Extended restricted filesystem to support relative paths.

tests/limited_file_access/limited_file_access.cc

 /*
  * Copyright 2016 The Native Client Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */
 
 /*
  * NaCl tests for limited file access
  */
 
@@ skipping 56 matching lines @@
 
   ASSERT_EQ(test_string_len, write(fd, test_string, test_string_len));
   ASSERT_EQ(0, lseek(fd, 0, SEEK_SET));
   ASSERT_EQ(test_string_len, read(fd, buf, test_string_len));
   ASSERT_EQ(0, memcmp(buf, test_string, test_string_len));
   ASSERT_EQ(0, close(fd));
 }
 
 void test_directory_walk() {
   // Attempt to walk down valid directory structure (and back again).
-  ASSERT_EQ_MSG(chdir("/"), 0, "chdir() failed");
-
   char dirname[PATH_MAX];
   ASSERT_NE_MSG(getcwd(dirname, PATH_MAX), NULL, "getcwd() failed");
   ASSERT_EQ(strcmp(dirname, "/"), 0);
 
+  ASSERT_EQ_MSG(chdir("."), 0, "chdir() failed");
+  ASSERT_EQ_MSG(chdir("/"), 0, "chdir() failed");
+
   DIR *d = opendir(dirname);
   ASSERT_NE_MSG(d, NULL, "opendir() failed");
   int count = 0;
   struct dirent *ent;
 
   /*
    * We expect to see:
    * temp_file
    * temp_symlink
    * sub_temp_dir
@@ skipping 27 matching lines @@
   }
   ASSERT_EQ_MSG(closedir(d), 0, "closedir() failed");
 
   ASSERT(temp_file_seen);
   ASSERT(temp_symlink_seen);
   ASSERT(sub_temp_dir_seen);
   ASSERT(parent_directory_seen);
   ASSERT(current_directory_seen);
   ASSERT_EQ(count, 5);
 
+  // Chdir with relative path name
+  ASSERT_EQ_MSG(chdir(g_temp_sub_dir_name), 0, "chdir() failed");
+  ASSERT_NE_MSG(getcwd(dirname, PATH_MAX), NULL, "getcwd() failed");
+  ASSERT_EQ(strcmp(dirname, g_temp_sub_dir_path), 0);
+
+  // Chdir with absolute path name
   ASSERT_EQ_MSG(chdir(g_temp_sub_dir_path), 0, "chdir() failed");
   ASSERT_NE_MSG(getcwd(dirname, PATH_MAX), NULL, "getcwd() failed");
   ASSERT_EQ(strcmp(dirname, g_temp_sub_dir_path), 0);
+
   d = opendir(dirname);
   count = 0;
 
   /*
    * We expect to see:
    * temp_sub_file
    * ..
    * .
    */
 
@@ skipping 30 matching lines @@
 
 void test_new_directory_access() {
   // Create a new directory, removes that directory.
   mode_t mode = S_IRUSR | S_IWUSR | S_IXUSR;
   ASSERT_EQ(mkdir("/test_dir", mode), 0);
   ASSERT_EQ(rmdir("/test_dir"), 0);
 
   ASSERT_EQ(mkdir("/test_dir/", mode), 0);
   ASSERT_EQ(rmdir("/test_dir/"), 0);
 
-  // Cannot make directory using relative path.
-  ASSERT_EQ(mkdir("test_dir/", mode), -1);
-  ASSERT_EQ(errno, EACCES);
+  // Test that relative paths can also be used.
+  ASSERT_EQ(mkdir("test_dir", mode), 0);
+  ASSERT_EQ(rmdir("test_dir"), 0);
 
   char file_name[PATH_MAX];
   snprintf(file_name, PATH_MAX, "%s/test_dir", g_temp_sub_dir_path);
   ASSERT_EQ(mkdir(file_name, mode), 0);
   ASSERT_EQ(rmdir(file_name), 0);
 
   ASSERT_NE(mkdir("/this_dir_does_not_exist/sub_dir", mode), 0);
   passed("test_new_directory_access", "all");
 }
 
@@ skipping 95 matching lines @@
   // information leak could also lead to discovering directories and files
   // outside the mount point.
   char path[PATH_MAX];
   struct stat buf;
 
   // We should be able to access the root directory.
   ASSERT_EQ(stat("/", &buf), 0);
   ASSERT_EQ(stat("//", &buf), 0);
   ASSERT_EQ(stat("/./.", &buf), 0);
   ASSERT_EQ(stat("/./////.", &buf), 0);
-
-  // We should not be able to access relative paths.
-  ASSERT_EQ(stat(".", &buf), -1);
-  ASSERT_EQ(errno, EACCES);
+  ASSERT_EQ(stat(".", &buf), 0);
 
   // We should not be able to access paths containing "..".
   snprintf(path, PATH_MAX, "%s/..", g_temp_sub_dir_path);
   ASSERT_EQ(stat(path, &buf), -1);
   ASSERT_EQ(errno, EACCES);
 
   // We should not be able to access the parent of the root directory.
   ASSERT_EQ(stat("/..", &buf), -1);
   ASSERT_EQ(errno, EACCES);
 
   // We should not be able to identify our mount point this way.
   snprintf(path, PATH_MAX, "/../%s", g_temp_dir_name);
   ASSERT_EQ(stat(path, &buf), -1);
   ASSERT_EQ(errno, EACCES);
   snprintf(path, PATH_MAX, "//../%s", g_temp_dir_name);
   ASSERT_EQ(stat(path, &buf), -1);
   ASSERT_EQ(errno, EACCES);
   snprintf(path, PATH_MAX, "/.//..//%s", g_temp_dir_name);
   ASSERT_EQ(stat(path, &buf), -1);
   ASSERT_EQ(errno, EACCES);
 
   passed("test_information_leak", "all");
 }
 
 void test_valid_file_access() {
   // Show that reads and writes to valid files work.
   char file_name[PATH_MAX];
 
+  // Absolute path
   snprintf(file_name, PATH_MAX, "%s", g_temp_file_path);
-  do_test_write_read_file(file_name, false);
+  do_test_write_read_file(file_name, /* new_file= */ false);
 
+  // Relative path
+  snprintf(file_name, PATH_MAX, "%s", g_temp_file_name);
+  do_test_write_read_file(file_name, /* new_file= */ false);
+
+  // Absolute path
   snprintf(file_name, PATH_MAX, "%s/%s", g_temp_sub_dir_path,
            g_temp_sub_file_name);
-  do_test_write_read_file(file_name, false);
+  do_test_write_read_file(file_name, /* new_file= */ false);
 
-  snprintf(file_name, PATH_MAX, "%s/%s", g_temp_sub_dir_path,
+  // Relative path
+  snprintf(file_name, PATH_MAX, "%s/%s", g_temp_sub_dir_name,
            g_temp_sub_file_name);
-  do_test_write_read_file(file_name, false);
+  do_test_write_read_file(file_name, /* new_file= */ false);
+
+  ASSERT_EQ_MSG(chdir(g_temp_sub_dir_name), 0, "chdir() failed");
+
+  // Relative path
+  snprintf(file_name, PATH_MAX, "%s", g_temp_sub_file_name);
+  do_test_write_read_file(file_name, /* new_file= */ false);
 
   passed("test_valid_file_access", "all");
 }
 
 void test_new_file_access() {
   // Create a new file, show that it is readable / writable.
   char file_name[PATH_MAX];
   do_test_write_read_file("/new_temp_file", true);
 
   snprintf(file_name, PATH_MAX, "%s/newer_temp_file", g_temp_sub_dir_path);
@@ skipping 50 matching lines @@
            g_temp_sub_dir_name, argv[5]);
 
   snprintf(g_temp_inaccessible_dir_name, PATH_MAX, "%s", argv[6]);
   snprintf(g_temp_inaccessible_file_name, PATH_MAX, "%s", argv[7]);
 
   // Run the full test suite.
   testSuite();
   printf("All tests PASSED\n");
   exit(0);
 }