From ab175265a903c2b745e7367cc8c9e2436dcb14dd Mon Sep 17 00:00:00 2001
From: librelois <c@elo.tf>
Date: Sun, 16 Jan 2022 16:41:09 +0100
Subject: [PATCH] feat(runtimes): add call filter: forbid Session & Membership
 calls

---
 runtime/common/src/pallets_config.rs |  2 +-
 runtime/g1/src/lib.rs                | 11 +++++++++++
 runtime/gdev/src/lib.rs              | 10 ++++++++++
 runtime/gtest/src/lib.rs             | 11 +++++++++++
 4 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/runtime/common/src/pallets_config.rs b/runtime/common/src/pallets_config.rs
index 7113df7e0..8fb5add39 100644
--- a/runtime/common/src/pallets_config.rs
+++ b/runtime/common/src/pallets_config.rs
@@ -27,7 +27,7 @@ macro_rules! pallets_config {
 
         impl frame_system::Config for Runtime {
             /// The basic call filter to use in dispatchable.
-            type BaseCallFilter = frame_support::traits::Everything;
+            type BaseCallFilter = BaseCallFilter;
             /// Block & extrinsics weights: base values and limits.
             type BlockWeights = BlockWeights;
             /// The maximum length of a block (in bytes).
diff --git a/runtime/g1/src/lib.rs b/runtime/g1/src/lib.rs
index 6d5d6ec90..b654b9e98 100644
--- a/runtime/g1/src/lib.rs
+++ b/runtime/g1/src/lib.rs
@@ -140,6 +140,17 @@ pub type Executive = frame_executive::Executive<
     AllPalletsWithSystem,
 >;
 
+pub struct BaseCallFilter;
+impl frame_support::traits::Contains<Call> for BaseCallFilter {
+    fn contains(call: &Call) -> bool {
+        match call {
+            Call::Membership(_) => false,
+            Call::Session(_) => false,
+            _ => true,
+        }
+    }
+}
+
 common_runtime_except_gdev::pallets_config! {
     impl pallet_sudo::Config for Runtime {
         type Event = Event;
diff --git a/runtime/gdev/src/lib.rs b/runtime/gdev/src/lib.rs
index a804a4187..08bccd52b 100644
--- a/runtime/gdev/src/lib.rs
+++ b/runtime/gdev/src/lib.rs
@@ -132,6 +132,16 @@ pub type Executive = frame_executive::Executive<
     AllPalletsWithSystem,
 >;
 
+pub struct BaseCallFilter;
+impl frame_support::traits::Contains<Call> for BaseCallFilter {
+    fn contains(call: &Call) -> bool {
+        match call {
+            Call::Membership(_) => false,
+            _ => true,
+        }
+    }
+}
+
 // Configure FRAME pallets to include in runtime.
 common_runtime::pallets_config! {
     impl pallet_sudo::Config for Runtime {
diff --git a/runtime/gtest/src/lib.rs b/runtime/gtest/src/lib.rs
index e838a8127..b1ab558f5 100644
--- a/runtime/gtest/src/lib.rs
+++ b/runtime/gtest/src/lib.rs
@@ -140,6 +140,17 @@ pub type Executive = frame_executive::Executive<
     AllPalletsWithSystem,
 >;
 
+pub struct BaseCallFilter;
+impl frame_support::traits::Contains<Call> for BaseCallFilter {
+    fn contains(call: &Call) -> bool {
+        match call {
+            Call::Membership(_) => false,
+            Call::Session(_) => false,
+            _ => true,
+        }
+    }
+}
+
 common_runtime_except_gdev::pallets_config! {
     impl pallet_sudo::Config for Runtime {
         type Event = Event;
-- 
GitLab