blob: 9fb72e9065493cf2ebef0629589458add763ef5d [file] [log] [blame] [edit]
# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import contextlib
import os
from autotest_lib.client.bin import test, utils
from autotest_lib.client.common_lib import error
from autotest_lib.client.cros import cryptohome
@contextlib.contextmanager
def scoped_dir(path):
os.mkdir(path)
yield
os.rmdir(path)
class platform_CryptohomeBadPerms(test.test):
"""Tests Cryptohome's ability to detect directories with bad permissions or
ownership in the mount path of a home directory.
"""
version = 1
def require_mount_fail(self, user):
"""
Raise an error if the mount succeeded.
@param user: A random user created in run_once.
"""
try:
cryptohome.mount_vault(user, 'test', create=True)
except:
pass
else:
raise error.TestFail('Mount unexpectedly succeeded for %s' % user)
def run_once(self):
# Leaf element of user path not owned by user.
user = utils.random_username()
path = cryptohome.user_path(user)
with scoped_dir(path):
os.chown(path, 0, 0)
self.require_mount_fail(user)
# Leaf element of system path not owned by root.
user = utils.random_username()
path = cryptohome.system_path(user)
with scoped_dir(path):
os.chown(path, 1, 1)
self.require_mount_fail(user)
# Leaf element of path too permissive.
user = utils.random_username()
path = cryptohome.user_path(user)
with scoped_dir(path):
os.chmod(path, 0777)
self.require_mount_fail(user)
# Non-leaf element of path not owned by root.
user = utils.random_username()
path = cryptohome.user_path(user)
parent_path = os.path.dirname(path)
os.chown(parent_path, 1, 1)
try:
self.require_mount_fail(user)
finally:
os.chown(parent_path, 0, 0)
# Non-leaf element of path too permissive.
user = utils.random_username()
path = cryptohome.user_path(user)
parent_path = os.path.dirname(path)
old_perm = os.stat(parent_path).st_mode & 0777
os.chmod(parent_path, 0777)
try:
self.require_mount_fail(user)
finally:
os.chmod(parent_path, old_perm)
os.chown(parent_path, 0, 0)