| Index: sandbox/linux/services/credentials_unittest.cc
|
| diff --git a/sandbox/linux/services/credentials_unittest.cc b/sandbox/linux/services/credentials_unittest.cc
|
| index b95ba0bab273ebf4a11f165fd0dd8992b42edf72..d1025b5cb9a4550492f3e23bc4eab77d2bd3775b 100644
|
| --- a/sandbox/linux/services/credentials_unittest.cc
|
| +++ b/sandbox/linux/services/credentials_unittest.cc
|
| @@ -157,6 +157,16 @@ SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(DropFileSystemAccessIsSafe)) {
|
| CHECK_NE(0, mkdir("/test", 0700));
|
| }
|
|
|
| +// Check that callers can reliably test if file system access exists.
|
| +SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(HasFileSystemAccess)) {
|
| + CHECK(Credentials::HasFileSystemAccess());
|
| + CHECK(Credentials::DropAllCapabilities());
|
| + // Probably missing kernel support.
|
| + if (!Credentials::MoveToNewUserNS()) return;
|
| + CHECK(Credentials::DropFileSystemAccess(ProcUtil::OpenProc().get()));
|
| + CHECK(!Credentials::HasFileSystemAccess());
|
| +}
|
| +
|
| // Check that after dropping filesystem access and dropping privileges
|
| // it is not possible to regain capabilities.
|
| SANDBOX_TEST(Credentials, DISABLE_ON_ASAN(CannotRegainPrivileges)) {
|
|
|
Chromium Code Reviews
Issue 2357393003:
Add check for file system access to the sandbox. (Closed)
