Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add documentation for SecurityCapabilities #460

Open
kennethloeffler opened this issue Oct 27, 2024 · 3 comments
Open

Add documentation for SecurityCapabilities #460

kennethloeffler opened this issue Oct 27, 2024 · 3 comments
Labels
module: spec

Comments

@kennethloeffler
Copy link
Member

kennethloeffler commented Oct 27, 2024
edited
Loading

Back in #358, we added bare-bones support for the SecurityCapabilities type. At the time, this data type did not have any user facing functionality, making it impossible to infer the meaning of its bits. So, we opted to treat it as an opaque integer, and did not create any documentation.

Since then, Roblox has released Script Capabilities as a beta feature, so we should be able to start poking at values of this type, and determine the meaning of the bits. Capabilities is a set of bools that dictate whether a script has the ability to perform certain actions, so this type is probably a bit field, with each bit corresponding to a specific capability.

One interesting note is that while capabilities are only available in the properties widget on Folder, Model, and Script instances (and instances of their subclasses), the Capabilities property exists on every Instance. This could mean that Roblox once planned that any instance could define capabilities, or that they will in the future.

I'm not sure if we should implement anything against our findings until the feature leaves beta since it's possible that exact details may change, but this won't stop us from getting a head start on documentation!
@Dekkonot
Copy link
Member

Based on this devforum post we probably want to wait on implementing it, yeah.

Documenting it is probably fine though; it'll if nothing else be interesting to see if it changes and how it changes.

@EpixScripts
Copy link

EpixScripts commented Nov 1, 2024
edited by kennethloeffler
Loading

The capability bits as of v648 are:

0: Plugin
1: LocalUser
2: WritePlayer
3: RobloxScript
4: RobloxEngine
5: NotAccessible
8: RunClientScript
9: RunServerScript
11: AccessOutsideWrite
15: Unassigned
16: AssetRequire
17: LoadString
18: ScriptGlobals
19: CreateInstances
20: Basic
21: Audio
22: DataStore
23: Network
24: Physics
25: UI
26: CSG
27: Chat
28: Animation
29: Avatar
30: Input
31: Environment
32: RemoteEvent
61: PluginOrOpenCloud
62: Assistant
63: Restricted

Notice how only some of the Luau Enum.SecurityCapability EnumItems map to this bitfield. The lowest 8 bits map to what was previously identity permissions.

@kennethloeffler
Copy link
Member Author

kennethloeffler commented Nov 1, 2024
edited
Loading

Hey @EpixScripts, thanks for your investigation, but we need to be careful about how we go about reverse engineering for this project. Viewing decompiled code risks violating Roblox's copyright, so we don't do that here.

The way we typically reverse engineer additions to the format is by using Roblox Studio to save rbxm files, then using the tools we've developed to dissect the artifacts, and to create new "weird" ones to see how Roblox Studio handles them. That way, we aren't creating a derived work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
module: spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Dekkonot @kennethloeffler @EpixScripts