| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "build/build_config.h" | 5 #include "build/build_config.h" |
| 6 | 6 |
| 7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
| 8 #include <windows.h> | 8 #include <windows.h> |
| 9 #include <shellapi.h> | 9 #include <shellapi.h> |
| 10 #include <shlobj.h> | 10 #include <shlobj.h> |
| (...skipping 313 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 324 // |-> base_b | 324 // |-> base_b |
| 325 // |-> to_sub_a (reparse point to temp_dir\base_a\sub_a) | 325 // |-> to_sub_a (reparse point to temp_dir\base_a\sub_a) |
| 326 // |-> to_base_b (reparse point to temp_dir\base_b) | 326 // |-> to_base_b (reparse point to temp_dir\base_b) |
| 327 // |-> to_sub_long (reparse point to temp_dir\sub_a\long_name_\sub_long) | 327 // |-> to_sub_long (reparse point to temp_dir\sub_a\long_name_\sub_long) |
| 328 | 328 |
| 329 FilePath base_a = temp_dir_.path().Append(FPL("base_a")); | 329 FilePath base_a = temp_dir_.path().Append(FPL("base_a")); |
| 330 #if defined(OS_WIN) | 330 #if defined(OS_WIN) |
| 331 // TEMP can have a lower case drive letter. | 331 // TEMP can have a lower case drive letter. |
| 332 string16 temp_base_a = base_a.value(); | 332 string16 temp_base_a = base_a.value(); |
| 333 ASSERT_FALSE(temp_base_a.empty()); | 333 ASSERT_FALSE(temp_base_a.empty()); |
| 334 *temp_base_a.begin() = base::ToUpperASCII(*temp_base_a.begin()); | 334 *temp_base_a.begin() = ToUpperASCII(*temp_base_a.begin()); |
| 335 base_a = FilePath(temp_base_a); | 335 base_a = FilePath(temp_base_a); |
| 336 #endif | 336 #endif |
| 337 ASSERT_TRUE(CreateDirectory(base_a)); | 337 ASSERT_TRUE(CreateDirectory(base_a)); |
| 338 | 338 |
| 339 FilePath sub_a = base_a.Append(FPL("sub_a")); | 339 FilePath sub_a = base_a.Append(FPL("sub_a")); |
| 340 ASSERT_TRUE(CreateDirectory(sub_a)); | 340 ASSERT_TRUE(CreateDirectory(sub_a)); |
| 341 | 341 |
| 342 FilePath file_txt = sub_a.Append(FPL("file.txt")); | 342 FilePath file_txt = sub_a.Append(FPL("file.txt")); |
| 343 CreateTextFile(file_txt, bogus_content); | 343 CreateTextFile(file_txt, bogus_content); |
| 344 | 344 |
| (...skipping 185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 530 | 530 |
| 531 // Create a subdirectory of |long_test_dir| and make |long_test_dir| | 531 // Create a subdirectory of |long_test_dir| and make |long_test_dir| |
| 532 // unreadable. We should still be able to create a temp file in the | 532 // unreadable. We should still be able to create a temp file in the |
| 533 // subdirectory, but we won't be able to determine the long path for it. This | 533 // subdirectory, but we won't be able to determine the long path for it. This |
| 534 // mimics the environment that some users run where their user profiles reside | 534 // mimics the environment that some users run where their user profiles reside |
| 535 // in a location where the don't have full access to the higher level | 535 // in a location where the don't have full access to the higher level |
| 536 // directories. (Note that this assumption is true for NTFS, but not for some | 536 // directories. (Note that this assumption is true for NTFS, but not for some |
| 537 // network file systems. E.g. AFS). | 537 // network file systems. E.g. AFS). |
| 538 FilePath access_test_dir = long_test_dir.Append(kTestSubDirName); | 538 FilePath access_test_dir = long_test_dir.Append(kTestSubDirName); |
| 539 ASSERT_TRUE(CreateDirectory(access_test_dir)); | 539 ASSERT_TRUE(CreateDirectory(access_test_dir)); |
| 540 base::FilePermissionRestorer long_test_dir_restorer(long_test_dir); | 540 FilePermissionRestorer long_test_dir_restorer(long_test_dir); |
| 541 ASSERT_TRUE(base::MakeFileUnreadable(long_test_dir)); | 541 ASSERT_TRUE(MakeFileUnreadable(long_test_dir)); |
| 542 | 542 |
| 543 // Use the short form of the directory to create a temporary filename. | 543 // Use the short form of the directory to create a temporary filename. |
| 544 ASSERT_TRUE(CreateTemporaryFileInDir( | 544 ASSERT_TRUE(CreateTemporaryFileInDir( |
| 545 short_test_dir.Append(kTestSubDirName), &temp_file)); | 545 short_test_dir.Append(kTestSubDirName), &temp_file)); |
| 546 EXPECT_TRUE(PathExists(temp_file)); | 546 EXPECT_TRUE(PathExists(temp_file)); |
| 547 EXPECT_TRUE(short_test_dir.IsParent(temp_file.DirName())); | 547 EXPECT_TRUE(short_test_dir.IsParent(temp_file.DirName())); |
| 548 | 548 |
| 549 // Check that the long path can't be determined for |temp_file|. | 549 // Check that the long path can't be determined for |temp_file|. |
| 550 path_buffer_length = GetLongPathName(temp_file.value().c_str(), | 550 path_buffer_length = GetLongPathName(temp_file.value().c_str(), |
| 551 path_buffer, MAX_PATH); | 551 path_buffer, MAX_PATH); |
| (...skipping 1542 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2094 | 2094 |
| 2095 EXPECT_TRUE(ReadFileToString(file_path, NULL, 6)); | 2095 EXPECT_TRUE(ReadFileToString(file_path, NULL, 6)); |
| 2096 | 2096 |
| 2097 EXPECT_TRUE(ReadFileToString(file_path, NULL)); | 2097 EXPECT_TRUE(ReadFileToString(file_path, NULL)); |
| 2098 | 2098 |
| 2099 data = "temp"; | 2099 data = "temp"; |
| 2100 EXPECT_FALSE(ReadFileToString(file_path_dangerous, &data)); | 2100 EXPECT_FALSE(ReadFileToString(file_path_dangerous, &data)); |
| 2101 EXPECT_EQ(0u, data.length()); | 2101 EXPECT_EQ(0u, data.length()); |
| 2102 | 2102 |
| 2103 // Delete test file. | 2103 // Delete test file. |
| 2104 EXPECT_TRUE(base::DeleteFile(file_path, false)); | 2104 EXPECT_TRUE(DeleteFile(file_path, false)); |
| 2105 | 2105 |
| 2106 data = "temp"; | 2106 data = "temp"; |
| 2107 EXPECT_FALSE(ReadFileToString(file_path, &data)); | 2107 EXPECT_FALSE(ReadFileToString(file_path, &data)); |
| 2108 EXPECT_EQ(0u, data.length()); | 2108 EXPECT_EQ(0u, data.length()); |
| 2109 | 2109 |
| 2110 data = "temp"; | 2110 data = "temp"; |
| 2111 EXPECT_FALSE(ReadFileToString(file_path, &data, 6)); | 2111 EXPECT_FALSE(ReadFileToString(file_path, &data, 6)); |
| 2112 EXPECT_EQ(0u, data.length()); | 2112 EXPECT_EQ(0u, data.length()); |
| 2113 } | 2113 } |
| 2114 | 2114 |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2228 std::set<gid_t> ok_gids_; | 2228 std::set<gid_t> ok_gids_; |
| 2229 std::set<gid_t> bad_gids_; | 2229 std::set<gid_t> bad_gids_; |
| 2230 }; | 2230 }; |
| 2231 | 2231 |
| 2232 TEST_F(VerifyPathControlledByUserTest, BadPaths) { | 2232 TEST_F(VerifyPathControlledByUserTest, BadPaths) { |
| 2233 // File does not exist. | 2233 // File does not exist. |
| 2234 FilePath does_not_exist = base_dir_.AppendASCII("does") | 2234 FilePath does_not_exist = base_dir_.AppendASCII("does") |
| 2235 .AppendASCII("not") | 2235 .AppendASCII("not") |
| 2236 .AppendASCII("exist"); | 2236 .AppendASCII("exist"); |
| 2237 EXPECT_FALSE( | 2237 EXPECT_FALSE( |
| 2238 base::VerifyPathControlledByUser( | 2238 VerifyPathControlledByUser(base_dir_, does_not_exist, uid_, ok_gids_)); |
| 2239 base_dir_, does_not_exist, uid_, ok_gids_)); | |
| 2240 | 2239 |
| 2241 // |base| not a subpath of |path|. | 2240 // |base| not a subpath of |path|. |
| 2242 EXPECT_FALSE( | 2241 EXPECT_FALSE(VerifyPathControlledByUser(sub_dir_, base_dir_, uid_, ok_gids_)); |
| 2243 base::VerifyPathControlledByUser( | |
| 2244 sub_dir_, base_dir_, uid_, ok_gids_)); | |
| 2245 | 2242 |
| 2246 // An empty base path will fail to be a prefix for any path. | 2243 // An empty base path will fail to be a prefix for any path. |
| 2247 FilePath empty; | 2244 FilePath empty; |
| 2248 EXPECT_FALSE( | 2245 EXPECT_FALSE(VerifyPathControlledByUser(empty, base_dir_, uid_, ok_gids_)); |
| 2249 base::VerifyPathControlledByUser( | |
| 2250 empty, base_dir_, uid_, ok_gids_)); | |
| 2251 | 2246 |
| 2252 // Finding that a bad call fails proves nothing unless a good call succeeds. | 2247 // Finding that a bad call fails proves nothing unless a good call succeeds. |
| 2253 EXPECT_TRUE( | 2248 EXPECT_TRUE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, ok_gids_)); |
| 2254 base::VerifyPathControlledByUser( | |
| 2255 base_dir_, sub_dir_, uid_, ok_gids_)); | |
| 2256 } | 2249 } |
| 2257 | 2250 |
| 2258 TEST_F(VerifyPathControlledByUserTest, Symlinks) { | 2251 TEST_F(VerifyPathControlledByUserTest, Symlinks) { |
| 2259 // Symlinks in the path should cause failure. | 2252 // Symlinks in the path should cause failure. |
| 2260 | 2253 |
| 2261 // Symlink to the file at the end of the path. | 2254 // Symlink to the file at the end of the path. |
| 2262 FilePath file_link = base_dir_.AppendASCII("file_link"); | 2255 FilePath file_link = base_dir_.AppendASCII("file_link"); |
| 2263 ASSERT_TRUE(CreateSymbolicLink(text_file_, file_link)) | 2256 ASSERT_TRUE(CreateSymbolicLink(text_file_, file_link)) |
| 2264 << "Failed to create symlink."; | 2257 << "Failed to create symlink."; |
| 2265 | 2258 |
| 2266 EXPECT_FALSE( | 2259 EXPECT_FALSE( |
| 2267 base::VerifyPathControlledByUser( | 2260 VerifyPathControlledByUser(base_dir_, file_link, uid_, ok_gids_)); |
| 2268 base_dir_, file_link, uid_, ok_gids_)); | |
| 2269 EXPECT_FALSE( | 2261 EXPECT_FALSE( |
| 2270 base::VerifyPathControlledByUser( | 2262 VerifyPathControlledByUser(file_link, file_link, uid_, ok_gids_)); |
| 2271 file_link, file_link, uid_, ok_gids_)); | |
| 2272 | 2263 |
| 2273 // Symlink from one directory to another within the path. | 2264 // Symlink from one directory to another within the path. |
| 2274 FilePath link_to_sub_dir = base_dir_.AppendASCII("link_to_sub_dir"); | 2265 FilePath link_to_sub_dir = base_dir_.AppendASCII("link_to_sub_dir"); |
| 2275 ASSERT_TRUE(CreateSymbolicLink(sub_dir_, link_to_sub_dir)) | 2266 ASSERT_TRUE(CreateSymbolicLink(sub_dir_, link_to_sub_dir)) |
| 2276 << "Failed to create symlink."; | 2267 << "Failed to create symlink."; |
| 2277 | 2268 |
| 2278 FilePath file_path_with_link = link_to_sub_dir.AppendASCII("file.txt"); | 2269 FilePath file_path_with_link = link_to_sub_dir.AppendASCII("file.txt"); |
| 2279 ASSERT_TRUE(PathExists(file_path_with_link)); | 2270 ASSERT_TRUE(PathExists(file_path_with_link)); |
| 2280 | 2271 |
| 2281 EXPECT_FALSE( | 2272 EXPECT_FALSE(VerifyPathControlledByUser(base_dir_, file_path_with_link, uid_, |
| 2282 base::VerifyPathControlledByUser( | 2273 ok_gids_)); |
| 2283 base_dir_, file_path_with_link, uid_, ok_gids_)); | |
| 2284 | 2274 |
| 2285 EXPECT_FALSE( | 2275 EXPECT_FALSE(VerifyPathControlledByUser(link_to_sub_dir, file_path_with_link, |
| 2286 base::VerifyPathControlledByUser( | 2276 uid_, ok_gids_)); |
| 2287 link_to_sub_dir, file_path_with_link, uid_, ok_gids_)); | |
| 2288 | 2277 |
| 2289 // Symlinks in parents of base path are allowed. | 2278 // Symlinks in parents of base path are allowed. |
| 2290 EXPECT_TRUE( | 2279 EXPECT_TRUE(VerifyPathControlledByUser(file_path_with_link, |
| 2291 base::VerifyPathControlledByUser( | 2280 file_path_with_link, uid_, ok_gids_)); |
| 2292 file_path_with_link, file_path_with_link, uid_, ok_gids_)); | |
| 2293 } | 2281 } |
| 2294 | 2282 |
| 2295 TEST_F(VerifyPathControlledByUserTest, OwnershipChecks) { | 2283 TEST_F(VerifyPathControlledByUserTest, OwnershipChecks) { |
| 2296 // Get a uid that is not the uid of files we create. | 2284 // Get a uid that is not the uid of files we create. |
| 2297 uid_t bad_uid = uid_ + 1; | 2285 uid_t bad_uid = uid_ + 1; |
| 2298 | 2286 |
| 2299 // Make all files and directories non-world-writable. | 2287 // Make all files and directories non-world-writable. |
| 2300 ASSERT_NO_FATAL_FAILURE( | 2288 ASSERT_NO_FATAL_FAILURE( |
| 2301 ChangePosixFilePermissions(base_dir_, 0u, S_IWOTH)); | 2289 ChangePosixFilePermissions(base_dir_, 0u, S_IWOTH)); |
| 2302 ASSERT_NO_FATAL_FAILURE( | 2290 ASSERT_NO_FATAL_FAILURE( |
| 2303 ChangePosixFilePermissions(sub_dir_, 0u, S_IWOTH)); | 2291 ChangePosixFilePermissions(sub_dir_, 0u, S_IWOTH)); |
| 2304 ASSERT_NO_FATAL_FAILURE( | 2292 ASSERT_NO_FATAL_FAILURE( |
| 2305 ChangePosixFilePermissions(text_file_, 0u, S_IWOTH)); | 2293 ChangePosixFilePermissions(text_file_, 0u, S_IWOTH)); |
| 2306 | 2294 |
| 2307 // We control these paths. | 2295 // We control these paths. |
| 2296 EXPECT_TRUE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, ok_gids_)); |
| 2308 EXPECT_TRUE( | 2297 EXPECT_TRUE( |
| 2309 base::VerifyPathControlledByUser( | 2298 VerifyPathControlledByUser(base_dir_, text_file_, uid_, ok_gids_)); |
| 2310 base_dir_, sub_dir_, uid_, ok_gids_)); | 2299 EXPECT_TRUE(VerifyPathControlledByUser(sub_dir_, text_file_, uid_, ok_gids_)); |
| 2311 EXPECT_TRUE( | |
| 2312 base::VerifyPathControlledByUser( | |
| 2313 base_dir_, text_file_, uid_, ok_gids_)); | |
| 2314 EXPECT_TRUE( | |
| 2315 base::VerifyPathControlledByUser( | |
| 2316 sub_dir_, text_file_, uid_, ok_gids_)); | |
| 2317 | 2300 |
| 2318 // Another user does not control these paths. | 2301 // Another user does not control these paths. |
| 2319 EXPECT_FALSE( | 2302 EXPECT_FALSE( |
| 2320 base::VerifyPathControlledByUser( | 2303 VerifyPathControlledByUser(base_dir_, sub_dir_, bad_uid, ok_gids_)); |
| 2321 base_dir_, sub_dir_, bad_uid, ok_gids_)); | |
| 2322 EXPECT_FALSE( | 2304 EXPECT_FALSE( |
| 2323 base::VerifyPathControlledByUser( | 2305 VerifyPathControlledByUser(base_dir_, text_file_, bad_uid, ok_gids_)); |
| 2324 base_dir_, text_file_, bad_uid, ok_gids_)); | |
| 2325 EXPECT_FALSE( | 2306 EXPECT_FALSE( |
| 2326 base::VerifyPathControlledByUser( | 2307 VerifyPathControlledByUser(sub_dir_, text_file_, bad_uid, ok_gids_)); |
| 2327 sub_dir_, text_file_, bad_uid, ok_gids_)); | |
| 2328 | 2308 |
| 2329 // Another group does not control the paths. | 2309 // Another group does not control the paths. |
| 2330 EXPECT_FALSE( | 2310 EXPECT_FALSE( |
| 2331 base::VerifyPathControlledByUser( | 2311 VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, bad_gids_)); |
| 2332 base_dir_, sub_dir_, uid_, bad_gids_)); | |
| 2333 EXPECT_FALSE( | 2312 EXPECT_FALSE( |
| 2334 base::VerifyPathControlledByUser( | 2313 VerifyPathControlledByUser(base_dir_, text_file_, uid_, bad_gids_)); |
| 2335 base_dir_, text_file_, uid_, bad_gids_)); | |
| 2336 EXPECT_FALSE( | 2314 EXPECT_FALSE( |
| 2337 base::VerifyPathControlledByUser( | 2315 VerifyPathControlledByUser(sub_dir_, text_file_, uid_, bad_gids_)); |
| 2338 sub_dir_, text_file_, uid_, bad_gids_)); | |
| 2339 } | 2316 } |
| 2340 | 2317 |
| 2341 TEST_F(VerifyPathControlledByUserTest, GroupWriteTest) { | 2318 TEST_F(VerifyPathControlledByUserTest, GroupWriteTest) { |
| 2342 // Make all files and directories writable only by their owner. | 2319 // Make all files and directories writable only by their owner. |
| 2343 ASSERT_NO_FATAL_FAILURE( | 2320 ASSERT_NO_FATAL_FAILURE( |
| 2344 ChangePosixFilePermissions(base_dir_, 0u, S_IWOTH|S_IWGRP)); | 2321 ChangePosixFilePermissions(base_dir_, 0u, S_IWOTH|S_IWGRP)); |
| 2345 ASSERT_NO_FATAL_FAILURE( | 2322 ASSERT_NO_FATAL_FAILURE( |
| 2346 ChangePosixFilePermissions(sub_dir_, 0u, S_IWOTH|S_IWGRP)); | 2323 ChangePosixFilePermissions(sub_dir_, 0u, S_IWOTH|S_IWGRP)); |
| 2347 ASSERT_NO_FATAL_FAILURE( | 2324 ASSERT_NO_FATAL_FAILURE( |
| 2348 ChangePosixFilePermissions(text_file_, 0u, S_IWOTH|S_IWGRP)); | 2325 ChangePosixFilePermissions(text_file_, 0u, S_IWOTH|S_IWGRP)); |
| 2349 | 2326 |
| 2350 // Any group is okay because the path is not group-writable. | 2327 // Any group is okay because the path is not group-writable. |
| 2328 EXPECT_TRUE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, ok_gids_)); |
| 2351 EXPECT_TRUE( | 2329 EXPECT_TRUE( |
| 2352 base::VerifyPathControlledByUser( | 2330 VerifyPathControlledByUser(base_dir_, text_file_, uid_, ok_gids_)); |
| 2353 base_dir_, sub_dir_, uid_, ok_gids_)); | 2331 EXPECT_TRUE(VerifyPathControlledByUser(sub_dir_, text_file_, uid_, ok_gids_)); |
| 2332 |
| 2333 EXPECT_TRUE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, bad_gids_)); |
| 2354 EXPECT_TRUE( | 2334 EXPECT_TRUE( |
| 2355 base::VerifyPathControlledByUser( | 2335 VerifyPathControlledByUser(base_dir_, text_file_, uid_, bad_gids_)); |
| 2356 base_dir_, text_file_, uid_, ok_gids_)); | |
| 2357 EXPECT_TRUE( | 2336 EXPECT_TRUE( |
| 2358 base::VerifyPathControlledByUser( | 2337 VerifyPathControlledByUser(sub_dir_, text_file_, uid_, bad_gids_)); |
| 2359 sub_dir_, text_file_, uid_, ok_gids_)); | |
| 2360 | |
| 2361 EXPECT_TRUE( | |
| 2362 base::VerifyPathControlledByUser( | |
| 2363 base_dir_, sub_dir_, uid_, bad_gids_)); | |
| 2364 EXPECT_TRUE( | |
| 2365 base::VerifyPathControlledByUser( | |
| 2366 base_dir_, text_file_, uid_, bad_gids_)); | |
| 2367 EXPECT_TRUE( | |
| 2368 base::VerifyPathControlledByUser( | |
| 2369 sub_dir_, text_file_, uid_, bad_gids_)); | |
| 2370 | 2338 |
| 2371 // No group is okay, because we don't check the group | 2339 // No group is okay, because we don't check the group |
| 2372 // if no group can write. | 2340 // if no group can write. |
| 2373 std::set<gid_t> no_gids; // Empty set of gids. | 2341 std::set<gid_t> no_gids; // Empty set of gids. |
| 2374 EXPECT_TRUE( | 2342 EXPECT_TRUE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, no_gids)); |
| 2375 base::VerifyPathControlledByUser( | 2343 EXPECT_TRUE(VerifyPathControlledByUser(base_dir_, text_file_, uid_, no_gids)); |
| 2376 base_dir_, sub_dir_, uid_, no_gids)); | 2344 EXPECT_TRUE(VerifyPathControlledByUser(sub_dir_, text_file_, uid_, no_gids)); |
| 2377 EXPECT_TRUE( | |
| 2378 base::VerifyPathControlledByUser( | |
| 2379 base_dir_, text_file_, uid_, no_gids)); | |
| 2380 EXPECT_TRUE( | |
| 2381 base::VerifyPathControlledByUser( | |
| 2382 sub_dir_, text_file_, uid_, no_gids)); | |
| 2383 | |
| 2384 | 2345 |
| 2385 // Make all files and directories writable by their group. | 2346 // Make all files and directories writable by their group. |
| 2386 ASSERT_NO_FATAL_FAILURE( | 2347 ASSERT_NO_FATAL_FAILURE(ChangePosixFilePermissions(base_dir_, S_IWGRP, 0u)); |
| 2387 ChangePosixFilePermissions(base_dir_, S_IWGRP, 0u)); | 2348 ASSERT_NO_FATAL_FAILURE(ChangePosixFilePermissions(sub_dir_, S_IWGRP, 0u)); |
| 2388 ASSERT_NO_FATAL_FAILURE( | 2349 ASSERT_NO_FATAL_FAILURE(ChangePosixFilePermissions(text_file_, S_IWGRP, 0u)); |
| 2389 ChangePosixFilePermissions(sub_dir_, S_IWGRP, 0u)); | |
| 2390 ASSERT_NO_FATAL_FAILURE( | |
| 2391 ChangePosixFilePermissions(text_file_, S_IWGRP, 0u)); | |
| 2392 | 2350 |
| 2393 // Now |ok_gids_| works, but |bad_gids_| fails. | 2351 // Now |ok_gids_| works, but |bad_gids_| fails. |
| 2352 EXPECT_TRUE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, ok_gids_)); |
| 2394 EXPECT_TRUE( | 2353 EXPECT_TRUE( |
| 2395 base::VerifyPathControlledByUser( | 2354 VerifyPathControlledByUser(base_dir_, text_file_, uid_, ok_gids_)); |
| 2396 base_dir_, sub_dir_, uid_, ok_gids_)); | 2355 EXPECT_TRUE(VerifyPathControlledByUser(sub_dir_, text_file_, uid_, ok_gids_)); |
| 2397 EXPECT_TRUE( | |
| 2398 base::VerifyPathControlledByUser( | |
| 2399 base_dir_, text_file_, uid_, ok_gids_)); | |
| 2400 EXPECT_TRUE( | |
| 2401 base::VerifyPathControlledByUser( | |
| 2402 sub_dir_, text_file_, uid_, ok_gids_)); | |
| 2403 | 2356 |
| 2404 EXPECT_FALSE( | 2357 EXPECT_FALSE( |
| 2405 base::VerifyPathControlledByUser( | 2358 VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, bad_gids_)); |
| 2406 base_dir_, sub_dir_, uid_, bad_gids_)); | |
| 2407 EXPECT_FALSE( | 2359 EXPECT_FALSE( |
| 2408 base::VerifyPathControlledByUser( | 2360 VerifyPathControlledByUser(base_dir_, text_file_, uid_, bad_gids_)); |
| 2409 base_dir_, text_file_, uid_, bad_gids_)); | |
| 2410 EXPECT_FALSE( | 2361 EXPECT_FALSE( |
| 2411 base::VerifyPathControlledByUser( | 2362 VerifyPathControlledByUser(sub_dir_, text_file_, uid_, bad_gids_)); |
| 2412 sub_dir_, text_file_, uid_, bad_gids_)); | |
| 2413 | 2363 |
| 2414 // Because any group in the group set is allowed, | 2364 // Because any group in the group set is allowed, |
| 2415 // the union of good and bad gids passes. | 2365 // the union of good and bad gids passes. |
| 2416 | 2366 |
| 2417 std::set<gid_t> multiple_gids; | 2367 std::set<gid_t> multiple_gids; |
| 2418 std::set_union( | 2368 std::set_union( |
| 2419 ok_gids_.begin(), ok_gids_.end(), | 2369 ok_gids_.begin(), ok_gids_.end(), |
| 2420 bad_gids_.begin(), bad_gids_.end(), | 2370 bad_gids_.begin(), bad_gids_.end(), |
| 2421 std::inserter(multiple_gids, multiple_gids.begin())); | 2371 std::inserter(multiple_gids, multiple_gids.begin())); |
| 2422 | 2372 |
| 2423 EXPECT_TRUE( | 2373 EXPECT_TRUE( |
| 2424 base::VerifyPathControlledByUser( | 2374 VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, multiple_gids)); |
| 2425 base_dir_, sub_dir_, uid_, multiple_gids)); | |
| 2426 EXPECT_TRUE( | 2375 EXPECT_TRUE( |
| 2427 base::VerifyPathControlledByUser( | 2376 VerifyPathControlledByUser(base_dir_, text_file_, uid_, multiple_gids)); |
| 2428 base_dir_, text_file_, uid_, multiple_gids)); | |
| 2429 EXPECT_TRUE( | 2377 EXPECT_TRUE( |
| 2430 base::VerifyPathControlledByUser( | 2378 VerifyPathControlledByUser(sub_dir_, text_file_, uid_, multiple_gids)); |
| 2431 sub_dir_, text_file_, uid_, multiple_gids)); | |
| 2432 } | 2379 } |
| 2433 | 2380 |
| 2434 TEST_F(VerifyPathControlledByUserTest, WriteBitChecks) { | 2381 TEST_F(VerifyPathControlledByUserTest, WriteBitChecks) { |
| 2435 // Make all files and directories non-world-writable. | 2382 // Make all files and directories non-world-writable. |
| 2436 ASSERT_NO_FATAL_FAILURE( | 2383 ASSERT_NO_FATAL_FAILURE( |
| 2437 ChangePosixFilePermissions(base_dir_, 0u, S_IWOTH)); | 2384 ChangePosixFilePermissions(base_dir_, 0u, S_IWOTH)); |
| 2438 ASSERT_NO_FATAL_FAILURE( | 2385 ASSERT_NO_FATAL_FAILURE( |
| 2439 ChangePosixFilePermissions(sub_dir_, 0u, S_IWOTH)); | 2386 ChangePosixFilePermissions(sub_dir_, 0u, S_IWOTH)); |
| 2440 ASSERT_NO_FATAL_FAILURE( | 2387 ASSERT_NO_FATAL_FAILURE( |
| 2441 ChangePosixFilePermissions(text_file_, 0u, S_IWOTH)); | 2388 ChangePosixFilePermissions(text_file_, 0u, S_IWOTH)); |
| 2442 | 2389 |
| 2443 // Initialy, we control all parts of the path. | 2390 // Initialy, we control all parts of the path. |
| 2391 EXPECT_TRUE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, ok_gids_)); |
| 2444 EXPECT_TRUE( | 2392 EXPECT_TRUE( |
| 2445 base::VerifyPathControlledByUser( | 2393 VerifyPathControlledByUser(base_dir_, text_file_, uid_, ok_gids_)); |
| 2446 base_dir_, sub_dir_, uid_, ok_gids_)); | 2394 EXPECT_TRUE(VerifyPathControlledByUser(sub_dir_, text_file_, uid_, ok_gids_)); |
| 2447 EXPECT_TRUE( | |
| 2448 base::VerifyPathControlledByUser( | |
| 2449 base_dir_, text_file_, uid_, ok_gids_)); | |
| 2450 EXPECT_TRUE( | |
| 2451 base::VerifyPathControlledByUser( | |
| 2452 sub_dir_, text_file_, uid_, ok_gids_)); | |
| 2453 | 2395 |
| 2454 // Make base_dir_ world-writable. | 2396 // Make base_dir_ world-writable. |
| 2455 ASSERT_NO_FATAL_FAILURE( | 2397 ASSERT_NO_FATAL_FAILURE( |
| 2456 ChangePosixFilePermissions(base_dir_, S_IWOTH, 0u)); | 2398 ChangePosixFilePermissions(base_dir_, S_IWOTH, 0u)); |
| 2399 EXPECT_FALSE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, ok_gids_)); |
| 2457 EXPECT_FALSE( | 2400 EXPECT_FALSE( |
| 2458 base::VerifyPathControlledByUser( | 2401 VerifyPathControlledByUser(base_dir_, text_file_, uid_, ok_gids_)); |
| 2459 base_dir_, sub_dir_, uid_, ok_gids_)); | 2402 EXPECT_TRUE(VerifyPathControlledByUser(sub_dir_, text_file_, uid_, ok_gids_)); |
| 2460 EXPECT_FALSE( | |
| 2461 base::VerifyPathControlledByUser( | |
| 2462 base_dir_, text_file_, uid_, ok_gids_)); | |
| 2463 EXPECT_TRUE( | |
| 2464 base::VerifyPathControlledByUser( | |
| 2465 sub_dir_, text_file_, uid_, ok_gids_)); | |
| 2466 | 2403 |
| 2467 // Make sub_dir_ world writable. | 2404 // Make sub_dir_ world writable. |
| 2468 ASSERT_NO_FATAL_FAILURE( | 2405 ASSERT_NO_FATAL_FAILURE( |
| 2469 ChangePosixFilePermissions(sub_dir_, S_IWOTH, 0u)); | 2406 ChangePosixFilePermissions(sub_dir_, S_IWOTH, 0u)); |
| 2407 EXPECT_FALSE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, ok_gids_)); |
| 2470 EXPECT_FALSE( | 2408 EXPECT_FALSE( |
| 2471 base::VerifyPathControlledByUser( | 2409 VerifyPathControlledByUser(base_dir_, text_file_, uid_, ok_gids_)); |
| 2472 base_dir_, sub_dir_, uid_, ok_gids_)); | |
| 2473 EXPECT_FALSE( | 2410 EXPECT_FALSE( |
| 2474 base::VerifyPathControlledByUser( | 2411 VerifyPathControlledByUser(sub_dir_, text_file_, uid_, ok_gids_)); |
| 2475 base_dir_, text_file_, uid_, ok_gids_)); | |
| 2476 EXPECT_FALSE( | |
| 2477 base::VerifyPathControlledByUser( | |
| 2478 sub_dir_, text_file_, uid_, ok_gids_)); | |
| 2479 | 2412 |
| 2480 // Make text_file_ world writable. | 2413 // Make text_file_ world writable. |
| 2481 ASSERT_NO_FATAL_FAILURE( | 2414 ASSERT_NO_FATAL_FAILURE( |
| 2482 ChangePosixFilePermissions(text_file_, S_IWOTH, 0u)); | 2415 ChangePosixFilePermissions(text_file_, S_IWOTH, 0u)); |
| 2416 EXPECT_FALSE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, ok_gids_)); |
| 2483 EXPECT_FALSE( | 2417 EXPECT_FALSE( |
| 2484 base::VerifyPathControlledByUser( | 2418 VerifyPathControlledByUser(base_dir_, text_file_, uid_, ok_gids_)); |
| 2485 base_dir_, sub_dir_, uid_, ok_gids_)); | |
| 2486 EXPECT_FALSE( | 2419 EXPECT_FALSE( |
| 2487 base::VerifyPathControlledByUser( | 2420 VerifyPathControlledByUser(sub_dir_, text_file_, uid_, ok_gids_)); |
| 2488 base_dir_, text_file_, uid_, ok_gids_)); | |
| 2489 EXPECT_FALSE( | |
| 2490 base::VerifyPathControlledByUser( | |
| 2491 sub_dir_, text_file_, uid_, ok_gids_)); | |
| 2492 | 2421 |
| 2493 // Make sub_dir_ non-world writable. | 2422 // Make sub_dir_ non-world writable. |
| 2494 ASSERT_NO_FATAL_FAILURE( | 2423 ASSERT_NO_FATAL_FAILURE( |
| 2495 ChangePosixFilePermissions(sub_dir_, 0u, S_IWOTH)); | 2424 ChangePosixFilePermissions(sub_dir_, 0u, S_IWOTH)); |
| 2425 EXPECT_FALSE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, ok_gids_)); |
| 2496 EXPECT_FALSE( | 2426 EXPECT_FALSE( |
| 2497 base::VerifyPathControlledByUser( | 2427 VerifyPathControlledByUser(base_dir_, text_file_, uid_, ok_gids_)); |
| 2498 base_dir_, sub_dir_, uid_, ok_gids_)); | |
| 2499 EXPECT_FALSE( | 2428 EXPECT_FALSE( |
| 2500 base::VerifyPathControlledByUser( | 2429 VerifyPathControlledByUser(sub_dir_, text_file_, uid_, ok_gids_)); |
| 2501 base_dir_, text_file_, uid_, ok_gids_)); | |
| 2502 EXPECT_FALSE( | |
| 2503 base::VerifyPathControlledByUser( | |
| 2504 sub_dir_, text_file_, uid_, ok_gids_)); | |
| 2505 | 2430 |
| 2506 // Make base_dir_ non-world-writable. | 2431 // Make base_dir_ non-world-writable. |
| 2507 ASSERT_NO_FATAL_FAILURE( | 2432 ASSERT_NO_FATAL_FAILURE( |
| 2508 ChangePosixFilePermissions(base_dir_, 0u, S_IWOTH)); | 2433 ChangePosixFilePermissions(base_dir_, 0u, S_IWOTH)); |
| 2509 EXPECT_TRUE( | 2434 EXPECT_TRUE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, ok_gids_)); |
| 2510 base::VerifyPathControlledByUser( | |
| 2511 base_dir_, sub_dir_, uid_, ok_gids_)); | |
| 2512 EXPECT_FALSE( | 2435 EXPECT_FALSE( |
| 2513 base::VerifyPathControlledByUser( | 2436 VerifyPathControlledByUser(base_dir_, text_file_, uid_, ok_gids_)); |
| 2514 base_dir_, text_file_, uid_, ok_gids_)); | |
| 2515 EXPECT_FALSE( | 2437 EXPECT_FALSE( |
| 2516 base::VerifyPathControlledByUser( | 2438 VerifyPathControlledByUser(sub_dir_, text_file_, uid_, ok_gids_)); |
| 2517 sub_dir_, text_file_, uid_, ok_gids_)); | |
| 2518 | 2439 |
| 2519 // Back to the initial state: Nothing is writable, so every path | 2440 // Back to the initial state: Nothing is writable, so every path |
| 2520 // should pass. | 2441 // should pass. |
| 2521 ASSERT_NO_FATAL_FAILURE( | 2442 ASSERT_NO_FATAL_FAILURE( |
| 2522 ChangePosixFilePermissions(text_file_, 0u, S_IWOTH)); | 2443 ChangePosixFilePermissions(text_file_, 0u, S_IWOTH)); |
| 2444 EXPECT_TRUE(VerifyPathControlledByUser(base_dir_, sub_dir_, uid_, ok_gids_)); |
| 2523 EXPECT_TRUE( | 2445 EXPECT_TRUE( |
| 2524 base::VerifyPathControlledByUser( | 2446 VerifyPathControlledByUser(base_dir_, text_file_, uid_, ok_gids_)); |
| 2525 base_dir_, sub_dir_, uid_, ok_gids_)); | 2447 EXPECT_TRUE(VerifyPathControlledByUser(sub_dir_, text_file_, uid_, ok_gids_)); |
| 2526 EXPECT_TRUE( | |
| 2527 base::VerifyPathControlledByUser( | |
| 2528 base_dir_, text_file_, uid_, ok_gids_)); | |
| 2529 EXPECT_TRUE( | |
| 2530 base::VerifyPathControlledByUser( | |
| 2531 sub_dir_, text_file_, uid_, ok_gids_)); | |
| 2532 } | 2448 } |
| 2533 | 2449 |
| 2534 #if defined(OS_ANDROID) | 2450 #if defined(OS_ANDROID) |
| 2535 TEST_F(FileUtilTest, ValidContentUriTest) { | 2451 TEST_F(FileUtilTest, ValidContentUriTest) { |
| 2536 // Get the test image path. | 2452 // Get the test image path. |
| 2537 FilePath data_dir; | 2453 FilePath data_dir; |
| 2538 ASSERT_TRUE(PathService::Get(DIR_TEST_DATA, &data_dir)); | 2454 ASSERT_TRUE(PathService::Get(DIR_TEST_DATA, &data_dir)); |
| 2539 data_dir = data_dir.AppendASCII("file_util"); | 2455 data_dir = data_dir.AppendASCII("file_util"); |
| 2540 ASSERT_TRUE(PathExists(data_dir)); | 2456 ASSERT_TRUE(PathExists(data_dir)); |
| 2541 FilePath image_file = data_dir.Append(FILE_PATH_LITERAL("red.png")); | 2457 FilePath image_file = data_dir.Append(FILE_PATH_LITERAL("red.png")); |
| 2542 int64 image_size; | 2458 int64 image_size; |
| 2543 GetFileSize(image_file, &image_size); | 2459 GetFileSize(image_file, &image_size); |
| 2544 EXPECT_LT(0, image_size); | 2460 EXPECT_LT(0, image_size); |
| 2545 | 2461 |
| 2546 // Insert the image into MediaStore. MediaStore will do some conversions, and | 2462 // Insert the image into MediaStore. MediaStore will do some conversions, and |
| 2547 // return the content URI. | 2463 // return the content URI. |
| 2548 FilePath path = base::InsertImageIntoMediaStore(image_file); | 2464 FilePath path = InsertImageIntoMediaStore(image_file); |
| 2549 EXPECT_TRUE(path.IsContentUri()); | 2465 EXPECT_TRUE(path.IsContentUri()); |
| 2550 EXPECT_TRUE(PathExists(path)); | 2466 EXPECT_TRUE(PathExists(path)); |
| 2551 // The file size may not equal to the input image as MediaStore may convert | 2467 // The file size may not equal to the input image as MediaStore may convert |
| 2552 // the image. | 2468 // the image. |
| 2553 int64 content_uri_size; | 2469 int64 content_uri_size; |
| 2554 GetFileSize(path, &content_uri_size); | 2470 GetFileSize(path, &content_uri_size); |
| 2555 EXPECT_EQ(image_size, content_uri_size); | 2471 EXPECT_EQ(image_size, content_uri_size); |
| 2556 | 2472 |
| 2557 // We should be able to read the file. | 2473 // We should be able to read the file. |
| 2558 char* buffer = new char[image_size]; | 2474 char* buffer = new char[image_size]; |
| (...skipping 15 matching lines...) Expand all Loading... |
| 2574 File file = OpenContentUriForRead(path); | 2490 File file = OpenContentUriForRead(path); |
| 2575 EXPECT_FALSE(file.IsValid()); | 2491 EXPECT_FALSE(file.IsValid()); |
| 2576 } | 2492 } |
| 2577 #endif | 2493 #endif |
| 2578 | 2494 |
| 2579 TEST(ScopedFD, ScopedFDDoesClose) { | 2495 TEST(ScopedFD, ScopedFDDoesClose) { |
| 2580 int fds[2]; | 2496 int fds[2]; |
| 2581 char c = 0; | 2497 char c = 0; |
| 2582 ASSERT_EQ(0, pipe(fds)); | 2498 ASSERT_EQ(0, pipe(fds)); |
| 2583 const int write_end = fds[1]; | 2499 const int write_end = fds[1]; |
| 2584 base::ScopedFD read_end_closer(fds[0]); | 2500 ScopedFD read_end_closer(fds[0]); |
| 2585 { | 2501 { |
| 2586 base::ScopedFD write_end_closer(fds[1]); | 2502 ScopedFD write_end_closer(fds[1]); |
| 2587 } | 2503 } |
| 2588 // This is the only thread. This file descriptor should no longer be valid. | 2504 // This is the only thread. This file descriptor should no longer be valid. |
| 2589 int ret = close(write_end); | 2505 int ret = close(write_end); |
| 2590 EXPECT_EQ(-1, ret); | 2506 EXPECT_EQ(-1, ret); |
| 2591 EXPECT_EQ(EBADF, errno); | 2507 EXPECT_EQ(EBADF, errno); |
| 2592 // Make sure read(2) won't block. | 2508 // Make sure read(2) won't block. |
| 2593 ASSERT_EQ(0, fcntl(fds[0], F_SETFL, O_NONBLOCK)); | 2509 ASSERT_EQ(0, fcntl(fds[0], F_SETFL, O_NONBLOCK)); |
| 2594 // Reading the pipe should EOF. | 2510 // Reading the pipe should EOF. |
| 2595 EXPECT_EQ(0, read(fds[0], &c, 1)); | 2511 EXPECT_EQ(0, read(fds[0], &c, 1)); |
| 2596 } | 2512 } |
| 2597 | 2513 |
| 2598 #if defined(GTEST_HAS_DEATH_TEST) | 2514 #if defined(GTEST_HAS_DEATH_TEST) |
| 2599 void CloseWithScopedFD(int fd) { | 2515 void CloseWithScopedFD(int fd) { |
| 2600 base::ScopedFD fd_closer(fd); | 2516 ScopedFD fd_closer(fd); |
| 2601 } | 2517 } |
| 2602 #endif | 2518 #endif |
| 2603 | 2519 |
| 2604 TEST(ScopedFD, ScopedFDCrashesOnCloseFailure) { | 2520 TEST(ScopedFD, ScopedFDCrashesOnCloseFailure) { |
| 2605 int fds[2]; | 2521 int fds[2]; |
| 2606 ASSERT_EQ(0, pipe(fds)); | 2522 ASSERT_EQ(0, pipe(fds)); |
| 2607 base::ScopedFD read_end_closer(fds[0]); | 2523 ScopedFD read_end_closer(fds[0]); |
| 2608 EXPECT_EQ(0, IGNORE_EINTR(close(fds[1]))); | 2524 EXPECT_EQ(0, IGNORE_EINTR(close(fds[1]))); |
| 2609 #if defined(GTEST_HAS_DEATH_TEST) | 2525 #if defined(GTEST_HAS_DEATH_TEST) |
| 2610 // This is the only thread. This file descriptor should no longer be valid. | 2526 // This is the only thread. This file descriptor should no longer be valid. |
| 2611 // Trying to close it should crash. This is important for security. | 2527 // Trying to close it should crash. This is important for security. |
| 2612 EXPECT_DEATH(CloseWithScopedFD(fds[1]), ""); | 2528 EXPECT_DEATH(CloseWithScopedFD(fds[1]), ""); |
| 2613 #endif | 2529 #endif |
| 2614 } | 2530 } |
| 2615 | 2531 |
| 2616 #endif // defined(OS_POSIX) | 2532 #endif // defined(OS_POSIX) |
| 2617 | 2533 |
| 2618 } // namespace | 2534 } // namespace |
| 2619 | 2535 |
| 2620 } // namespace base | 2536 } // namespace base |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1180693002:
Update from https://crrev.com/333737 (Closed)
Base URL: https://github.com/domokit/mojo.git@master