mirror of
https://github.com/denoland/deno.git
synced 2024-11-24 15:19:26 -05:00
chore: improve accessing special file test (#25099)
This commit is contained in:
parent
ee2b6899a1
commit
bf510544ef
4 changed files with 59 additions and 35 deletions
|
@ -2241,7 +2241,50 @@ pub fn create_child_permissions(
|
|||
main_perms: &mut Permissions,
|
||||
child_permissions_arg: ChildPermissionsArg,
|
||||
) -> Result<Permissions, AnyError> {
|
||||
fn is_granted_unary(arg: &ChildUnaryPermissionArg) -> bool {
|
||||
match arg {
|
||||
ChildUnaryPermissionArg::Inherit | ChildUnaryPermissionArg::Granted => {
|
||||
true
|
||||
}
|
||||
ChildUnaryPermissionArg::NotGranted
|
||||
| ChildUnaryPermissionArg::GrantedList(_) => false,
|
||||
}
|
||||
}
|
||||
|
||||
fn is_granted_unit(arg: &ChildUnitPermissionArg) -> bool {
|
||||
match arg {
|
||||
ChildUnitPermissionArg::Inherit | ChildUnitPermissionArg::Granted => true,
|
||||
ChildUnitPermissionArg::NotGranted => false,
|
||||
}
|
||||
}
|
||||
|
||||
let mut worker_perms = Permissions::none_without_prompt();
|
||||
|
||||
worker_perms.all = main_perms
|
||||
.all
|
||||
.create_child_permissions(ChildUnitPermissionArg::Inherit)?;
|
||||
|
||||
// downgrade the `worker_perms.all` based on the other values
|
||||
if worker_perms.all.query() == PermissionState::Granted {
|
||||
let unary_perms = [
|
||||
&child_permissions_arg.read,
|
||||
&child_permissions_arg.write,
|
||||
&child_permissions_arg.net,
|
||||
&child_permissions_arg.env,
|
||||
&child_permissions_arg.sys,
|
||||
&child_permissions_arg.run,
|
||||
&child_permissions_arg.ffi,
|
||||
];
|
||||
let unit_perms = [&child_permissions_arg.hrtime];
|
||||
let allow_all = unary_perms.into_iter().all(is_granted_unary)
|
||||
&& unit_perms.into_iter().all(is_granted_unit);
|
||||
if !allow_all {
|
||||
worker_perms.all.revoke();
|
||||
}
|
||||
}
|
||||
|
||||
// WARNING: When adding a permission here, ensure it is handled
|
||||
// in the worker_perms.all block above
|
||||
worker_perms.read = main_perms
|
||||
.read
|
||||
.create_child_permissions(child_permissions_arg.read)?;
|
||||
|
@ -2266,9 +2309,6 @@ pub fn create_child_permissions(
|
|||
worker_perms.hrtime = main_perms
|
||||
.hrtime
|
||||
.create_child_permissions(child_permissions_arg.hrtime)?;
|
||||
worker_perms.all = main_perms
|
||||
.all
|
||||
.create_child_permissions(ChildUnitPermissionArg::Inherit)?;
|
||||
|
||||
Ok(worker_perms)
|
||||
}
|
||||
|
|
|
@ -3,7 +3,6 @@ import {
|
|||
assert,
|
||||
assertEquals,
|
||||
assertNotEquals,
|
||||
assertStringIncludes,
|
||||
assertThrows,
|
||||
} from "./test_util.ts";
|
||||
|
||||
|
@ -197,36 +196,21 @@ Deno.test({ permissions: { read: false } }, function execPathPerm() {
|
|||
);
|
||||
});
|
||||
|
||||
Deno.test(async function execPathPerm() {
|
||||
if (Deno.build.os !== "linux") return;
|
||||
// This is hack to bypass a bug in deno test runner,
|
||||
// Currently if you specify {read: true} permission, it will stil pass --allow-all (tests are run with deno test --allow-all) implicitly, so this test won't work
|
||||
// The workaround is to spawn a deno executable with the needed permissions
|
||||
// TODO(#25085): remove this hack when the bug is fixed
|
||||
const cmd = new Deno.Command(Deno.execPath(), {
|
||||
args: ["run", "--allow-read", "-"],
|
||||
stdin: "piped",
|
||||
stderr: "piped",
|
||||
}).spawn();
|
||||
const stdinWriter = cmd.stdin.getWriter();
|
||||
await stdinWriter
|
||||
.write(
|
||||
new TextEncoder().encode('Deno.readTextFileSync("/proc/net/dev")'),
|
||||
Deno.test(
|
||||
{
|
||||
ignore: Deno.build.os !== "linux",
|
||||
permissions: { read: true, run: false },
|
||||
},
|
||||
function procRequiresAllowAll() {
|
||||
assertThrows(
|
||||
() => {
|
||||
Deno.readTextFileSync("/proc/net/dev");
|
||||
},
|
||||
Deno.errors.PermissionDenied,
|
||||
`Requires all access to "/proc/net/dev", run again with the --allow-all flag`,
|
||||
);
|
||||
await stdinWriter.close();
|
||||
await cmd.status;
|
||||
|
||||
const stderrReder = cmd.stderr.getReader();
|
||||
const error = await stderrReder
|
||||
.read()
|
||||
.then((r) => new TextDecoder().decode(r.value));
|
||||
await stderrReder.cancel();
|
||||
|
||||
assertStringIncludes(
|
||||
error,
|
||||
`PermissionDenied: Requires all access to "/proc/net/dev", run again with the --allow-all flag`,
|
||||
);
|
||||
});
|
||||
},
|
||||
);
|
||||
|
||||
Deno.test(
|
||||
{ permissions: { sys: ["loadavg"] } },
|
||||
|
|
|
@ -148,7 +148,7 @@ Deno.test(
|
|||
);
|
||||
|
||||
Deno.test(
|
||||
{ permissions: { read: true }, ignore: Deno.build.os !== "linux" },
|
||||
{ ignore: Deno.build.os !== "linux" },
|
||||
async function readFileProcFs() {
|
||||
const data = await Deno.readFile("/proc/self/stat");
|
||||
assert(data.byteLength > 0);
|
||||
|
|
|
@ -146,7 +146,7 @@ Deno.test(
|
|||
);
|
||||
|
||||
Deno.test(
|
||||
{ permissions: { read: true }, ignore: Deno.build.os !== "linux" },
|
||||
{ ignore: Deno.build.os !== "linux" },
|
||||
async function readTextFileProcFs() {
|
||||
const data = await Deno.readTextFile("/proc/self/stat");
|
||||
assert(data.length > 0);
|
||||
|
|
Loading…
Reference in a new issue