1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/ash/fileapi/file_access_permissions.h"
#include "extensions/common/extension.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
#include "url/origin.h"
namespace ash {
TEST(FileAccessPermissionsTest, FileAccessChecks) {
base::FilePath good_dir(FILE_PATH_LITERAL("/root/dir"));
base::FilePath bad_dir(FILE_PATH_LITERAL("/root"));
base::FilePath good_file(FILE_PATH_LITERAL("/root/dir/good_file.txt"));
base::FilePath bad_file(FILE_PATH_LITERAL("/root/dir/bad_file.txt"));
url::Origin extension1_origin =
url::Origin::Create(extensions::Extension::GetBaseURLFromExtensionId(
"ddammdhioacbehjngdmkjcjbnfginlla"));
url::Origin extension2_origin =
url::Origin::Create(extensions::Extension::GetBaseURLFromExtensionId(
"jkhdjkhkhsdkfhsdkhrterwmtermeter"));
url::Origin app_origin = url::Origin::Create(GURL("chrome://file-manager"));
FileAccessPermissions permissions;
// By default extension have no access to any local file.
EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_dir));
EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_file));
EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, bad_file));
EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, good_dir));
EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, good_file));
EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, bad_file));
EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_dir));
EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_file));
EXPECT_FALSE(permissions.HasAccessPermission(app_origin, bad_file));
// After granting file access to the handler extension for a given file, it
// can only access that file an nothing else.
permissions.GrantAccessPermission(extension1_origin, good_file);
EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_dir));
EXPECT_TRUE(permissions.HasAccessPermission(extension1_origin, good_file));
EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, bad_file));
EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, good_dir));
EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, good_file));
EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, bad_file));
EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_dir));
EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_file));
EXPECT_FALSE(permissions.HasAccessPermission(app_origin, bad_file));
// After granting file access to the handler extension for a given directory,
// it can access that directory and all files within it.
permissions.GrantAccessPermission(extension2_origin, good_dir);
EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_dir));
EXPECT_TRUE(permissions.HasAccessPermission(extension1_origin, good_file));
EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, bad_file));
EXPECT_TRUE(permissions.HasAccessPermission(extension2_origin, good_dir));
EXPECT_TRUE(permissions.HasAccessPermission(extension2_origin, good_file));
EXPECT_TRUE(permissions.HasAccessPermission(extension2_origin, bad_file));
EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_dir));
EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_file));
EXPECT_FALSE(permissions.HasAccessPermission(app_origin, bad_file));
// Finally, after granting permission to the app for the given directory
// it can access that director all all files within it.
permissions.GrantAccessPermission(app_origin, good_dir);
EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_dir));
EXPECT_TRUE(permissions.HasAccessPermission(extension1_origin, good_file));
EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, bad_file));
EXPECT_TRUE(permissions.HasAccessPermission(extension2_origin, good_dir));
EXPECT_TRUE(permissions.HasAccessPermission(extension2_origin, good_file));
EXPECT_TRUE(permissions.HasAccessPermission(extension2_origin, bad_file));
EXPECT_TRUE(permissions.HasAccessPermission(app_origin, good_dir));
EXPECT_TRUE(permissions.HasAccessPermission(app_origin, good_file));
EXPECT_TRUE(permissions.HasAccessPermission(app_origin, bad_file));
// After revoking rights for extensions, they should not be able to access
// any file system element anymore.
permissions.RevokePermissions(extension1_origin);
permissions.RevokePermissions(extension2_origin);
permissions.RevokePermissions(app_origin);
EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_dir));
EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, good_file));
EXPECT_FALSE(permissions.HasAccessPermission(extension1_origin, bad_file));
EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, good_dir));
EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, good_file));
EXPECT_FALSE(permissions.HasAccessPermission(extension2_origin, bad_file));
EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_dir));
EXPECT_FALSE(permissions.HasAccessPermission(app_origin, good_file));
EXPECT_FALSE(permissions.HasAccessPermission(app_origin, bad_file));
}
} // namespace ash
|
