commit 9697024ace339503445d8e2b4a0e2cf07d674d71
author Gary Morain <gmorain@chromium.org> Fri Apr 20 10:59:58 2012 -0700
committer Gerrit <chrome-bot@google.com> Thu Apr 26 16:17:24 2012 -0700
tree 352d553fe602349c6156a5fb67f5611677d643d5
parent 2c773c2f28e9655391f906844e2b4ad83f5994e6

shill: limit shill profile file permissions

The shill profile file permissions must be readable and writeable
by the owner only.

BUG=chromium-os:29752
TEST=Added new checks to unit test KeyFileStoreTest.OpenClose
to verify the permissions.

Change-Id: I8907f27714fbc1bf417f38e5de4448209ab65e5e
Reviewed-on: https://gerrit.chromium.org/gerrit/20711
Reviewed-by: Paul Stewart <pstew@chromium.org>
Tested-by: Gary Morain <gmorain@chromium.org>
Commit-Ready: Gary Morain <gmorain@chromium.org>

key_file_store_unittest.cc

diff --git a/key_file_store_unittest.cc b/key_file_store_unittest.cc
index 4e7d6be..12f6b6e 100644
--- a/key_file_store_unittest.cc
+++ b/key_file_store_unittest.cc
@@ -10,6 +10,7 @@
 #include <base/stringprintf.h>
 #include <gtest/gtest.h>
 
+using file_util::FileEnumerator;
 using std::set;
 using std::string;
 using std::vector;
@@ -70,6 +71,18 @@
   EXPECT_EQ(1, store_.crypto_.cryptos_.size());
   ASSERT_TRUE(store_.Close());
   EXPECT_FALSE(store_.key_file_);
+  FileEnumerator file_enumerator(temp_dir_.path(),
+                                 false /* not recursive */,
+                                 FileEnumerator::FILES);
+
+  // Verify that the file actually got written with the right name.
+  EXPECT_EQ(test_file_.value(), file_enumerator.Next().value());
+  FileEnumerator::FindInfo find_info;
+  file_enumerator.GetFindInfo(&find_info);
+
+  // Verify that the profile is a regular file, readable and writeable by the
+  // owner only.
+  EXPECT_EQ(S_IFREG | S_IRUSR | S_IWUSR, find_info.stat.st_mode);
 
   ASSERT_TRUE(store_.Open());
   EXPECT_TRUE(store_.key_file_);