pallet-xcm: add support to authorize aliases (#6336)

Add calls to pallet-xcm for adding and removing authorization for a
certain `aliaser` location to alias into the caller `origin`.

`pallet-xcm` also exposes an `AuthorizedAliases` filter implementation
usable with `xcm_executor::Config::Aliasers` filter to easily allow
runtimes to plug in the explicitly authorized aliases using the calls
above.

Usually useful to allow your local account to be aliased into from a
remote location also under your control (like your account on another
chain).

For example, `Alice` on `Para42` can do _something_ on Asset Hub without
having to transfer fees from `Para42`, but instead use her local Asset
Hub account:
```rust
// called by Alice on Para42
pallet_xcm::send(
	Location::new(1, Parachain(1000)),
	Xcm(vec![
		AliasOrigin(AliceOnAH),
		WithdrawAsset(fees),
		PayFees(fees),
		DoWhatever
	])
);
```

Part of [Empowered cross-chain
origins](#6054).

Fixes [XCM: Arbitrary Origin Aliases
#722](#722)

---------

Co-authored-by: command-bot <>
Co-authored-by: Francisco Aguirre <[email protected]>
Co-authored-by: cmd[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Author: 3 people

Cargo.lock

@@ -750,9 +750,9 @@ macro_rules! test_xcm_fee_querying_apis_work_for_asset_hub {
 macro_rules! test_cross_chain_alias {
 	( vec![$( ($sender_para:ty, $receiver_para:ty, $is_teleport:expr, $expected_success:expr) ),+], $origin:expr, $target:expr, $fees:expr ) => {
 		$crate::macros::paste::paste! {
-			use xcm::latest::AssetTransferFilter;
 			$(
 				{
+					use xcm::latest::AssetTransferFilter;
 					let para_destination = <$sender_para>::sibling_location_of(<$receiver_para>::para_id());
 					let account: AccountId = $origin.clone().into();
 					$sender_para::fund_accounts(vec![(account.clone(), $fees * 10)]);

cumulus/parachains/integration-tests/emulated/common/src/macros.rs

@@ -20,6 +20,7 @@ use emulated_integration_tests_common::{macros::AccountId, test_cross_chain_alia
 use frame_support::{traits::ContainsPair, BoundedVec};
 use xcm::latest::Junctions::*;
 
+const ALLOWED: bool = true;
 const DENIED: bool = false;
 
 const TELEPORT_FEES: bool = true;
@@ -32,8 +33,8 @@ fn account_on_sibling_syschain_aliases_into_same_local_account() {
 	let target = origin.clone();
 	let fees = WESTEND_ED * 10;
 
-	PenpalA::mint_foreign_asset(
-		<PenpalA as Chain>::RuntimeOrigin::signed(PenpalAssetOwner::get()),
+	PenpalB::mint_foreign_asset(
+		<PenpalB as Chain>::RuntimeOrigin::signed(PenpalAssetOwner::get()),
 		Location::parent(),
 		origin.clone(),
 		fees * 10,
@@ -55,7 +56,7 @@ fn account_on_sibling_syschain_aliases_into_same_local_account() {
 			// between People and AH: denied
 			(PeopleWestend, AssetHubWestend, TELEPORT_FEES, DENIED),
 			// between Penpal and AH: denied
-			(PenpalA, AssetHubWestend, RESERVE_TRANSFER_FEES, DENIED)
+			(PenpalB, AssetHubWestend, RESERVE_TRANSFER_FEES, DENIED)
 		],
 		origin,
 		target,
@@ -70,8 +71,8 @@ fn account_on_sibling_syschain_cannot_alias_into_different_local_account() {
 	let target: AccountId = [2; 32].into();
 	let fees = WESTEND_ED * 10;
 
-	PenpalA::mint_foreign_asset(
-		<PenpalA as Chain>::RuntimeOrigin::signed(PenpalAssetOwner::get()),
+	PenpalB::mint_foreign_asset(
+		<PenpalB as Chain>::RuntimeOrigin::signed(PenpalAssetOwner::get()),
 		Location::parent(),
 		origin.clone(),
 		fees * 10,
@@ -89,7 +90,7 @@ fn account_on_sibling_syschain_cannot_alias_into_different_local_account() {
 			// between People and AH: denied
 			(PeopleWestend, AssetHubWestend, TELEPORT_FEES, DENIED),
 			// between Penpal and AH: denied
-			(PenpalA, AssetHubWestend, RESERVE_TRANSFER_FEES, DENIED)
+			(PenpalB, AssetHubWestend, RESERVE_TRANSFER_FEES, DENIED)
 		],
 		origin,
 		target,
@@ -100,82 +101,177 @@ fn account_on_sibling_syschain_cannot_alias_into_different_local_account() {
 #[test]
 fn aliasing_child_locations() {
 	use AssetHubWestendXcmConfig as XcmConfig;
-	// Allows aliasing descendant of origin.
-	let origin = Location::new(1, X1([PalletInstance(8)].into()));
-	let target = Location::new(1, X2([PalletInstance(8), GeneralIndex(9)].into()));
-	assert!(<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let origin = Location::new(1, X1([Parachain(8)].into()));
-	let target =
-		Location::new(1, X2([Parachain(8), AccountId32 { network: None, id: [1u8; 32] }].into()));
-	assert!(<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let origin = Location::new(1, X1([Parachain(8)].into()));
-	let target = Location::new(1, X3([Parachain(8), PalletInstance(8), GeneralIndex(9)].into()));
-	assert!(<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-
-	// Does not allow if not descendant.
-	let origin = Location::new(1, X1([PalletInstance(8)].into()));
-	let target = Location::new(0, X2([PalletInstance(8), GeneralIndex(9)].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let origin = Location::new(1, X1([Parachain(8)].into()));
-	let target =
-		Location::new(0, X2([Parachain(8), AccountId32 { network: None, id: [1u8; 32] }].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let origin = Location::new(1, X1([Parachain(8)].into()));
-	let target = Location::new(0, X1([AccountId32 { network: None, id: [1u8; 32] }].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let origin = Location::new(1, X1([AccountId32 { network: None, id: [1u8; 32] }].into()));
-	let target = Location::new(0, X1([AccountId32 { network: None, id: [1u8; 32] }].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+	AssetHubWestend::execute_with(|| {
+		// Allows aliasing descendant of origin.
+		let origin = Location::new(1, X1([PalletInstance(8)].into()));
+		let target = Location::new(1, X2([PalletInstance(8), GeneralIndex(9)].into()));
+		assert!(<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let origin = Location::new(1, X1([Parachain(8)].into()));
+		let target = Location::new(
+			1,
+			X2([Parachain(8), AccountId32 { network: None, id: [1u8; 32] }].into()),
+		);
+		assert!(<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let origin = Location::new(1, X1([Parachain(8)].into()));
+		let target =
+			Location::new(1, X3([Parachain(8), PalletInstance(8), GeneralIndex(9)].into()));
+		assert!(<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+
+		// Does not allow if not descendant.
+		let origin = Location::new(1, X1([PalletInstance(8)].into()));
+		let target = Location::new(0, X2([PalletInstance(8), GeneralIndex(9)].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let origin = Location::new(1, X1([Parachain(8)].into()));
+		let target = Location::new(
+			0,
+			X2([Parachain(8), AccountId32 { network: None, id: [1u8; 32] }].into()),
+		);
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let origin = Location::new(1, X1([Parachain(8)].into()));
+		let target = Location::new(0, X1([AccountId32 { network: None, id: [1u8; 32] }].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let origin = Location::new(1, X1([AccountId32 { network: None, id: [1u8; 32] }].into()));
+		let target = Location::new(0, X1([AccountId32 { network: None, id: [1u8; 32] }].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+	});
 }
 
 #[test]
 fn asset_hub_root_aliases_anything() {
 	use AssetHubWestendXcmConfig as XcmConfig;
+	AssetHubWestend::execute_with(|| {
+		// Does not allow local/AH root to alias other (non-descendant) locations.
+		let origin = Location::new(0, Here);
+
+		let target = Location::new(1, X1([Parachain(2000)].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let target = Location::new(1, X1([AccountId32 { network: None, id: [1u8; 32] }].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let target = Location::new(
+			1,
+			X2([Parachain(8), AccountId32 { network: None, id: [1u8; 32] }].into()),
+		);
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let target =
+			Location::new(1, X3([Parachain(42), PalletInstance(8), GeneralIndex(9)].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let target = Location::new(2, X1([GlobalConsensus(Ethereum { chain_id: 1 })].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let target = Location::new(2, X2([GlobalConsensus(Polkadot), Parachain(1000)].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let target = Location::new(1, X2([PalletInstance(8), GeneralIndex(9)].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+
+		// Other AH locations cannot alias anything.
+		let origin = Location::new(1, X2([Parachain(1000), GeneralIndex(9)].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let origin = Location::new(1, X2([Parachain(1000), PalletInstance(9)].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let origin = Location::new(
+			1,
+			X2([Parachain(1000), AccountId32 { network: None, id: [1u8; 32] }].into()),
+		);
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
 
-	// Does not allow local/AH root to alias other locations.
-	let origin = Location::new(1, X1([Parachain(1000)].into()));
-
-	let target = Location::new(1, X1([Parachain(2000)].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let target = Location::new(1, X1([AccountId32 { network: None, id: [1u8; 32] }].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let target =
-		Location::new(1, X2([Parachain(8), AccountId32 { network: None, id: [1u8; 32] }].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let target = Location::new(1, X3([Parachain(42), PalletInstance(8), GeneralIndex(9)].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let target = Location::new(2, X1([GlobalConsensus(Ethereum { chain_id: 1 })].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let target = Location::new(2, X2([GlobalConsensus(Polkadot), Parachain(1000)].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let target = Location::new(0, X2([PalletInstance(8), GeneralIndex(9)].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-
-	// Other AH locations cannot alias anything.
-	let origin = Location::new(1, X2([Parachain(1000), GeneralIndex(9)].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let origin = Location::new(1, X2([Parachain(1000), PalletInstance(9)].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let origin = Location::new(
-		1,
-		X2([Parachain(1000), AccountId32 { network: None, id: [1u8; 32] }].into()),
+		// Other root locations cannot alias anything.
+		let origin = Location::new(1, Here);
+		let target = Location::new(2, X1([GlobalConsensus(Ethereum { chain_id: 1 })].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let target = Location::new(2, X2([GlobalConsensus(Polkadot), Parachain(1000)].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let target = Location::new(0, X2([PalletInstance(8), GeneralIndex(9)].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+
+		let origin = Location::new(0, Here);
+		let target = Location::new(1, X1([Parachain(2000)].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let origin = Location::new(1, X1([Parachain(1001)].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+		let origin = Location::new(1, X1([Parachain(1002)].into()));
+		assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
+	});
+}
+
+#[test]
+fn authorized_cross_chain_aliases() {
+	// origin and target are different accounts on different chains
+	let origin: AccountId = [100; 32].into();
+	let bad_origin: AccountId = [150; 32].into();
+	let target: AccountId = [200; 32].into();
+	let fees = WESTEND_ED * 10;
+
+	let pal_admin = <PenpalB as Chain>::RuntimeOrigin::signed(PenpalAssetOwner::get());
+	PenpalB::mint_foreign_asset(pal_admin.clone(), Location::parent(), origin.clone(), fees * 10);
+	PenpalB::mint_foreign_asset(pal_admin, Location::parent(), bad_origin.clone(), fees * 10);
+	AssetHubWestend::fund_accounts(vec![(target.clone(), fees * 10)]);
+
+	// let's authorize `origin` on Penpal to alias `target` on AssetHub
+	AssetHubWestend::execute_with(|| {
+		let penpal_origin = Location::new(
+			1,
+			X2([
+				Parachain(PenpalB::para_id().into()),
+				AccountId32 {
+					network: Some(ByGenesis(WESTEND_GENESIS_HASH)),
+					id: origin.clone().into(),
+				},
+			]
+			.into()),
+		);
+		// `target` adds `penpal_origin` as authorized alias
+		assert_ok!(<AssetHubWestend as AssetHubWestendPallet>::PolkadotXcm::add_authorized_alias(
+			<AssetHubWestend as Chain>::RuntimeOrigin::signed(target.clone()),
+			Box::new(penpal_origin.into()),
+			None
+		));
+	});
+	// Verify that unauthorized `bad_origin` cannot alias into `target`, from any chain.
+	test_cross_chain_alias!(
+		vec![
+			// between BH and AssetHub: denied
+			(BridgeHubWestend, AssetHubWestend, TELEPORT_FEES, DENIED),
+			// between Collectives and AssetHub: denied
+			(CollectivesWestend, AssetHubWestend, TELEPORT_FEES, DENIED),
+			// between People and AssetHub: denied
+			(PeopleWestend, AssetHubWestend, TELEPORT_FEES, DENIED),
+			// between Penpal and AssetHub: denied
+			(PenpalB, AssetHubWestend, RESERVE_TRANSFER_FEES, DENIED)
+		],
+		bad_origin,
+		target,
+		fees
+	);
+	// Verify that only authorized `penpal::origin` can alias into `target`, while `origin` on other
+	// chains cannot.
+	test_cross_chain_alias!(
+		vec![
+			// between BH and AssetHub: denied
+			(BridgeHubWestend, AssetHubWestend, TELEPORT_FEES, DENIED),
+			// between Collectives and AssetHub: denied
+			(CollectivesWestend, AssetHubWestend, TELEPORT_FEES, DENIED),
+			// between People and AssetHub: denied
+			(PeopleWestend, AssetHubWestend, TELEPORT_FEES, DENIED),
+			// between Penpal and AssetHub: allowed
+			(PenpalB, AssetHubWestend, RESERVE_TRANSFER_FEES, ALLOWED)
+		],
+		origin,
+		target,
+		fees
+	);
+	// remove authorization for `origin` on Penpal to alias `target` on AssetHub
+	AssetHubWestend::execute_with(|| {
+		// `target` removes all authorized aliases
+		assert_ok!(
+			<AssetHubWestend as AssetHubWestendPallet>::PolkadotXcm::remove_all_authorized_aliases(
+				<AssetHubWestend as Chain>::RuntimeOrigin::signed(target.clone())
+			)
+		);
+	});
+	// Verify `penpal::origin` can no longer alias into `target` on AssetHub.
+	test_cross_chain_alias!(
+		vec![(PenpalB, AssetHubWestend, RESERVE_TRANSFER_FEES, DENIED)],
+		origin,
+		target,
+		fees
 	);
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-
-	// Other root locations cannot alias anything.
-	let origin = Location::new(1, Here);
-	let target = Location::new(2, X1([GlobalConsensus(Ethereum { chain_id: 1 })].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let target = Location::new(2, X2([GlobalConsensus(Polkadot), Parachain(1000)].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let target = Location::new(0, X2([PalletInstance(8), GeneralIndex(9)].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-
-	let origin = Location::new(0, Here);
-	let target = Location::new(1, X1([Parachain(2000)].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let origin = Location::new(1, X1([Parachain(1001)].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
-	let origin = Location::new(1, X1([Parachain(1002)].into()));
-	assert!(!<XcmConfig as xcm_executor::Config>::Aliasers::contains(&origin, &target));
 }