| Index: content/browser/child_process_security_policy_unittest.cc
|
| ===================================================================
|
| --- content/browser/child_process_security_policy_unittest.cc (revision 166963)
|
| +++ content/browser/child_process_security_policy_unittest.cc (working copy)
|
| @@ -347,12 +347,19 @@
|
| }
|
|
|
| TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
|
| + FilePath file = FilePath(FILE_PATH_LITERAL("/home/joe"));
|
| + FilePath sibling_file = FilePath(FILE_PATH_LITERAL("/home/bob"));
|
| + FilePath child_file = FilePath(FILE_PATH_LITERAL("/home/joe/file"));
|
| + FilePath parent_file = FilePath(FILE_PATH_LITERAL("/home"));
|
| + FilePath parent_slash_file = FilePath(FILE_PATH_LITERAL("/home/"));
|
| + FilePath evil_file = FilePath(
|
| + FILE_PATH_LITERAL("/home/joe/../../etc/passwd"));
|
| +
|
| ChildProcessSecurityPolicyImpl* p =
|
| ChildProcessSecurityPolicyImpl::GetInstance();
|
|
|
| // Grant permissions for a file.
|
| p->Add(kRendererID);
|
| - FilePath file = FilePath(FILE_PATH_LITERAL("/etc/passwd"));
|
| EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
|
| base::PLATFORM_FILE_OPEN));
|
|
|
| @@ -376,13 +383,25 @@
|
| base::PLATFORM_FILE_OPEN_TRUNCATED |
|
| base::PLATFORM_FILE_READ |
|
| base::PLATFORM_FILE_WRITE));
|
| + EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, sibling_file,
|
| + base::PLATFORM_FILE_OPEN |
|
| + base::PLATFORM_FILE_READ));
|
| + EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, parent_file,
|
| + base::PLATFORM_FILE_OPEN |
|
| + base::PLATFORM_FILE_READ));
|
| + EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, child_file,
|
| + base::PLATFORM_FILE_OPEN |
|
| + base::PLATFORM_FILE_READ));
|
| + EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, evil_file,
|
| + base::PLATFORM_FILE_OPEN |
|
| + base::PLATFORM_FILE_READ));
|
| p->Remove(kRendererID);
|
|
|
| // Grant permissions for the directory the file is in.
|
| p->Add(kRendererID);
|
| EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
|
| base::PLATFORM_FILE_OPEN));
|
| - p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc")),
|
| + p->GrantPermissionsForFile(kRendererID, parent_file,
|
| base::PLATFORM_FILE_OPEN |
|
| base::PLATFORM_FILE_READ);
|
| EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
|
| @@ -396,7 +415,7 @@
|
| p->Add(kRendererID);
|
| EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, file,
|
| base::PLATFORM_FILE_OPEN));
|
| - p->GrantPermissionsForFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")),
|
| + p->GrantPermissionsForFile(kRendererID, parent_slash_file,
|
| base::PLATFORM_FILE_OPEN |
|
| base::PLATFORM_FILE_READ);
|
| EXPECT_TRUE(p->HasPermissionsForFile(kRendererID, file,
|
|
|
Chromium Code Reviews
Issue 11414046:
Apply missing ReferencesParent check (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/