Google Git
Sign in
chromium / chromium / src.git / f0ecca45278570c58a9e7fb4cd420e746f59c0a1^! / . / content / browser / child_process_security_policy_unittest.cc
commitf0ecca45278570c58a9e7fb4cd420e746f59c0a1[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Mon Jan 07 21:50:56 2013
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Mon Jan 07 21:50:56 2013
treed4890604ae4cd5432e6d079c10e6e2105cad1101
parenta2e6af1853d23b82a87b4ae6554424cc6e5393fb [diff] [blame]
Small extra validations on permission checks: reject "0" as a valid permission
mask and require the path be absolute.

Also add some per-file security owners to child_process_security_policy_impl.cc
since it is highly sensitive.

BUG=168634

Review URL: https://chromiumcodereview.appspot.com/11734030

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@175390 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc
index 90befd6..e98b8411 100644
--- a/content/browser/child_process_security_policy_unittest.cc
+++ b/content/browser/child_process_security_policy_unittest.cc

@@ -20,6 +20,12 @@
 const int kRendererID = 42;
 const int kWorkerRendererID = kRendererID + 1;
 
+#if defined(FILE_PATH_USES_DRIVE_LETTERS)
+#define TEST_PATH(x) FILE_PATH_LITERAL("c:") FILE_PATH_LITERAL(x)
+#else
+#define TEST_PATH(x) FILE_PATH_LITERAL(x)
+#endif
+
 class ChildProcessSecurityPolicyTestBrowserClient
     : public TestContentBrowserClient {
  public:
@@ -294,21 +300,16 @@
 
   p->Add(kRendererID);
 
-  EXPECT_FALSE(p->CanReadFile(kRendererID,
-      FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
-  p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/passwd")));
-  EXPECT_TRUE(p->CanReadFile(kRendererID,
-      FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
-  EXPECT_FALSE(p->CanReadFile(kRendererID,
-      FilePath(FILE_PATH_LITERAL("/etc/shadow"))));
+  EXPECT_FALSE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd"))));
+  p->GrantReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd")));
+  EXPECT_TRUE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd"))));
+  EXPECT_FALSE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/shadow"))));
 
   p->Remove(kRendererID);
   p->Add(kRendererID);
 
-  EXPECT_FALSE(p->CanReadFile(kRendererID,
-      FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
-  EXPECT_FALSE(p->CanReadFile(kRendererID,
-      FilePath(FILE_PATH_LITERAL("/etc/shadow"))));
+  EXPECT_FALSE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd"))));
+  EXPECT_FALSE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/shadow"))));
 
   p->Remove(kRendererID);
 }
@@ -319,49 +320,40 @@
 
   p->Add(kRendererID);
 
-  EXPECT_FALSE(p->CanReadDirectory(kRendererID,
-      FilePath(FILE_PATH_LITERAL("/etc/"))));
-  p->GrantReadDirectory(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")));
-  EXPECT_TRUE(p->CanReadDirectory(kRendererID,
-      FilePath(FILE_PATH_LITERAL("/etc/"))));
-  EXPECT_TRUE(p->CanReadFile(kRendererID,
-      FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
+  EXPECT_FALSE(p->CanReadDirectory(kRendererID, FilePath(TEST_PATH("/etc/"))));
+  p->GrantReadDirectory(kRendererID, FilePath(TEST_PATH("/etc/")));
+  EXPECT_TRUE(p->CanReadDirectory(kRendererID, FilePath(TEST_PATH("/etc/"))));
+  EXPECT_TRUE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd"))));
 
   p->Remove(kRendererID);
   p->Add(kRendererID);
 
-  EXPECT_FALSE(p->CanReadDirectory(kRendererID,
-      FilePath(FILE_PATH_LITERAL("/etc/"))));
-  EXPECT_FALSE(p->CanReadFile(kRendererID,
-      FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
+  EXPECT_FALSE(p->CanReadDirectory(kRendererID, FilePath(TEST_PATH("/etc/"))));
+  EXPECT_FALSE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd"))));
 
   // Just granting read permission as a file doesn't imply reading as a
   // directory.
-  p->GrantReadFile(kRendererID, FilePath(FILE_PATH_LITERAL("/etc/")));
-  EXPECT_TRUE(p->CanReadFile(kRendererID,
-      FilePath(FILE_PATH_LITERAL("/etc/passwd"))));
-  EXPECT_FALSE(p->CanReadDirectory(kRendererID,
-      FilePath(FILE_PATH_LITERAL("/etc/"))));
+  p->GrantReadFile(kRendererID, FilePath(TEST_PATH("/etc/")));
+  EXPECT_TRUE(p->CanReadFile(kRendererID, FilePath(TEST_PATH("/etc/passwd"))));
+  EXPECT_FALSE(p->CanReadDirectory(kRendererID, FilePath(TEST_PATH("/etc/"))));
 
   p->Remove(kRendererID);
 }
 
 TEST_F(ChildProcessSecurityPolicyTest, FilePermissions) {
-  FilePath granted_file = FilePath(FILE_PATH_LITERAL("/home/joe"));
-  FilePath sibling_file = FilePath(FILE_PATH_LITERAL("/home/bob"));
-  FilePath child_file = FilePath(FILE_PATH_LITERAL("/home/joe/file"));
-  FilePath parent_file = FilePath(FILE_PATH_LITERAL("/home"));
-  FilePath parent_slash_file = FilePath(FILE_PATH_LITERAL("/home/"));
-  FilePath child_traversal1 = FilePath(
-      FILE_PATH_LITERAL("/home/joe/././file"));
+  FilePath granted_file = FilePath(TEST_PATH("/home/joe"));
+  FilePath sibling_file = FilePath(TEST_PATH("/home/bob"));
+  FilePath child_file = FilePath(TEST_PATH("/home/joe/file"));
+  FilePath parent_file = FilePath(TEST_PATH("/home"));
+  FilePath parent_slash_file = FilePath(TEST_PATH("/home/"));
+  FilePath child_traversal1 = FilePath(TEST_PATH("/home/joe/././file"));
   FilePath child_traversal2 = FilePath(
-      FILE_PATH_LITERAL("/home/joe/file/../otherfile"));
-  FilePath evil_traversal1 = FilePath(
-      FILE_PATH_LITERAL("/home/joe/../../etc/passwd"));
+      TEST_PATH("/home/joe/file/../otherfile"));
+  FilePath evil_traversal1 = FilePath(TEST_PATH("/home/joe/../../etc/passwd"));
   FilePath evil_traversal2 = FilePath(
-      FILE_PATH_LITERAL("/home/joe/./.././../etc/passwd"));
-  FilePath self_traversal = FilePath(
-      FILE_PATH_LITERAL("/home/joe/../joe/file"));
+      TEST_PATH("/home/joe/./.././../etc/passwd"));
+  FilePath self_traversal = FilePath(TEST_PATH("/home/joe/../joe/file"));
+  FilePath relative_file = FilePath(FILE_PATH_LITERAL("home/joe"));
 
   ChildProcessSecurityPolicyImpl* p =
       ChildProcessSecurityPolicyImpl::GetInstance();
@@ -386,6 +378,7 @@
                                        base::PLATFORM_FILE_READ));
   EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
                                         base::PLATFORM_FILE_CREATE));
+  EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file, 0));
   EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, granted_file,
                                         base::PLATFORM_FILE_CREATE |
                                         base::PLATFORM_FILE_OPEN_TRUNCATED |
@@ -486,6 +479,13 @@
                                         base::PLATFORM_FILE_OPEN |
                                         base::PLATFORM_FILE_READ));
   p->Remove(kWorkerRendererID);
+
+  p->Add(kRendererID);
+  p->GrantPermissionsForFile(kRendererID, relative_file,
+                             base::PLATFORM_FILE_OPEN);
+  EXPECT_FALSE(p->HasPermissionsForFile(kRendererID, relative_file,
+                                        base::PLATFORM_FILE_OPEN));
+  p->Remove(kRendererID);
 }
 
 TEST_F(ChildProcessSecurityPolicyTest, CanServiceWebUIBindings) {
@@ -510,7 +510,7 @@
       ChildProcessSecurityPolicyImpl::GetInstance();
 
   GURL url("file:///etc/passwd");
-  FilePath file(FILE_PATH_LITERAL("/etc/passwd"));
+  FilePath file(TEST_PATH("/etc/passwd"));
 
   p->Add(kRendererID);