diff --git a/ext/fs/lib.rs b/ext/fs/lib.rs index 2dce04b325..8eb6f27643 100644 --- a/ext/fs/lib.rs +++ b/ext/fs/lib.rs @@ -89,9 +89,9 @@ impl FsPermissions for deno_permissions::PermissionsContainer { api_name: &str, ) -> Result, FsError> { if resolved { - self.check_special_file(path, api_name).map_err(|_| { - std::io::Error::from(std::io::ErrorKind::PermissionDenied) - })?; + self + .check_special_file(path, api_name) + .map_err(FsError::PermissionDenied)?; return Ok(Cow::Borrowed(path)); } diff --git a/tests/unit/os_test.ts b/tests/unit/os_test.ts index 30d8f26eef..80b421e63d 100644 --- a/tests/unit/os_test.ts +++ b/tests/unit/os_test.ts @@ -3,6 +3,7 @@ import { assert, assertEquals, assertNotEquals, + assertStringIncludes, assertThrows, } from "./test_util.ts"; @@ -196,6 +197,37 @@ Deno.test({ permissions: { read: false } }, function execPathPerm() { ); }); +Deno.test(async function execPathPerm() { + if (Deno.build.os !== "linux") return; + // This is hack to bypass a bug in deno test runner, + // Currently if you specify {read: true} permission, it will stil pass --allow-all (tests are run with deno test --allow-all) implicitly, so this test won't work + // The workaround is to spawn a deno executable with the needed permissions + // TODO(#25085): remove this hack when the bug is fixed + const cmd = new Deno.Command(Deno.execPath(), { + args: ["run", "--allow-read", "-"], + stdin: "piped", + stderr: "piped", + }).spawn(); + const stdinWriter = cmd.stdin.getWriter(); + await stdinWriter + .write( + new TextEncoder().encode('Deno.readTextFileSync("/proc/net/dev")'), + ); + await stdinWriter.close(); + await cmd.status; + + const stderrReder = cmd.stderr.getReader(); + const error = await stderrReder + .read() + .then((r) => new TextDecoder().decode(r.value)); + await stderrReder.cancel(); + + assertStringIncludes( + error, + `PermissionDenied: Requires all access to "/proc/net/dev", run again with the --allow-all flag`, + ); +}); + Deno.test( { permissions: { sys: ["loadavg"] } }, function loadavgSuccess() {