base/test/test_file_util_win.cc - Issue 2061593002: Fix crash when switching to a profile that cannot be opened

Side by Side Diff: base/test/test_file_util_win.cc

Issue 2061593002: Fix crash when switching to a profile that cannot be opened (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@bug-614753-fix

Patch Set: Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "base/test/test_file_util.h"	5 #include "base/test/test_file_util.h"

6	6

7 #include <windows.h>	7 #include <windows.h>

8 #include <aclapi.h>	8 #include <aclapi.h>

9 #include <shlwapi.h>	9 #include <shlwapi.h>

10 #include <stddef.h>	10 #include <stddef.h>

11	11

12 #include <vector>	12 #include <vector>

13	13

14 #include "base/files/file_path.h"	14 #include "base/files/file_path.h"

15 #include "base/files/file_util.h"	15 #include "base/files/file_util.h"

16 #include "base/logging.h"	16 #include "base/logging.h"

17 #include "base/strings/string_split.h"	17 #include "base/strings/string_split.h"

18 #include "base/threading/platform_thread.h"	18 #include "base/threading/platform_thread.h"

19 #include "base/win/scoped_handle.h"	19 #include "base/win/scoped_handle.h"

20	20

21 namespace base {	21 namespace base {

22	22

23 namespace {	23 namespace {

24	24

25 struct PermissionInfo {	25 struct PermissionInfo {

26 PSECURITY_DESCRIPTOR security_descriptor;	26 PSECURITY_DESCRIPTOR security_descriptor;

27 ACL dacl;	27 ACL dacl;

28 };	28 };

29	29

30 // Deny \|permission\| on the file \|path\|, for the current user.

31 bool DenyFilePermission(const FilePath& path, DWORD permission) {

32 PACL old_dacl;

33 PSECURITY_DESCRIPTOR security_descriptor;

34 if (GetNamedSecurityInfo(const_cast<wchar_t*>(path.value().c_str()),

35 SE_FILE_OBJECT,

36 DACL_SECURITY_INFORMATION, NULL, NULL, &old_dacl,

37 NULL, &security_descriptor) != ERROR_SUCCESS) {

38 return false;

39 }

40

41 EXPLICIT_ACCESS change;

42 change.grfAccessPermissions = permission;

43 change.grfAccessMode = DENY_ACCESS;

44 change.grfInheritance = 0;

45 change.Trustee.pMultipleTrustee = NULL;

46 change.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;

47 change.Trustee.TrusteeForm = TRUSTEE_IS_NAME;

48 change.Trustee.TrusteeType = TRUSTEE_IS_USER;

49 change.Trustee.ptstrName = const_cast<wchar_t*>(L"CURRENT_USER");

50

51 PACL new_dacl;

52 if (SetEntriesInAcl(1, &change, old_dacl, &new_dacl) != ERROR_SUCCESS) {

53 LocalFree(security_descriptor);

54 return false;

55 }

56

57 DWORD rc = SetNamedSecurityInfo(const_cast<wchar_t*>(path.value().c_str()),

58 SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,

59 NULL, NULL, new_dacl, NULL);

60 LocalFree(security_descriptor);

61 LocalFree(new_dacl);

62

63 return rc == ERROR_SUCCESS;

64 }

65

66 // Gets a blob indicating the permission information for \|path\|.	30 // Gets a blob indicating the permission information for \|path\|.

67 // \|length\| is the length of the blob. Zero on failure.	31 // \|length\| is the length of the blob. Zero on failure.

68 // Returns the blob pointer, or NULL on failure.	32 // Returns the blob pointer, or NULL on failure.

69 void* GetPermissionInfo(const FilePath& path, size_t* length) {	33 void* GetPermissionInfo(const FilePath& path, size_t* length) {

70 DCHECK(length != NULL);	34 DCHECK(length != NULL);

71 *length = 0;	35 *length = 0;

72 PACL dacl = NULL;	36 PACL dacl = NULL;

73 PSECURITY_DESCRIPTOR security_descriptor;	37 PSECURITY_DESCRIPTOR security_descriptor;

74 if (GetNamedSecurityInfo(const_cast<wchar_t*>(path.value().c_str()),	38 if (GetNamedSecurityInfo(const_cast<wchar_t*>(path.value().c_str()),

75 SE_FILE_OBJECT,	39 SE_FILE_OBJECT,

(...skipping 28 matching lines...) Expand all Loading...
104 LocalFree(perm->security_descriptor);	68 LocalFree(perm->security_descriptor);

105	69

106 char* char_array = reinterpret_cast<char*>(info);	70 char* char_array = reinterpret_cast<char*>(info);

107 delete [] char_array;	71 delete [] char_array;

108	72

109 return rc == ERROR_SUCCESS;	73 return rc == ERROR_SUCCESS;

110 }	74 }

111	75

112 } // namespace	76 } // namespace

113	77

	78 // Deny \|permission\| on the file \|path\|, for the current user.

	79 bool DenyFilePermission(const FilePath& path, DWORD permission) {

	80 PACL old_dacl;

	81 PSECURITY_DESCRIPTOR security_descriptor;

	82 if (GetNamedSecurityInfo(const_cast<wchar_t*>(path.value().c_str()),
	Peter Kasting 2016/06/13 04:43:20 Nit: Avoid const_cast. Store this in a local and p Nit: Avoid const_cast. Store this in a local and pass the address of the local. (2 locals covering 3 places) WC Leung 2016/06/13 08:06:45 Acknowledged. Show quoted text On 2016/06/13 04:43:20, Peter Kasting wrote: > Nit: Avoid const_cast. Store this in a local and pass the address of the local. > (2 locals covering 3 places) Acknowledged. WC Leung 2016/06/15 13:08:38 Do you know of any good method to copy the content Show quoted text On 2016/06/13 08:06:45, WC Leung wrote: > On 2016/06/13 04:43:20, Peter Kasting wrote: > > Nit: Avoid const_cast. Store this in a local and pass the address of the > local. > > (2 locals covering 3 places) > > Acknowledged. Do you know of any good method to copy the contents a std::wstring into a local C string?
	83 SE_FILE_OBJECT,

	84 DACL_SECURITY_INFORMATION, NULL, NULL, &old_dacl,
	Peter Kasting 2016/06/13 04:43:20 Nit: nullptr (several places) Nit: nullptr (several places) WC Leung 2016/06/13 08:06:45 Acknowledged. Show quoted text On 2016/06/13 04:43:20, Peter Kasting wrote: > Nit: nullptr (several places) Acknowledged. WC Leung 2016/06/15 13:08:38 Done. Show quoted text On 2016/06/13 08:06:45, WC Leung wrote: > On 2016/06/13 04:43:20, Peter Kasting wrote: > > Nit: nullptr (several places) > > Acknowledged. Done.
	85 NULL, &security_descriptor) != ERROR_SUCCESS) {

	86 return false;

	87 }

	88

	89 EXPLICIT_ACCESS change;
	Peter Kasting 2016/06/13 04:43:20 Stolen from my comments on one of your previous CL Stolen from my comments on one of your previous CLs: Nit: Try to use initializer values if possible, e.g.: EXPLICIT_ACCESS explicit_access = {permission, DENY_ACCESS, 0, {nullptr, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_NAME, TRUSTEE_IS_USER, trustee}}; (Not sure how clang-format would wrap/indent this) WC Leung 2016/06/13 08:06:45 Pawel: WDYT about the proposed changes? I'll let y Show quoted text On 2016/06/13 04:43:20, Peter Kasting wrote: > Stolen from my comments on one of your previous CLs: > > Nit: Try to use initializer values if possible, e.g.: > > EXPLICIT_ACCESS explicit_access = > {permission, DENY_ACCESS, 0, > {nullptr, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_NAME, TRUSTEE_IS_USER, > trustee}}; > > (Not sure how clang-format would wrap/indent this) Pawel: WDYT about the proposed changes? I'll let you decide on this one. (Anyway, both the current way and the initializer values looks good to me.) WC Leung 2016/06/15 13:08:38 Done. Pawel: please see if this is good. On 2016/ Done. Pawel: please see if this is good. On 2016/06/13 08:06:45, WC Leung wrote: Show quoted text > On 2016/06/13 04:43:20, Peter Kasting wrote: > > Stolen from my comments on one of your previous CLs: > > > > Nit: Try to use initializer values if possible, e.g.: > > > > EXPLICIT_ACCESS explicit_access = > > {permission, DENY_ACCESS, 0, > > {nullptr, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_NAME, TRUSTEE_IS_USER, > > trustee}}; > > > > (Not sure how clang-format would wrap/indent this) > > Pawel: WDYT about the proposed changes? I'll let you decide on this one. > (Anyway, both the current way and the initializer values looks good to me.)
	90 change.grfAccessPermissions = permission;

	91 change.grfAccessMode = DENY_ACCESS;

	92 change.grfInheritance = 0;

	93 change.Trustee.pMultipleTrustee = NULL;

	94 change.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;

	95 change.Trustee.TrusteeForm = TRUSTEE_IS_NAME;

	96 change.Trustee.TrusteeType = TRUSTEE_IS_USER;

	97 change.Trustee.ptstrName = const_cast<wchar_t*>(L"CURRENT_USER");

	98

	99 PACL new_dacl;

	100 if (SetEntriesInAcl(1, &change, old_dacl, &new_dacl) != ERROR_SUCCESS) {

	101 LocalFree(security_descriptor);
	Peter Kasting 2016/06/13 04:43:20 Stolen from my comments on one of your previous CL Stolen from my comments on one of your previous CLs: Consider creating a scoping object that frees these automatically to avoid the possibility of forgetting to free on exit/later refactoring breaking this. This is more compelling if added to base/win as another ScopedXXX object, and then used across the rest of the codebase where LocalFrees are currently performed, in which case you'd want to split this to a separate CL. The class could be something like ScopedLocal<T> where T is e.g. ACL or PSECURITY_DESCRIPTOR, and there should be a Receive() method as on ScopedComPtr() to allow initialization via outparam. WC Leung 2016/06/13 08:06:45 SGTM. BTW, I'll check against the existing ScopedX Show quoted text On 2016/06/13 04:43:20, Peter Kasting wrote: > Stolen from my comments on one of your previous CLs: > > Consider creating a scoping object that frees these automatically to avoid the > possibility of forgetting to free on exit/later refactoring breaking this. > > This is more compelling if added to base/win as another ScopedXXX object, and > then used across the rest of the codebase where LocalFrees are currently > performed, in which case you'd want to split this to a separate CL. The class > could be something like ScopedLocal<T> where T is e.g. ACL or > PSECURITY_DESCRIPTOR, and there should be a Receive() method as on > ScopedComPtr() to allow initialization via outparam. SGTM. BTW, I'll check against the existing ScopedXXX objects before adding one.
	102 return false;

	103 }

	104

	105 DWORD rc = SetNamedSecurityInfo(const_cast<wchar_t*>(path.value().c_str()),

	106 SE_FILE_OBJECT, DACL_SECURITY_INFORMATION,

	107 NULL, NULL, new_dacl, NULL);

	108 LocalFree(security_descriptor);

	109 LocalFree(new_dacl);

	110

	111 return rc == ERROR_SUCCESS;

	112 }

	113

114 bool DieFileDie(const FilePath& file, bool recurse) {	114 bool DieFileDie(const FilePath& file, bool recurse) {

115 // It turns out that to not induce flakiness a long timeout is needed.	115 // It turns out that to not induce flakiness a long timeout is needed.

116 const int kIterations = 25;	116 const int kIterations = 25;

117 const TimeDelta kTimeout = TimeDelta::FromSeconds(10) / kIterations;	117 const TimeDelta kTimeout = TimeDelta::FromSeconds(10) / kIterations;

118	118

119 if (!PathExists(file))	119 if (!PathExists(file))

120 return true;	120 return true;

121	121

122 // Sometimes Delete fails, so try a few more times. Divide the timeout	122 // Sometimes Delete fails, so try a few more times. Divide the timeout

123 // into short chunks, so that if a try succeeds, we won't delay the test	123 // into short chunks, so that if a try succeeds, we won't delay the test

(...skipping 82 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
206 DCHECK(info_ != NULL);	206 DCHECK(info_ != NULL);

207 DCHECK_NE(0u, length_);	207 DCHECK_NE(0u, length_);

208 }	208 }

209	209

210 FilePermissionRestorer::~FilePermissionRestorer() {	210 FilePermissionRestorer::~FilePermissionRestorer() {

211 if (!RestorePermissionInfo(path_, info_, length_))	211 if (!RestorePermissionInfo(path_, info_, length_))

212 NOTREACHED();	212 NOTREACHED();

213 }	213 }

214	214

215 } // namespace base	215 } // namespace base

OLD	NEW

« no previous file with comments | « base/test/test_file_util.h ('k') | chrome/app/generated_resources.grd » ('j') | chrome/app/generated_resources.grd » ('J')