Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(327)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: sql/connection_unittest.cc

Issue 5125579611308032: [sql] Allow restricting database to user read access. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: file_util::PathExists -> base::PathExists Created 7 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« sql/connection.cc ('K') | « sql/connection.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/bind.h" 5 #include "base/bind.h"
6 #include "base/file_util.h" 6 #include "base/file_util.h"
7 #include "base/files/scoped_temp_dir.h" 7 #include "base/files/scoped_temp_dir.h"
8 #include "base/logging.h" 8 #include "base/logging.h"
9 #include "sql/connection.h" 9 #include "sql/connection.h"
10 #include "sql/meta_table.h" 10 #include "sql/meta_table.h"
(...skipping 541 matching lines...) Expand 10 before | Expand all | Expand 10 after
552 // of journal_mode PERSIST. 552 // of journal_mode PERSIST.
553 base::FilePath journal(db_path().value() + FILE_PATH_LITERAL("-journal")); 553 base::FilePath journal(db_path().value() + FILE_PATH_LITERAL("-journal"));
554 ASSERT_TRUE(base::PathExists(db_path())); 554 ASSERT_TRUE(base::PathExists(db_path()));
555 ASSERT_TRUE(base::PathExists(journal)); 555 ASSERT_TRUE(base::PathExists(journal));
556 556
557 sql::Connection::Delete(db_path()); 557 sql::Connection::Delete(db_path());
558 EXPECT_FALSE(base::PathExists(db_path())); 558 EXPECT_FALSE(base::PathExists(db_path()));
559 EXPECT_FALSE(base::PathExists(journal)); 559 EXPECT_FALSE(base::PathExists(journal));
560 } 560 }
561 561
562 #if defined(OS_POSIX)
563 TEST_F(SQLConnectionTest, UserPermission) {
564 // Cause the journal file to be created. If the default
565 // journal_mode is changed back to DELETE, then parts of this test
566 // will need to be updated.
567 EXPECT_TRUE(db().Execute("CREATE TABLE x (x)"));
568
569 base::FilePath journal(db_path().value() + FILE_PATH_LITERAL("-journal"));
570 int mode;
571
572 // If the umask is restrictive, the database files might be created
573 // without group or other access. In that case, later tests
574 // woudln't test anything real.
Greg Billock 2013/07/15 23:26:06 wouldn't But I'm not sure I understood this comme
Scott Hess - ex-Googler 2013/07/16 18:08:13 Usually, I would expect the default umask for OSX
575 ASSERT_TRUE(base::PathExists(db_path()));
576 ASSERT_TRUE(base::PathExists(journal));
577 mode = file_util::FILE_PERMISSION_MASK;
578 EXPECT_TRUE(file_util::GetPosixFilePermissions(db_path(), &mode));
579 ASSERT_NE((mode & file_util::FILE_PERMISSION_USER_MASK), mode);
Greg Billock 2013/07/15 23:26:06 Will this pass for such a umask? Looks like not, c
Scott Hess - ex-Googler 2013/07/16 18:08:13 Changed so this won't happen.
580 mode = file_util::FILE_PERMISSION_MASK;
581 EXPECT_TRUE(file_util::GetPosixFilePermissions(journal, &mode));
582 ASSERT_NE((mode & file_util::FILE_PERMISSION_USER_MASK), mode);
583
584 // Re-open with restricted permissions and verify that the modes
585 // changed for both the main database and the journal.
586 db().Close();
587 db().set_restrict_to_user();
588 ASSERT_TRUE(db().Open(db_path()));
589 ASSERT_TRUE(base::PathExists(db_path()));
590 ASSERT_TRUE(base::PathExists(journal));
591 mode = file_util::FILE_PERMISSION_MASK;
592 EXPECT_TRUE(file_util::GetPosixFilePermissions(db_path(), &mode));
593 ASSERT_EQ((mode & file_util::FILE_PERMISSION_USER_MASK), mode);
594 mode = file_util::FILE_PERMISSION_MASK;
595 EXPECT_TRUE(file_util::GetPosixFilePermissions(journal, &mode));
596 ASSERT_EQ((mode & file_util::FILE_PERMISSION_USER_MASK), mode);
597
598 // Delete and re-create the database, the restriction should still apply.
599 db().Close();
600 sql::Connection::Delete(db_path());
601 ASSERT_TRUE(db().Open(db_path()));
602 ASSERT_TRUE(base::PathExists(db_path()));
603 ASSERT_FALSE(base::PathExists(journal));
604 mode = file_util::FILE_PERMISSION_MASK;
605 EXPECT_TRUE(file_util::GetPosixFilePermissions(db_path(), &mode));
606 ASSERT_EQ((mode & file_util::FILE_PERMISSION_USER_MASK), mode);
607
608 // Verify that journal creation inherits the restriction.
609 EXPECT_TRUE(db().Execute("CREATE TABLE x (x)"));
610 ASSERT_TRUE(base::PathExists(journal));
611 mode = file_util::FILE_PERMISSION_MASK;
612 EXPECT_TRUE(file_util::GetPosixFilePermissions(journal, &mode));
613 ASSERT_EQ((mode & file_util::FILE_PERMISSION_USER_MASK), mode);
614 }
615 #endif // defined(OS_POSIX)
616
562 } // namespace 617 } // namespace
OLDNEW
« sql/connection.cc ('K') | « sql/connection.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698