_attention => "window:allow-request-user-attention");
-  permissions!(allowlist, permissions, window, set_resizable => "window:allow-set-resizable");
-  permissions!(allowlist, permissions, window, set_maximizable => "window:allow-set-maximizable");
-  permissions!(allowlist, permissions, window, set_minimizable => "window:allow-set-minimizable");
-  permissions!(allowlist, permissions, window, set_closable => "window:allow-set-closable");
-  permissions!(allowlist, permissions, window, set_title => "window:allow-set-title");
-  permissions!(allowlist, permissions, window, maximize => "window:allow-maximize");
-  permissions!(allowlist, permissions, window, unmaximize => "window:allow-unmaximize");
-  permissions!(allowlist, permissions, window, minimize => "window:allow-minimize");
-  permissions!(allowlist, permissions, window, unminimize => "window:allow-unminimize");
-  permissions!(allowlist, permissions, window, show => "window:allow-show");
-  permissions!(allowlist, permissions, window, hide => "window:allow-hide");
-  permissions!(allowlist, permissions, window, close => "window:allow-close");
-  permissions!(allowlist, permissions, window, set_decorations => "window:allow-set-decorations");
-  permissions!(allowlist, permissions, window, set_always_on_top => "window:allow-set-always-on-top");
-  permissions!(allowlist, permissions, window, set_content_protected => "window:allow-set-content-protected");
-  permissions!(allowlist, permissions, window, set_size => "window:allow-set-size");
-  permissions!(allowlist, permissions, window, set_min_size => "window:allow-set-min-size");
-  permissions!(allowlist, permissions, window, set_max_size => "window:allow-set-max-size");
-  permissions!(allowlist, permissions, window, set_position => "window:allow-set-position");
-  permissions!(allowlist, permissions, window, set_fullscreen => "window:allow-set-fullscreen");
-  permissions!(allowlist, permissions, window, set_focus => "window:allow-set-focus");
-  permissions!(allowlist, permissions, window, set_icon => "window:allow-set-icon");
-  permissions!(allowlist, permissions, window, set_skip_taskbar => "window:allow-set-skip-taskbar");
-  permissions!(allowlist, permissions, window, set_cursor_grab => "window:allow-set-cursor-grab");
-  permissions!(allowlist, permissions, window, set_cursor_visible => "window:allow-set-cursor-visible");
-  permissions!(allowlist, permissions, window, set_cursor_icon => "window:allow-set-cursor-icon");
-  permissions!(allowlist, permissions, window, set_cursor_position => "window:allow-set-cursor-position");
-  permissions!(allowlist, permissions, window, set_ignore_cursor_events => "window:allow-set-ignore-cursor-events");
-  permissions!(allowlist, permissions, window, start_dragging => "window:allow-start-dragging");
-  permissions!(allowlist, permissions, window, print => "webview:allow-print");
+  permissions!(allowlist, permissions, window, create => "core:window:allow-create");
+  permissions!(allowlist, permissions, window, center => "core:window:allow-center");
+  permissions!(allowlist, permissions, window, request_user_attention => "core:window:allow-request-user-attention");
+  permissions!(allowlist, permissions, window, set_resizable => "core:window:allow-set-resizable");
+  permissions!(allowlist, permissions, window, set_maximizable => "core:window:allow-set-maximizable");
+  permissions!(allowlist, permissions, window, set_minimizable => "core:window:allow-set-minimizable");
+  permissions!(allowlist, permissions, window, set_closable => "core:window:allow-set-closable");
+  permissions!(allowlist, permissions, window, set_title => "core:window:allow-set-title");
+  permissions!(allowlist, permissions, window, maximize => "core:window:allow-maximize");
+  permissions!(allowlist, permissions, window, unmaximize => "core:window:allow-unmaximize");
+  permissions!(allowlist, permissions, window, minimize => "core:window:allow-minimize");
+  permissions!(allowlist, permissions, window, unminimize => "core:window:allow-unminimize");
+  permissions!(allowlist, permissions, window, show => "core:window:allow-show");
+  permissions!(allowlist, permissions, window, hide => "core:window:allow-hide");
+  permissions!(allowlist, permissions, window, close => "core:window:allow-close");
+  permissions!(allowlist, permissions, window, set_decorations => "core:window:allow-set-decorations");
+  permissions!(allowlist, permissions, window, set_always_on_top => "core:window:allow-set-always-on-top");
+  permissions!(allowlist, permissions, window, set_content_protected => "core:window:allow-set-content-protected");
+  permissions!(allowlist, permissions, window, set_size => "core:window:allow-set-size");
+  permissions!(allowlist, permissions, window, set_min_size => "core:window:allow-set-min-size");
+  permissions!(allowlist, permissions, window, set_max_size => "core:window:allow-set-max-size");
+  permissions!(allowlist, permissions, window, set_position => "core:window:allow-set-position");
+  permissions!(allowlist, permissions, window, set_fullscreen => "core:window:allow-set-fullscreen");
+  permissions!(allowlist, permissions, window, set_focus => "core:window:allow-set-focus");
+  permissions!(allowlist, permissions, window, set_icon => "core:window:allow-set-icon");
+  permissions!(allowlist, permissions, window, set_skip_taskbar => "core:window:allow-set-skip-taskbar");
+  permissions!(allowlist, permissions, window, set_cursor_grab => "core:window:allow-set-cursor-grab");
+  permissions!(allowlist, permissions, window, set_cursor_visible => "core:window:allow-set-cursor-visible");
+  permissions!(allowlist, permissions, window, set_cursor_icon => "core:window:allow-set-cursor-icon");
+  permissions!(allowlist, permissions, window, set_cursor_position => "core:window:allow-set-cursor-position");
+  permissions!(allowlist, permissions, window, set_ignore_cursor_events => "core:window:allow-set-ignore-cursor-events");
+  permissions!(allowlist, permissions, window, start_dragging => "core:window:allow-start-dragging");
+  permissions!(allowlist, permissions, window, print => "core:webview:allow-print");
 
   // shell
   if allowlist.shell.scope.0.is_empty() {
@@ -504,8 +496,8 @@ fn allowlist_to_permissions(
   permissions!(allowlist, permissions, clipboard, read_text => "clipboard-manager:allow-read-text");
   permissions!(allowlist, permissions, clipboard, write_text => "clipboard-manager:allow-write-text");
   // app
-  permissions!(allowlist, permissions, app, show => "app:allow-app-show");
-  permissions!(allowlist, permissions, app, hide => "app:allow-app-hide");
+  permissions!(allowlist, permissions, app, show => "core:app:allow-app-show");
+  permissions!(allowlist, permissions, app, hide => "core:app:allow-app-hide");
 
   permissions
 }

tooling/cli/templates/app/src-tauri/capabilities/default.json

@@ -2,16 +2,10 @@
   "$schema": "../gen/schemas/desktop-schema.json",
   "identifier": "default",
   "description": "enables the default permissions",
-  "windows": ["main"],
+  "windows": [
+    "main"
+  ],
   "permissions": [
-    "path:default",
-    "event:default",
-    "window:default",
-    "webview:default",
-    "app:default",
-    "resources:default",
-    "image:default",
-    "menu:default",
-    "tray:default"
+    "core:default"
   ]
 }

tooling/cli/templates/plugin/__example-api/tauri-app/src-tauri/capabilities/default.json

@@ -2,17 +2,11 @@
   "$schema": "../gen/schemas/desktop-schema.json",
   "identifier": "default",
   "description": "enables the default permissions",
-  "windows": ["main"],
+  "windows": [
+    "main"
+  ],
   "permissions": [
-    "path:default",
-    "event:default",
-    "window:default",
-    "webview:default",
-    "app:default",
-    "resources:default",
-    "image:default",
-    "menu:default",
-    "tray:default",
+    "core:default",
     "{{ plugin_name }}:default"
   ]
 }

tooling/cli/templates/plugin/__example-basic/vanilla/src-tauri/capabilities/default.json

@@ -2,17 +2,11 @@
   "$schema": "../gen/schemas/desktop-schema.json",
   "identifier": "default",
   "description": "enables the default permissions",
-  "windows": ["main"],
+  "windows": [
+    "main"
+  ],
   "permissions": [
-    "path:default",
-    "event:default",
-    "window:default",
-    "webview:default",
-    "app:default",
-    "resources:default",
-    "image:default",
-    "menu:default",
-    "tray:default",
+    "core:default",
     "{{ plugin_name }}:default"
   ]
-}
+}