ChildProcessSecurityPolicy: Deprecate bitmask-based permissions checks for files.

content/browser/child_process_security_policy_unittest.cc

Index: content/browser/child_process_security_policy_unittest.cc
diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc
index e6473e9278911ea37ec6614e3c499cf6f9079f51..18b4a4d87470a7144645006ee46ef7360c4b4bd1 100644
--- a/content/browser/child_process_security_policy_unittest.cc
+++ b/content/browser/child_process_security_policy_unittest.cc
@@ -13,6 +13,9 @@
 #include "content/test/test_content_browser_client.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "url/gurl.h"
+#include "webkit/browser/fileapi/file_permission_policy.h"
+#include "webkit/browser/fileapi/file_system_url.h"
+#include "webkit/common/fileapi/file_system_types.h"
 
 namespace content {
 namespace {
@@ -90,6 +93,48 @@ class ChildProcessSecurityPolicyTest : public testing::Test {
   ContentBrowserClient* old_browser_client_;
 };
 
+struct PermissionsSet {
+  PermissionsSet(bool can_read, bool can_write, bool can_create,

[vandebo (ex-Chrome), 2013/07/18 15:16:59]

A list of bools is almost always a bad plan.  How about a set of methods that
are chainable?

const PermissionSet& EnableRead();
const PermissionSet& EnableWrite();
etc ?

[tommycli, 2013/07/18 15:56:47]

Done.

+                 bool can_create_read_write)
+      : can_read(can_read),
+        can_write(can_write),
+        can_create(can_create),
+        can_create_read_write(can_create_read_write) {
+  }
+
+  bool operator==(const PermissionsSet& o) const {
+    return can_read == o.can_read &&
+        can_write == o.can_write &&
+        can_create == o.can_create &&
+        can_create_read_write == o.can_create_read_write;
+  }
+
+  bool can_read;
+  bool can_write;
+  bool can_create;
+  bool can_create_read_write;
+};
+
+PermissionsSet GetAllPermissions(ChildProcessSecurityPolicyImpl* p,
+                                 int child_id, const base::FilePath& file) {
+  return PermissionsSet(
+      p->CanReadFile(child_id, file),
+      p->CanWriteFile(child_id, file),
+      p->CanCreateFile(child_id, file),
+      p->CanCreateReadWriteFile(child_id, file));
+}
+
+PermissionsSet GetAllPermissionsForURL(
+    ChildProcessSecurityPolicyImpl* p,
+    int child_id,
+    const fileapi::FileSystemURL& url) {
+  return PermissionsSet(
+      p->CanReadFileSystemFile(child_id, url),
+      p->CanWriteFileSystemFile(child_id, url),
+      p->CanCreateFileSystemFile(child_id, url),
+      p->CanCreateReadWriteFileSystemFile(child_id, url));
+}
+
 TEST_F(ChildProcessSecurityPolicyTest, IsWebSafeSchemeTest) {
   ChildProcessSecurityPolicyImpl* p =
       ChildProcessSecurityPolicyImpl::GetInstance();
@@ -278,28 +323,64 @@ TEST_F(ChildProcessSecurityPolicyTest, SpecificFile) {
   p->Remove(kRendererID);
 }
 
-TEST_F(ChildProcessSecurityPolicyTest, CanReadFiles) {
+TEST_F(ChildProcessSecurityPolicyTest, PermissionGrantingAndRevoking) {
   ChildProcessSecurityPolicyImpl* p =
       ChildProcessSecurityPolicyImpl::GetInstance();
 
+  p->RegisterFileSystemPermissionPolicy(
+      fileapi::kFileSystemTypeTest,
+      fileapi::FILE_PERMISSION_USE_FILE_PERMISSION);
+
   p->Add(kRendererID);
+  base::FilePath file(TEST_PATH("/dir/testfile"));
+  fileapi::FileSystemURL url = fileapi::FileSystemURL::CreateForTest(
+      GURL("http://foo/"), fileapi::kFileSystemTypeTest, file);
 
-  EXPECT_FALSE(p->CanReadFile(kRendererID,
-                              base::FilePath(TEST_PATH("/etc/passwd"))));
-  p->GrantReadFile(kRendererID, base::FilePath(TEST_PATH("/etc/passwd")));
-  EXPECT_TRUE(p->CanReadFile(kRendererID,
-                             base::FilePath(TEST_PATH("/etc/passwd"))));
-  EXPECT_FALSE(p->CanReadFile(kRendererID,
-                              base::FilePath(TEST_PATH("/etc/shadow"))));
+  PermissionsSet all_denied(false, false, false, false);
+
+  // Test initially having no permissions.
+  EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file));
+  EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url));
 
+  // Testing every combination of permissions granting and revoking.
+  PermissionsSet read_only(true, false, false, false);
+  p->GrantReadFile(kRendererID, file);
+  EXPECT_EQ(read_only, GetAllPermissions(p, kRendererID, file));
+  EXPECT_EQ(read_only, GetAllPermissionsForURL(p, kRendererID, url));
+  p->RevokeAllPermissionsForFile(kRendererID, file);
+  EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file));
+  EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url));
+
+  PermissionsSet create_read_write(true, true, true, true);
+  p->GrantCreateReadWriteFile(kRendererID, file);
+  EXPECT_EQ(create_read_write, GetAllPermissions(p, kRendererID, file));
+  EXPECT_EQ(create_read_write, GetAllPermissionsForURL(p, kRendererID, url));
+  p->RevokeAllPermissionsForFile(kRendererID, file);
+  EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file));
+  EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url));
+
+  PermissionsSet create_write(false, true, true, false);
+  p->GrantCreateWriteFile(kRendererID, file);
+  EXPECT_EQ(create_write, GetAllPermissions(p, kRendererID, file));
+  EXPECT_EQ(create_write, GetAllPermissionsForURL(p, kRendererID, url));
+  p->RevokeAllPermissionsForFile(kRendererID, file);
+  EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file));
+  EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url));
+
+  // Test revoke permissions on renderer ID removal.
+  p->GrantCreateReadWriteFile(kRendererID, file);
+  EXPECT_EQ(create_read_write, GetAllPermissions(p, kRendererID, file));
+  EXPECT_EQ(create_read_write, GetAllPermissionsForURL(p, kRendererID, url));
   p->Remove(kRendererID);
-  p->Add(kRendererID);
+  EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file));
+  EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url));
 
-  EXPECT_FALSE(p->CanReadFile(kRendererID,
-                              base::FilePath(TEST_PATH("/etc/passwd"))));
-  EXPECT_FALSE(p->CanReadFile(kRendererID,
-                              base::FilePath(TEST_PATH("/etc/shadow"))));
+  // Test having no permissions upon re-adding same renderer ID.
+  p->Add(kRendererID);
+  EXPECT_EQ(all_denied, GetAllPermissions(p, kRendererID, file));
+  EXPECT_EQ(all_denied, GetAllPermissionsForURL(p, kRendererID, url));
 
+  // Cleanup.
   p->Remove(kRendererID);
 }