• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import os
6
7from autotest_lib.client.bin import test, utils
8from autotest_lib.client.common_lib import error
9from autotest_lib.client.cros import cryptohome
10
11class platform_CryptohomeBadPerms(test.test):
12    version = 1
13    cryptohome_proxy = None
14
15    def require_mount_fail(self, user):
16        if self.cryptohome_proxy.mount(user, 'test', create=True):
17            raise error.TestFail('Mount unexpectedly succeeded for %s' % user)
18
19    def run_once(self):
20        self.cryptohome_proxy = cryptohome.CryptohomeProxy()
21
22        # Leaf element of user path not owned by user.
23        user = utils.random_username()
24        path = cryptohome.user_path(user)
25        os.mkdir(path)
26        os.chown(path, 0, 0)
27        try:
28            self.require_mount_fail(user)
29        finally:
30            os.rmdir(path)
31
32        # Leaf element of system path not owned by root.
33        user = utils.random_username()
34        path = cryptohome.system_path(user)
35        os.mkdir(path)
36        os.chown(path, 1, 1)
37        self.require_mount_fail(user)
38        try:
39            self.require_mount_fail(user)
40        finally:
41            os.rmdir(path)
42
43        # Leaf element of path too permissive.
44        user = utils.random_username()
45        path = cryptohome.user_path(user)
46        os.mkdir(path)
47        os.chmod(path, 0777)
48        self.require_mount_fail(user)
49        try:
50            self.require_mount_fail(user)
51        finally:
52            os.rmdir(path)
53
54        # Non-leaf element of path not owned by root.
55        user = utils.random_username()
56        path = cryptohome.user_path(user)
57        parent_path = os.path.dirname(path)
58        os.chown(parent_path, 1, 1)
59        try:
60            self.require_mount_fail(user)
61        finally:
62            os.chown(parent_path, 0, 0)
63
64        # Non-leaf element of path too permissive.
65        user = utils.random_username()
66        path = cryptohome.user_path(user)
67        parent_path = os.path.dirname(path)
68        os.chmod(parent_path, 0777)
69        try:
70            self.require_mount_fail(user)
71        finally:
72            os.chown(parent_path, 0, 0)
73