| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include <memory> |
| 6 #include <string> |
| 7 #include <vector> |
| 8 |
| 9 #include "base/files/file_path.h" |
| 10 #include "base/files/scoped_temp_dir.h" |
| 11 #include "base/test/null_task_runner.h" |
| 12 #include "content/browser/child_process_security_policy_impl.h" |
| 13 #include "content/browser/fileapi/browser_file_system_helper.h" |
| 14 #include "content/public/common/drop_data.h" |
| 15 #include "net/base/filename_util.h" |
| 16 #include "storage/browser/fileapi/external_mount_points.h" |
| 17 #include "storage/browser/fileapi/file_system_options.h" |
| 18 #include "storage/browser/fileapi/file_system_url.h" |
| 19 #include "storage/browser/fileapi/isolated_context.h" |
| 20 #include "storage/common/fileapi/file_system_types.h" |
| 21 #include "testing/gtest/include/gtest/gtest.h" |
| 22 #include "url/gurl.h" |
| 23 #include "url/origin.h" |
| 24 |
| 25 namespace content { |
| 26 namespace { |
| 27 |
| 28 const int kRendererID = 42; |
| 29 |
| 30 } // namespace |
| 31 |
| 32 TEST(BrowserFileSystemHelperTest, |
| 33 PrepareDropDataForChildProcess_FileSystemFiles) { |
| 34 base::ScopedTempDir temp_dir; |
| 35 ASSERT_TRUE(temp_dir.CreateUniqueTempDir()); |
| 36 |
| 37 ChildProcessSecurityPolicyImpl* p = |
| 38 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 39 p->Add(kRendererID); |
| 40 |
| 41 // Prepare |original_file| FileSystemURL that comes from a |sensitive_origin|. |
| 42 // This attempts to simulate for unit testing the drive URL from |
| 43 // https://crbug.com/705295#c23. |
| 44 const GURL kSensitiveOrigin("chrome://hhaomjibdihmijegdhdafkllkbggdgoj/"); |
| 45 const char kMountName[] = "drive-testuser%40gmail.com-hash"; |
| 46 const base::FilePath kTestPath(FILE_PATH_LITERAL("root/dir/testfile.jpg")); |
| 47 base::FilePath mount_path = temp_dir.GetPath().AppendASCII(kMountName); |
| 48 scoped_refptr<storage::ExternalMountPoints> external_mount_points = |
| 49 storage::ExternalMountPoints::CreateRefCounted(); |
| 50 EXPECT_TRUE(external_mount_points->RegisterFileSystem( |
| 51 kMountName, storage::FileSystemType::kFileSystemTypeTest, |
| 52 storage::FileSystemMountOption(), mount_path)); |
| 53 storage::FileSystemURL original_file = |
| 54 external_mount_points->CreateExternalFileSystemURL(kSensitiveOrigin, |
| 55 kMountName, kTestPath); |
| 56 EXPECT_TRUE(original_file.is_valid()); |
| 57 EXPECT_EQ(kSensitiveOrigin, original_file.origin()); |
| 58 |
| 59 // Prepare fake FileSystemContext to use in the test. |
| 60 scoped_refptr<base::SingleThreadTaskRunner> io_task_runner( |
| 61 new base::NullTaskRunner); |
| 62 scoped_refptr<base::SequencedTaskRunner> file_task_runner( |
| 63 new base::NullTaskRunner); |
| 64 storage::FileSystemOptions file_system_options( |
| 65 storage::FileSystemOptions::PROFILE_MODE_NORMAL, |
| 66 std::vector<std::string>(), nullptr); |
| 67 scoped_refptr<storage::FileSystemContext> test_file_system_context( |
| 68 new storage::FileSystemContext( |
| 69 io_task_runner.get(), file_task_runner.get(), |
| 70 external_mount_points.get(), |
| 71 nullptr, // special_storage_policy |
| 72 nullptr, // quota_manager_proxy, |
| 73 std::vector<std::unique_ptr<storage::FileSystemBackend>>(), |
| 74 std::vector<storage::URLRequestAutoMountHandler>(), |
| 75 base::FilePath(), // partition_path |
| 76 file_system_options)); |
| 77 |
| 78 // Prepare content::DropData containing |file_system_url|. |
| 79 DropData::FileSystemFileInfo filesystem_file_info; |
| 80 filesystem_file_info.url = original_file.ToGURL(); |
| 81 filesystem_file_info.size = 123; |
| 82 filesystem_file_info.filesystem_id = original_file.filesystem_id(); |
| 83 DropData drop_data; |
| 84 drop_data.file_system_files.push_back(filesystem_file_info); |
| 85 |
| 86 // Verify that initially no access is be granted to the |kSensitiveOrigin|. |
| 87 EXPECT_FALSE(p->CanCommitURL(kRendererID, kSensitiveOrigin)); |
| 88 |
| 89 // Verify that initially no access is granted to the |original_file|. |
| 90 EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, original_file)); |
| 91 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, original_file)); |
| 92 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, original_file)); |
| 93 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, original_file)); |
| 94 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, original_file)); |
| 95 |
| 96 // Invoke the API under test to grant access to |drop_data|. |
| 97 PrepareDropDataForChildProcess(&drop_data, p, kRendererID, |
| 98 test_file_system_context.get()); |
| 99 |
| 100 // Verify that |drop_data| is mostly unchanged. |
| 101 EXPECT_EQ(0u, drop_data.filenames.size()); |
| 102 EXPECT_EQ(1u, drop_data.file_system_files.size()); |
| 103 EXPECT_EQ(123, drop_data.file_system_files[0].size); |
| 104 // It is okay if |drop_data.file_system_files[0].url| and |
| 105 // |drop_data.file_system_files[0].filesystem_id| change (to aid in enforcing |
| 106 // proper access patterns that are verified below). |
| 107 |
| 108 // Verify that the URL didn't change *too* much. |
| 109 storage::FileSystemURL dropped_file = |
| 110 test_file_system_context->CrackURL(drop_data.file_system_files[0].url); |
| 111 EXPECT_TRUE(dropped_file.is_valid()); |
| 112 EXPECT_EQ(original_file.origin(), dropped_file.origin()); |
| 113 EXPECT_EQ(original_file.path().BaseName(), dropped_file.path().BaseName()); |
| 114 |
| 115 // Verify that there is still no access to |kSensitiveOrigin|. |
| 116 EXPECT_FALSE(p->CanCommitURL(kRendererID, kSensitiveOrigin)); |
| 117 |
| 118 // Verify that there is still no access to |original_file|. |
| 119 EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, original_file)); |
| 120 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, original_file)); |
| 121 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, original_file)); |
| 122 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, original_file)); |
| 123 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, original_file)); |
| 124 |
| 125 // Verify that read access (and no other access) is granted for |
| 126 // |dropped_file|. |
| 127 EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, dropped_file)); |
| 128 EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, dropped_file)); |
| 129 EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, dropped_file)); |
| 130 EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, dropped_file)); |
| 131 EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, dropped_file)); |
| 132 |
| 133 p->Remove(kRendererID); |
| 134 } |
| 135 |
| 136 TEST(BrowserFileSystemHelperTest, PrepareDropDataForChildProcess_LocalFiles) { |
| 137 base::ScopedTempDir temp_dir; |
| 138 ASSERT_TRUE(temp_dir.CreateUniqueTempDir()); |
| 139 |
| 140 ChildProcessSecurityPolicyImpl* p = |
| 141 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 142 p->Add(kRendererID); |
| 143 |
| 144 // Prepare content::DropData containing some local files. |
| 145 const base::FilePath kDraggedFile = |
| 146 temp_dir.GetPath().AppendASCII("dragged_file.txt"); |
| 147 const base::FilePath kOtherFile = |
| 148 temp_dir.GetPath().AppendASCII("other_file.txt"); |
| 149 DropData drop_data; |
| 150 drop_data.filenames.push_back(ui::FileInfo(kDraggedFile, base::FilePath())); |
| 151 |
| 152 // Verify that initially no access is granted to both |kDraggedFile| and |
| 153 // |kOtherFile|. |
| 154 EXPECT_FALSE(p->CanReadFile(kRendererID, kDraggedFile)); |
| 155 EXPECT_FALSE(p->CanReadFile(kRendererID, kOtherFile)); |
| 156 EXPECT_FALSE( |
| 157 p->CanCommitURL(kRendererID, net::FilePathToFileURL(kDraggedFile))); |
| 158 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, kDraggedFile)); |
| 159 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, kOtherFile)); |
| 160 EXPECT_FALSE( |
| 161 p->CanCommitURL(kRendererID, net::FilePathToFileURL(kOtherFile))); |
| 162 |
| 163 // Invoke the API under test to grant access to |drop_data|. |
| 164 PrepareDropDataForChildProcess(&drop_data, p, kRendererID, nullptr); |
| 165 |
| 166 // Verify that |drop_data| is unchanged. |
| 167 EXPECT_EQ(0u, drop_data.file_system_files.size()); |
| 168 EXPECT_EQ(1u, drop_data.filenames.size()); |
| 169 EXPECT_EQ(kDraggedFile, drop_data.filenames[0].path); |
| 170 |
| 171 // Verify that read access (and no other access) is granted for |
| 172 // |kDraggedFile|. |
| 173 EXPECT_TRUE(p->CanReadFile(kRendererID, kDraggedFile)); |
| 174 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, kDraggedFile)); |
| 175 EXPECT_TRUE( |
| 176 p->CanCommitURL(kRendererID, net::FilePathToFileURL(kDraggedFile))); |
| 177 |
| 178 // Verify that there is still no access for |kOtherFile|. |
| 179 EXPECT_FALSE(p->CanReadFile(kRendererID, kOtherFile)); |
| 180 EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, kOtherFile)); |
| 181 EXPECT_FALSE( |
| 182 p->CanCommitURL(kRendererID, net::FilePathToFileURL(kOtherFile))); |
| 183 |
| 184 p->Remove(kRendererID); |
| 185 } |
| 186 |
| 187 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2830743004:
Extracting and unittesting PrepareDropDataForChildProcess function. (Closed)
