| Index: content/browser/child_process_security_policy_unittest.cc
|
| diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc
|
| index d0a347c996c4fba54c3a1bd64f23052715d51fa5..20c57f88590957e4be974fc53b63d7990da41837 100644
|
| --- a/content/browser/child_process_security_policy_unittest.cc
|
| +++ b/content/browser/child_process_security_policy_unittest.cc
|
| @@ -6,10 +6,15 @@
|
| #include <string>
|
|
|
| #include "base/files/file_path.h"
|
| +#include "base/test/null_task_runner.h"
|
| #include "content/browser/child_process_security_policy_impl.h"
|
| +#include "content/public/common/drop_data.h"
|
| #include "content/public/common/url_constants.h"
|
| #include "content/test/test_content_browser_client.h"
|
| +#include "net/base/filename_util.h"
|
| +#include "storage/browser/fileapi/external_mount_points.h"
|
| #include "storage/browser/fileapi/file_permission_policy.h"
|
| +#include "storage/browser/fileapi/file_system_options.h"
|
| #include "storage/browser/fileapi/file_system_url.h"
|
| #include "storage/browser/fileapi/isolated_context.h"
|
| #include "storage/common/fileapi/file_system_types.h"
|
| @@ -893,4 +898,151 @@ TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) {
|
| p->Remove(kRendererID);
|
| }
|
|
|
| +TEST_F(ChildProcessSecurityPolicyTest, DropDataGrantsTest_FileSystemFiles) {
|
| + ChildProcessSecurityPolicyImpl* p =
|
| + ChildProcessSecurityPolicyImpl::GetInstance();
|
| + p->Add(kRendererID);
|
| +
|
| + // Prepare |original_file| FileSystemURL that comes from a |sensitive_origin|.
|
| + // This attempts to simulate for unit testing the drive URL from
|
| + // https://crbug.com/705295#c23.
|
| + const GURL kSensitiveOrigin("chrome://hhaomjibdihmijegdhdafkllkbggdgoj/");
|
| + const char kMountName[] = "drive-testuser%40gmail.com-hash";
|
| + const base::FilePath kTestPath(FILE_PATH_LITERAL("root/dir/testfile.jpg"));
|
| + scoped_refptr<storage::ExternalMountPoints> external_mount_points =
|
| + storage::ExternalMountPoints::CreateRefCounted();
|
| + external_mount_points->RegisterFileSystem(
|
| + kMountName, storage::FileSystemType::kFileSystemTypeTest,
|
| + storage::FileSystemMountOption(),
|
| + base::FilePath(FILE_PATH_LITERAL("/test")).AppendASCII(kMountName));
|
| + storage::FileSystemURL original_file =
|
| + external_mount_points->CreateExternalFileSystemURL(kSensitiveOrigin,
|
| + kMountName, kTestPath);
|
| + EXPECT_TRUE(original_file.is_valid());
|
| + EXPECT_EQ(kSensitiveOrigin, original_file.origin());
|
| +
|
| + // Prepare fake FileSystemContext to use in the test.
|
| + scoped_refptr<base::SingleThreadTaskRunner> io_task_runner(
|
| + new base::NullTaskRunner);
|
| + scoped_refptr<base::SequencedTaskRunner> file_task_runner(
|
| + new base::NullTaskRunner);
|
| + storage::FileSystemOptions file_system_options(
|
| + storage::FileSystemOptions::PROFILE_MODE_NORMAL,
|
| + std::vector<std::string>(), nullptr);
|
| + scoped_refptr<storage::FileSystemContext> test_file_system_context(
|
| + new storage::FileSystemContext(
|
| + io_task_runner.get(), file_task_runner.get(),
|
| + external_mount_points.get(),
|
| + nullptr, // special_storage_policy
|
| + nullptr, // quota_manager_proxy,
|
| + std::vector<std::unique_ptr<storage::FileSystemBackend>>(),
|
| + std::vector<storage::URLRequestAutoMountHandler>(),
|
| + base::FilePath(), // partition_path
|
| + file_system_options));
|
| +
|
| + // Prepare content::DropData containing |file_system_url|.
|
| + DropData::FileSystemFileInfo filesystem_file_info;
|
| + filesystem_file_info.url = original_file.ToGURL();
|
| + filesystem_file_info.size = 123;
|
| + filesystem_file_info.filesystem_id = original_file.filesystem_id();
|
| + DropData drop_data;
|
| + drop_data.file_system_files.push_back(filesystem_file_info);
|
| +
|
| + // Verify that initially no access is be granted to the |kSensitiveOrigin|.
|
| + EXPECT_FALSE(p->CanCommitURL(kRendererID, kSensitiveOrigin));
|
| +
|
| + // Verify that initially no access is granted to the |original_file|.
|
| + EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, original_file));
|
| + EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, original_file));
|
| + EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, original_file));
|
| + EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, original_file));
|
| + EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, original_file));
|
| +
|
| + // Invoke the API under test to grant access to |drop_data|.
|
| + p->GrantFileAccessFromDropData(kRendererID, test_file_system_context.get(),
|
| + &drop_data);
|
| +
|
| + // Verify that |drop_data| is mostly unchanged.
|
| + EXPECT_EQ(0u, drop_data.filenames.size());
|
| + EXPECT_EQ(1u, drop_data.file_system_files.size());
|
| + EXPECT_EQ(123, drop_data.file_system_files[0].size);
|
| + // It is okay if |drop_data.file_system_files[0].url| and
|
| + // |drop_data.file_system_files[0].filesystem_id| change (to aid in enforcing
|
| + // proper access patterns that are verified below).
|
| +
|
| + // Verify that the URL didn't change *too* much.
|
| + storage::FileSystemURL dropped_file =
|
| + test_file_system_context->CrackURL(drop_data.file_system_files[0].url);
|
| + EXPECT_TRUE(dropped_file.is_valid());
|
| + EXPECT_EQ(original_file.origin(), dropped_file.origin());
|
| + EXPECT_EQ(original_file.path().BaseName(), dropped_file.path().BaseName());
|
| +
|
| + // Verify that there is still no access to |kSensitiveOrigin|.
|
| + EXPECT_FALSE(p->CanCommitURL(kRendererID, kSensitiveOrigin));
|
| +
|
| + // Verify that there is still no access to |original_file|.
|
| + EXPECT_FALSE(p->CanReadFileSystemFile(kRendererID, original_file));
|
| + EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, original_file));
|
| + EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, original_file));
|
| + EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, original_file));
|
| + EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, original_file));
|
| +
|
| + // Verify that read access (and no other access) is granted for
|
| + // |dropped_file|.
|
| + EXPECT_TRUE(p->CanReadFileSystemFile(kRendererID, dropped_file));
|
| + EXPECT_FALSE(p->CanWriteFileSystemFile(kRendererID, dropped_file));
|
| + EXPECT_FALSE(p->CanCreateFileSystemFile(kRendererID, dropped_file));
|
| + EXPECT_FALSE(p->CanCopyIntoFileSystemFile(kRendererID, dropped_file));
|
| + EXPECT_FALSE(p->CanDeleteFileSystemFile(kRendererID, dropped_file));
|
| +
|
| + p->Remove(kRendererID);
|
| +}
|
| +
|
| +TEST_F(ChildProcessSecurityPolicyTest, DropDataGrantsTest_LocalFiles) {
|
| + ChildProcessSecurityPolicyImpl* p =
|
| + ChildProcessSecurityPolicyImpl::GetInstance();
|
| + p->Add(kRendererID);
|
| +
|
| + // Prepare content::DropData containing some local files.
|
| + const base::FilePath kDraggedFile(
|
| + FILE_PATH_LITERAL("/test/dragged_file.txt"));
|
| + const base::FilePath kOtherFile(FILE_PATH_LITERAL("/test/other_file.txt"));
|
| + DropData drop_data;
|
| + drop_data.filenames.push_back(ui::FileInfo(kDraggedFile, base::FilePath()));
|
| +
|
| + // Verify that initially no access is granted to both |kDraggedFile| and
|
| + // |kOtherFile|.
|
| + EXPECT_FALSE(p->CanReadFile(kRendererID, kDraggedFile));
|
| + EXPECT_FALSE(p->CanReadFile(kRendererID, kOtherFile));
|
| + EXPECT_FALSE(
|
| + p->CanCommitURL(kRendererID, net::FilePathToFileURL(kDraggedFile)));
|
| + EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, kDraggedFile));
|
| + EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, kOtherFile));
|
| + EXPECT_FALSE(
|
| + p->CanCommitURL(kRendererID, net::FilePathToFileURL(kOtherFile)));
|
| +
|
| + // Invoke the API under test to grant access to |drop_data|.
|
| + p->GrantFileAccessFromDropData(kRendererID, nullptr, &drop_data);
|
| +
|
| + // Verify that |drop_data| is unchanged.
|
| + EXPECT_EQ(0u, drop_data.file_system_files.size());
|
| + EXPECT_EQ(1u, drop_data.filenames.size());
|
| + EXPECT_EQ(kDraggedFile, drop_data.filenames[0].path);
|
| +
|
| + // Verify that read access (and no other access) is granted for
|
| + // |kDraggedFile|.
|
| + EXPECT_TRUE(p->CanReadFile(kRendererID, kDraggedFile));
|
| + EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, kDraggedFile));
|
| + EXPECT_TRUE(
|
| + p->CanCommitURL(kRendererID, net::FilePathToFileURL(kDraggedFile)));
|
| +
|
| + // Verify that there is still no access for |kOtherFile|.
|
| + EXPECT_FALSE(p->CanReadFile(kRendererID, kOtherFile));
|
| + EXPECT_FALSE(p->CanCreateReadWriteFile(kRendererID, kOtherFile));
|
| + EXPECT_FALSE(
|
| + p->CanCommitURL(kRendererID, net::FilePathToFileURL(kOtherFile)));
|
| +
|
| + p->Remove(kRendererID);
|
| +}
|
| +
|
| } // namespace content
|
|
|
Chromium Code Reviews
Issue 2830743004:
Extracting and unittesting PrepareDropDataForChildProcess function. (Closed)
