Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(849)

Side by Side Diff: content/browser/child_process_security_policy_unittest.cc

Issue 11414046: Apply missing ReferencesParent check (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <set> 5 #include <set>
6 #include <string> 6 #include <string>
7 7
8 #include "base/basictypes.h" 8 #include "base/basictypes.h"
9 #include "base/file_path.h" 9 #include "base/file_path.h"
10 #include "base/platform_file.h" 10 #include "base/platform_file.h"
(...skipping 329 matching lines...) Expand 10 before | Expand all | Expand 10 after
340 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/"))); 340 p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")));
341 EXPECT_TRUE(p->CanReadFile(kRendererID, 341 EXPECT_TRUE(p->CanReadFile(kRendererID,
342 FilePath(FILE_PATH_LITERAL("/etc/passwd")))); 342 FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
343 EXPECT_FALSE(p->CanReadDirectory(kRendererID, 343 EXPECT_FALSE(p->CanReadDirectory(kRendererID,
344 FilePath(FILE_PATH_LITERAL("/etc/")))); 344 FilePath(FILE_PATH_LITERAL("/etc/"))));
345 345
346 p->Remove(kRendererID); 346 p->Remove(kRendererID);
347 } 347 }
348 348
349 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) { 349 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
350 FilePath file = FilePath(FILE_PATH_LITERAL("/home/joe"));
351 FilePath sibling_file = FilePath(FILE_PATH_LITERAL("/home/bob"));
352 FilePath child_file = FilePath(FILE_PATH_LITERAL("/home/joe/file"));
353 FilePath parent_file = FilePath(FILE_PATH_LITERAL("/home"));
354 FilePath parent_slash_file = FilePath(FILE_PATH_LITERAL("/home/"));
355 FilePath evil_file = FilePath(
356 FILE_PATH_LITERAL("/home/joe/../../etc/passwd"));
357
350 ChildProcessSecurityPolicyImpl* p = 358 ChildProcessSecurityPolicyImpl* p =
351 ChildProcessSecurityPolicyImpl::GetInstance(); 359 ChildProcessSecurityPolicyImpl::GetInstance();
352 360
353 // Grant permissions for a file. 361 // Grant permissions for a file.
354 p->Add(kRendererID); 362 p->Add(kRendererID);
355 FilePath file = FilePath(FILE_PATH_LITERAL("/etc/passwd"));
356 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, 363 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
357 base::PLATFORM_FILE_OPEN)); 364 base::PLATFORM_FILE_OPEN));
358 365
359 p->GrantPermissionsForFile(kRendererID, file, 366 p->GrantPermissionsForFile(kRendererID, file,
360 base::PLATFORM_FILE_OPEN | 367 base::PLATFORM_FILE_OPEN |
361 base::PLATFORM_FILE_OPEN_TRUNCATED | 368 base::PLATFORM_FILE_OPEN_TRUNCATED |
362 base::PLATFORM_FILE_READ | 369 base::PLATFORM_FILE_READ |
363 base::PLATFORM_FILE_WRITE); 370 base::PLATFORM_FILE_WRITE);
364 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, 371 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
365 base::PLATFORM_FILE_OPEN | 372 base::PLATFORM_FILE_OPEN |
366 base::PLATFORM_FILE_OPEN_TRUNCATED | 373 base::PLATFORM_FILE_OPEN_TRUNCATED |
367 base::PLATFORM_FILE_READ | 374 base::PLATFORM_FILE_READ |
368 base::PLATFORM_FILE_WRITE)); 375 base::PLATFORM_FILE_WRITE));
369 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, 376 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
370 base::PLATFORM_FILE_OPEN | 377 base::PLATFORM_FILE_OPEN |
371 base::PLATFORM_FILE_READ)); 378 base::PLATFORM_FILE_READ));
372 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, 379 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
373 base::PLATFORM_FILE_CREATE)); 380 base::PLATFORM_FILE_CREATE));
374 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, 381 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
375 base::PLATFORM_FILE_CREATE | 382 base::PLATFORM_FILE_CREATE |
376 base::PLATFORM_FILE_OPEN_TRUNCATED | 383 base::PLATFORM_FILE_OPEN_TRUNCATED |
377 base::PLATFORM_FILE_READ | 384 base::PLATFORM_FILE_READ |
378 base::PLATFORM_FILE_WRITE)); 385 base::PLATFORM_FILE_WRITE));
386 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file,
387 base::PLATFORM_FILE_OPEN |
388 base::PLATFORM_FILE_READ));
389 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file,
390 base::PLATFORM_FILE_OPEN |
391 base::PLATFORM_FILE_READ));
392 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file,
393 base::PLATFORM_FILE_OPEN |
394 base::PLATFORM_FILE_READ));
395 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_file,
396 base::PLATFORM_FILE_OPEN |
397 base::PLATFORM_FILE_READ));
379 p->Remove(kRendererID); 398 p->Remove(kRendererID);
380 399
381 // Grant permissions for the directory the file is in. 400 // Grant permissions for the directory the file is in.
382 p->Add(kRendererID); 401 p->Add(kRendererID);
383 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, 402 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
384 base::PLATFORM_FILE_OPEN)); 403 base::PLATFORM_FILE_OPEN));
385 p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc")), 404 p->GrantPermissionsForFile(kRendererID, parent_file,
386 base::PLATFORM_FILE_OPEN | 405 base::PLATFORM_FILE_OPEN |
387 base::PLATFORM_FILE_READ); 406 base::PLATFORM_FILE_READ);
388 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, 407 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
389 base::PLATFORM_FILE_OPEN)); 408 base::PLATFORM_FILE_OPEN));
390 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, 409 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
391 base::PLATFORM_FILE_READ | 410 base::PLATFORM_FILE_READ |
392 base::PLATFORM_FILE_WRITE)); 411 base::PLATFORM_FILE_WRITE));
393 p->Remove(kRendererID); 412 p->Remove(kRendererID);
394 413
395 // Grant permissions for the directory the file is in (with trailing '/'). 414 // Grant permissions for the directory the file is in (with trailing '/').
396 p->Add(kRendererID); 415 p->Add(kRendererID);
397 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, 416 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
398 base::PLATFORM_FILE_OPEN)); 417 base::PLATFORM_FILE_OPEN));
399 p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")), 418 p->GrantPermissionsForFile(kRendererID, parent_slash_file,
400 base::PLATFORM_FILE_OPEN | 419 base::PLATFORM_FILE_OPEN |
401 base::PLATFORM_FILE_READ); 420 base::PLATFORM_FILE_READ);
402 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file, 421 EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
403 base::PLATFORM_FILE_OPEN)); 422 base::PLATFORM_FILE_OPEN));
404 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file, 423 EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
405 base::PLATFORM_FILE_READ | 424 base::PLATFORM_FILE_READ |
406 base::PLATFORM_FILE_WRITE)); 425 base::PLATFORM_FILE_WRITE));
407 426
408 // Grant permissions for the file (should overwrite the permissions granted 427 // Grant permissions for the file (should overwrite the permissions granted
409 // for the directory). 428 // for the directory).
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after
486 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be 505 // queried on the IO thread. The ChildProcessSecurityPolicy needs to be
487 // prepared to answer policy questions about renderers who no longer exist. 506 // prepared to answer policy questions about renderers who no longer exist.
488 507
489 // In this case, we default to secure behavior. 508 // In this case, we default to secure behavior.
490 EXPECT_FALSE(p->CanRequestURL(kRendererID, url)); 509 EXPECT_FALSE(p->CanRequestURL(kRendererID, url));
491 EXPECT_FALSE(p->CanReadFile(kRendererID, file)); 510 EXPECT_FALSE(p->CanReadFile(kRendererID, file));
492 EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); 511 EXPECT_FALSE(p->HasWebUIBindings(kRendererID));
493 } 512 }
494 513
495 } // namespace content 514 } // namespace content
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698