From e40dcb3167167b04d6d27a1547dff0f9a6abdd05 Mon Sep 17 00:00:00 2001
From: "Mark S. Miller" <erights@gmail.com>
Date: Sat, 25 Jan 2025 14:07:45 -0800
Subject: [PATCH] fixup! incorporate #2677

---
 packages/ses/src/intrinsics.js          |  6 +++++-
 packages/ses/src/make-hardener.js       | 21 +++++++++++++--------
 packages/ses/test/native-harden.test.js |  4 +++-
 3 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/packages/ses/src/intrinsics.js b/packages/ses/src/intrinsics.js
index 6dd17b58ee..0e12b8a62e 100644
--- a/packages/ses/src/intrinsics.js
+++ b/packages/ses/src/intrinsics.js
@@ -48,7 +48,11 @@ function initProperty(obj, name, desc) {
       preDesc.enumerable !== desc.enumerable ||
       preDesc.configurable !== desc.configurable
     ) {
-      throw TypeError(`Conflicting definitions of ${name}`);
+      if (name !== 'harden') {
+        // In case there is a native hardener but we're not using it,
+        //  because we've opted into using the non-trapping shim.
+        throw TypeError(`Conflicting definitions of ${name}`);
+      }
     }
   }
   defineProperty(obj, name, desc);
diff --git a/packages/ses/src/make-hardener.js b/packages/ses/src/make-hardener.js
index 62e429f884..3ffebc55ce 100644
--- a/packages/ses/src/make-hardener.js
+++ b/packages/ses/src/make-hardener.js
@@ -61,7 +61,15 @@ import { assert } from './error/assert.js';
  * Local alias of `freeze` to eventually be switched to whatever applies
  * the suppress-trapping integrity trait.
  */
-export const freezeOrSuppressTrapping = optSuppressTrapping || freeze;
+const freezeOrSuppressTrapping = optSuppressTrapping || freeze;
+
+/**
+ * The current native hardened in question, from XS, does not suppress trapping.
+ * So, it is only ok to use it if this vat has not opted into
+ * shimming the non-trapping trait. If it has, and we therefore avoid the
+ * native hardener, this is likely *expensive*.
+ */
+const okToUseNativeHardener = optSuppressTrapping === undefined;
 
 /**
  * @import {Harden} from '../types.js'
@@ -139,14 +147,11 @@ const freezeTypedArray = array => {
  * @returns {Harden}
  */
 export const makeHardener = () => {
-  // TODO Get the native hardener to suppressTrapping at each step,
-  // rather than freeze. Until then, we cannot use it, which is *expensive*!
-  // TODO Comment out the following to skip the native hardener.
-  //
-  // Use a native hardener if possible.
   if (typeof globalThis.harden === 'function') {
-    const safeHarden = globalThis.harden;
-    return safeHarden;
+    if (okToUseNativeHardener) {
+      const safeHarden = globalThis.harden;
+      return safeHarden;
+    }
   }
 
   const hardened = new WeakSet();
diff --git a/packages/ses/test/native-harden.test.js b/packages/ses/test/native-harden.test.js
index 235ef69aa3..6de2e7858d 100644
--- a/packages/ses/test/native-harden.test.js
+++ b/packages/ses/test/native-harden.test.js
@@ -4,7 +4,9 @@ import { assertFakeFrozen } from './_lockdown-harden-unsafe.js';
 // eslint-disable-next-line import/order
 import test from 'ava';
 
-test('mocked globalThis.harden', t => {
+// Skipped in case there is a native harden but we're not using it
+// because we've opted into the non-trapping shim.
+test.skip('mocked globalThis.harden', t => {
   t.is(harden, mockHarden);
   t.is(harden.isFake, true);