Deprecate MountPointProvider::IsAccessAllowed in favor of GetPermissionPolicy

webkit/fileapi/sandbox_mount_point_provider_unittest.cc

Index: webkit/fileapi/sandbox_mount_point_provider_unittest.cc
diff --git a/webkit/fileapi/sandbox_mount_point_provider_unittest.cc b/webkit/fileapi/sandbox_mount_point_provider_unittest.cc
index 9d5111419b7b4ec3c8607f68224fc25fa6e88828..c5024829bc3b8e4e372c8134ba41210c8c20c607 100644
--- a/webkit/fileapi/sandbox_mount_point_provider_unittest.cc
+++ b/webkit/fileapi/sandbox_mount_point_provider_unittest.cc
@@ -15,11 +15,22 @@
 #include "googleurl/src/gurl.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "webkit/fileapi/file_system_mount_point_provider.h"
+#include "webkit/fileapi/file_system_url.h"
 #include "webkit/fileapi/file_system_util.h"
 #include "webkit/fileapi/mock_file_system_options.h"
 
 namespace fileapi {
 
+namespace {
+
+FileSystemURL CreateFileSystemURL(const char* path) {
+  const GURL kOrigin("http://foo/");
+  return FileSystemURL::CreateForTest(
+      kOrigin, kFileSystemTypeTemporary, FilePath::FromUTF8Unsafe(path));
+}
+
+}  // namespace
+
 class SandboxMountPointProviderOriginEnumeratorTest : public testing::Test {
  public:
   void SetUp() {
@@ -104,4 +115,71 @@ TEST_F(SandboxMountPointProviderOriginEnumeratorTest, EnumerateOrigins) {
   EXPECT_EQ(persistent_size, persistent_actual_size);
 }
 
+TEST(SandboxMountPointProviderTest, AccessPermissions) {
+  MessageLoop message_loop_;
+  SandboxMountPointProvider provider(
+      NULL, base::MessageLoopProxy::current(), FilePath(),
+      CreateAllowFileAccessOptions());
+
+  // Any access should be allowed in sandbox directory.
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_ALLOW,
+            provider.GetPermissionPolicy(CreateFileSystemURL("foo"),
+                                         kReadFilePermissions));
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_ALLOW,
+            provider.GetPermissionPolicy(CreateFileSystemURL("foo"),
+                                         kWriteFilePermissions));
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_ALLOW,
+            provider.GetPermissionPolicy(CreateFileSystemURL("foo"),
+                                         kCreateFilePermissions));
+
+  // Access to a path with parent references ('..') should be disallowed.
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_DENY,
+            provider.GetPermissionPolicy(CreateFileSystemURL("a/../b"),
+                                         kReadFilePermissions));
+
+  // Access from non-allowed scheme should be disallowed.
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_DENY,
+            provider.GetPermissionPolicy(
+                FileSystemURL::CreateForTest(
+                    GURL("unknown://bar"), kFileSystemTypeTemporary,
+                    FilePath::FromUTF8Unsafe("foo")),
+                kReadFilePermissions));
+
+  // Access for non-sandbox type should be disallowed.
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_DENY,
+            provider.GetPermissionPolicy(
+                FileSystemURL::CreateForTest(
+                    GURL("http://foo/"), kFileSystemTypeTest,
+                    FilePath::FromUTF8Unsafe("foo")),
+                kReadFilePermissions));
+
+  // Create access with ristricted name should be disallowed.
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_DENY,
+            provider.GetPermissionPolicy(CreateFileSystemURL(".."),
+                                         kCreateFilePermissions));
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_DENY,
+            provider.GetPermissionPolicy(CreateFileSystemURL("."),
+                                         kCreateFilePermissions));
+
+  // Similar but safe cases.
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_ALLOW,
+            provider.GetPermissionPolicy(CreateFileSystemURL(" ."),
+                                         kCreateFilePermissions));
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_ALLOW,
+            provider.GetPermissionPolicy(CreateFileSystemURL(". "),
+                                         kCreateFilePermissions));
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_ALLOW,
+            provider.GetPermissionPolicy(CreateFileSystemURL(" .."),
+                                         kCreateFilePermissions));
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_ALLOW,
+            provider.GetPermissionPolicy(CreateFileSystemURL(".. "),
+                                         kCreateFilePermissions));
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_ALLOW,
+            provider.GetPermissionPolicy(CreateFileSystemURL("b."),
+                                         kCreateFilePermissions));
+  EXPECT_EQ(FILE_PERMISSION_ALWAYS_ALLOW,
+            provider.GetPermissionPolicy(CreateFileSystemURL(".b"),
+                                         kCreateFilePermissions));
+}
+
 }  // namespace fileapi