1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131
|
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/net/chrome_network_delegate.h"
#include "base/base_paths.h"
#include "base/path_service.h"
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
#include "testing/gtest/include/gtest/gtest.h"
#if BUILDFLAG(IS_CHROMEOS)
#include "base/files/file_util.h"
#include "base/system/sys_info.h"
#include "base/test/scoped_running_on_chromeos.h"
#include "base/time/time.h"
#include "chrome/common/chrome_paths.h"
#endif
#if BUILDFLAG(IS_ANDROID)
#include "base/base_paths_android.h"
#endif
namespace {
// Helper function to make the IsAccessAllowed test concise.
bool IsAccessAllowed(const std::string& path,
const std::string& profile_path) {
return ChromeNetworkDelegate::IsAccessAllowed(
base::FilePath::FromUTF8Unsafe(path),
base::FilePath::FromUTF8Unsafe(profile_path));
}
} // namespace
TEST(ChromeNetworkDelegateStaticTest, IsAccessAllowed) {
#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID)
// Chrome OS and Android don't have access to random files.
EXPECT_FALSE(IsAccessAllowed("/", ""));
EXPECT_FALSE(IsAccessAllowed("/foo.txt", ""));
// Empty path should not be allowed.
EXPECT_FALSE(IsAccessAllowed("", ""));
#else
// Platforms other than Chrome OS and Android have access to any files.
EXPECT_TRUE(IsAccessAllowed("/", ""));
EXPECT_TRUE(IsAccessAllowed("/foo.txt", ""));
#endif
#if BUILDFLAG(IS_CHROMEOS)
base::FilePath temp_dir;
ASSERT_TRUE(base::PathService::Get(base::DIR_TEMP, &temp_dir));
// Chrome OS allows the following directories.
EXPECT_TRUE(IsAccessAllowed("/home/chronos/user/MyFiles/Downloads", ""));
EXPECT_TRUE(IsAccessAllowed("/home/chronos/user/MyFiles", ""));
EXPECT_TRUE(IsAccessAllowed("/home/chronos/user/MyFiles/file.pdf", ""));
EXPECT_TRUE(IsAccessAllowed("/home/chronos/user/WebRTC Logs", ""));
EXPECT_TRUE(
IsAccessAllowed("/home/chronos/user/google-assistant-library/log", ""));
EXPECT_TRUE(IsAccessAllowed("/home/chronos/user/log", ""));
EXPECT_TRUE(IsAccessAllowed("/media", ""));
EXPECT_TRUE(IsAccessAllowed("/opt/oem", ""));
EXPECT_TRUE(IsAccessAllowed("/usr/share/chromeos-assets", ""));
EXPECT_TRUE(IsAccessAllowed(temp_dir.AsUTF8Unsafe(), ""));
EXPECT_TRUE(IsAccessAllowed("/var/log", ""));
EXPECT_TRUE(IsAccessAllowed("/var/log/lacros/lacros.log", ""));
// Files under the directories are allowed.
EXPECT_TRUE(IsAccessAllowed("/var/log/foo.txt", ""));
// Make sure similar paths are not allowed.
EXPECT_FALSE(IsAccessAllowed("/home/chronos/user/Downloads", ""));
EXPECT_FALSE(IsAccessAllowed("/home/chronos/user/log.txt", ""));
EXPECT_FALSE(IsAccessAllowed("/home/chronos/user", ""));
EXPECT_FALSE(IsAccessAllowed("/home/chronos", ""));
EXPECT_FALSE(IsAccessAllowed("/home/chronos/user/lacros/lacros.txt", ""));
EXPECT_FALSE(IsAccessAllowed("/home/chronos/user/lacros/lacros", ""));
EXPECT_FALSE(IsAccessAllowed("/home/chronos/user/lacros/*", ""));
EXPECT_FALSE(IsAccessAllowed("/home/chronos/user/lacros", ""));
EXPECT_FALSE(
IsAccessAllowed("/home/chronos/user/lacros/subdir/lacros.log", ""));
EXPECT_FALSE(IsAccessAllowed("/home/chronos/user/lacros/lacros.log", ""));
// If profile path is given, the following additional paths are allowed.
EXPECT_TRUE(IsAccessAllowed("/profile/MyFiles/Downloads", "/profile"));
EXPECT_TRUE(IsAccessAllowed("/profile/MyFiles", "/profile"));
EXPECT_TRUE(IsAccessAllowed("/profile/MyFiles/file.pdf", "/profile"));
EXPECT_FALSE(IsAccessAllowed("/profile/Downloads", "/profile"));
// $HOME/Downloads is allowed for linux-chromeos, but not on devices.
base::FilePath downloads_dir;
base::PathService::Get(chrome::DIR_DEFAULT_DOWNLOADS, &downloads_dir);
EXPECT_TRUE(IsAccessAllowed(downloads_dir.AsUTF8Unsafe(), ""));
{
base::test::ScopedRunningOnChromeOS running_on_chromeos;
EXPECT_FALSE(IsAccessAllowed(downloads_dir.AsUTF8Unsafe(), ""));
}
// WebRTC logs for the current profile are allowed.
EXPECT_TRUE(IsAccessAllowed("/profile/WebRTC Logs", "/profile"));
// GCache/v2/<opaque ID>/Logs is allowed.
EXPECT_TRUE(IsAccessAllowed("/profile/GCache/v2/id/Logs", "/profile"));
EXPECT_TRUE(
IsAccessAllowed("/profile/GCache/v2/id/Logs/drivefs.txt", "/profile"));
EXPECT_FALSE(
IsAccessAllowed("/profile/GCache/v2/id/logs/drivefs.txt", "/profile"));
EXPECT_FALSE(
IsAccessAllowed("/profile/GCache/v2/id/something_else", "/profile"));
EXPECT_FALSE(IsAccessAllowed("/profile/GCache/v2/id", "/profile"));
EXPECT_FALSE(IsAccessAllowed("/profile/GCache/v2", "/profile"));
EXPECT_FALSE(IsAccessAllowed("/home/chronos/user/GCache/v2/id/Logs", ""));
#elif BUILDFLAG(IS_ANDROID)
// Android allows the following directories.
EXPECT_TRUE(IsAccessAllowed("/sdcard", ""));
EXPECT_TRUE(IsAccessAllowed("/mnt/sdcard", ""));
// Files under the directories are allowed.
EXPECT_TRUE(IsAccessAllowed("/sdcard/foo.txt", ""));
// Make sure similar paths are not allowed.
EXPECT_FALSE(IsAccessAllowed("/mnt/sdcard.txt", ""));
EXPECT_FALSE(IsAccessAllowed("/mnt", ""));
// Files in external storage are allowed.
base::FilePath external_storage_path;
base::PathService::Get(base::DIR_ANDROID_EXTERNAL_STORAGE,
&external_storage_path);
EXPECT_TRUE(IsAccessAllowed(
external_storage_path.AppendASCII("foo.txt").AsUTF8Unsafe(), ""));
// The external storage root itself is not allowed.
EXPECT_FALSE(IsAccessAllowed(external_storage_path.AsUTF8Unsafe(), ""));
#endif
}
|